BooBounder
2018-08-09, 20:27
This is for the main computer in the household. Secondary one will follow when this one is taken care of. This PC has 2 hard drives, and is wired directly to a router (which also has NAS wired to it).
This PC has K9 Bluecoat installed. It has not been happy with some traffic that's going out, and which I don't seem to be actively sending.
I have followed the "Before You Post ..." thread.
The registry backup tool reported 27/29 successful.
Ran FRST. Two log files pasted between asterisks below.
Ran aswMBR. Updated virus list. Clicked Scan button with QuickScan selected in the drop down menu. Started and ran for a minute or two before getting a BSOD. Repeated. Same behavior. No log to attach.
**********************************
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
Ran by Office Administrator (administrator) on 2012_OFFICE (09-08-2018 10:24:51)
Running from C:\Users\Dave\Desktop
Loaded Profiles: Dave & Office Administrator (Available Profiles: Dave & Hope & Ben & Mary Jo & Office Administrator & Share_with_Office & Rich & Administrator & DefaultAppPool)
Platform: Windows 10 Home Version 1803 17134.165 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE
() C:\Program Files\Everything\Everything.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Blue Coat Systems, Inc.) C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(PaperCut Software International Pty Ltd) C:\Program Files (x86)\PaperCut Print Logger\pcpl.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1807.18075-0\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.13911.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1807.18075-0\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.0_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe
() C:\Program Files\Everything\Everything.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(f.lux Software LLC) C:\Users\Dave\AppData\Local\FluxSoftware\Flux\flux.exe
() C:\Program Files\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Users\Dave\Documents\My Program Files\AutoHotkey\Compiler\keywords.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files\Google\Drive\googledrivesync.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.64\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
(Moonchild Productions) C:\Program Files\Pale Moon\palemoon.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-04] (CANON INC.)
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [1441792 2014-08-05] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-07-06] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [CloneCDTray] => C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe [57344 2009-01-29] (SlySoft, Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2109952 2014-10-07] (Dominik Reichl)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1224704 2017-05-17] (Cisco Systems, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\...\Run: [F.lux] => C:\Users\Dave\AppData\Local\FluxSoftware\Flux\flux.exe [1806344 2018-07-03] (f.lux Software LLC)
HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\...\Run: [GoogleChromeAutoLaunch_C62251D359A8F5B5CC8EADB510991ABB] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1577816 2018-08-07] (Google Inc.)
HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [46281248 2018-05-30] ()
HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1577816 2018-08-07] (Google Inc.)
HKU\S-1-5-21-4063716828-1680190529-1648852121-1006\...\Run: [AnyDVD] => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe [109480 2014-11-08] (SlySoft, Inc.)
HKU\S-1-5-21-4063716828-1680190529-1648852121-1006\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [5127304 2014-11-20] (Plex, Inc.)
HKU\S-1-5-21-4063716828-1680190529-1648852121-1006\...\Run: [SynchronossPC] => C:\Program Files\Verizon\Verizon Cloud\VerizonCloud.exe [2862384 2016-10-10] ()
HKU\S-1-5-21-4063716828-1680190529-1648852121-1006\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-06-26] (Apple Inc.)
HKU\S-1-5-21-4063716828-1680190529-1648852121-1006\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-4063716828-1680190529-1648852121-1006\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [67384 2018-06-26] (Apple Inc.)
HKU\S-1-5-21-4063716828-1680190529-1648852121-1006\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-4063716828-1680190529-1648852121-1006\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-21-4063716828-1680190529-1648852121-1006\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\SysWOW64\2017SC~1.SCR [3170336 2017-08-08] (Finalhit Ltd.)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ShellExecuteHooks-x32: Eudora's Shell Extension - {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files (x86)\Eudora\EuShlExt.dll [86016 2005-08-09] (Qualcomm Inc.)
Startup: C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\keywords - Shortcut.lnk [2012-07-31]
ShortcutTarget: keywords - Shortcut.lnk -> C:\Users\Dave\Documents\My Program Files\AutoHotkey\Compiler\keywords.exe ()
Startup: C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2016-07-28]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
GroupPolicyUsers\S-1-5-21-4063716828-1680190529-1648852121-1004\User: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 74.211.15.210 74.211.15.211 24.56.178.102
Tcpip\..\Interfaces\{2e0767a7-1000-4233-b9a4-a7209860729f}: [DhcpNameServer] 74.211.15.210 74.211.15.211 24.56.178.102
Tcpip\..\Interfaces\{e41e13c2-fdb5-4a91-bf30-2f642af83cec}: [NameServer] 208.67.222.222,8.8.8.8
Tcpip\..\Interfaces\{e41e13c2-fdb5-4a91-bf30-2f642af83cec}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://drudgereport.com/
HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
HKU\S-1-5-21-4063716828-1680190529-1648852121-1006\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-4063716828-1680190529-1648852121-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4063716828-1680190529-1648852121-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4063716828-1680190529-1648852121-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-4063716828-1680190529-1648852121-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-4063716828-1680190529-1648852121-1006 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4063716828-1680190529-1648852121-1006 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4063716828-1680190529-1648852121-1006 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://isearch.avg.com/search?cid={1B9CC6B6-62E7-4842-A87E-60C6CEC9B3DC}&mid=&lang=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4063716828-1680190529-1648852121-1006 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-4063716828-1680190529-1648852121-1006 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL => No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Silverlight\Office14\URLREDIR.DLL => No File
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Octh Class -> {000123B4-9B42-4900-B3F7-F4B073EFC214} -> C:\Program Files (x86)\Orbitdownloader\orbitcth.dll [2013-05-02] (Orbitdownloader.com)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-03-01] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-03-01] (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll [2013-05-02] ()
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-4063716828-1680190529-1648852121-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-4063716828-1680190529-1648852121-1006 -> No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
FireFox:
========
FF ProfilePath: C:\Users\Office Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\63hhxx68.default [2017-08-14]
FF Homepage: Mozilla\Firefox\Profiles\63hhxx68.default -> google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_30_0_0_134.dll [2018-07-10] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2012-06-21] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Silverlight\Office14\NPAUTHZ.DLL [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-07-10] ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2012-06-21] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-03-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-03-01] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.4.2609412\npmathplugin.dll [2011-10-03] (Wolfram Research, Inc.)
FF Plugin HKU\S-1-5-21-4063716828-1680190529-1648852121-1006: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2012-06-21] (Tracker Software Products (Canada) Ltd.)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\itms.js [2011-01-24]
Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\Office Administrator\AppData\Local\Google\Chrome\User Data\Default [2017-08-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Office Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-05]
CHR Extension: (Chrome Media Router) - C:\Users\Office Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-05]
CHR HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Dave\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2017-03-12]
CHR HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
Opera:
=======
OPR Extension: (No Name) - C:\Users\Office Administrator\AppData\Roaming\Opera Software\Opera Stable\Extensions\jacmgnhcnfdmjdkdlfndaccecdegacba [2015-03-01]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-07-05] (Apple Inc.)
R2 bckwfs; C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2122000 2012-02-13] (Blue Coat Systems, Inc.)
R2 Everything; C:\Program Files\Everything\Everything.exe [1441792 2014-08-05] () [File not signed]
S3 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-16] (Hewlett-Packard)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-03] (Malwarebytes)
R2 PCPrintLogger; C:\Program Files (x86)\PaperCut Print Logger\pcpl.exe [929792 2013-07-03] (PaperCut Software International Pty Ltd) [File not signed]
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\NisSrv.exe [3905952 2018-07-31] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MsMpEng.exe [110944 2018-07-31] (Microsoft Corporation)
S3 WMPNetworkSvc; C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe [913408 2006-10-18] (Microsoft Corporation) [File not signed]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [138664 2014-04-24] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138664 2014-04-24] (SlySoft, Inc.)
R1 bckd; C:\WINDOWS\System32\drivers\bckd.sys [108304 2012-02-13] (Blue Coat Systems, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [40648 2007-02-15] (SlySoft, Inc.)
R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-15] (SlySoft, Inc.)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-08-09] (Malwarebytes)
R3 netr28x; C:\WINDOWS\System32\drivers\netr28x.sys [2537984 2018-04-11] (MediaTek Inc.)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-08-19] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [984032 2017-07-24] (Realtek )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 vpnva; C:\WINDOWS\System32\drivers\vpnva64-6.sys [52592 2015-09-23] (Cisco Systems, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46584 2018-07-31] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [340008 2018-07-31] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-07-31] (Microsoft Corporation)
U3 idsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-08-09 10:24 - 2018-08-09 10:26 - 000028584 _____ C:\Users\Dave\Desktop\FRST.txt
2018-08-09 10:24 - 2018-08-09 10:24 - 000000000 ____D C:\FRST
2018-08-09 10:23 - 2018-08-09 10:23 - 002412544 _____ (Farbar) C:\Users\Dave\Desktop\FRST64.exe
2018-08-09 10:20 - 2018-08-09 10:20 - 000017999 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2018-08-09 10:20 - 2018-08-09 10:20 - 000002314 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2018-08-09 10:20 - 2018-08-09 10:20 - 000000207 _____ C:\WINDOWS\tweaking.com-regbackup-2012_OFFICE-Windows-10-Home-(64-bit).dat
2018-08-09 10:20 - 2018-08-09 10:20 - 000000000 ____D C:\RegBackup
2018-08-09 10:20 - 2018-08-09 10:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2018-08-09 10:20 - 2018-08-09 10:20 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2018-08-09 10:18 - 2018-08-09 10:18 - 005766144 _____ (Tweaking.com) C:\Users\Dave\Desktop\tweaking.com_registry_backup_setup.exe
2018-08-08 11:30 - 2018-08-08 11:31 - 000007794 _____ C:\Users\Dave\Downloads\Grateful Dead Releases by Date.txt
2018-08-06 13:26 - 2018-08-06 13:26 - 000428662 _____ C:\Users\Dave\Downloads\Know Your Vehicle.pdf
2018-07-29 11:12 - 2018-07-29 11:13 - 000000000 ____D C:\Users\Dave\Downloads\Ginger Rides Again
2018-07-27 16:48 - 2018-07-27 16:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2018-07-27 11:33 - 2018-07-27 11:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-07-27 11:33 - 2018-07-27 11:33 - 000000000 ____D C:\Program Files\iPod
2018-07-27 11:31 - 2018-07-27 11:33 - 000000000 ____D C:\Program Files\iTunes
2018-07-21 09:18 - 2018-07-21 09:18 - 000000000 ___HD C:\OneDriveTemp
2018-07-16 11:34 - 2018-08-09 10:01 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-07-15 22:28 - 2018-07-15 22:28 - 000001132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinRAR.lnk
2018-07-15 22:28 - 2018-07-15 22:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-07-15 22:27 - 2018-07-15 22:28 - 000000000 ____D C:\Program Files\WinRAR
2018-07-15 12:59 - 2018-07-15 13:06 - 000000000 ____D C:\Users\Dave\Desktop\New folder
2018-07-12 22:53 - 2018-07-12 22:54 - 001680189 _____ C:\Users\Dave\Downloads\SUU Salaray 18-07-12.pdf
2018-07-12 00:22 - 2018-07-12 00:22 - 009253888 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2018-07-11 01:08 - 2018-06-28 19:13 - 000835064 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-07-11 01:08 - 2018-06-28 19:13 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-07-10 22:56 - 2018-07-06 08:20 - 002868640 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-07-10 22:56 - 2018-07-06 08:20 - 001610648 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-07-10 22:56 - 2018-07-06 08:20 - 000689560 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-07-10 22:56 - 2018-07-06 08:17 - 003932672 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-07-10 22:56 - 2018-07-06 07:56 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2018-07-10 22:56 - 2018-07-06 07:51 - 003652608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-07-10 22:56 - 2018-07-06 05:26 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-07-10 22:56 - 2018-07-06 05:25 - 023863296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-07-10 22:56 - 2018-07-06 01:31 - 000462752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-07-10 22:56 - 2018-07-06 01:25 - 009147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-07-10 22:56 - 2018-07-06 01:25 - 002571728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-07-10 22:56 - 2018-07-06 01:10 - 025845760 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-07-10 22:56 - 2018-07-06 01:07 - 022006272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-07-10 22:56 - 2018-07-06 01:04 - 022713856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-07-10 22:56 - 2018-07-06 01:03 - 004371456 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-07-10 22:56 - 2018-07-06 01:02 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-07-10 22:56 - 2018-07-06 01:01 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-07-10 22:56 - 2018-07-06 01:01 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2018-07-10 22:56 - 2018-07-06 01:00 - 019403264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-07-10 22:56 - 2018-07-06 00:58 - 004867584 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-07-10 22:56 - 2018-07-06 00:57 - 007579648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-07-10 22:56 - 2018-07-06 00:57 - 005779456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-07-10 22:56 - 2018-07-06 00:56 - 001817600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2018-07-10 22:56 - 2018-07-06 00:55 - 003440128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-07-10 22:56 - 2018-06-15 11:49 - 021388856 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-07-10 22:56 - 2018-06-15 11:48 - 002395056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2018-07-10 22:56 - 2018-06-15 11:33 - 012710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-07-10 22:56 - 2018-06-15 09:25 - 020383720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-07-10 22:56 - 2018-06-15 09:07 - 011901952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-07-10 22:56 - 2018-06-14 23:21 - 001213368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2018-07-10 22:56 - 2018-06-14 23:12 - 007519992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-07-10 22:56 - 2018-06-14 23:11 - 006817872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-07-10 22:56 - 2018-06-14 23:09 - 007436120 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-07-10 22:56 - 2018-06-14 23:09 - 001798552 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2018-07-10 22:56 - 2018-06-14 23:08 - 004403304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-07-10 22:56 - 2018-06-14 23:08 - 002371392 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-07-10 22:56 - 2018-06-14 23:08 - 001784584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-07-10 22:56 - 2018-06-14 23:08 - 001288840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-07-10 22:56 - 2018-06-14 23:07 - 001611584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2018-07-10 22:56 - 2018-06-14 23:07 - 001145696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2018-07-10 22:56 - 2018-06-14 23:04 - 002331576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-07-10 22:56 - 2018-06-14 23:03 - 006572000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-07-10 22:56 - 2018-06-14 23:03 - 006528600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2018-07-10 22:56 - 2018-06-14 23:03 - 006043600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-07-10 22:56 - 2018-06-14 23:03 - 004788504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-07-10 22:56 - 2018-06-14 23:03 - 001710240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2018-07-10 22:56 - 2018-06-14 23:03 - 001144120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2018-07-10 22:56 - 2018-06-14 23:03 - 001020160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-07-10 22:56 - 2018-06-14 22:46 - 004706816 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-07-10 22:56 - 2018-06-14 22:45 - 002548736 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2018-07-10 22:56 - 2018-06-14 22:42 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-07-10 22:56 - 2018-06-14 22:42 - 002367488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-07-10 22:56 - 2018-06-14 22:41 - 004561920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-07-10 22:56 - 2018-06-14 22:41 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-07-10 22:55 - 2018-07-06 08:20 - 000792472 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-07-10 22:55 - 2018-07-06 08:20 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-07-10 22:55 - 2018-07-06 08:20 - 000451992 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-07-10 22:55 - 2018-07-06 08:20 - 000309664 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-07-10 22:55 - 2018-07-06 08:20 - 000144792 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-07-10 22:55 - 2018-07-06 08:20 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-07-10 22:55 - 2018-07-06 08:14 - 000541592 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-07-10 22:55 - 2018-07-06 07:53 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-07-10 22:55 - 2018-07-06 07:53 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-07-10 22:55 - 2018-07-06 07:52 - 001787392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2018-07-10 22:55 - 2018-07-06 07:51 - 002051584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2018-07-10 22:55 - 2018-07-06 07:51 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-07-10 22:55 - 2018-07-06 07:51 - 001004032 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2018-07-10 22:55 - 2018-07-06 07:51 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-07-10 22:55 - 2018-07-06 07:50 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2018-07-10 22:55 - 2018-07-06 06:06 - 003611368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-07-10 22:55 - 2018-07-06 05:54 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2018-07-10 22:55 - 2018-07-06 05:54 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-07-10 22:55 - 2018-07-06 05:53 - 000775168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2018-07-10 22:55 - 2018-07-06 05:53 - 000347136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-07-10 22:55 - 2018-07-06 05:52 - 002895360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-07-10 22:55 - 2018-07-06 05:52 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2018-07-10 22:55 - 2018-07-06 05:52 - 001308160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2018-07-10 22:55 - 2018-07-06 05:51 - 002401280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-07-10 22:55 - 2018-07-06 05:01 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-07-10 22:55 - 2018-07-06 01:32 - 000480672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-07-10 22:55 - 2018-07-06 01:31 - 000035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-07-10 22:55 - 2018-07-06 01:29 - 000272296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-07-10 22:55 - 2018-07-06 01:29 - 000269224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-07-10 22:55 - 2018-07-06 01:27 - 001174432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-07-10 22:55 - 2018-07-06 01:27 - 001063320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-07-10 22:55 - 2018-07-06 01:27 - 001012632 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-07-10 22:55 - 2018-07-06 01:27 - 000709824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-07-10 22:55 - 2018-07-06 01:27 - 000567176 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-07-10 22:55 - 2018-07-06 01:27 - 000134552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-07-10 22:55 - 2018-07-06 01:27 - 000057440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.ShellCommon.Broker.dll
2018-07-10 22:55 - 2018-07-06 01:26 - 002712992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-07-10 22:55 - 2018-07-06 01:26 - 001148800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2018-07-10 22:55 - 2018-07-06 01:26 - 000930720 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-07-10 22:55 - 2018-07-06 01:26 - 000766608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2018-07-10 22:55 - 2018-07-06 01:26 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-07-10 22:55 - 2018-07-06 01:25 - 002753040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-07-10 22:55 - 2018-07-06 01:25 - 002420632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-07-10 22:55 - 2018-07-06 01:25 - 001945784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-07-10 22:55 - 2018-07-06 01:25 - 001026464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-07-10 22:55 - 2018-07-06 01:25 - 001018616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-07-10 22:55 - 2018-07-06 01:25 - 000885856 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-07-10 22:55 - 2018-07-06 01:25 - 000483048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-07-10 22:55 - 2018-07-06 01:25 - 000335776 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2018-07-10 22:55 - 2018-07-06 01:25 - 000267680 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-07-10 22:55 - 2018-07-06 01:25 - 000139672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2018-07-10 22:55 - 2018-07-06 01:24 - 000380824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-07-10 22:55 - 2018-07-06 01:16 - 000567144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-07-10 22:55 - 2018-07-06 01:14 - 002242208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-07-10 22:55 - 2018-07-06 01:14 - 001981896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-07-10 22:55 - 2018-07-06 01:14 - 001175568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-07-10 22:55 - 2018-07-06 01:14 - 000988640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2018-07-10 22:55 - 2018-07-06 01:14 - 000829856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-07-10 22:55 - 2018-07-06 01:14 - 000573904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2018-07-10 22:55 - 2018-07-06 01:13 - 001620872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-07-10 22:55 - 2018-07-06 00:59 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2018-07-10 22:55 - 2018-07-06 00:59 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-07-10 22:55 - 2018-07-06 00:59 - 001153536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2018-07-10 22:55 - 2018-07-06 00:59 - 000453632 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2018-07-10 22:55 - 2018-07-06 00:59 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\NmaDirect.dll
2018-07-10 22:55 - 2018-07-06 00:59 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2018-07-10 22:55 - 2018-07-06 00:58 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-07-10 22:55 - 2018-07-06 00:58 - 001931776 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeangle.dll
2018-07-10 22:55 - 2018-07-06 00:58 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-07-10 22:55 - 2018-07-06 00:58 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-07-10 22:55 - 2018-07-06 00:58 - 000670720 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2018-07-10 22:55 - 2018-07-06 00:58 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2018-07-10 22:55 - 2018-07-06 00:58 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProv2faHelper.dll
2018-07-10 22:55 - 2018-07-06 00:58 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
2018-07-10 22:55 - 2018-07-06 00:57 - 003712512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-07-10 22:55 - 2018-07-06 00:57 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-07-10 22:55 - 2018-07-06 00:57 - 000839680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2018-07-10 22:55 - 2018-07-06 00:57 - 000813056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-07-10 22:55 - 2018-07-06 00:57 - 000676864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Devices.dll
2018-07-10 22:55 - 2018-07-06 00:57 - 000614912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-07-10 22:55 - 2018-07-06 00:57 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2018-07-10 22:55 - 2018-07-06 00:57 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2018-07-10 22:55 - 2018-07-06 00:56 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2018-07-10 22:55 - 2018-07-06 00:56 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-07-10 22:55 - 2018-07-06 00:56 - 001567744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2018-07-10 22:55 - 2018-07-06 00:56 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-07-10 22:55 - 2018-07-06 00:56 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-07-10 22:55 - 2018-07-06 00:56 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-07-10 22:55 - 2018-07-06 00:56 - 000784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2018-07-10 22:55 - 2018-07-06 00:56 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-07-10 22:55 - 2018-07-06 00:56 - 000508416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2018-07-10 22:55 - 2018-07-06 00:56 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-07-10 22:55 - 2018-07-06 00:56 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2018-07-10 22:55 - 2018-07-06 00:56 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioCredProv.dll
2018-07-10 22:55 - 2018-07-06 00:56 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProv2faHelper.dll
2018-07-10 22:55 - 2018-07-06 00:55 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-07-10 22:55 - 2018-07-06 00:55 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-07-10 22:55 - 2018-07-06 00:55 - 001395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-07-10 22:55 - 2018-07-06 00:55 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2018-07-10 22:55 - 2018-07-06 00:55 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-07-10 22:55 - 2018-07-06 00:55 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2018-07-10 22:55 - 2018-07-06 00:54 - 003015680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-07-10 22:55 - 2018-07-06 00:54 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2018-07-10 22:55 - 2018-07-06 00:54 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-07-10 22:55 - 2018-07-06 00:54 - 001214976 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2018-07-10 22:55 - 2018-07-06 00:54 - 000999936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-07-10 22:55 - 2018-07-06 00:54 - 000978944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2018-07-10 22:55 - 2018-07-06 00:54 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2018-07-10 22:55 - 2018-07-06 00:54 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2018-07-10 22:55 - 2018-07-06 00:54 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2018-07-10 22:55 - 2018-07-06 00:54 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2018-07-10 22:55 - 2018-07-06 00:54 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-07-10 22:55 - 2018-07-06 00:54 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-07-10 22:55 - 2018-07-06 00:54 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2018-07-10 22:55 - 2018-07-06 00:54 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BioCredProv.dll
2018-07-10 22:55 - 2018-07-06 00:53 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2018-07-10 22:55 - 2018-07-06 00:53 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2018-07-10 22:55 - 2018-07-06 00:53 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2018-07-10 22:55 - 2018-07-06 00:52 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-07-10 22:55 - 2018-06-28 22:16 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-07-10 22:55 - 2018-06-15 11:55 - 000542888 _____ C:\WINDOWS\system32\FaceProcessorCore.dll
2018-07-10 22:55 - 2018-06-15 11:53 - 000348256 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-07-10 22:55 - 2018-06-15 11:53 - 000094104 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-07-10 22:55 - 2018-06-15 11:50 - 001376576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-07-10 22:55 - 2018-06-15 11:48 - 000338352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSrvPolicyManager.dll
2018-07-10 22:55 - 2018-06-15 11:34 - 008623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-07-10 22:55 - 2018-06-15 11:34 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfnet.dll
2018-07-10 22:55 - 2018-06-15 11:33 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys
2018-07-10 22:55 - 2018-06-15 11:32 - 000301568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2018-07-10 22:55 - 2018-06-15 11:32 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2018-07-10 22:55 - 2018-06-15 11:31 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-07-10 22:55 - 2018-06-15 11:31 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-07-10 22:55 - 2018-06-15 11:30 - 001308672 _____ C:\WINDOWS\system32\FaceProcessor.dll
2018-07-10 22:55 - 2018-06-15 11:30 - 001254400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-07-10 22:55 - 2018-06-15 11:30 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2018-07-10 22:55 - 2018-06-15 11:30 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-07-10 22:55 - 2018-06-15 11:29 - 002084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-07-10 22:55 - 2018-06-15 11:29 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-07-10 22:55 - 2018-06-15 11:29 - 000740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-07-10 22:55 - 2018-06-15 11:29 - 000248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2018-07-10 22:55 - 2018-06-15 11:29 - 000103424 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSoftwareInstallationClient.dll
2018-07-10 22:55 - 2018-06-15 11:28 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpd_ci.dll
2018-07-10 22:55 - 2018-06-15 11:28 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2018-07-10 22:55 - 2018-06-15 09:22 - 001026896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-07-10 22:55 - 2018-06-15 09:16 - 002206528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
2018-07-10 22:55 - 2018-06-15 09:06 - 007987712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-07-10 22:55 - 2018-06-15 09:06 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfnet.dll
2018-07-10 22:55 - 2018-06-15 09:04 - 000373248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2018-07-10 22:55 - 2018-06-15 09:03 - 000667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-07-10 22:55 - 2018-06-15 09:02 - 000704000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-07-10 22:55 - 2018-06-15 09:01 - 002015744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-07-10 22:55 - 2018-06-15 07:23 - 000788992 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2018-07-10 22:55 - 2018-06-15 01:11 - 000611232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-07-10 22:55 - 2018-06-15 01:10 - 000048544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2018-07-10 22:55 - 2018-06-15 01:03 - 000083360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-07-10 22:55 - 2018-06-14 23:21 - 000761440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-07-10 22:55 - 2018-06-14 23:19 - 001034632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-07-10 22:55 - 2018-06-14 23:19 - 000116632 _____ (Microsoft Corporation) C:\WINDOWS\system32\DTUHandler.exe
2018-07-10 22:55 - 2018-06-14 23:19 - 000093600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-07-10 22:55 - 2018-06-14 23:18 - 000228768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-07-10 22:55 - 2018-06-14 23:16 - 000562080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-07-10 22:55 - 2018-06-14 23:16 - 000433560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-07-10 22:55 - 2018-06-14 23:15 - 002563960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-07-10 22:55 - 2018-06-14 23:15 - 000753152 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2018-07-10 22:55 - 2018-06-14 23:13 - 000510904 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2018-07-10 22:55 - 2018-06-14 23:13 - 000324000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-07-10 22:55 - 2018-06-14 23:12 - 000661152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2018-07-10 22:55 - 2018-06-14 23:12 - 000491304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-07-10 22:55 - 2018-06-14 23:12 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-07-10 22:55 - 2018-06-14 23:12 - 000118872 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2018-07-10 22:55 - 2018-06-14 23:10 - 001934400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-07-10 22:55 - 2018-06-14 23:10 - 001097640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-07-10 22:55 - 2018-06-14 23:10 - 000717208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2018-07-10 22:55 - 2018-06-14 23:10 - 000326024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExecModelClient.dll
2018-07-10 22:55 - 2018-06-14 23:09 - 002830240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-07-10 22:55 - 2018-06-14 23:09 - 002546592 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-07-10 22:55 - 2018-06-14 23:09 - 001742272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-07-10 22:55 - 2018-06-14 23:09 - 001659296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2018-07-10 22:55 - 2018-06-14 23:09 - 001209800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-07-10 22:55 - 2018-06-14 23:09 - 001112600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2018-07-10 22:55 - 2018-06-14 23:09 - 000594128 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-07-10 22:55 - 2018-06-14 23:09 - 000247984 _____ (Microsoft Corporation) C:\WINDOWS\system32\RESAMPLEDMO.DLL
2018-07-10 22:55 - 2018-06-14 23:08 - 002062488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2018-07-10 22:55 - 2018-06-14 23:08 - 001946752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-07-10 22:55 - 2018-06-14 23:08 - 001921944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2018-07-10 22:55 - 2018-06-14 23:08 - 001457128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-07-10 22:55 - 2018-06-14 23:08 - 001258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-07-10 22:55 - 2018-06-14 23:08 - 001150408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2018-07-10 22:55 - 2018-06-14 23:08 - 001140568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-07-10 22:55 - 2018-06-14 23:08 - 000983008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-07-10 22:55 - 2018-06-14 23:08 - 000945568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2018-07-10 22:55 - 2018-06-14 23:08 - 000898760 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-07-10 22:55 - 2018-06-14 23:08 - 000642088 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp_win.dll
2018-07-10 22:55 - 2018-06-14 23:08 - 000604576 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-07-10 22:55 - 2018-06-14 23:08 - 000500552 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2018-07-10 22:55 - 2018-06-14 23:08 - 000413816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-07-10 22:55 - 2018-06-14 23:08 - 000072768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WindowsTrustedRT.sys
2018-07-10 22:55 - 2018-06-14 23:05 - 000550608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2018-07-10 22:55 - 2018-06-14 23:05 - 000444240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2018-07-10 22:55 - 2018-06-14 23:04 - 001462824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2018-07-10 22:55 - 2018-06-14 23:04 - 001397192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2018-07-10 22:55 - 2018-06-14 23:04 - 001251736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContentDeliveryManager.Utilities.dll
2018-07-10 22:55 - 2018-06-14 23:04 - 000719552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-07-10 22:55 - 2018-06-14 23:04 - 000281080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExecModelClient.dll
2018-07-10 22:55 - 2018-06-14 23:04 - 000105376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2018-07-10 22:55 - 2018-06-14 23:03 - 002535032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2018-07-10 22:55 - 2018-06-14 23:03 - 002163184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2018-07-10 22:55 - 2018-06-14 23:03 - 001805752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-07-10 22:55 - 2018-06-14 23:03 - 001559368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-07-10 22:55 - 2018-06-14 23:03 - 001380192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-07-10 22:55 - 2018-06-14 23:03 - 001129640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-07-10 22:55 - 2018-06-14 23:03 - 001011968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-07-10 22:55 - 2018-06-14 23:03 - 000770152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2018-07-10 22:55 - 2018-06-14 23:03 - 000472136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2018-07-10 22:55 - 2018-06-14 23:03 - 000356960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-07-10 22:55 - 2018-06-14 23:03 - 000232488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL
2018-07-10 22:55 - 2018-06-14 23:03 - 000129192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-07-10 22:55 - 2018-06-14 22:49 - 002962944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-07-10 22:55 - 2018-06-14 22:48 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-07-10 22:55 - 2018-06-14 22:48 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Diagnostics.dll
2018-07-10 22:55 - 2018-06-14 22:47 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2018-07-10 22:55 - 2018-06-14 22:46 - 004333568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-07-10 22:55 - 2018-06-14 22:46 - 001356800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2018-07-10 22:55 - 2018-06-14 22:46 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2018-07-10 22:55 - 2018-06-14 22:46 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll
2018-07-10 22:55 - 2018-06-14 22:46 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2018-07-10 22:55 - 2018-06-14 22:45 - 000992768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2018-07-10 22:55 - 2018-06-14 22:45 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-07-10 22:55 - 2018-06-14 22:44 - 001632256 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2018-07-10 22:55 - 2018-06-14 22:44 - 001342976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2018-07-10 22:55 - 2018-06-14 22:44 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2018-07-10 22:55 - 2018-06-14 22:44 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2018-07-10 22:55 - 2018-06-14 22:44 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-07-10 22:55 - 2018-06-14 22:43 - 001114112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll
2018-07-10 22:55 - 2018-06-14 22:43 - 001110528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-07-10 22:55 - 2018-06-14 22:43 - 000675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2018-07-10 22:55 - 2018-06-14 22:43 - 000426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-07-10 22:55 - 2018-06-14 22:43 - 000312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagnosticLogCSP.dll
2018-07-10 22:55 - 2018-06-14 22:43 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2018-07-10 22:55 - 2018-06-14 22:43 - 000191488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VideoHandlers.dll
2018-07-10 22:55 - 2018-06-14 22:43 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2018-07-10 22:55 - 2018-06-14 22:42 - 000431104 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2018-07-10 22:55 - 2018-06-14 22:42 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2018-07-10 22:55 - 2018-06-14 22:42 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Diagnostics.dll
2018-07-10 22:55 - 2018-06-14 22:42 - 000319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-07-10 22:55 - 2018-06-14 22:42 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-07-10 22:55 - 2018-06-14 22:42 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2018-07-10 22:55 - 2018-06-14 22:42 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2018-07-10 22:55 - 2018-06-14 22:42 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2018-07-10 22:55 - 2018-06-14 22:41 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-07-10 22:55 - 2018-06-14 22:41 - 001724928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2018-07-10 22:55 - 2018-06-14 22:41 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-07-10 22:55 - 2018-06-14 22:41 - 000811520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Input.dll
2018-07-10 22:55 - 2018-06-14 22:41 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-07-10 22:55 - 2018-06-14 22:41 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-07-10 22:55 - 2018-06-14 22:41 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll
2018-07-10 22:55 - 2018-06-14 22:40 - 001550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-07-10 22:55 - 2018-06-14 22:40 - 001487360 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-07-10 22:55 - 2018-06-14 22:40 - 000827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2018-07-10 22:55 - 2018-06-14 22:40 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2018-07-10 22:55 - 2018-06-14 22:40 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2018-07-10 22:55 - 2018-06-14 22:39 - 002903040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-07-10 22:55 - 2018-06-14 22:39 - 002583552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-07-10 22:55 - 2018-06-14 22:39 - 002172416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-07-10 22:55 - 2018-06-14 22:39 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2018-07-10 22:55 - 2018-06-14 22:39 - 000916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-07-10 22:55 - 2018-06-14 22:39 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-07-10 22:55 - 2018-06-14 22:39 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-07-10 22:55 - 2018-06-14 22:38 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-07-10 22:55 - 2018-06-14 22:38 - 001581568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.PointOfService.dll
2018-07-10 22:55 - 2018-06-14 22:38 - 001305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2018-07-10 22:55 - 2018-06-14 22:38 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2018-07-10 22:55 - 2018-06-14 22:38 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-07-10 22:55 - 2018-06-14 22:38 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2018-07-10 22:55 - 2018-06-14 22:38 - 000910848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2018-07-10 22:55 - 2018-06-14 22:38 - 000596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-07-10 22:55 - 2018-06-14 22:37 - 001374208 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-07-10 22:55 - 2018-06-14 22:37 - 000883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-07-10 22:55 - 2018-05-20 05:53 - 000792984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-07-10 22:55 - 2018-05-20 05:52 - 000413080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-07-10 22:54 - 2018-07-06 07:53 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2018-07-10 22:54 - 2018-07-06 07:52 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-07-10 22:54 - 2018-07-06 07:49 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2018-07-10 22:54 - 2018-07-06 05:51 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2018-07-10 22:54 - 2018-07-06 01:01 - 000104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2018-07-10 22:54 - 2018-07-06 01:01 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
2018-07-10 22:54 - 2018-07-06 01:00 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2018-07-10 22:54 - 2018-07-06 01:00 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2018-07-10 22:54 - 2018-07-06 01:00 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2018-07-10 22:54 - 2018-07-06 01:00 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
2018-07-10 22:54 - 2018-07-06 01:00 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsTelemetry.dll
2018-07-10 22:54 - 2018-07-06 01:00 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
2018-07-10 22:54 - 2018-07-06 00:59 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Geolocation.dll
2018-07-10 22:54 - 2018-07-06 00:59 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2018-07-10 22:54 - 2018-07-06 00:59 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2018-07-10 22:54 - 2018-07-06 00:58 - 000236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Core.dll
2018-07-10 22:54 - 2018-07-06 00:58 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Cortana.dll
2018-07-10 22:54 - 2018-07-06 00:58 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-07-10 22:54 - 2018-07-06 00:58 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2018-07-10 22:54 - 2018-07-06 00:58 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2018-07-10 22:54 - 2018-07-06 00:57 - 000262656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NmaDirect.dll
2018-07-10 22:54 - 2018-07-06 00:56 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2018-07-10 22:54 - 2018-07-06 00:56 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-07-10 22:54 - 2018-07-06 00:56 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll
2018-07-10 22:54 - 2018-07-06 00:56 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-07-10 22:54 - 2018-07-06 00:55 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-07-10 22:54 - 2018-07-06 00:55 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-07-10 22:54 - 2018-07-06 00:53 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2018-07-10 22:54 - 2018-07-05 23:41 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2018-07-10 22:54 - 2018-06-15 11:35 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-07-10 22:54 - 2018-06-15 11:34 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\DsmUserTask.exe
2018-07-10 22:54 - 2018-06-15 11:33 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManagerAPI.dll
2018-07-10 22:54 - 2018-06-15 11:33 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2018-07-10 22:54 - 2018-06-15 11:31 - 000907776 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2018-07-10 22:54 - 2018-06-15 11:29 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2018-07-10 22:54 - 2018-06-15 09:04 - 000851968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2018-07-10 22:54 - 2018-06-15 09:03 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
2018-07-10 22:54 - 2018-06-15 09:01 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2018-07-10 22:54 - 2018-06-14 22:47 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2018-07-10 22:54 - 2018-06-14 22:47 - 000515072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2018-07-10 22:54 - 2018-06-14 22:46 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2018-07-10 22:54 - 2018-06-14 22:45 - 000871424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2018-07-10 22:54 - 2018-06-14 22:45 - 000740352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2018-07-10 22:54 - 2018-06-14 22:45 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-07-10 22:54 - 2018-06-14 22:45 - 000193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2018-07-10 22:54 - 2018-06-14 22:45 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\DTUHandlerPS.dll
2018-07-10 22:54 - 2018-06-14 22:44 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2018-07-10 22:54 - 2018-06-14 22:44 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2018-07-10 22:54 - 2018-06-14 22:44 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2018-07-10 22:54 - 2018-06-14 22:44 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\cellulardatacapabilityhandler.dll
2018-07-10 22:54 - 2018-06-14 22:43 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpRelayTransport.dll
2018-07-10 22:54 - 2018-06-14 22:43 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-07-10 22:54 - 2018-06-14 22:43 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2018-07-10 22:54 - 2018-06-14 22:42 - 000978432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2018-07-10 22:54 - 2018-06-14 22:42 - 000558592 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2018-07-10 22:54 - 2018-06-14 22:42 - 000287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2018-07-10 22:54 - 2018-06-14 22:42 - 000273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2018-07-10 22:54 - 2018-06-14 22:41 - 000953856 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2018-07-10 22:54 - 2018-06-14 22:41 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2018-07-10 22:54 - 2018-06-14 22:41 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2018-07-10 22:54 - 2018-06-14 22:36 - 000159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdrom.sys
2018-07-10 22:54 - 2018-05-31 23:18 - 000058524 _____ C:\WINDOWS\system32\srms.dat
2018-07-10 20:14 - 2018-07-31 10:44 - 000000000 ____D C:\ProgramData\Packages
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-08-09 10:17 - 2018-04-11 17:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-08-09 10:12 - 2015-03-01 12:24 - 000000000 ____D C:\Program Files (x86)\Opera
2018-08-09 10:06 - 2016-11-26 00:39 - 000000000 ____D C:\Users\Dave\AppData\LocalLow\Mozilla
2018-08-09 10:06 - 2012-06-20 13:19 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-08-09 10:05 - 2017-04-30 13:14 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-08-09 10:05 - 2013-03-03 20:11 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-08-09 10:04 - 2016-07-23 22:49 - 000000000 ___RD C:\Users\Dave\OneDrive
2018-08-09 10:00 - 2018-05-16 00:43 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-08-09 09:59 - 2018-05-16 00:01 - 000000000 ____D C:\Users\Dave
2018-08-09 09:59 - 2018-04-11 15:04 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2018-08-09 09:58 - 2015-08-03 11:34 - 000000000 ____D C:\Users\Dave\AppData\Roaming\Everything
2018-08-09 09:57 - 2018-06-29 12:48 - 000001307 _____ C:\Users\Dave\Desktop\Device Manager - Shortcut.lnk
2018-08-09 09:53 - 2012-06-19 10:07 - 000000000 ____D C:\Users\Dave\AppData\Roaming\vlc
2018-08-09 09:22 - 2018-05-15 23:51 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-08-09 05:07 - 2018-05-16 00:43 - 000004158 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CB1BE535-6F0F-4578-8662-9C0E1D1C3C7F}
2018-08-08 23:00 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-08-08 22:58 - 2012-06-29 00:10 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-08-08 13:13 - 2018-04-11 17:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-08-08 11:32 - 2018-07-09 23:11 - 000001106 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2018-08-07 23:42 - 2016-05-13 18:01 - 000000000 ____D C:\Users\Dave\AppData\Roaming\GrabIt
2018-08-06 10:03 - 2015-08-08 17:19 - 000001414 _____ C:\Users\Dave\Desktop\Everything.exe - Shortcut.lnk
2018-08-05 02:24 - 2018-04-11 17:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-08-02 14:26 - 2015-03-01 10:56 - 000000000 ____D C:\Users\Dave\AppData\Roaming\Apple Computer
2018-07-31 10:32 - 2018-02-27 22:40 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-07-30 03:20 - 2018-05-16 00:43 - 000003962 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1425234319
2018-07-30 03:20 - 2017-06-30 11:17 - 000001122 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2018-07-29 11:17 - 2018-01-25 00:57 - 000000000 ____D C:\Users\Dave\Downloads\Memes I Liked
2018-07-29 11:14 - 2012-08-19 10:49 - 000000000 ____D C:\Users\Dave\Downloads\Posted Cartoons
2018-07-27 16:48 - 2018-03-12 08:35 - 000000000 ____D C:\Program Files\Common Files\Apple
2018-07-27 16:48 - 2015-03-01 10:56 - 000000000 ____D C:\Users\Dave\AppData\Local\Apple Computer
2018-07-27 11:33 - 2009-07-13 21:20 - 000000000 __RHD C:\Users\Public\Public Desktop
2018-07-26 11:07 - 2014-12-11 00:49 - 000000000 ____D C:\Users\Dave\AppData\Roaming\KeePass
2018-07-23 00:48 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-07-21 09:14 - 2016-12-17 12:58 - 000000000 ____D C:\Program Files\Pale Moon
2018-07-21 08:48 - 2013-06-11 13:27 - 000000968 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pale Moon.lnk
2018-07-21 08:48 - 2013-06-11 13:27 - 000000956 _____ C:\Users\Public\Desktop\Pale Moon.lnk
2018-07-19 23:25 - 2016-02-15 01:00 - 000000000 ____D C:\Users\Dave\Downloads\Podcasts
2018-07-16 23:05 - 2010-11-20 21:27 - 000563832 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-07-16 11:34 - 2017-12-23 20:30 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-07-15 22:52 - 2012-08-19 09:00 - 000016384 _____ C:\Users\Dave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-07-15 22:28 - 2012-06-24 14:43 - 000000000 ____D C:\Users\Office Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-07-14 00:46 - 2018-05-16 00:43 - 000003368 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4063716828-1680190529-1648852121-1000
2018-07-14 00:46 - 2018-05-16 00:01 - 000002409 _____ C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-07-12 00:23 - 2018-05-16 00:43 - 000004530 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-07-12 00:22 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-07-12 00:22 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-07-11 04:04 - 2018-04-11 17:36 - 000000000 ____D C:\WINDOWS\INF
2018-07-11 01:13 - 2018-05-15 23:56 - 000968400 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-07-11 01:08 - 2017-12-23 20:18 - 000000000 ___RD C:\Users\Dave\3D Objects
2018-07-11 01:08 - 2016-07-23 22:45 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-07-11 01:07 - 2018-05-15 23:51 - 000453184 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-07-11 01:03 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-07-11 01:03 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-07-11 01:02 - 2018-04-11 17:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-07-11 01:02 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-07-11 01:02 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-07-10 23:28 - 2013-08-14 09:15 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-07-10 23:10 - 2012-06-16 13:56 - 134675576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-07-10 20:07 - 2018-05-16 00:43 - 000004578 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
==================== Files in the root of some directories =======
2011-08-19 16:02 - 2011-06-09 17:44 - 000002792 _____ () C:\Program Files\HP SimplePass 2011
2009-04-20 23:51 - 2007-12-14 19:33 - 000262144 _____ (ZoneAlarm) C:\Program Files (x86)\Uninstall Spy Blocker.dll
2012-07-27 11:57 - 2012-07-27 11:57 - 000007859 _____ () C:\Users\Office Administrator\AppData\Roaming\pcouffin.cat
2012-07-27 11:57 - 2012-07-27 11:57 - 000001167 _____ () C:\Users\Office Administrator\AppData\Roaming\pcouffin.inf
2012-07-27 11:57 - 2012-07-27 11:57 - 000000034 _____ () C:\Users\Office Administrator\AppData\Roaming\pcouffin.log
2012-07-27 11:57 - 2012-07-27 11:57 - 000082816 _____ (VSO Software) C:\Users\Office Administrator\AppData\Roaming\pcouffin.sys
2012-10-13 19:45 - 2012-10-13 19:45 - 000000600 _____ () C:\Users\Office Administrator\AppData\Roaming\winscp.rnd
Some files in TEMP:
====================
2018-08-08 11:31 - 2018-08-08 11:31 - 004264384 _____ (Don HO don.h@free.fr) C:\Users\Dave\AppData\Local\Temp\npp.7.5.8.Installer.exe
2018-05-24 19:49 - 2018-05-24 19:49 - 004299968 _____ (Don HO don.h@free.fr) C:\Users\Office Administrator\AppData\Local\Temp\npp.7.5.6.Installer.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-05-15 23:51
==================== End of FRST.txt ============================
**********************************
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by Office Administrator (09-08-2018 10:27:44)
Running from C:\Users\Dave\Desktop
Windows 10 Home Version 1803 17134.165 (X64) (2018-05-16 06:45:36)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-4063716828-1680190529-1648852121-500 - Administrator - Disabled) => C:\Users\Administrator
Ben (S-1-5-21-4063716828-1680190529-1648852121-1004 - Limited - Enabled) => C:\Users\Ben
Dave (S-1-5-21-4063716828-1680190529-1648852121-1000 - Limited - Enabled) => C:\Users\Dave
DefaultAccount (S-1-5-21-4063716828-1680190529-1648852121-503 - Limited - Disabled)
Guest (S-1-5-21-4063716828-1680190529-1648852121-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4063716828-1680190529-1648852121-1002 - Limited - Enabled)
Hope (S-1-5-21-4063716828-1680190529-1648852121-1003 - Limited - Enabled) => C:\Users\Hope
Mary Jo (S-1-5-21-4063716828-1680190529-1648852121-1005 - Limited - Enabled) => C:\Users\Mary Jo
Office Administrator (S-1-5-21-4063716828-1680190529-1648852121-1006 - Administrator - Enabled) => C:\Users\Office Administrator
Rich (S-1-5-21-4063716828-1680190529-1648852121-1008 - Limited - Enabled) => C:\Users\Rich
Share_with_Office (S-1-5-21-4063716828-1680190529-1648852121-1007 - Limited - Enabled) => C:\Users\Share_with_Office
WDAGUtilityAccount (S-1-5-21-4063716828-1680190529-1648852121-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKLM-x32\...\uTorrent) (Version: 3.2.0 - )
2017 Screen Saver (HKLM-x32\...\2017 Screen Saver_is1) (Version: - Access Analytic)
4K YouTube to MP3 3.3 (HKLM-x32\...\{35F6F72F-08F5-4885-8B69-7A3C6C1F038E}) (Version: 3.3.5.1797 - Open Media LLC)
802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.01.18.0 - Ralink)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.4 - Adobe Systems Incorporated)
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 30 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\...\Amazon Kindle) (Version: 1.20.1.47037 - Amazon)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.5.3.0 - SlySoft)
Apple Application Support (32-bit) (HKLM-x32\...\{E5347310-C82F-4833-AA36-8D11E5A8A86A}) (Version: 6.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D745E014-74DD-43A3-98DF-E7D38164B681}) (Version: 6.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C29B636B-9015-4ED1-A12F-6375A337F23B}) (Version: 11.4.1.46 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
ArcSoft ShowBiz (HKLM-x32\...\{9D41D2EF-2D33-4CFD-8A3E-C7E6FCC3303B}) (Version: 3.5.13.64 - ArcSoft)
Asterisk Key 10.0 (HKLM-x32\...\asterisk key) (Version: - )
Audacity 2.0 (HKLM-x32\...\Audacity_is1) (Version: - Audacity Team)
AVIcodec (remove only) (HKLM-x32\...\AVIcodec) (Version: - )
Avidemux 2.6 (32-bit) (HKLM-x32\...\Avidemux 2.6) (Version: 2.6.1.8321 - )
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
Backup and Sync from Google (HKLM\...\{AEFBDB5B-899F-4AE6-B789-BA56A652A476}) (Version: 3.42.9858.3671 - Google, Inc.)
Bandicam (HKLM-x32\...\Bandicam) (Version: 2.1.1.731 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com)
Beyond Compare 4.2.2 (HKLM\...\BeyondCompare4_is1) (Version: 4.2.2.22384 - Scooter Software)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Blue Coat K9 Web Protection (HKLM\...\Blue Coat K9 Web Protection) (Version: 4.3.188 - Blue Coat Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
calibre (HKLM-x32\...\{D2DCF339-7EBC-4D88-B515-A504297796EA}) (Version: 3.6.0 - Kovid Goyal)
Canon MP Navigator EX 2.0 (HKLM-x32\...\MP Navigator EX 2.0) (Version: - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - )
CanoScan LiDE 200 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807) (Version: - )
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.4.03034 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{EB629A98-5E69-40E8-BA9E-C393899F959D}) (Version: 4.4.03034 - Cisco Systems, Inc.) Hidden
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.12334.0 - Cisco Consumer Products LLC)
Cisco WebEx Meetings (HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
CloneCD (HKLM-x32\...\CloneCD) (Version: - SlySoft)
CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version: 2.9.3.0 - Elaborate Bytes)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.1) (Version: 5.0.0.1 - Coupons.com Incorporated)
CPUID CPU-Z 1.68 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) <==== ATTENTION
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DjVuLibre DjView 3.5.27+4.10.4 (HKLM-x32\...\DjVuLibre+DjView) (Version: 3.5.27+4.10.4 - DjVuZone)
Driver Install 64-Bit (HKLM-x32\...\{AA107568-1B58-407E-9867-D51F71C9F446}) (Version: 6.0.107.0 - China) Hidden
Driver Install 64-Bit (HKLM-x32\...\InstallShield_{AA107568-1B58-407E-9867-D51F71C9F446}) (Version: 6.0.107.0 - China)
EPubsoft Adobe PDF ePub DRM Removal 8.9.6 (HKLM-x32\...\{917CB2F3-7BAF-4E1E-9444-1241BF3D6B92}) (Version: 8.9.6 - EPUBSOFT)
Eudora (HKLM-x32\...\{FC40342A-B862-4F02-9B85-EBC13BE78AD1}) (Version: 7.0 - )
Everything 1.3.4.686 (x64) (HKLM\...\Everything) (Version: - )
Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
EZ Grabber (HKLM-x32\...\{8543A572-5993-4101-BACC-C83884E183A4}) (Version: 2.00.0000 - EZ Grabber)
f.lux (HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\...\Flux) (Version: - f.lux Software LLC)
Family Tree Maker 2012 (HKLM-x32\...\{1CB0993B-1CD4-4A18-9C85-9732AFD9843F}) (Version: 21.0.452 - Ancestry.com, Inc.) Hidden
Family Tree Maker 2012 (HKLM-x32\...\Family Tree Maker 2012) (Version: 21.0.452 - Ancestry.com, Inc.)
FeedDemon (HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\...\FeedDemon_is1) (Version: 4.5.0.0 - NewsGator Technologies, Inc.)
Flash Decompiler Trillix (HKLM-x32\...\Flash Decompiler Trillix_is1) (Version: 5.3 - Eltima Software)
foobar2000 v1.3.10 (HKLM-x32\...\foobar2000) (Version: 1.3.10 - Peter Pawlowski)
FormatFactory 3.0.1 (HKLM-x32\...\FormatFactory) (Version: 3.0.1 - Free Time)
FREE EML File Viewer version v2.0 (HKLM-x32\...\{6B16A616-C931-4D4B-B1C5-E04F2D4DDD63}_is1) (Version: v2.0 - www.freeviewer.org)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Gmail Backup (HKLM-x32\...\gmailbackup) (Version: - )
GnuWin32: Wget-1.11.4-1 (HKLM-x32\...\Wget-1.11.4-1_is1) (Version: 1.11.4-1 - GnuWin32)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GrabIt 1.7.3 Beta (build 1010) (HKLM-x32\...\GrabIt_is1) (Version: - Ilan Shemes)
HandBrake 0.9.6 (HKLM-x32\...\HandBrake) (Version: 0.9.6 - )
Huffyuv AVI lossless video codec - MultiThread (Remove Only) (HKLM-x32\...\HuffyuvcodecMT) (Version: - )
iCloud (HKLM\...\{82FCC407-A0E5-4B80-9241-5ABA78B61090}) (Version: 7.6.0.15 - Apple Inc.)
ImageMagick 6.8.9-5 Q8 (64-bit) (2014-07-15) (HKLM\...\ImageMagick 6.8.9 Q8 (64-bit)_is1) (Version: 6.8.9 - ImageMagick Studio LLC)
iMazing HEIC Converter version 1.0.5 (HKLM\...\{FA58AFA9-B210-409C-88F1-2A90D577C170}_is1) (Version: 1.0.5 - DigiDNA)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
iTunes (HKLM\...\{36F365B3-05C2-455D-9D96-B73829DE046D}) (Version: 12.8.0.150 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KeePass Password Safe 2.28 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.28 - Dominik Reichl)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - )
Lame ACM MP3 Codec (HKLM-x32\...\LameACM) (Version: - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Link Shell Extension (HKLM\...\HardlinkShellExt) (Version: 3.7.5.1 - Hermann Schinagl)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
MapWindow GIS (HKLM-x32\...\{0018DC60-E4CB-4884-81EC-52CF2BAF54EF}_is1) (Version: 4.8.8 - MapWindow GIS)
Mathematica Extras 8.0 (2609412) (HKLM\...\A-WIN-Extras 8.0.4 2609412_is1) (Version: 8.0.4 - Wolfram Research, Inc.)
MediaHuman YouTube to MP3 Converter version 3.9.8.10 (HKLM-x32\...\MediaHuman YouTube to MP3 Converter_is1) (Version: 3.9.8.10 - )
MediaInfo 0.7.67 (HKLM\...\MediaInfo) (Version: 0.7.67 - MediaArea.net)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\...\OneDriveSetup.exe) (Version: 18.111.0603.0006 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4063716828-1680190529-1648852121-1006\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 61.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 61.0.2 (x64 en-US)) (Version: 61.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)
MP4Tools v3.1 (HKLM-x32\...\MP4Tools_is1) (Version: - )
MuseScore 2 (HKLM-x32\...\{703926DE-F24B-11E4-AA68-472FB664A5DC}) (Version: 2.0.1 - Werner Schweer and Others)
MyFreeCodec (HKU\S-1-5-21-4063716828-1680190529-1648852121-1006\...\MyFreeCodec) (Version: - )
Neat Video v3.0 Demo plug-in for VirtualDub (32-bit) (HKLM-x32\...\Neat Video for VirtualDub (32-bit)_is1) (Version: - Neat Video team, ABSoft)
Network Stumbler 0.4.0 (remove only) (HKLM-x32\...\Network Stumbler) (Version: - )
NirSoft VideoCacheView (HKLM-x32\...\NirSoft VideoCacheView) (Version: - )
NLOGIT 4.0 (HKLM-x32\...\{162D8CCE-79C2-4587-A026-22B8D8B73015}) (Version: 04.00.0001 - Econometric Software, Inc.)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.8 - Notepad++ Team)
NZBLeecher (HKLM-x32\...\NZBLeecher) (Version: - )
Open Live Writer (HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\...\OpenLiveWriter) (Version: 0.6.2 - Open Live Writer)
Opera Stable 54.0.2952.64 (HKLM-x32\...\Opera 54.0.2952.64) (Version: 54.0.2952.64 - Opera Software)
Orbit Downloader (HKLM-x32\...\Orbit_is1) (Version: - www.orbitdownloader.com)
paint.net (HKLM\...\{E8FA8815-3817-4128-A814-E2EAC456ADF0}) (Version: 4.0.21 - dotPDN LLC)
Pale Moon (x64 en-US) (HKLM\...\Pale Moon (x64 en-US)) (Version: 27.9.4 - Moonchild Productions)
Pale Moon 27.0.2 (x86 en-US) (HKLM-x32\...\Pale Moon 27.0.2 (x86 en-US)) (Version: 27.0.2 - Moonchild Productions)
PaperCut Print Logger 1.10 (HKLM-x32\...\PaperCut Print Logger_is1) (Version: - PaperCut Software Int. Pty. Ltd.)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.4.1 - Frank Heindörfer, Philip Chinery)
PdfMerge (HKLM-x32\...\{1CD59184-5172-4899-BAE4-4F06D57B2004}) (Version: 1.19.0 - PdfMerge)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.203.0 - Tracker Software Products Ltd)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Plex Media Server (HKLM-x32\...\{16eca963-68c5-4756-80f9-db9094a4d6f0}) (Version: 0.9.1104 - Plex, Inc.)
Plex Media Server (HKLM-x32\...\{A6BF4853-41E9-4DA1-AD81-4B16FEE938C2}) (Version: 0.9.1104 - Plex, Inc.) Hidden
POV-Ray for Windows v3.6.1c (HKLM-x32\...\POV-Ray for Windows v3.6) (Version: 3.6 - Persistence of Vision Raytracer Pty. Ltd.)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5331 - CyberLink Corp.) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5331 - CyberLink Corp.)
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.4320 - CyberLink Corp.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Respondus 4.0 Campus-Wide (HKLM-x32\...\{8DB14A0D-7D84-46B3-AEE4-D265729C78BD}) (Version: 4.00.0000 - Respondus, Inc.)
Respondus LockDown Browser 2 (HKLM-x32\...\{BBC7F69B-7A94-41E9-8A4B-B55A8D06431F}) (Version: 2.00.0000 - Respondus)
SABnzbd 1.0.2 (HKLM-x32\...\SABnzbd) (Version: 1.0.2 - The SABnzbd Team)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
screen-scraper Basic Edition (HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\...\5814-3494-4319-2342) (Version: 7.0 - ekiwi, LLC)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.16052.2 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.16052.2 - Samsung Electronics Co., Ltd.)
Snagit 12 (HKLM-x32\...\{B298CE4A-880B-4D6E-8987-2D8A616BF568}) (Version: 12.0.0 - TechSmith Corporation) Hidden
Snagit 12 (HKLM-x32\...\{bdac23f5-7943-42cf-ba56-4732fc20b6a7}) (Version: 12.0.0.1001 - TechSmith Corporation)
SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
ThumbNailer (HKLM\...\{4FF14ED2-7B23-4EBF-A88B-CAE3590F9388}) (Version: 10.1.0.10 - Smaller Animals Software) Hidden
ThumbNailer 10 (HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\...\ThumbNailer 10.1.0.10) (Version: 10.1.0.10 - Smaller Animals Software)
TreeSize Free V2.7 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.7 - JAM Software)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{DE083343-D24D-4495-919E-18C65EC0F289}) (Version: 2.8.0.0 - Microsoft Corporation)
Verizon Cloud (HKLM\...\Verizon Cloud) (Version: 16.1.8.13 - Verizon)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VSO Inspector 2.0.2 (HKLM-x32\...\VSO Inspector_is1) (Version: - VSO-Software SARL)
WD Link (HKLM-x32\...\WD Link) (Version: 1.00.03 - Western Digital)
WebP Codec for Windows 0.19 (HKLM\...\{9D2F4EB8-98AD-4C8B-A0C5-4C114B3F1287}) (Version: 0.19.9 - Google Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinRAR 5.60 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.60.0 - win.rar GmbH)
WinSCP 5.1 (HKLM-x32\...\winscp3_is1) (Version: 5.1 - Martin Prikryl)
Wolfram CDF Player (M-WIN-D 8.0.4 2609533) (HKLM-x32\...\M-WIN-D 8.0.4 2609533_is1) (Version: 8.0.4 - Wolfram Research, Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers: [ SncrOverlays (Blocked)] -> {C418E880-6280-4010-A888-FD76028E5511} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll [2016-10-10] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (InSync)] -> {5F4A6070-DB92-4C56-A487-F3850430608F} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll [2016-10-10] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (Pending)] -> {EE73A341-C788-4A6B-B1EF-DDBFC0F190B6} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll [2016-10-10] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (Syncing)] -> {28CDCD88-B179-49D6-8B21-1A9AF9C0AE13} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll [2016-10-10] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2013-08-23] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2013-08-23] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2013-08-23] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ SncrOverlays (Blocked)] -> {C418E880-6280-4010-A888-FD76028E5511} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll [2016-10-10] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers-x32: [ SncrOverlays (InSync)] -> {5F4A6070-DB92-4C56-A487-F3850430608F} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll [2016-10-10] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers-x32: [ SncrOverlays (Pending)] -> {EE73A341-C788-4A6B-B1EF-DDBFC0F190B6} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll [2016-10-10] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers-x32: [ SncrOverlays (Syncing)] -> {28CDCD88-B179-49D6-8B21-1A9AF9C0AE13} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll [2016-10-10] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers-x32: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2013-08-23] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2013-08-23] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2013-08-23] (Hermann Schinagl)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2018-07-22] ()
ContextMenuHandlers1: [CirrusShellEx] -> {57FA2D12-D22D-490A-805A-5CB48E84F12A} => C:\My Program Files (x86)\Beyond Compare 4\BCShellEx64.dll [2017-05-18] (Scooter Software)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-05-30] (Google)
ContextMenuHandlers1: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2013-08-23] (Hermann Schinagl)
ContextMenuHandlers1: [Notepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2018-07-22] ()
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2018-06-26] (Apple Inc.)
ContextMenuHandlers1: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files (x86)\TechSmith\Snagit 12\DLLx64\SnagitShellExt64.dll [2014-04-18] (TechSmith Corporation)
ContextMenuHandlers1: [VerizonCtxMenu] -> {8CA825D9-C7DB-4833-9901-E7400521CE04} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.ContextMenus.dll [2016-10-10] (Synchronoss Technologies Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers1-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-03] (Malwarebytes)
ContextMenuHandlers3: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ContextMenuHandlers4: [CirrusShellEx] -> {57FA2D12-D22D-490A-805A-5CB48E84F12A} => C:\My Program Files (x86)\Beyond Compare 4\BCShellEx64.dll [2017-05-18] (Scooter Software)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-05-30] (Google)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers4: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files (x86)\TechSmith\Snagit 12\DLLx64\SnagitShellExt64.dll [2014-04-18] (TechSmith Corporation)
ContextMenuHandlers4: [VerizonCtxMenu] -> {8CA825D9-C7DB-4833-9901-E7400521CE04} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.ContextMenus.dll [2016-10-10] (Synchronoss Technologies Inc.)
ContextMenuHandlers4: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers5: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2013-08-23] (Hermann Schinagl)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Intel Corporation)
ContextMenuHandlers5: [VerizonCtxMenu] -> {8CA825D9-C7DB-4833-9901-E7400521CE04} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.ContextMenus.dll [2016-10-10] (Synchronoss Technologies Inc.)
ContextMenuHandlers5: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ContextMenuHandlers6: [CirrusShellEx] -> {57FA2D12-D22D-490A-805A-5CB48E84F12A} => C:\My Program Files (x86)\Beyond Compare 4\BCShellEx64.dll [2017-05-18] (Scooter Software)
ContextMenuHandlers6: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2013-08-23] (Hermann Schinagl)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-03] (Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers6: [VerizonCtxMenu] -> {8CA825D9-C7DB-4833-9901-E7400521CE04} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.ContextMenus.dll [2016-10-10] (Synchronoss Technologies Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers6-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {032B01CC-1874-43B4-A40E-0A34AE5B0219} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {042937CB-5476-4C2A-8480-C5E036578E2B} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0CC3794B-E509-49AE-AF82-09F758E715B3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {0EBF683C-73C8-427B-888B-F5FEDFA0A8B8} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Unlock -> No File <==== ATTENTION
Task: {14160C5A-0629-4486-AD42-B50AD57381FA} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {15CDA51F-2714-4EDB-A171-93B428EB5EAB} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\OutOfIdle -> No File <==== ATTENTION
Task: {225F401F-D757-4C63-9C5E-338A1BF1A40C} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {22B36131-D912-447F-8E3A-93B96D768A49} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {310AE0D2-A029-42FE-9CBF-BE9D3169809C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {3311EDC2-3EB7-44C7-98E3-001274DB87E2} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {35A742C1-2971-4943-A2E3-29AD462FFAAC} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3ACF76E4-F5DF-431C-BEA2-BE70CF85AE6D} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {3D5FD92F-118C-45D9-B0B3-3723CAC9801B} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {3F0B4EA2-4D7B-4D23-876A-75BCC92FE9AF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-07-12] (Adobe Systems Incorporated)
Task: {40916EEB-6F1E-4999-9E15-7F491478CD18} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {442A0DF8-035C-4EC9-9586-E841BDA7E761} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-07-31] (Microsoft Corporation)
Task: {448270B0-5154-498D-B24D-AE71E7DB5927} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {453D4E41-9E0A-450B-ABEE-1E59AE056970} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {4BC2A2DA-AFD4-4150-A965-394C5A98BC48} - System32\Tasks\SetupManager => C:\Program Files (x86)\Hewlett-Packard\Setup Manager\toaster.exe
Task: {4EA06D77-9D3C-4D8D-87AC-E943886E5F61} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\OnIdle -> No File <==== ATTENTION
Task: {4EF9C94A-BEB8-4886-8EFB-6F8DC72DE967} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {53ABC437-1B0B-41C8-BFA8-0949927B2CAE} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {55FDF64B-3C5A-49F4-9EC4-597B575CA285} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {60C6872D-D8C5-4B88-8980-45D08F81447E} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {66373DB8-4A8D-49A8-88A9-7AC45A9257AE} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {6F313266-B64D-44AE-A7BB-DE6293968188} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {72D3B183-DAE2-4C2A-B083-2F775CA56B84} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {76028AB5-AC97-4F06-8327-7D5A47A19935} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8019363D-BCAD-4773-B90D-F17D42075CBA} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {81CF05AE-D06C-4C08-9EC1-EF7705F329D2} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Logon -> No File <==== ATTENTION
Task: {8D77A25D-FD6A-481A-B0D6-9678902CB9A5} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {92371601-C4C9-4886-8F49-55A1B31041CA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {962F44DF-9C5B-4695-A5B2-B3B13C819136} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-07-31] (Microsoft Corporation)
Task: {97D57FBC-B035-440C-88E7-9E676CD64057} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9EE88514-786B-4C6B-B761-AD00A3815399} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {A67499BF-E58D-4F6B-808F-5521BCB22C84} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {AA322EE6-D956-4A82-83A1-15E2310DA8ED} - System32\Tasks\Opera scheduled Autoupdate 1425234319 => C:\Program Files (x86)\Opera\launcher.exe [2018-07-24] (Opera Software)
Task: {AAAF2967-9FCF-4FE5-B8ED-82D0D1916F31} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-07-31] (Microsoft Corporation)
Task: {ABE81196-0AAC-419A-993A-CA0F9FA7E738} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {B0783751-AFAE-4BFF-B02A-3C74BBADC98E} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B45BD574-7084-4DF1-82B3-CD8D60EDDB56} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {B575AFE0-AF73-4398-9D64-5D7A4249CF40} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {B7A8F376-2E78-4061-83AB-BD6CC226463C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {B887A7D3-7A91-488D-87DA-512ED75B31E7} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {BB891099-3F04-45DA-8DFA-066AB33B0F7D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C0F395F2-9715-4314-A840-2E6C417F6A32} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C1C94E11-56D4-42FD-B052-F12EAEB7E8A4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {C29AFA7A-269B-4DEC-95F3-09270AAEC4FB} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_Plugin.exe [2018-07-10] (Adobe Systems Incorporated)
Task: {C6429797-F491-4F5C-BD36-6AC08CF60D18} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {CC5E2665-C32E-472A-B456-DD8263A22363} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Time -> No File <==== ATTENTION
Task: {DB90AE6C-A7F3-4DCB-8F95-73AC04603218} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {DC0B13A5-A3AF-44DB-A8AF-45ED1E90A3D1} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2014-04-17] (TechSmith Corporation)
Task: {DD8F35AB-434A-41DE-9AD1-1257D3D4E48B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {E40AF1E4-E26D-4DF8-BF69-C3737ACB46AC} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {E4E1AB3F-C6DC-443F-A040-1F71DC7EA004} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-07-31] (Microsoft Corporation)
Task: {E63BAE5A-5EBA-47EA-A20E-B92FD497F1B2} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\RunCampaignManager2 -> No File <==== ATTENTION
Task: {E715D404-048F-428E-B4E3-3091D17C67DF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {EE44F1BC-3A65-4249-BBAC-F4DEB17CDF61} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F1B34399-703E-4852-B06A-F538BC5472CA} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {F2511BEE-366D-49C8-BB06-D1D74AAAE162} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FE713D77-2EF1-4348-86DE-E0815C71AAD4} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_pepper.exe [2018-07-12] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-08-03 10:45 - 2014-08-05 19:04 - 001441792 _____ () C:\Program Files\Everything\Everything.exe
2018-01-05 00:14 - 2018-01-05 00:14 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-06-23 06:56 - 2018-06-23 06:56 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-05-15 16:00 - 2018-07-16 11:34 - 002433744 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2013-08-05 00:15 - 2013-08-05 00:15 - 000070712 _____ () c:\windows\system32\bdmpega64.acm
2018-04-11 17:34 - 2018-04-11 17:34 - 000491744 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2004-09-30 12:15 - 2004-09-30 12:15 - 000192000 _____ () C:\Program Files\LinkShellExtension\RockallDLL.dll
2018-04-11 17:34 - 2018-04-11 17:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 17:34 - 2018-04-11 17:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-07-22 18:14 - 2018-07-22 18:14 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2018-07-10 22:56 - 2018-07-06 00:55 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-07-17 15:13 - 2018-07-17 15:13 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-07-17 15:13 - 2018-07-17 15:13 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-07-17 15:13 - 2018-07-17 15:14 - 022373888 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-07-17 15:13 - 2018-07-17 15:13 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\skypert.dll
2018-07-27 10:37 - 2018-07-27 10:37 - 035195392 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.13911.0_x64__8wekyb3d8bbwe\Video.UI.exe
2018-07-27 10:37 - 2018-07-27 10:37 - 000290816 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.13911.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-07-27 10:37 - 2018-07-27 10:37 - 006373376 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.13911.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-09-25 22:50 - 2017-09-25 22:50 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.13911.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-07-27 10:37 - 2018-07-27 10:37 - 008903168 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.13911.0_x64__8wekyb3d8bbwe\EntPlat.dll
2018-07-10 20:13 - 2018-07-10 20:13 - 001922224 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2017-03-09 02:16 - 2017-03-09 02:16 - 000112264 _____ () C:\Windows\System32\IccLibDll_x64.dll
2018-07-06 02:00 - 2018-07-06 02:00 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
2018-07-06 02:00 - 2018-07-06 02:00 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2018-05-30 11:03 - 2018-05-30 11:03 - 046281248 _____ () C:\Program Files\Google\Drive\googledrivesync.exe
2011-12-22 11:10 - 2011-12-22 11:58 - 000207717 _____ () C:\Users\Dave\Documents\My Program Files\AutoHotkey\Compiler\keywords.exe
2018-08-08 22:58 - 2018-08-07 18:41 - 004855640 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.106\libglesv2.dll
2018-08-08 22:58 - 2018-08-07 18:41 - 000115544 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.106\libegl.dll
2018-08-09 10:03 - 2018-08-09 10:03 - 000113152 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\_ctypes.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000080896 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\bz2.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 001585152 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\_hashlib.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000128512 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\win32api.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000137728 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\pywintypes27.dll
2018-08-09 10:03 - 2018-08-09 10:03 - 000548864 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\pythoncom27.dll
2018-08-09 10:03 - 2018-08-09 10:03 - 000689664 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\unicodedata.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000438784 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\win32com.shell.shell.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 001489408 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\wx._core_.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 001007104 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\wx._gdi_.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 001039872 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\wx._windows_.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 001325056 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\wx._controls_.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000916992 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\wx._misc_.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 001084416 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\pysqlite2._sqlite.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000149504 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\win32file.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000136192 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\win32security.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000007680 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\hashobjs_ext.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000020992 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\thumbnails_ext.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000118784 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\usb_ext.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000047616 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\_socket.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 002224640 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\_ssl.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000014848 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\common.time34.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000023040 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\win32event.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000034304 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\windows.conditional.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000020480 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\windows.winwrap.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000110080 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\windows.volumes.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000223232 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\win32gui.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000173568 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\_elementtree.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000169472 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\pyexpat.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000048128 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\win32inet.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000103424 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\wx._html2.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000046080 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\_psutil_windows.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000633272 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\windows._cacheinvalidation.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000011776 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\win32crypt.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000301568 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\PIL._imaging.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000032256 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\_multiprocessing.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 005458944 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\cello.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000026112 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\_yappi.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000044032 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\win32process.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000027648 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\win32pipe.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000010752 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\select.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000029696 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\win32pdh.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000038400 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\windows.connectivity.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000073216 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\windows.device_monitor.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000020480 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\win32profile.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000026624 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\win32ts.pyd
2016-12-17 12:58 - 2018-07-10 12:17 - 005406208 _____ () C:\Program Files\Pale Moon\mozjs.dll
2017-05-17 06:16 - 2017-05-17 06:16 - 000073728 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2018-07-30 03:20 - 2018-07-24 23:06 - 087838808 _____ () C:\Program Files (x86)\Opera\54.0.2952.64\opera_browser.dll
2018-07-30 03:20 - 2018-07-24 23:06 - 003871320 _____ () C:\Program Files (x86)\Opera\54.0.2952.64\libglesv2.dll
2018-07-30 03:20 - 2018-07-24 23:06 - 000086616 _____ () C:\Program Files (x86)\Opera\54.0.2952.64\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:DED17083 [286]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 20:34 - 2018-08-09 10:02 - 000001707 _____ C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
216.239.32.20 www.google.ae # bck9
216.239.32.20 www.google.at # bck9
216.239.32.20 www.google.be # bck9
216.239.32.20 www.google.ca # bck9
216.239.32.20 www.google.ch # bck9
216.239.32.20 www.google.cl # bck9
216.239.32.20 www.google.co.il # bck9
216.239.32.20 www.google.co.in # bck9
216.239.32.20 www.google.co.jp # bck9
216.239.32.20 www.google.co.kr # bck9
216.239.32.20 www.google.co.nz # bck9
216.239.32.20 www.google.co.uk # bck9
216.239.32.20 www.google.co.ve # bck9
216.239.32.20 www.google.co.za # bck9
216.239.32.20 www.google.com # bck9
216.239.32.20 www.google.com.ar # bck9
216.239.32.20 www.google.com.au # bck9
216.239.32.20 www.google.com.br # bck9
216.239.32.20 www.google.com.co # bck9
216.239.32.20 www.google.com.gr # bck9
216.239.32.20 www.google.com.hk # bck9
216.239.32.20 www.google.com.mx # bck9
216.239.32.20 www.google.com.my # bck9
216.239.32.20 www.google.com.pe # bck9
216.239.32.20 www.google.com.ph # bck9
216.239.32.20 www.google.com.pk # bck9
216.239.32.20 www.google.com.sg # bck9
216.239.32.20 www.google.com.tr # bck9
216.239.32.20 www.google.com.tw # bck9
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dave\Downloads\Wallpapers\Thomas Herbich\SMOKE_176_HD.jpg
HKU\S-1-5-21-4063716828-1680190529-1648852121-1006\Control Panel\Desktop\\Wallpaper -> C:\Users\Office Administrator\AppData\Local\Microsoft\Windows\Themes\img16.jpg
DNS Servers: 208.67.222.222 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows"
HKU\S-1-5-21-4063716828-1680190529-1648852121-1006\...\StartupApproved\Run: => "Plex Media Server"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{C97E4394-8A48-4F21-B464-9A6A5D5A54A1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{93776A94-90D5-4519-B1A0-E098CE312A7F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DA8A793E-A5E4-47D7-81AE-84BF66EC42C4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4D080D92-8DEC-4CE0-BCEA-A1F319E1E296}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D6AC1967-FD24-478D-8B49-891B52A2AE67}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [Threshold.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\Threshold.exe
FirewallRules: [Threshold.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\Threshold.exe
FirewallRules: [StreamNet.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\StreamNet.exe
FirewallRules: [StreamNet.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\StreamNet.exe
FirewallRules: [SlopeAveDown.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\SlopeAveDown.exe
FirewallRules: [SlopeAveDown.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\SlopeAveDown.exe
FirewallRules: [SlopeAreaRatio.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\SlopeAreaRatio.exe
FirewallRules: [SlopeAreaRatio.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\SlopeAreaRatio.exe
FirewallRules: [SlopeArea.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\SlopeArea.exe
FirewallRules: [SlopeArea.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\SlopeArea.exe
FirewallRules: [PitRemove.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\PitRemove.exe
FirewallRules: [PitRemove.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\PitRemove.exe
FirewallRules: [PeukerDouglas.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\PeukerDouglas.exe
FirewallRules: [PeukerDouglas.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\PeukerDouglas.exe
FirewallRules: [MoveOutletsToStreams.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\MoveOutletsToStreams.exe
FirewallRules: [MoveOutletsToStreams.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\MoveOutletsToStreams.exe
FirewallRules: [LengthArea.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\LengthArea.exe
FirewallRules: [LengthArea.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\LengthArea.exe
FirewallRules: [GridNet.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\GridNet.exe
FirewallRules: [GridNet.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\GridNet.exe
FirewallRules: [DropAnalysis.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\DropAnalysis.exe
FirewallRules: [DropAnalysis.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\DropAnalysis.exe
FirewallRules: [DinfUpDependence.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\DinfUpDependence.exe
FirewallRules: [DinfUpDependence.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\DinfUpDependence.exe
FirewallRules: [DinfTransLimAccum.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\DinfTransLimAccum.exe
FirewallRules: [DinfTransLimAccum.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\DinfTransLimAccum.exe
FirewallRules: [DinfRevAccum.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\DinfRevAccum.exe
FirewallRules: [DinfRevAccum.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\DinfRevAccum.exe
FirewallRules: [DinfFlowDir.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\DinfFlowDir.exe
FirewallRules: [DinfFlowDir.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\DinfFlowDir.exe
FirewallRules: [DinfDistUp.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\DinfDistUp.exe
FirewallRules: [DinfDistUp.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\DinfDistUp.exe
FirewallRules: [DinfDistDown.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\DinfDistDown.exe
FirewallRules: [DinfDistDown.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\DinfDistDown.exe
FirewallRules: [DinfDecayAccum.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\DinfDecayAccum.exe
FirewallRules: [DinfDecayAccum.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\DinfDecayAccum.exe
FirewallRules: [DinfConcLimAccum.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\DinfConcLimAccum.exe
FirewallRules: [DinfConcLimAccum.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\DinfConcLimAccum.exe
FirewallRules: [DinfAvalanche.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\DinfAvalanche.exe
FirewallRules: [DinfAvalanche.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\DinfAvalanche.exe
FirewallRules: [D8HDistToStrm.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\D8HDistToStrm.exe
FirewallRules: [D8HDistToStrm.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\D8HDistToStrm.exe
FirewallRules: [D8FlowPathExtremeUp.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\D8FlowPathExtremeUp.exe
FirewallRules: [D8FlowPathExtremeUp.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\D8FlowPathExtremeUp.exe
FirewallRules: [D8FlowDir.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\D8FlowDir.exe
FirewallRules: [D8FlowDir.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\D8FlowDir.exe
FirewallRules: [AreaDinf.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\AreaDinf.exe
FirewallRules: [AreaDinf.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\AreaDinf.exe
FirewallRules: [AreaD8.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\AreaD8.exe
FirewallRules: [AreaD8.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\AreaD8.exe
FirewallRules: [{B64BF283-2A93-45C4-9DD1-59549F5FAD14}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe
FirewallRules: [{C7BC21A7-C3FA-4E28-BC1A-A557808EF625}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D2A9995C-573D-4870-A196-E6F92C7FEA75}] => (Allow) LPort=2869
FirewallRules: [{98FA0158-258F-4FA8-89DD-ECE5A11273C6}] => (Allow) LPort=1900
FirewallRules: [{EA34BF9A-7A5F-4F3F-A5BD-663CC060D6E3}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{ED82AD9C-AFA6-4735-A920-DC574204A409}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [TCP Query User{C66D7923-A783-41D0-84CF-2B67EFA6E8AC}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{6A6D3589-27E9-4166-A941-B67F7F496C4F}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{A25D23CA-7804-4EA6-B0D3-955DA76CFA0F}C:\windows\syswow64\java.exe] => (Allow) C:\windows\syswow64\java.exe
FirewallRules: [UDP Query User{64406E4F-99E3-47BB-AE74-B49BD5C4A72A}C:\windows\syswow64\java.exe] => (Allow) C:\windows\syswow64\java.exe
FirewallRules: [TCP Query User{C8F951DB-8AFE-49F0-9B60-F0027E091968}C:\program files (x86)\orbitdownloader\orbitnet.exe] => (Allow) C:\program files (x86)\orbitdownloader\orbitnet.exe
FirewallRules: [UDP Query User{35055077-0589-4225-B25A-778393990304}C:\program files (x86)\orbitdownloader\orbitnet.exe] => (Allow) C:\program files (x86)\orbitdownloader\orbitnet.exe
FirewallRules: [TCP Query User{6578A75B-A845-4BFE-A275-8FD74C984758}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{85D6766B-6445-4445-ABA5-C4818CC9EBDC}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{99BEEB2A-E79C-439B-9A70-3D225C43D63F}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{3EB3C082-397F-411C-9636-9ED1253AE631}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{EA796675-EE94-497F-BC35-CA9CBC9616C1}] => (Allow) C:\Program Files (x86)\Wolfram Research\Wolfram CDF Player\8.0\WolframCDFPlayer.exe
FirewallRules: [{46D7AF76-9E5A-4ABE-A0E2-E0E055EDF20F}] => (Allow) C:\Program Files (x86)\Wolfram Research\Wolfram CDF Player\8.0\WolframCDFPlayer.exe
FirewallRules: [{C4776A0E-63A8-4BF4-9607-AFD7FD9FC2B1}] => (Allow) C:\Program Files (x86)\Wolfram Research\Wolfram CDF Player\8.0\math.exe
FirewallRules: [{F0EA1B3E-80F1-44FB-A051-2AB84E74E76B}] => (Allow) C:\Program Files (x86)\Wolfram Research\Wolfram CDF Player\8.0\math.exe
FirewallRules: [{176B5412-E9D4-4293-8F3C-E1FE768D2BB1}] => (Allow) C:\Users\Office Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{F2A368AD-A5F5-49FB-BB32-A5A798EF5AC8}] => (Allow) C:\Users\Dave\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{D79BB384-A9B2-4C88-950E-CB3217FCF8B9}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{EB64F111-26BF-419C-873E-0DB8B100F120}C:\users\dave\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\dave\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{58913BBD-D8FB-45F6-A6D3-A6F3557780AB}C:\users\dave\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\dave\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [{E21B9340-397D-4611-BF10-2984A0055970}] => (Block) C:\users\dave\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [{10379A70-582A-44A7-A7CA-55594BB13019}] => (Block) C:\users\dave\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [TCP Query User{7C2313F0-154A-4E6E-90D6-7E90379CA707}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{A94DDC9C-3777-4D71-8BBE-4D876BCD135D}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{9C966373-284D-4353-ACE9-CD031EB094C4}] => (Allow) LPort=8298
FirewallRules: [{45DAD556-0BDA-4265-83C2-FE50B971192F}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{05D180E3-1AED-45AF-B671-62836A25F3DB}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{5BA111A5-F7EE-4FA6-9FCF-182CBE7BCFA4}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
FirewallRules: [{4528EE72-9CE0-421E-8550-3B24C363B9F5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{F6C09B32-9999-462F-AB77-DF7799C0C78F}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{CD2A1F08-F0C1-4981-90F7-5D39F3D41DA8}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [{21CC09DF-8C0C-4A80-9937-5AABCB29BBCF}] => (Block) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [{D9C5B658-463C-4498-B23A-2ABFB367CC8A}] => (Block) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [{E025775D-8895-4976-BA29-A879288BC421}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CA7BBAD6-8275-43AD-A8F5-B21337FA9A66}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{7AA5E096-F108-4834-88E6-661BC0F25167}C:\users\dave\documents\screenscraper basic\screen-scraper basic edition\screen-scraper.exe] => (Allow) C:\users\dave\documents\screenscraper basic\screen-scraper basic edition\screen-scraper.exe
FirewallRules: [UDP Query User{4F2DEC60-AB57-4F30-B6FC-8328AC5AB464}C:\users\dave\documents\screenscraper basic\screen-scraper basic edition\screen-scraper.exe] => (Allow) C:\users\dave\documents\screenscraper basic\screen-scraper basic edition\screen-scraper.exe
FirewallRules: [TCP Query User{6D1B4B3D-DC44-4E97-ABF5-BF0A5D719339}C:\users\dave\documents\screenscraper basic\screen-scraper basic edition\jre\bin\java.exe] => (Allow) C:\users\dave\documents\screenscraper basic\screen-scraper basic edition\jre\bin\java.exe
FirewallRules: [UDP Query User{6717A046-F10E-44A8-A0C4-9552514FD275}C:\users\dave\documents\screenscraper basic\screen-scraper basic edition\jre\bin\java.exe] => (Allow) C:\users\dave\documents\screenscraper basic\screen-scraper basic edition\jre\bin\java.exe
FirewallRules: [{61999273-0528-4DEE-9F0F-38CB07458FF8}] => (Block) C:\users\dave\documents\screenscraper basic\screen-scraper basic edition\screen-scraper.exe
FirewallRules: [{216A7450-775A-4FEE-B105-4DD82BA1CE49}] => (Block) C:\users\dave\documents\screenscraper basic\screen-scraper basic edition\screen-scraper.exe
FirewallRules: [{F184E7F9-BEAD-4372-85AE-AFD57A3276BD}] => (Block) C:\users\dave\documents\screenscraper basic\screen-scraper basic edition\jre\bin\java.exe
FirewallRules: [{418F4DC2-5545-48F0-A759-AB3BAB8BFBC4}] => (Block) C:\users\dave\documents\screenscraper basic\screen-scraper basic edition\jre\bin\java.exe
FirewallRules: [TCP Query User{8F8E1440-4D93-43AB-A3D6-201C8C23F463}K:\_personal\software\screenscraper basic\screen-scraper basic edition\screen-scraper.exe] => (Allow) K:\_personal\software\screenscraper basic\screen-scraper basic edition\screen-scraper.exe
FirewallRules: [UDP Query User{40CCAE81-8109-420E-AF87-77E26890B7F5}K:\_personal\software\screenscraper basic\screen-scraper basic edition\screen-scraper.exe] => (Allow) K:\_personal\software\screenscraper basic\screen-scraper basic edition\screen-scraper.exe
FirewallRules: [{C9ECCCEC-27ED-4620-9248-4C5E5EEAC2DC}] => (Block) K:\_personal\software\screenscraper basic\screen-scraper basic edition\screen-scraper.exe
FirewallRules: [{97E2E5D7-3C8D-4277-8621-2AEDEA7CD348}] => (Block) K:\_personal\software\screenscraper basic\screen-scraper basic edition\screen-scraper.exe
FirewallRules: [TCP Query User{A8769730-A01D-4989-8620-3ADE44A7D02B}C:\users\dave\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dave\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{046F220F-EFB1-4E01-B03D-8F38DD13339A}C:\users\dave\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dave\appdata\roaming\spotify\spotify.exe
FirewallRules: [{66F7B5B5-ED35-4329-B549-A95D03B9B1F1}] => (Block) C:\users\dave\appdata\roaming\spotify\spotify.exe
FirewallRules: [{58B041DA-DDE2-43FC-B32A-71F354676EB8}] => (Block) C:\users\dave\appdata\roaming\spotify\spotify.exe
FirewallRules: [{4EEFD3C5-14F1-4076-8EE4-F389AD479545}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{6D39C845-E020-45D1-BBE6-56AFA68C82DE}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{D5D7FE67-D60F-48B3-BD94-753E4765D5C4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{60D599F0-5D17-4685-A9AA-02518D2C3139}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{FB4981A4-3783-4464-B83E-AE98B5232A38}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{341C4F30-A9D6-4890-B70C-C049009C3C6F}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{5BF1087A-9375-4BE7-BD86-6FAAC9AE90CA}] => (Allow) C:\Program Files (x86)\Opera\54.0.2952.60\opera.exe
FirewallRules: [{033619D0-9520-42E2-83E8-ADC19A261AC1}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{11BBCA25-52E8-4C6D-9047-B9C87502457D}] => (Allow) C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
FirewallRules: [{BF968F8D-7C5E-4EB9-B0CF-C0CE516F489F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Orbitdownloader\orbitdm.exe] => Enabled:Orbit
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Orbitdownloader\orbitnet.exe] => Enabled:Orbit
==================== Restore Points =========================
20-07-2018 12:20:10 Scheduled Checkpoint
30-07-2018 01:14:58 Scheduled Checkpoint
01-08-2018 12:21:28 Windows Modules Installer
02-08-2018 14:21:59 Windows Modules Installer
04-08-2018 00:21:27 Windows Modules Installer
05-08-2018 02:21:20 Windows Modules Installer
06-08-2018 10:21:23 Windows Modules Installer
07-08-2018 11:12:08 Windows Modules Installer
08-08-2018 13:12:34 Windows Modules Installer
==================== Faulty Device Manager Devices =============
Name: MyBookWorld
Description: My Book World Edition Network Storage
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: Western Digital Corporation
Service: UmPass
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (08/09/2018 10:03:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ACDaemon.exe, version: 1.1.0.49, time stamp: 0x4cc808ec
Faulting module name: ACDaemon.exe, version: 1.1.0.49, time stamp: 0x4cc808ec
Exception code: 0xc0000005
Fault offset: 0x0001af76
Faulting process id: 0x1e9c
Faulting application start time: 0x01d42ffa76dac540
Faulting application path: C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
Faulting module path: C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
Report Id: 7429d9e5-3dd6-4173-b733-1b4df495a33c
Faulting package full name:
Faulting package-relative application ID:
Error: (08/09/2018 10:02:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdge.exe, version: 11.0.17134.165, time stamp: 0x5b3f1749
Faulting module name: ntdll.dll, version: 10.0.17134.165, time stamp: 0xf4df6dc2
Exception code: 0xcfffffff
Fault offset: 0x000000000009d7a4
Faulting process id: 0x2010
Faulting application start time: 0x01d42ffa3de81707
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: e61de093-9764-4afa-8a11-93d030da99fe
Faulting package full name: Microsoft.MicrosoftEdge_42.17134.1.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge
Error: (08/07/2018 10:39:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ACDaemon.exe, version: 1.1.0.49, time stamp: 0x4cc808ec
Faulting module name: ACDaemon.exe, version: 1.1.0.49, time stamp: 0x4cc808ec
Exception code: 0xc0000005
Fault offset: 0x0001af76
Faulting process id: 0x2844
Faulting application start time: 0x01d42ed1b51eccb0
Faulting application path: C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
Faulting module path: C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
Report Id: 4e997c31-4fbb-4618-99b7-6f26f02de4b6
Faulting package full name:
Faulting package-relative application ID:
Error: (08/04/2018 06:23:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14490266
Error: (08/04/2018 06:23:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14490266
Error: (08/04/2018 06:23:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (08/04/2018 06:23:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14480828
Error: (08/04/2018 06:23:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14480828
System errors:
=============
Error: (08/09/2018 10:08:08 AM) (Source: DCOM) (EventID: 10016) (User: 2012_Office)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user 2012_Office\Dave SID (S-1-5-21-4063716828-1680190529-1648852121-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (08/09/2018 10:07:18 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (08/09/2018 10:05:38 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Delivery Optimization service hung on starting.
Error: (08/09/2018 10:04:40 AM) (Source: DCOM) (EventID: 10016) (User: 2012_Office)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscCloudBackupProvider
and APPID
Unavailable
to the user 2012_Office\Dave SID (S-1-5-21-4063716828-1680190529-1648852121-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (08/09/2018 10:04:06 AM) (Source: DCOM) (EventID: 10016) (User: 2012_Office)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user 2012_Office\Dave SID (S-1-5-21-4063716828-1680190529-1648852121-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (08/09/2018 10:03:25 AM) (Source: DCOM) (EventID: 10016) (User: 2012_Office)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user 2012_Office\Dave SID (S-1-5-21-4063716828-1680190529-1648852121-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (08/09/2018 05:49:41 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (08/09/2018 02:22:36 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Windows Defender:
===================================
Date: 2018-07-06 18:09:01.541
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {7583C69C-F8A2-44A6-94BE-DF876712C433}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-08-09 10:12:58.689
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.273.1112.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15100.1
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
CodeIntegrity:
===================================
Date: 2018-08-09 10:04:01.404
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume2\Program Files\LinkShellExtension\HardlinkShellExt.dll that did not meet the Microsoft signing level requirements.
Date: 2018-08-09 10:04:01.398
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume2\Program Files\LinkShellExtension\HardlinkShellExt.dll that did not meet the Microsoft signing level requirements.
Date: 2018-08-09 10:04:01.393
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume2\Program Files\LinkShellExtension\HardlinkShellExt.dll that did not meet the Microsoft signing level requirements.
Date: 2018-08-09 10:04:00.671
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume2\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll that did not meet the Microsoft signing level requirements.
Date: 2018-08-09 10:04:00.666
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume2\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll that did not meet the Microsoft signing level requirements.
Date: 2018-08-09 10:04:00.660
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume2\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll that did not meet the Microsoft signing level requirements.
Date: 2018-08-09 10:04:00.654
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume2\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll that did not meet the Microsoft signing level requirements.
Date: 2018-08-09 10:03:59.998
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume2\Program Files\Google\Drive\googledrivesync64.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz
Percentage of memory in use: 58%
Total physical RAM: 8098.51 MB
Available physical RAM: 3370.99 MB
Total Virtual: 11938.51 MB
Available Virtual: 6728.67 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:919.45 GB) (Free:83.63 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:11.52 GB) (Free:1.4 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive p: (New Volume) (Fixed) (Total:2794.39 GB) (Free:86.94 GB) NTFS
\\?\Volume{28a723c4-b7ed-11e1-ac0c-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{a1e71db5-0000-0000-0000-20e3e5000000}\ () (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: A1E71DB5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=919.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=11.5 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Protective MBR) (Size: 2794.5 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt ============================
**********************************
**********************************
This PC has K9 Bluecoat installed. It has not been happy with some traffic that's going out, and which I don't seem to be actively sending.
I have followed the "Before You Post ..." thread.
The registry backup tool reported 27/29 successful.
Ran FRST. Two log files pasted between asterisks below.
Ran aswMBR. Updated virus list. Clicked Scan button with QuickScan selected in the drop down menu. Started and ran for a minute or two before getting a BSOD. Repeated. Same behavior. No log to attach.
**********************************
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
Ran by Office Administrator (administrator) on 2012_OFFICE (09-08-2018 10:24:51)
Running from C:\Users\Dave\Desktop
Loaded Profiles: Dave & Office Administrator (Available Profiles: Dave & Hope & Ben & Mary Jo & Office Administrator & Share_with_Office & Rich & Administrator & DefaultAppPool)
Platform: Windows 10 Home Version 1803 17134.165 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE
() C:\Program Files\Everything\Everything.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Blue Coat Systems, Inc.) C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(PaperCut Software International Pty Ltd) C:\Program Files (x86)\PaperCut Print Logger\pcpl.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1807.18075-0\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.13911.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1807.18075-0\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.0_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe
() C:\Program Files\Everything\Everything.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(f.lux Software LLC) C:\Users\Dave\AppData\Local\FluxSoftware\Flux\flux.exe
() C:\Program Files\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Users\Dave\Documents\My Program Files\AutoHotkey\Compiler\keywords.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files\Google\Drive\googledrivesync.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.64\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
(Moonchild Productions) C:\Program Files\Pale Moon\palemoon.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-04] (CANON INC.)
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [1441792 2014-08-05] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-07-06] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [CloneCDTray] => C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe [57344 2009-01-29] (SlySoft, Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2109952 2014-10-07] (Dominik Reichl)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1224704 2017-05-17] (Cisco Systems, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\...\Run: [F.lux] => C:\Users\Dave\AppData\Local\FluxSoftware\Flux\flux.exe [1806344 2018-07-03] (f.lux Software LLC)
HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\...\Run: [GoogleChromeAutoLaunch_C62251D359A8F5B5CC8EADB510991ABB] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1577816 2018-08-07] (Google Inc.)
HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [46281248 2018-05-30] ()
HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1577816 2018-08-07] (Google Inc.)
HKU\S-1-5-21-4063716828-1680190529-1648852121-1006\...\Run: [AnyDVD] => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe [109480 2014-11-08] (SlySoft, Inc.)
HKU\S-1-5-21-4063716828-1680190529-1648852121-1006\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [5127304 2014-11-20] (Plex, Inc.)
HKU\S-1-5-21-4063716828-1680190529-1648852121-1006\...\Run: [SynchronossPC] => C:\Program Files\Verizon\Verizon Cloud\VerizonCloud.exe [2862384 2016-10-10] ()
HKU\S-1-5-21-4063716828-1680190529-1648852121-1006\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-06-26] (Apple Inc.)
HKU\S-1-5-21-4063716828-1680190529-1648852121-1006\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-4063716828-1680190529-1648852121-1006\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [67384 2018-06-26] (Apple Inc.)
HKU\S-1-5-21-4063716828-1680190529-1648852121-1006\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-4063716828-1680190529-1648852121-1006\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-21-4063716828-1680190529-1648852121-1006\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\SysWOW64\2017SC~1.SCR [3170336 2017-08-08] (Finalhit Ltd.)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ShellExecuteHooks-x32: Eudora's Shell Extension - {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files (x86)\Eudora\EuShlExt.dll [86016 2005-08-09] (Qualcomm Inc.)
Startup: C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\keywords - Shortcut.lnk [2012-07-31]
ShortcutTarget: keywords - Shortcut.lnk -> C:\Users\Dave\Documents\My Program Files\AutoHotkey\Compiler\keywords.exe ()
Startup: C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2016-07-28]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
GroupPolicyUsers\S-1-5-21-4063716828-1680190529-1648852121-1004\User: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 74.211.15.210 74.211.15.211 24.56.178.102
Tcpip\..\Interfaces\{2e0767a7-1000-4233-b9a4-a7209860729f}: [DhcpNameServer] 74.211.15.210 74.211.15.211 24.56.178.102
Tcpip\..\Interfaces\{e41e13c2-fdb5-4a91-bf30-2f642af83cec}: [NameServer] 208.67.222.222,8.8.8.8
Tcpip\..\Interfaces\{e41e13c2-fdb5-4a91-bf30-2f642af83cec}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://drudgereport.com/
HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
HKU\S-1-5-21-4063716828-1680190529-1648852121-1006\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-4063716828-1680190529-1648852121-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4063716828-1680190529-1648852121-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4063716828-1680190529-1648852121-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-4063716828-1680190529-1648852121-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-4063716828-1680190529-1648852121-1006 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4063716828-1680190529-1648852121-1006 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4063716828-1680190529-1648852121-1006 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://isearch.avg.com/search?cid={1B9CC6B6-62E7-4842-A87E-60C6CEC9B3DC}&mid=&lang=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4063716828-1680190529-1648852121-1006 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-4063716828-1680190529-1648852121-1006 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL => No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Silverlight\Office14\URLREDIR.DLL => No File
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Octh Class -> {000123B4-9B42-4900-B3F7-F4B073EFC214} -> C:\Program Files (x86)\Orbitdownloader\orbitcth.dll [2013-05-02] (Orbitdownloader.com)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-03-01] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-03-01] (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll [2013-05-02] ()
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-4063716828-1680190529-1648852121-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-4063716828-1680190529-1648852121-1006 -> No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
FireFox:
========
FF ProfilePath: C:\Users\Office Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\63hhxx68.default [2017-08-14]
FF Homepage: Mozilla\Firefox\Profiles\63hhxx68.default -> google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_30_0_0_134.dll [2018-07-10] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2012-06-21] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Silverlight\Office14\NPAUTHZ.DLL [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-07-10] ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2012-06-21] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-03-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-03-01] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.4.2609412\npmathplugin.dll [2011-10-03] (Wolfram Research, Inc.)
FF Plugin HKU\S-1-5-21-4063716828-1680190529-1648852121-1006: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2012-06-21] (Tracker Software Products (Canada) Ltd.)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\itms.js [2011-01-24]
Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\Office Administrator\AppData\Local\Google\Chrome\User Data\Default [2017-08-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Office Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-05]
CHR Extension: (Chrome Media Router) - C:\Users\Office Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-05]
CHR HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Dave\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2017-03-12]
CHR HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
Opera:
=======
OPR Extension: (No Name) - C:\Users\Office Administrator\AppData\Roaming\Opera Software\Opera Stable\Extensions\jacmgnhcnfdmjdkdlfndaccecdegacba [2015-03-01]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-07-05] (Apple Inc.)
R2 bckwfs; C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2122000 2012-02-13] (Blue Coat Systems, Inc.)
R2 Everything; C:\Program Files\Everything\Everything.exe [1441792 2014-08-05] () [File not signed]
S3 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-16] (Hewlett-Packard)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-03] (Malwarebytes)
R2 PCPrintLogger; C:\Program Files (x86)\PaperCut Print Logger\pcpl.exe [929792 2013-07-03] (PaperCut Software International Pty Ltd) [File not signed]
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\NisSrv.exe [3905952 2018-07-31] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MsMpEng.exe [110944 2018-07-31] (Microsoft Corporation)
S3 WMPNetworkSvc; C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe [913408 2006-10-18] (Microsoft Corporation) [File not signed]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [138664 2014-04-24] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138664 2014-04-24] (SlySoft, Inc.)
R1 bckd; C:\WINDOWS\System32\drivers\bckd.sys [108304 2012-02-13] (Blue Coat Systems, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [40648 2007-02-15] (SlySoft, Inc.)
R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-15] (SlySoft, Inc.)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-08-09] (Malwarebytes)
R3 netr28x; C:\WINDOWS\System32\drivers\netr28x.sys [2537984 2018-04-11] (MediaTek Inc.)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-08-19] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [984032 2017-07-24] (Realtek )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 vpnva; C:\WINDOWS\System32\drivers\vpnva64-6.sys [52592 2015-09-23] (Cisco Systems, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46584 2018-07-31] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [340008 2018-07-31] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-07-31] (Microsoft Corporation)
U3 idsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-08-09 10:24 - 2018-08-09 10:26 - 000028584 _____ C:\Users\Dave\Desktop\FRST.txt
2018-08-09 10:24 - 2018-08-09 10:24 - 000000000 ____D C:\FRST
2018-08-09 10:23 - 2018-08-09 10:23 - 002412544 _____ (Farbar) C:\Users\Dave\Desktop\FRST64.exe
2018-08-09 10:20 - 2018-08-09 10:20 - 000017999 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2018-08-09 10:20 - 2018-08-09 10:20 - 000002314 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2018-08-09 10:20 - 2018-08-09 10:20 - 000000207 _____ C:\WINDOWS\tweaking.com-regbackup-2012_OFFICE-Windows-10-Home-(64-bit).dat
2018-08-09 10:20 - 2018-08-09 10:20 - 000000000 ____D C:\RegBackup
2018-08-09 10:20 - 2018-08-09 10:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2018-08-09 10:20 - 2018-08-09 10:20 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2018-08-09 10:18 - 2018-08-09 10:18 - 005766144 _____ (Tweaking.com) C:\Users\Dave\Desktop\tweaking.com_registry_backup_setup.exe
2018-08-08 11:30 - 2018-08-08 11:31 - 000007794 _____ C:\Users\Dave\Downloads\Grateful Dead Releases by Date.txt
2018-08-06 13:26 - 2018-08-06 13:26 - 000428662 _____ C:\Users\Dave\Downloads\Know Your Vehicle.pdf
2018-07-29 11:12 - 2018-07-29 11:13 - 000000000 ____D C:\Users\Dave\Downloads\Ginger Rides Again
2018-07-27 16:48 - 2018-07-27 16:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2018-07-27 11:33 - 2018-07-27 11:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-07-27 11:33 - 2018-07-27 11:33 - 000000000 ____D C:\Program Files\iPod
2018-07-27 11:31 - 2018-07-27 11:33 - 000000000 ____D C:\Program Files\iTunes
2018-07-21 09:18 - 2018-07-21 09:18 - 000000000 ___HD C:\OneDriveTemp
2018-07-16 11:34 - 2018-08-09 10:01 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-07-15 22:28 - 2018-07-15 22:28 - 000001132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinRAR.lnk
2018-07-15 22:28 - 2018-07-15 22:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-07-15 22:27 - 2018-07-15 22:28 - 000000000 ____D C:\Program Files\WinRAR
2018-07-15 12:59 - 2018-07-15 13:06 - 000000000 ____D C:\Users\Dave\Desktop\New folder
2018-07-12 22:53 - 2018-07-12 22:54 - 001680189 _____ C:\Users\Dave\Downloads\SUU Salaray 18-07-12.pdf
2018-07-12 00:22 - 2018-07-12 00:22 - 009253888 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2018-07-11 01:08 - 2018-06-28 19:13 - 000835064 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-07-11 01:08 - 2018-06-28 19:13 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-07-10 22:56 - 2018-07-06 08:20 - 002868640 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-07-10 22:56 - 2018-07-06 08:20 - 001610648 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-07-10 22:56 - 2018-07-06 08:20 - 000689560 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-07-10 22:56 - 2018-07-06 08:17 - 003932672 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-07-10 22:56 - 2018-07-06 07:56 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2018-07-10 22:56 - 2018-07-06 07:51 - 003652608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-07-10 22:56 - 2018-07-06 05:26 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-07-10 22:56 - 2018-07-06 05:25 - 023863296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-07-10 22:56 - 2018-07-06 01:31 - 000462752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-07-10 22:56 - 2018-07-06 01:25 - 009147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-07-10 22:56 - 2018-07-06 01:25 - 002571728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-07-10 22:56 - 2018-07-06 01:10 - 025845760 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-07-10 22:56 - 2018-07-06 01:07 - 022006272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-07-10 22:56 - 2018-07-06 01:04 - 022713856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-07-10 22:56 - 2018-07-06 01:03 - 004371456 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-07-10 22:56 - 2018-07-06 01:02 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-07-10 22:56 - 2018-07-06 01:01 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-07-10 22:56 - 2018-07-06 01:01 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2018-07-10 22:56 - 2018-07-06 01:00 - 019403264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-07-10 22:56 - 2018-07-06 00:58 - 004867584 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-07-10 22:56 - 2018-07-06 00:57 - 007579648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-07-10 22:56 - 2018-07-06 00:57 - 005779456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-07-10 22:56 - 2018-07-06 00:56 - 001817600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2018-07-10 22:56 - 2018-07-06 00:55 - 003440128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-07-10 22:56 - 2018-06-15 11:49 - 021388856 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-07-10 22:56 - 2018-06-15 11:48 - 002395056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2018-07-10 22:56 - 2018-06-15 11:33 - 012710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-07-10 22:56 - 2018-06-15 09:25 - 020383720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-07-10 22:56 - 2018-06-15 09:07 - 011901952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-07-10 22:56 - 2018-06-14 23:21 - 001213368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2018-07-10 22:56 - 2018-06-14 23:12 - 007519992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-07-10 22:56 - 2018-06-14 23:11 - 006817872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-07-10 22:56 - 2018-06-14 23:09 - 007436120 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-07-10 22:56 - 2018-06-14 23:09 - 001798552 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2018-07-10 22:56 - 2018-06-14 23:08 - 004403304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-07-10 22:56 - 2018-06-14 23:08 - 002371392 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-07-10 22:56 - 2018-06-14 23:08 - 001784584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-07-10 22:56 - 2018-06-14 23:08 - 001288840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-07-10 22:56 - 2018-06-14 23:07 - 001611584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2018-07-10 22:56 - 2018-06-14 23:07 - 001145696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2018-07-10 22:56 - 2018-06-14 23:04 - 002331576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-07-10 22:56 - 2018-06-14 23:03 - 006572000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-07-10 22:56 - 2018-06-14 23:03 - 006528600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2018-07-10 22:56 - 2018-06-14 23:03 - 006043600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-07-10 22:56 - 2018-06-14 23:03 - 004788504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-07-10 22:56 - 2018-06-14 23:03 - 001710240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2018-07-10 22:56 - 2018-06-14 23:03 - 001144120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2018-07-10 22:56 - 2018-06-14 23:03 - 001020160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-07-10 22:56 - 2018-06-14 22:46 - 004706816 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-07-10 22:56 - 2018-06-14 22:45 - 002548736 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2018-07-10 22:56 - 2018-06-14 22:42 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-07-10 22:56 - 2018-06-14 22:42 - 002367488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-07-10 22:56 - 2018-06-14 22:41 - 004561920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-07-10 22:56 - 2018-06-14 22:41 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-07-10 22:55 - 2018-07-06 08:20 - 000792472 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-07-10 22:55 - 2018-07-06 08:20 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-07-10 22:55 - 2018-07-06 08:20 - 000451992 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-07-10 22:55 - 2018-07-06 08:20 - 000309664 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-07-10 22:55 - 2018-07-06 08:20 - 000144792 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-07-10 22:55 - 2018-07-06 08:20 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-07-10 22:55 - 2018-07-06 08:14 - 000541592 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-07-10 22:55 - 2018-07-06 07:53 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-07-10 22:55 - 2018-07-06 07:53 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-07-10 22:55 - 2018-07-06 07:52 - 001787392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2018-07-10 22:55 - 2018-07-06 07:51 - 002051584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2018-07-10 22:55 - 2018-07-06 07:51 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-07-10 22:55 - 2018-07-06 07:51 - 001004032 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2018-07-10 22:55 - 2018-07-06 07:51 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-07-10 22:55 - 2018-07-06 07:50 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2018-07-10 22:55 - 2018-07-06 06:06 - 003611368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-07-10 22:55 - 2018-07-06 05:54 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2018-07-10 22:55 - 2018-07-06 05:54 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-07-10 22:55 - 2018-07-06 05:53 - 000775168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2018-07-10 22:55 - 2018-07-06 05:53 - 000347136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-07-10 22:55 - 2018-07-06 05:52 - 002895360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-07-10 22:55 - 2018-07-06 05:52 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2018-07-10 22:55 - 2018-07-06 05:52 - 001308160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2018-07-10 22:55 - 2018-07-06 05:51 - 002401280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-07-10 22:55 - 2018-07-06 05:01 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-07-10 22:55 - 2018-07-06 01:32 - 000480672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-07-10 22:55 - 2018-07-06 01:31 - 000035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-07-10 22:55 - 2018-07-06 01:29 - 000272296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-07-10 22:55 - 2018-07-06 01:29 - 000269224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-07-10 22:55 - 2018-07-06 01:27 - 001174432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-07-10 22:55 - 2018-07-06 01:27 - 001063320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-07-10 22:55 - 2018-07-06 01:27 - 001012632 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-07-10 22:55 - 2018-07-06 01:27 - 000709824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-07-10 22:55 - 2018-07-06 01:27 - 000567176 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-07-10 22:55 - 2018-07-06 01:27 - 000134552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-07-10 22:55 - 2018-07-06 01:27 - 000057440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.ShellCommon.Broker.dll
2018-07-10 22:55 - 2018-07-06 01:26 - 002712992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-07-10 22:55 - 2018-07-06 01:26 - 001148800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2018-07-10 22:55 - 2018-07-06 01:26 - 000930720 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-07-10 22:55 - 2018-07-06 01:26 - 000766608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2018-07-10 22:55 - 2018-07-06 01:26 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-07-10 22:55 - 2018-07-06 01:25 - 002753040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-07-10 22:55 - 2018-07-06 01:25 - 002420632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-07-10 22:55 - 2018-07-06 01:25 - 001945784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-07-10 22:55 - 2018-07-06 01:25 - 001026464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-07-10 22:55 - 2018-07-06 01:25 - 001018616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-07-10 22:55 - 2018-07-06 01:25 - 000885856 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-07-10 22:55 - 2018-07-06 01:25 - 000483048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-07-10 22:55 - 2018-07-06 01:25 - 000335776 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2018-07-10 22:55 - 2018-07-06 01:25 - 000267680 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-07-10 22:55 - 2018-07-06 01:25 - 000139672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2018-07-10 22:55 - 2018-07-06 01:24 - 000380824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-07-10 22:55 - 2018-07-06 01:16 - 000567144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-07-10 22:55 - 2018-07-06 01:14 - 002242208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-07-10 22:55 - 2018-07-06 01:14 - 001981896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-07-10 22:55 - 2018-07-06 01:14 - 001175568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-07-10 22:55 - 2018-07-06 01:14 - 000988640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2018-07-10 22:55 - 2018-07-06 01:14 - 000829856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-07-10 22:55 - 2018-07-06 01:14 - 000573904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2018-07-10 22:55 - 2018-07-06 01:13 - 001620872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-07-10 22:55 - 2018-07-06 00:59 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2018-07-10 22:55 - 2018-07-06 00:59 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-07-10 22:55 - 2018-07-06 00:59 - 001153536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2018-07-10 22:55 - 2018-07-06 00:59 - 000453632 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2018-07-10 22:55 - 2018-07-06 00:59 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\NmaDirect.dll
2018-07-10 22:55 - 2018-07-06 00:59 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2018-07-10 22:55 - 2018-07-06 00:58 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-07-10 22:55 - 2018-07-06 00:58 - 001931776 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeangle.dll
2018-07-10 22:55 - 2018-07-06 00:58 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-07-10 22:55 - 2018-07-06 00:58 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-07-10 22:55 - 2018-07-06 00:58 - 000670720 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2018-07-10 22:55 - 2018-07-06 00:58 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2018-07-10 22:55 - 2018-07-06 00:58 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProv2faHelper.dll
2018-07-10 22:55 - 2018-07-06 00:58 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
2018-07-10 22:55 - 2018-07-06 00:57 - 003712512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-07-10 22:55 - 2018-07-06 00:57 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-07-10 22:55 - 2018-07-06 00:57 - 000839680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2018-07-10 22:55 - 2018-07-06 00:57 - 000813056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-07-10 22:55 - 2018-07-06 00:57 - 000676864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Devices.dll
2018-07-10 22:55 - 2018-07-06 00:57 - 000614912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-07-10 22:55 - 2018-07-06 00:57 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2018-07-10 22:55 - 2018-07-06 00:57 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2018-07-10 22:55 - 2018-07-06 00:56 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2018-07-10 22:55 - 2018-07-06 00:56 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-07-10 22:55 - 2018-07-06 00:56 - 001567744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2018-07-10 22:55 - 2018-07-06 00:56 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-07-10 22:55 - 2018-07-06 00:56 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-07-10 22:55 - 2018-07-06 00:56 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-07-10 22:55 - 2018-07-06 00:56 - 000784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2018-07-10 22:55 - 2018-07-06 00:56 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-07-10 22:55 - 2018-07-06 00:56 - 000508416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2018-07-10 22:55 - 2018-07-06 00:56 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-07-10 22:55 - 2018-07-06 00:56 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2018-07-10 22:55 - 2018-07-06 00:56 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioCredProv.dll
2018-07-10 22:55 - 2018-07-06 00:56 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProv2faHelper.dll
2018-07-10 22:55 - 2018-07-06 00:55 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-07-10 22:55 - 2018-07-06 00:55 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-07-10 22:55 - 2018-07-06 00:55 - 001395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-07-10 22:55 - 2018-07-06 00:55 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2018-07-10 22:55 - 2018-07-06 00:55 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-07-10 22:55 - 2018-07-06 00:55 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2018-07-10 22:55 - 2018-07-06 00:54 - 003015680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-07-10 22:55 - 2018-07-06 00:54 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2018-07-10 22:55 - 2018-07-06 00:54 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-07-10 22:55 - 2018-07-06 00:54 - 001214976 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2018-07-10 22:55 - 2018-07-06 00:54 - 000999936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-07-10 22:55 - 2018-07-06 00:54 - 000978944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2018-07-10 22:55 - 2018-07-06 00:54 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2018-07-10 22:55 - 2018-07-06 00:54 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2018-07-10 22:55 - 2018-07-06 00:54 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2018-07-10 22:55 - 2018-07-06 00:54 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2018-07-10 22:55 - 2018-07-06 00:54 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-07-10 22:55 - 2018-07-06 00:54 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-07-10 22:55 - 2018-07-06 00:54 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2018-07-10 22:55 - 2018-07-06 00:54 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BioCredProv.dll
2018-07-10 22:55 - 2018-07-06 00:53 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2018-07-10 22:55 - 2018-07-06 00:53 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2018-07-10 22:55 - 2018-07-06 00:53 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2018-07-10 22:55 - 2018-07-06 00:52 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-07-10 22:55 - 2018-06-28 22:16 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-07-10 22:55 - 2018-06-15 11:55 - 000542888 _____ C:\WINDOWS\system32\FaceProcessorCore.dll
2018-07-10 22:55 - 2018-06-15 11:53 - 000348256 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-07-10 22:55 - 2018-06-15 11:53 - 000094104 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-07-10 22:55 - 2018-06-15 11:50 - 001376576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-07-10 22:55 - 2018-06-15 11:48 - 000338352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSrvPolicyManager.dll
2018-07-10 22:55 - 2018-06-15 11:34 - 008623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-07-10 22:55 - 2018-06-15 11:34 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfnet.dll
2018-07-10 22:55 - 2018-06-15 11:33 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys
2018-07-10 22:55 - 2018-06-15 11:32 - 000301568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2018-07-10 22:55 - 2018-06-15 11:32 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2018-07-10 22:55 - 2018-06-15 11:31 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-07-10 22:55 - 2018-06-15 11:31 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-07-10 22:55 - 2018-06-15 11:30 - 001308672 _____ C:\WINDOWS\system32\FaceProcessor.dll
2018-07-10 22:55 - 2018-06-15 11:30 - 001254400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-07-10 22:55 - 2018-06-15 11:30 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2018-07-10 22:55 - 2018-06-15 11:30 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-07-10 22:55 - 2018-06-15 11:29 - 002084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-07-10 22:55 - 2018-06-15 11:29 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-07-10 22:55 - 2018-06-15 11:29 - 000740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-07-10 22:55 - 2018-06-15 11:29 - 000248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2018-07-10 22:55 - 2018-06-15 11:29 - 000103424 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSoftwareInstallationClient.dll
2018-07-10 22:55 - 2018-06-15 11:28 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpd_ci.dll
2018-07-10 22:55 - 2018-06-15 11:28 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2018-07-10 22:55 - 2018-06-15 09:22 - 001026896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-07-10 22:55 - 2018-06-15 09:16 - 002206528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
2018-07-10 22:55 - 2018-06-15 09:06 - 007987712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-07-10 22:55 - 2018-06-15 09:06 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfnet.dll
2018-07-10 22:55 - 2018-06-15 09:04 - 000373248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2018-07-10 22:55 - 2018-06-15 09:03 - 000667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-07-10 22:55 - 2018-06-15 09:02 - 000704000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-07-10 22:55 - 2018-06-15 09:01 - 002015744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-07-10 22:55 - 2018-06-15 07:23 - 000788992 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2018-07-10 22:55 - 2018-06-15 01:11 - 000611232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-07-10 22:55 - 2018-06-15 01:10 - 000048544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2018-07-10 22:55 - 2018-06-15 01:03 - 000083360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-07-10 22:55 - 2018-06-14 23:21 - 000761440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-07-10 22:55 - 2018-06-14 23:19 - 001034632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-07-10 22:55 - 2018-06-14 23:19 - 000116632 _____ (Microsoft Corporation) C:\WINDOWS\system32\DTUHandler.exe
2018-07-10 22:55 - 2018-06-14 23:19 - 000093600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-07-10 22:55 - 2018-06-14 23:18 - 000228768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-07-10 22:55 - 2018-06-14 23:16 - 000562080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-07-10 22:55 - 2018-06-14 23:16 - 000433560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-07-10 22:55 - 2018-06-14 23:15 - 002563960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-07-10 22:55 - 2018-06-14 23:15 - 000753152 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2018-07-10 22:55 - 2018-06-14 23:13 - 000510904 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2018-07-10 22:55 - 2018-06-14 23:13 - 000324000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-07-10 22:55 - 2018-06-14 23:12 - 000661152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2018-07-10 22:55 - 2018-06-14 23:12 - 000491304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-07-10 22:55 - 2018-06-14 23:12 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-07-10 22:55 - 2018-06-14 23:12 - 000118872 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2018-07-10 22:55 - 2018-06-14 23:10 - 001934400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-07-10 22:55 - 2018-06-14 23:10 - 001097640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-07-10 22:55 - 2018-06-14 23:10 - 000717208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2018-07-10 22:55 - 2018-06-14 23:10 - 000326024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExecModelClient.dll
2018-07-10 22:55 - 2018-06-14 23:09 - 002830240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-07-10 22:55 - 2018-06-14 23:09 - 002546592 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-07-10 22:55 - 2018-06-14 23:09 - 001742272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-07-10 22:55 - 2018-06-14 23:09 - 001659296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2018-07-10 22:55 - 2018-06-14 23:09 - 001209800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-07-10 22:55 - 2018-06-14 23:09 - 001112600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2018-07-10 22:55 - 2018-06-14 23:09 - 000594128 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-07-10 22:55 - 2018-06-14 23:09 - 000247984 _____ (Microsoft Corporation) C:\WINDOWS\system32\RESAMPLEDMO.DLL
2018-07-10 22:55 - 2018-06-14 23:08 - 002062488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2018-07-10 22:55 - 2018-06-14 23:08 - 001946752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-07-10 22:55 - 2018-06-14 23:08 - 001921944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2018-07-10 22:55 - 2018-06-14 23:08 - 001457128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-07-10 22:55 - 2018-06-14 23:08 - 001258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-07-10 22:55 - 2018-06-14 23:08 - 001150408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2018-07-10 22:55 - 2018-06-14 23:08 - 001140568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-07-10 22:55 - 2018-06-14 23:08 - 000983008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-07-10 22:55 - 2018-06-14 23:08 - 000945568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2018-07-10 22:55 - 2018-06-14 23:08 - 000898760 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-07-10 22:55 - 2018-06-14 23:08 - 000642088 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp_win.dll
2018-07-10 22:55 - 2018-06-14 23:08 - 000604576 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-07-10 22:55 - 2018-06-14 23:08 - 000500552 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2018-07-10 22:55 - 2018-06-14 23:08 - 000413816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-07-10 22:55 - 2018-06-14 23:08 - 000072768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WindowsTrustedRT.sys
2018-07-10 22:55 - 2018-06-14 23:05 - 000550608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2018-07-10 22:55 - 2018-06-14 23:05 - 000444240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2018-07-10 22:55 - 2018-06-14 23:04 - 001462824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2018-07-10 22:55 - 2018-06-14 23:04 - 001397192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2018-07-10 22:55 - 2018-06-14 23:04 - 001251736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContentDeliveryManager.Utilities.dll
2018-07-10 22:55 - 2018-06-14 23:04 - 000719552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-07-10 22:55 - 2018-06-14 23:04 - 000281080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExecModelClient.dll
2018-07-10 22:55 - 2018-06-14 23:04 - 000105376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2018-07-10 22:55 - 2018-06-14 23:03 - 002535032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2018-07-10 22:55 - 2018-06-14 23:03 - 002163184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2018-07-10 22:55 - 2018-06-14 23:03 - 001805752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-07-10 22:55 - 2018-06-14 23:03 - 001559368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-07-10 22:55 - 2018-06-14 23:03 - 001380192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-07-10 22:55 - 2018-06-14 23:03 - 001129640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-07-10 22:55 - 2018-06-14 23:03 - 001011968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-07-10 22:55 - 2018-06-14 23:03 - 000770152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2018-07-10 22:55 - 2018-06-14 23:03 - 000472136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2018-07-10 22:55 - 2018-06-14 23:03 - 000356960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-07-10 22:55 - 2018-06-14 23:03 - 000232488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL
2018-07-10 22:55 - 2018-06-14 23:03 - 000129192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-07-10 22:55 - 2018-06-14 22:49 - 002962944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-07-10 22:55 - 2018-06-14 22:48 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-07-10 22:55 - 2018-06-14 22:48 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Diagnostics.dll
2018-07-10 22:55 - 2018-06-14 22:47 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2018-07-10 22:55 - 2018-06-14 22:46 - 004333568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-07-10 22:55 - 2018-06-14 22:46 - 001356800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2018-07-10 22:55 - 2018-06-14 22:46 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2018-07-10 22:55 - 2018-06-14 22:46 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll
2018-07-10 22:55 - 2018-06-14 22:46 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2018-07-10 22:55 - 2018-06-14 22:45 - 000992768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2018-07-10 22:55 - 2018-06-14 22:45 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-07-10 22:55 - 2018-06-14 22:44 - 001632256 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2018-07-10 22:55 - 2018-06-14 22:44 - 001342976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2018-07-10 22:55 - 2018-06-14 22:44 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2018-07-10 22:55 - 2018-06-14 22:44 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2018-07-10 22:55 - 2018-06-14 22:44 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-07-10 22:55 - 2018-06-14 22:43 - 001114112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll
2018-07-10 22:55 - 2018-06-14 22:43 - 001110528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-07-10 22:55 - 2018-06-14 22:43 - 000675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2018-07-10 22:55 - 2018-06-14 22:43 - 000426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-07-10 22:55 - 2018-06-14 22:43 - 000312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagnosticLogCSP.dll
2018-07-10 22:55 - 2018-06-14 22:43 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2018-07-10 22:55 - 2018-06-14 22:43 - 000191488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VideoHandlers.dll
2018-07-10 22:55 - 2018-06-14 22:43 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2018-07-10 22:55 - 2018-06-14 22:42 - 000431104 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2018-07-10 22:55 - 2018-06-14 22:42 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2018-07-10 22:55 - 2018-06-14 22:42 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Diagnostics.dll
2018-07-10 22:55 - 2018-06-14 22:42 - 000319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-07-10 22:55 - 2018-06-14 22:42 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-07-10 22:55 - 2018-06-14 22:42 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2018-07-10 22:55 - 2018-06-14 22:42 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2018-07-10 22:55 - 2018-06-14 22:42 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2018-07-10 22:55 - 2018-06-14 22:41 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-07-10 22:55 - 2018-06-14 22:41 - 001724928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2018-07-10 22:55 - 2018-06-14 22:41 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-07-10 22:55 - 2018-06-14 22:41 - 000811520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Input.dll
2018-07-10 22:55 - 2018-06-14 22:41 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-07-10 22:55 - 2018-06-14 22:41 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-07-10 22:55 - 2018-06-14 22:41 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll
2018-07-10 22:55 - 2018-06-14 22:40 - 001550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-07-10 22:55 - 2018-06-14 22:40 - 001487360 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-07-10 22:55 - 2018-06-14 22:40 - 000827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2018-07-10 22:55 - 2018-06-14 22:40 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2018-07-10 22:55 - 2018-06-14 22:40 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2018-07-10 22:55 - 2018-06-14 22:39 - 002903040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-07-10 22:55 - 2018-06-14 22:39 - 002583552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-07-10 22:55 - 2018-06-14 22:39 - 002172416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-07-10 22:55 - 2018-06-14 22:39 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2018-07-10 22:55 - 2018-06-14 22:39 - 000916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-07-10 22:55 - 2018-06-14 22:39 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-07-10 22:55 - 2018-06-14 22:39 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-07-10 22:55 - 2018-06-14 22:38 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-07-10 22:55 - 2018-06-14 22:38 - 001581568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.PointOfService.dll
2018-07-10 22:55 - 2018-06-14 22:38 - 001305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2018-07-10 22:55 - 2018-06-14 22:38 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2018-07-10 22:55 - 2018-06-14 22:38 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-07-10 22:55 - 2018-06-14 22:38 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2018-07-10 22:55 - 2018-06-14 22:38 - 000910848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2018-07-10 22:55 - 2018-06-14 22:38 - 000596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-07-10 22:55 - 2018-06-14 22:37 - 001374208 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-07-10 22:55 - 2018-06-14 22:37 - 000883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-07-10 22:55 - 2018-05-20 05:53 - 000792984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-07-10 22:55 - 2018-05-20 05:52 - 000413080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-07-10 22:54 - 2018-07-06 07:53 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2018-07-10 22:54 - 2018-07-06 07:52 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-07-10 22:54 - 2018-07-06 07:49 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2018-07-10 22:54 - 2018-07-06 05:51 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2018-07-10 22:54 - 2018-07-06 01:01 - 000104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2018-07-10 22:54 - 2018-07-06 01:01 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
2018-07-10 22:54 - 2018-07-06 01:00 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2018-07-10 22:54 - 2018-07-06 01:00 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2018-07-10 22:54 - 2018-07-06 01:00 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2018-07-10 22:54 - 2018-07-06 01:00 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
2018-07-10 22:54 - 2018-07-06 01:00 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsTelemetry.dll
2018-07-10 22:54 - 2018-07-06 01:00 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
2018-07-10 22:54 - 2018-07-06 00:59 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Geolocation.dll
2018-07-10 22:54 - 2018-07-06 00:59 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2018-07-10 22:54 - 2018-07-06 00:59 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2018-07-10 22:54 - 2018-07-06 00:58 - 000236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Core.dll
2018-07-10 22:54 - 2018-07-06 00:58 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Cortana.dll
2018-07-10 22:54 - 2018-07-06 00:58 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-07-10 22:54 - 2018-07-06 00:58 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2018-07-10 22:54 - 2018-07-06 00:58 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2018-07-10 22:54 - 2018-07-06 00:57 - 000262656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NmaDirect.dll
2018-07-10 22:54 - 2018-07-06 00:56 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2018-07-10 22:54 - 2018-07-06 00:56 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-07-10 22:54 - 2018-07-06 00:56 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll
2018-07-10 22:54 - 2018-07-06 00:56 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-07-10 22:54 - 2018-07-06 00:55 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-07-10 22:54 - 2018-07-06 00:55 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-07-10 22:54 - 2018-07-06 00:53 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2018-07-10 22:54 - 2018-07-05 23:41 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2018-07-10 22:54 - 2018-06-15 11:35 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-07-10 22:54 - 2018-06-15 11:34 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\DsmUserTask.exe
2018-07-10 22:54 - 2018-06-15 11:33 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManagerAPI.dll
2018-07-10 22:54 - 2018-06-15 11:33 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2018-07-10 22:54 - 2018-06-15 11:31 - 000907776 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2018-07-10 22:54 - 2018-06-15 11:29 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2018-07-10 22:54 - 2018-06-15 09:04 - 000851968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2018-07-10 22:54 - 2018-06-15 09:03 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
2018-07-10 22:54 - 2018-06-15 09:01 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2018-07-10 22:54 - 2018-06-14 22:47 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2018-07-10 22:54 - 2018-06-14 22:47 - 000515072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2018-07-10 22:54 - 2018-06-14 22:46 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2018-07-10 22:54 - 2018-06-14 22:45 - 000871424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2018-07-10 22:54 - 2018-06-14 22:45 - 000740352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2018-07-10 22:54 - 2018-06-14 22:45 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-07-10 22:54 - 2018-06-14 22:45 - 000193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2018-07-10 22:54 - 2018-06-14 22:45 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\DTUHandlerPS.dll
2018-07-10 22:54 - 2018-06-14 22:44 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2018-07-10 22:54 - 2018-06-14 22:44 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2018-07-10 22:54 - 2018-06-14 22:44 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2018-07-10 22:54 - 2018-06-14 22:44 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\cellulardatacapabilityhandler.dll
2018-07-10 22:54 - 2018-06-14 22:43 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpRelayTransport.dll
2018-07-10 22:54 - 2018-06-14 22:43 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-07-10 22:54 - 2018-06-14 22:43 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2018-07-10 22:54 - 2018-06-14 22:42 - 000978432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2018-07-10 22:54 - 2018-06-14 22:42 - 000558592 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2018-07-10 22:54 - 2018-06-14 22:42 - 000287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2018-07-10 22:54 - 2018-06-14 22:42 - 000273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2018-07-10 22:54 - 2018-06-14 22:41 - 000953856 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2018-07-10 22:54 - 2018-06-14 22:41 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2018-07-10 22:54 - 2018-06-14 22:41 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2018-07-10 22:54 - 2018-06-14 22:36 - 000159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdrom.sys
2018-07-10 22:54 - 2018-05-31 23:18 - 000058524 _____ C:\WINDOWS\system32\srms.dat
2018-07-10 20:14 - 2018-07-31 10:44 - 000000000 ____D C:\ProgramData\Packages
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-08-09 10:17 - 2018-04-11 17:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-08-09 10:12 - 2015-03-01 12:24 - 000000000 ____D C:\Program Files (x86)\Opera
2018-08-09 10:06 - 2016-11-26 00:39 - 000000000 ____D C:\Users\Dave\AppData\LocalLow\Mozilla
2018-08-09 10:06 - 2012-06-20 13:19 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-08-09 10:05 - 2017-04-30 13:14 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-08-09 10:05 - 2013-03-03 20:11 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-08-09 10:04 - 2016-07-23 22:49 - 000000000 ___RD C:\Users\Dave\OneDrive
2018-08-09 10:00 - 2018-05-16 00:43 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-08-09 09:59 - 2018-05-16 00:01 - 000000000 ____D C:\Users\Dave
2018-08-09 09:59 - 2018-04-11 15:04 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2018-08-09 09:58 - 2015-08-03 11:34 - 000000000 ____D C:\Users\Dave\AppData\Roaming\Everything
2018-08-09 09:57 - 2018-06-29 12:48 - 000001307 _____ C:\Users\Dave\Desktop\Device Manager - Shortcut.lnk
2018-08-09 09:53 - 2012-06-19 10:07 - 000000000 ____D C:\Users\Dave\AppData\Roaming\vlc
2018-08-09 09:22 - 2018-05-15 23:51 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-08-09 05:07 - 2018-05-16 00:43 - 000004158 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CB1BE535-6F0F-4578-8662-9C0E1D1C3C7F}
2018-08-08 23:00 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-08-08 22:58 - 2012-06-29 00:10 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-08-08 13:13 - 2018-04-11 17:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-08-08 11:32 - 2018-07-09 23:11 - 000001106 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2018-08-07 23:42 - 2016-05-13 18:01 - 000000000 ____D C:\Users\Dave\AppData\Roaming\GrabIt
2018-08-06 10:03 - 2015-08-08 17:19 - 000001414 _____ C:\Users\Dave\Desktop\Everything.exe - Shortcut.lnk
2018-08-05 02:24 - 2018-04-11 17:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-08-02 14:26 - 2015-03-01 10:56 - 000000000 ____D C:\Users\Dave\AppData\Roaming\Apple Computer
2018-07-31 10:32 - 2018-02-27 22:40 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-07-30 03:20 - 2018-05-16 00:43 - 000003962 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1425234319
2018-07-30 03:20 - 2017-06-30 11:17 - 000001122 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2018-07-29 11:17 - 2018-01-25 00:57 - 000000000 ____D C:\Users\Dave\Downloads\Memes I Liked
2018-07-29 11:14 - 2012-08-19 10:49 - 000000000 ____D C:\Users\Dave\Downloads\Posted Cartoons
2018-07-27 16:48 - 2018-03-12 08:35 - 000000000 ____D C:\Program Files\Common Files\Apple
2018-07-27 16:48 - 2015-03-01 10:56 - 000000000 ____D C:\Users\Dave\AppData\Local\Apple Computer
2018-07-27 11:33 - 2009-07-13 21:20 - 000000000 __RHD C:\Users\Public\Public Desktop
2018-07-26 11:07 - 2014-12-11 00:49 - 000000000 ____D C:\Users\Dave\AppData\Roaming\KeePass
2018-07-23 00:48 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-07-21 09:14 - 2016-12-17 12:58 - 000000000 ____D C:\Program Files\Pale Moon
2018-07-21 08:48 - 2013-06-11 13:27 - 000000968 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pale Moon.lnk
2018-07-21 08:48 - 2013-06-11 13:27 - 000000956 _____ C:\Users\Public\Desktop\Pale Moon.lnk
2018-07-19 23:25 - 2016-02-15 01:00 - 000000000 ____D C:\Users\Dave\Downloads\Podcasts
2018-07-16 23:05 - 2010-11-20 21:27 - 000563832 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-07-16 11:34 - 2017-12-23 20:30 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-07-15 22:52 - 2012-08-19 09:00 - 000016384 _____ C:\Users\Dave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-07-15 22:28 - 2012-06-24 14:43 - 000000000 ____D C:\Users\Office Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-07-14 00:46 - 2018-05-16 00:43 - 000003368 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4063716828-1680190529-1648852121-1000
2018-07-14 00:46 - 2018-05-16 00:01 - 000002409 _____ C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-07-12 00:23 - 2018-05-16 00:43 - 000004530 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-07-12 00:22 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-07-12 00:22 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-07-11 04:04 - 2018-04-11 17:36 - 000000000 ____D C:\WINDOWS\INF
2018-07-11 01:13 - 2018-05-15 23:56 - 000968400 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-07-11 01:08 - 2017-12-23 20:18 - 000000000 ___RD C:\Users\Dave\3D Objects
2018-07-11 01:08 - 2016-07-23 22:45 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-07-11 01:07 - 2018-05-15 23:51 - 000453184 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-07-11 01:03 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-07-11 01:03 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-07-11 01:02 - 2018-04-11 17:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-07-11 01:02 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-07-11 01:02 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-07-10 23:28 - 2013-08-14 09:15 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-07-10 23:10 - 2012-06-16 13:56 - 134675576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-07-10 20:07 - 2018-05-16 00:43 - 000004578 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
==================== Files in the root of some directories =======
2011-08-19 16:02 - 2011-06-09 17:44 - 000002792 _____ () C:\Program Files\HP SimplePass 2011
2009-04-20 23:51 - 2007-12-14 19:33 - 000262144 _____ (ZoneAlarm) C:\Program Files (x86)\Uninstall Spy Blocker.dll
2012-07-27 11:57 - 2012-07-27 11:57 - 000007859 _____ () C:\Users\Office Administrator\AppData\Roaming\pcouffin.cat
2012-07-27 11:57 - 2012-07-27 11:57 - 000001167 _____ () C:\Users\Office Administrator\AppData\Roaming\pcouffin.inf
2012-07-27 11:57 - 2012-07-27 11:57 - 000000034 _____ () C:\Users\Office Administrator\AppData\Roaming\pcouffin.log
2012-07-27 11:57 - 2012-07-27 11:57 - 000082816 _____ (VSO Software) C:\Users\Office Administrator\AppData\Roaming\pcouffin.sys
2012-10-13 19:45 - 2012-10-13 19:45 - 000000600 _____ () C:\Users\Office Administrator\AppData\Roaming\winscp.rnd
Some files in TEMP:
====================
2018-08-08 11:31 - 2018-08-08 11:31 - 004264384 _____ (Don HO don.h@free.fr) C:\Users\Dave\AppData\Local\Temp\npp.7.5.8.Installer.exe
2018-05-24 19:49 - 2018-05-24 19:49 - 004299968 _____ (Don HO don.h@free.fr) C:\Users\Office Administrator\AppData\Local\Temp\npp.7.5.6.Installer.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-05-15 23:51
==================== End of FRST.txt ============================
**********************************
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by Office Administrator (09-08-2018 10:27:44)
Running from C:\Users\Dave\Desktop
Windows 10 Home Version 1803 17134.165 (X64) (2018-05-16 06:45:36)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-4063716828-1680190529-1648852121-500 - Administrator - Disabled) => C:\Users\Administrator
Ben (S-1-5-21-4063716828-1680190529-1648852121-1004 - Limited - Enabled) => C:\Users\Ben
Dave (S-1-5-21-4063716828-1680190529-1648852121-1000 - Limited - Enabled) => C:\Users\Dave
DefaultAccount (S-1-5-21-4063716828-1680190529-1648852121-503 - Limited - Disabled)
Guest (S-1-5-21-4063716828-1680190529-1648852121-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4063716828-1680190529-1648852121-1002 - Limited - Enabled)
Hope (S-1-5-21-4063716828-1680190529-1648852121-1003 - Limited - Enabled) => C:\Users\Hope
Mary Jo (S-1-5-21-4063716828-1680190529-1648852121-1005 - Limited - Enabled) => C:\Users\Mary Jo
Office Administrator (S-1-5-21-4063716828-1680190529-1648852121-1006 - Administrator - Enabled) => C:\Users\Office Administrator
Rich (S-1-5-21-4063716828-1680190529-1648852121-1008 - Limited - Enabled) => C:\Users\Rich
Share_with_Office (S-1-5-21-4063716828-1680190529-1648852121-1007 - Limited - Enabled) => C:\Users\Share_with_Office
WDAGUtilityAccount (S-1-5-21-4063716828-1680190529-1648852121-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKLM-x32\...\uTorrent) (Version: 3.2.0 - )
2017 Screen Saver (HKLM-x32\...\2017 Screen Saver_is1) (Version: - Access Analytic)
4K YouTube to MP3 3.3 (HKLM-x32\...\{35F6F72F-08F5-4885-8B69-7A3C6C1F038E}) (Version: 3.3.5.1797 - Open Media LLC)
802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.01.18.0 - Ralink)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.4 - Adobe Systems Incorporated)
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 30 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\...\Amazon Kindle) (Version: 1.20.1.47037 - Amazon)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.5.3.0 - SlySoft)
Apple Application Support (32-bit) (HKLM-x32\...\{E5347310-C82F-4833-AA36-8D11E5A8A86A}) (Version: 6.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D745E014-74DD-43A3-98DF-E7D38164B681}) (Version: 6.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C29B636B-9015-4ED1-A12F-6375A337F23B}) (Version: 11.4.1.46 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
ArcSoft ShowBiz (HKLM-x32\...\{9D41D2EF-2D33-4CFD-8A3E-C7E6FCC3303B}) (Version: 3.5.13.64 - ArcSoft)
Asterisk Key 10.0 (HKLM-x32\...\asterisk key) (Version: - )
Audacity 2.0 (HKLM-x32\...\Audacity_is1) (Version: - Audacity Team)
AVIcodec (remove only) (HKLM-x32\...\AVIcodec) (Version: - )
Avidemux 2.6 (32-bit) (HKLM-x32\...\Avidemux 2.6) (Version: 2.6.1.8321 - )
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
Backup and Sync from Google (HKLM\...\{AEFBDB5B-899F-4AE6-B789-BA56A652A476}) (Version: 3.42.9858.3671 - Google, Inc.)
Bandicam (HKLM-x32\...\Bandicam) (Version: 2.1.1.731 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com)
Beyond Compare 4.2.2 (HKLM\...\BeyondCompare4_is1) (Version: 4.2.2.22384 - Scooter Software)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Blue Coat K9 Web Protection (HKLM\...\Blue Coat K9 Web Protection) (Version: 4.3.188 - Blue Coat Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
calibre (HKLM-x32\...\{D2DCF339-7EBC-4D88-B515-A504297796EA}) (Version: 3.6.0 - Kovid Goyal)
Canon MP Navigator EX 2.0 (HKLM-x32\...\MP Navigator EX 2.0) (Version: - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - )
CanoScan LiDE 200 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807) (Version: - )
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.4.03034 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{EB629A98-5E69-40E8-BA9E-C393899F959D}) (Version: 4.4.03034 - Cisco Systems, Inc.) Hidden
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.12334.0 - Cisco Consumer Products LLC)
Cisco WebEx Meetings (HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
CloneCD (HKLM-x32\...\CloneCD) (Version: - SlySoft)
CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version: 2.9.3.0 - Elaborate Bytes)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.1) (Version: 5.0.0.1 - Coupons.com Incorporated)
CPUID CPU-Z 1.68 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) <==== ATTENTION
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DjVuLibre DjView 3.5.27+4.10.4 (HKLM-x32\...\DjVuLibre+DjView) (Version: 3.5.27+4.10.4 - DjVuZone)
Driver Install 64-Bit (HKLM-x32\...\{AA107568-1B58-407E-9867-D51F71C9F446}) (Version: 6.0.107.0 - China) Hidden
Driver Install 64-Bit (HKLM-x32\...\InstallShield_{AA107568-1B58-407E-9867-D51F71C9F446}) (Version: 6.0.107.0 - China)
EPubsoft Adobe PDF ePub DRM Removal 8.9.6 (HKLM-x32\...\{917CB2F3-7BAF-4E1E-9444-1241BF3D6B92}) (Version: 8.9.6 - EPUBSOFT)
Eudora (HKLM-x32\...\{FC40342A-B862-4F02-9B85-EBC13BE78AD1}) (Version: 7.0 - )
Everything 1.3.4.686 (x64) (HKLM\...\Everything) (Version: - )
Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
EZ Grabber (HKLM-x32\...\{8543A572-5993-4101-BACC-C83884E183A4}) (Version: 2.00.0000 - EZ Grabber)
f.lux (HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\...\Flux) (Version: - f.lux Software LLC)
Family Tree Maker 2012 (HKLM-x32\...\{1CB0993B-1CD4-4A18-9C85-9732AFD9843F}) (Version: 21.0.452 - Ancestry.com, Inc.) Hidden
Family Tree Maker 2012 (HKLM-x32\...\Family Tree Maker 2012) (Version: 21.0.452 - Ancestry.com, Inc.)
FeedDemon (HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\...\FeedDemon_is1) (Version: 4.5.0.0 - NewsGator Technologies, Inc.)
Flash Decompiler Trillix (HKLM-x32\...\Flash Decompiler Trillix_is1) (Version: 5.3 - Eltima Software)
foobar2000 v1.3.10 (HKLM-x32\...\foobar2000) (Version: 1.3.10 - Peter Pawlowski)
FormatFactory 3.0.1 (HKLM-x32\...\FormatFactory) (Version: 3.0.1 - Free Time)
FREE EML File Viewer version v2.0 (HKLM-x32\...\{6B16A616-C931-4D4B-B1C5-E04F2D4DDD63}_is1) (Version: v2.0 - www.freeviewer.org)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Gmail Backup (HKLM-x32\...\gmailbackup) (Version: - )
GnuWin32: Wget-1.11.4-1 (HKLM-x32\...\Wget-1.11.4-1_is1) (Version: 1.11.4-1 - GnuWin32)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GrabIt 1.7.3 Beta (build 1010) (HKLM-x32\...\GrabIt_is1) (Version: - Ilan Shemes)
HandBrake 0.9.6 (HKLM-x32\...\HandBrake) (Version: 0.9.6 - )
Huffyuv AVI lossless video codec - MultiThread (Remove Only) (HKLM-x32\...\HuffyuvcodecMT) (Version: - )
iCloud (HKLM\...\{82FCC407-A0E5-4B80-9241-5ABA78B61090}) (Version: 7.6.0.15 - Apple Inc.)
ImageMagick 6.8.9-5 Q8 (64-bit) (2014-07-15) (HKLM\...\ImageMagick 6.8.9 Q8 (64-bit)_is1) (Version: 6.8.9 - ImageMagick Studio LLC)
iMazing HEIC Converter version 1.0.5 (HKLM\...\{FA58AFA9-B210-409C-88F1-2A90D577C170}_is1) (Version: 1.0.5 - DigiDNA)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
iTunes (HKLM\...\{36F365B3-05C2-455D-9D96-B73829DE046D}) (Version: 12.8.0.150 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KeePass Password Safe 2.28 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.28 - Dominik Reichl)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - )
Lame ACM MP3 Codec (HKLM-x32\...\LameACM) (Version: - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Link Shell Extension (HKLM\...\HardlinkShellExt) (Version: 3.7.5.1 - Hermann Schinagl)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
MapWindow GIS (HKLM-x32\...\{0018DC60-E4CB-4884-81EC-52CF2BAF54EF}_is1) (Version: 4.8.8 - MapWindow GIS)
Mathematica Extras 8.0 (2609412) (HKLM\...\A-WIN-Extras 8.0.4 2609412_is1) (Version: 8.0.4 - Wolfram Research, Inc.)
MediaHuman YouTube to MP3 Converter version 3.9.8.10 (HKLM-x32\...\MediaHuman YouTube to MP3 Converter_is1) (Version: 3.9.8.10 - )
MediaInfo 0.7.67 (HKLM\...\MediaInfo) (Version: 0.7.67 - MediaArea.net)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\...\OneDriveSetup.exe) (Version: 18.111.0603.0006 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4063716828-1680190529-1648852121-1006\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 61.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 61.0.2 (x64 en-US)) (Version: 61.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)
MP4Tools v3.1 (HKLM-x32\...\MP4Tools_is1) (Version: - )
MuseScore 2 (HKLM-x32\...\{703926DE-F24B-11E4-AA68-472FB664A5DC}) (Version: 2.0.1 - Werner Schweer and Others)
MyFreeCodec (HKU\S-1-5-21-4063716828-1680190529-1648852121-1006\...\MyFreeCodec) (Version: - )
Neat Video v3.0 Demo plug-in for VirtualDub (32-bit) (HKLM-x32\...\Neat Video for VirtualDub (32-bit)_is1) (Version: - Neat Video team, ABSoft)
Network Stumbler 0.4.0 (remove only) (HKLM-x32\...\Network Stumbler) (Version: - )
NirSoft VideoCacheView (HKLM-x32\...\NirSoft VideoCacheView) (Version: - )
NLOGIT 4.0 (HKLM-x32\...\{162D8CCE-79C2-4587-A026-22B8D8B73015}) (Version: 04.00.0001 - Econometric Software, Inc.)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.8 - Notepad++ Team)
NZBLeecher (HKLM-x32\...\NZBLeecher) (Version: - )
Open Live Writer (HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\...\OpenLiveWriter) (Version: 0.6.2 - Open Live Writer)
Opera Stable 54.0.2952.64 (HKLM-x32\...\Opera 54.0.2952.64) (Version: 54.0.2952.64 - Opera Software)
Orbit Downloader (HKLM-x32\...\Orbit_is1) (Version: - www.orbitdownloader.com)
paint.net (HKLM\...\{E8FA8815-3817-4128-A814-E2EAC456ADF0}) (Version: 4.0.21 - dotPDN LLC)
Pale Moon (x64 en-US) (HKLM\...\Pale Moon (x64 en-US)) (Version: 27.9.4 - Moonchild Productions)
Pale Moon 27.0.2 (x86 en-US) (HKLM-x32\...\Pale Moon 27.0.2 (x86 en-US)) (Version: 27.0.2 - Moonchild Productions)
PaperCut Print Logger 1.10 (HKLM-x32\...\PaperCut Print Logger_is1) (Version: - PaperCut Software Int. Pty. Ltd.)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.4.1 - Frank Heindörfer, Philip Chinery)
PdfMerge (HKLM-x32\...\{1CD59184-5172-4899-BAE4-4F06D57B2004}) (Version: 1.19.0 - PdfMerge)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.203.0 - Tracker Software Products Ltd)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Plex Media Server (HKLM-x32\...\{16eca963-68c5-4756-80f9-db9094a4d6f0}) (Version: 0.9.1104 - Plex, Inc.)
Plex Media Server (HKLM-x32\...\{A6BF4853-41E9-4DA1-AD81-4B16FEE938C2}) (Version: 0.9.1104 - Plex, Inc.) Hidden
POV-Ray for Windows v3.6.1c (HKLM-x32\...\POV-Ray for Windows v3.6) (Version: 3.6 - Persistence of Vision Raytracer Pty. Ltd.)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5331 - CyberLink Corp.) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5331 - CyberLink Corp.)
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.4320 - CyberLink Corp.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Respondus 4.0 Campus-Wide (HKLM-x32\...\{8DB14A0D-7D84-46B3-AEE4-D265729C78BD}) (Version: 4.00.0000 - Respondus, Inc.)
Respondus LockDown Browser 2 (HKLM-x32\...\{BBC7F69B-7A94-41E9-8A4B-B55A8D06431F}) (Version: 2.00.0000 - Respondus)
SABnzbd 1.0.2 (HKLM-x32\...\SABnzbd) (Version: 1.0.2 - The SABnzbd Team)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
screen-scraper Basic Edition (HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\...\5814-3494-4319-2342) (Version: 7.0 - ekiwi, LLC)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.16052.2 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.16052.2 - Samsung Electronics Co., Ltd.)
Snagit 12 (HKLM-x32\...\{B298CE4A-880B-4D6E-8987-2D8A616BF568}) (Version: 12.0.0 - TechSmith Corporation) Hidden
Snagit 12 (HKLM-x32\...\{bdac23f5-7943-42cf-ba56-4732fc20b6a7}) (Version: 12.0.0.1001 - TechSmith Corporation)
SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
ThumbNailer (HKLM\...\{4FF14ED2-7B23-4EBF-A88B-CAE3590F9388}) (Version: 10.1.0.10 - Smaller Animals Software) Hidden
ThumbNailer 10 (HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\...\ThumbNailer 10.1.0.10) (Version: 10.1.0.10 - Smaller Animals Software)
TreeSize Free V2.7 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.7 - JAM Software)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{DE083343-D24D-4495-919E-18C65EC0F289}) (Version: 2.8.0.0 - Microsoft Corporation)
Verizon Cloud (HKLM\...\Verizon Cloud) (Version: 16.1.8.13 - Verizon)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VSO Inspector 2.0.2 (HKLM-x32\...\VSO Inspector_is1) (Version: - VSO-Software SARL)
WD Link (HKLM-x32\...\WD Link) (Version: 1.00.03 - Western Digital)
WebP Codec for Windows 0.19 (HKLM\...\{9D2F4EB8-98AD-4C8B-A0C5-4C114B3F1287}) (Version: 0.19.9 - Google Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinRAR 5.60 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.60.0 - win.rar GmbH)
WinSCP 5.1 (HKLM-x32\...\winscp3_is1) (Version: 5.1 - Martin Prikryl)
Wolfram CDF Player (M-WIN-D 8.0.4 2609533) (HKLM-x32\...\M-WIN-D 8.0.4 2609533_is1) (Version: 8.0.4 - Wolfram Research, Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers: [ SncrOverlays (Blocked)] -> {C418E880-6280-4010-A888-FD76028E5511} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll [2016-10-10] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (InSync)] -> {5F4A6070-DB92-4C56-A487-F3850430608F} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll [2016-10-10] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (Pending)] -> {EE73A341-C788-4A6B-B1EF-DDBFC0F190B6} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll [2016-10-10] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (Syncing)] -> {28CDCD88-B179-49D6-8B21-1A9AF9C0AE13} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll [2016-10-10] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2013-08-23] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2013-08-23] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2013-08-23] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ SncrOverlays (Blocked)] -> {C418E880-6280-4010-A888-FD76028E5511} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll [2016-10-10] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers-x32: [ SncrOverlays (InSync)] -> {5F4A6070-DB92-4C56-A487-F3850430608F} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll [2016-10-10] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers-x32: [ SncrOverlays (Pending)] -> {EE73A341-C788-4A6B-B1EF-DDBFC0F190B6} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll [2016-10-10] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers-x32: [ SncrOverlays (Syncing)] -> {28CDCD88-B179-49D6-8B21-1A9AF9C0AE13} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll [2016-10-10] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers-x32: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2013-08-23] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2013-08-23] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2013-08-23] (Hermann Schinagl)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2018-07-22] ()
ContextMenuHandlers1: [CirrusShellEx] -> {57FA2D12-D22D-490A-805A-5CB48E84F12A} => C:\My Program Files (x86)\Beyond Compare 4\BCShellEx64.dll [2017-05-18] (Scooter Software)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-05-30] (Google)
ContextMenuHandlers1: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2013-08-23] (Hermann Schinagl)
ContextMenuHandlers1: [Notepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2018-07-22] ()
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2018-06-26] (Apple Inc.)
ContextMenuHandlers1: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files (x86)\TechSmith\Snagit 12\DLLx64\SnagitShellExt64.dll [2014-04-18] (TechSmith Corporation)
ContextMenuHandlers1: [VerizonCtxMenu] -> {8CA825D9-C7DB-4833-9901-E7400521CE04} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.ContextMenus.dll [2016-10-10] (Synchronoss Technologies Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers1-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-03] (Malwarebytes)
ContextMenuHandlers3: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ContextMenuHandlers4: [CirrusShellEx] -> {57FA2D12-D22D-490A-805A-5CB48E84F12A} => C:\My Program Files (x86)\Beyond Compare 4\BCShellEx64.dll [2017-05-18] (Scooter Software)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-05-30] (Google)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers4: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files (x86)\TechSmith\Snagit 12\DLLx64\SnagitShellExt64.dll [2014-04-18] (TechSmith Corporation)
ContextMenuHandlers4: [VerizonCtxMenu] -> {8CA825D9-C7DB-4833-9901-E7400521CE04} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.ContextMenus.dll [2016-10-10] (Synchronoss Technologies Inc.)
ContextMenuHandlers4: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers5: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2013-08-23] (Hermann Schinagl)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Intel Corporation)
ContextMenuHandlers5: [VerizonCtxMenu] -> {8CA825D9-C7DB-4833-9901-E7400521CE04} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.ContextMenus.dll [2016-10-10] (Synchronoss Technologies Inc.)
ContextMenuHandlers5: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ContextMenuHandlers6: [CirrusShellEx] -> {57FA2D12-D22D-490A-805A-5CB48E84F12A} => C:\My Program Files (x86)\Beyond Compare 4\BCShellEx64.dll [2017-05-18] (Scooter Software)
ContextMenuHandlers6: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2013-08-23] (Hermann Schinagl)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-03] (Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers6: [VerizonCtxMenu] -> {8CA825D9-C7DB-4833-9901-E7400521CE04} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.ContextMenus.dll [2016-10-10] (Synchronoss Technologies Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers6-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {032B01CC-1874-43B4-A40E-0A34AE5B0219} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {042937CB-5476-4C2A-8480-C5E036578E2B} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0CC3794B-E509-49AE-AF82-09F758E715B3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {0EBF683C-73C8-427B-888B-F5FEDFA0A8B8} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Unlock -> No File <==== ATTENTION
Task: {14160C5A-0629-4486-AD42-B50AD57381FA} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {15CDA51F-2714-4EDB-A171-93B428EB5EAB} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\OutOfIdle -> No File <==== ATTENTION
Task: {225F401F-D757-4C63-9C5E-338A1BF1A40C} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {22B36131-D912-447F-8E3A-93B96D768A49} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {310AE0D2-A029-42FE-9CBF-BE9D3169809C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {3311EDC2-3EB7-44C7-98E3-001274DB87E2} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {35A742C1-2971-4943-A2E3-29AD462FFAAC} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3ACF76E4-F5DF-431C-BEA2-BE70CF85AE6D} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {3D5FD92F-118C-45D9-B0B3-3723CAC9801B} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {3F0B4EA2-4D7B-4D23-876A-75BCC92FE9AF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-07-12] (Adobe Systems Incorporated)
Task: {40916EEB-6F1E-4999-9E15-7F491478CD18} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {442A0DF8-035C-4EC9-9586-E841BDA7E761} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-07-31] (Microsoft Corporation)
Task: {448270B0-5154-498D-B24D-AE71E7DB5927} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {453D4E41-9E0A-450B-ABEE-1E59AE056970} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {4BC2A2DA-AFD4-4150-A965-394C5A98BC48} - System32\Tasks\SetupManager => C:\Program Files (x86)\Hewlett-Packard\Setup Manager\toaster.exe
Task: {4EA06D77-9D3C-4D8D-87AC-E943886E5F61} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\OnIdle -> No File <==== ATTENTION
Task: {4EF9C94A-BEB8-4886-8EFB-6F8DC72DE967} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {53ABC437-1B0B-41C8-BFA8-0949927B2CAE} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {55FDF64B-3C5A-49F4-9EC4-597B575CA285} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {60C6872D-D8C5-4B88-8980-45D08F81447E} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {66373DB8-4A8D-49A8-88A9-7AC45A9257AE} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {6F313266-B64D-44AE-A7BB-DE6293968188} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {72D3B183-DAE2-4C2A-B083-2F775CA56B84} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {76028AB5-AC97-4F06-8327-7D5A47A19935} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8019363D-BCAD-4773-B90D-F17D42075CBA} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {81CF05AE-D06C-4C08-9EC1-EF7705F329D2} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Logon -> No File <==== ATTENTION
Task: {8D77A25D-FD6A-481A-B0D6-9678902CB9A5} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {92371601-C4C9-4886-8F49-55A1B31041CA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {962F44DF-9C5B-4695-A5B2-B3B13C819136} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-07-31] (Microsoft Corporation)
Task: {97D57FBC-B035-440C-88E7-9E676CD64057} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9EE88514-786B-4C6B-B761-AD00A3815399} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {A67499BF-E58D-4F6B-808F-5521BCB22C84} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {AA322EE6-D956-4A82-83A1-15E2310DA8ED} - System32\Tasks\Opera scheduled Autoupdate 1425234319 => C:\Program Files (x86)\Opera\launcher.exe [2018-07-24] (Opera Software)
Task: {AAAF2967-9FCF-4FE5-B8ED-82D0D1916F31} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-07-31] (Microsoft Corporation)
Task: {ABE81196-0AAC-419A-993A-CA0F9FA7E738} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {B0783751-AFAE-4BFF-B02A-3C74BBADC98E} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B45BD574-7084-4DF1-82B3-CD8D60EDDB56} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {B575AFE0-AF73-4398-9D64-5D7A4249CF40} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {B7A8F376-2E78-4061-83AB-BD6CC226463C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {B887A7D3-7A91-488D-87DA-512ED75B31E7} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {BB891099-3F04-45DA-8DFA-066AB33B0F7D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C0F395F2-9715-4314-A840-2E6C417F6A32} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C1C94E11-56D4-42FD-B052-F12EAEB7E8A4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {C29AFA7A-269B-4DEC-95F3-09270AAEC4FB} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_Plugin.exe [2018-07-10] (Adobe Systems Incorporated)
Task: {C6429797-F491-4F5C-BD36-6AC08CF60D18} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {CC5E2665-C32E-472A-B456-DD8263A22363} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Time -> No File <==== ATTENTION
Task: {DB90AE6C-A7F3-4DCB-8F95-73AC04603218} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {DC0B13A5-A3AF-44DB-A8AF-45ED1E90A3D1} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2014-04-17] (TechSmith Corporation)
Task: {DD8F35AB-434A-41DE-9AD1-1257D3D4E48B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {E40AF1E4-E26D-4DF8-BF69-C3737ACB46AC} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {E4E1AB3F-C6DC-443F-A040-1F71DC7EA004} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-07-31] (Microsoft Corporation)
Task: {E63BAE5A-5EBA-47EA-A20E-B92FD497F1B2} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\RunCampaignManager2 -> No File <==== ATTENTION
Task: {E715D404-048F-428E-B4E3-3091D17C67DF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {EE44F1BC-3A65-4249-BBAC-F4DEB17CDF61} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F1B34399-703E-4852-B06A-F538BC5472CA} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {F2511BEE-366D-49C8-BB06-D1D74AAAE162} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FE713D77-2EF1-4348-86DE-E0815C71AAD4} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_pepper.exe [2018-07-12] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-08-03 10:45 - 2014-08-05 19:04 - 001441792 _____ () C:\Program Files\Everything\Everything.exe
2018-01-05 00:14 - 2018-01-05 00:14 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-06-23 06:56 - 2018-06-23 06:56 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-05-15 16:00 - 2018-07-16 11:34 - 002433744 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2013-08-05 00:15 - 2013-08-05 00:15 - 000070712 _____ () c:\windows\system32\bdmpega64.acm
2018-04-11 17:34 - 2018-04-11 17:34 - 000491744 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2004-09-30 12:15 - 2004-09-30 12:15 - 000192000 _____ () C:\Program Files\LinkShellExtension\RockallDLL.dll
2018-04-11 17:34 - 2018-04-11 17:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 17:34 - 2018-04-11 17:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-07-22 18:14 - 2018-07-22 18:14 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2018-07-10 22:56 - 2018-07-06 00:55 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-07-17 15:13 - 2018-07-17 15:13 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-07-17 15:13 - 2018-07-17 15:13 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-07-17 15:13 - 2018-07-17 15:14 - 022373888 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-07-17 15:13 - 2018-07-17 15:13 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\skypert.dll
2018-07-27 10:37 - 2018-07-27 10:37 - 035195392 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.13911.0_x64__8wekyb3d8bbwe\Video.UI.exe
2018-07-27 10:37 - 2018-07-27 10:37 - 000290816 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.13911.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-07-27 10:37 - 2018-07-27 10:37 - 006373376 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.13911.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-09-25 22:50 - 2017-09-25 22:50 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.13911.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-07-27 10:37 - 2018-07-27 10:37 - 008903168 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.13911.0_x64__8wekyb3d8bbwe\EntPlat.dll
2018-07-10 20:13 - 2018-07-10 20:13 - 001922224 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2017-03-09 02:16 - 2017-03-09 02:16 - 000112264 _____ () C:\Windows\System32\IccLibDll_x64.dll
2018-07-06 02:00 - 2018-07-06 02:00 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
2018-07-06 02:00 - 2018-07-06 02:00 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2018-05-30 11:03 - 2018-05-30 11:03 - 046281248 _____ () C:\Program Files\Google\Drive\googledrivesync.exe
2011-12-22 11:10 - 2011-12-22 11:58 - 000207717 _____ () C:\Users\Dave\Documents\My Program Files\AutoHotkey\Compiler\keywords.exe
2018-08-08 22:58 - 2018-08-07 18:41 - 004855640 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.106\libglesv2.dll
2018-08-08 22:58 - 2018-08-07 18:41 - 000115544 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.106\libegl.dll
2018-08-09 10:03 - 2018-08-09 10:03 - 000113152 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\_ctypes.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000080896 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\bz2.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 001585152 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\_hashlib.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000128512 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\win32api.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000137728 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\pywintypes27.dll
2018-08-09 10:03 - 2018-08-09 10:03 - 000548864 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\pythoncom27.dll
2018-08-09 10:03 - 2018-08-09 10:03 - 000689664 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\unicodedata.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000438784 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\win32com.shell.shell.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 001489408 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\wx._core_.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 001007104 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\wx._gdi_.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 001039872 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\wx._windows_.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 001325056 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\wx._controls_.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000916992 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\wx._misc_.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 001084416 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\pysqlite2._sqlite.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000149504 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\win32file.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000136192 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\win32security.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000007680 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\hashobjs_ext.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000020992 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\thumbnails_ext.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000118784 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\usb_ext.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000047616 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\_socket.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 002224640 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\_ssl.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000014848 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\common.time34.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000023040 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\win32event.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000034304 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\windows.conditional.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000020480 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\windows.winwrap.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000110080 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\windows.volumes.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000223232 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\win32gui.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000173568 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\_elementtree.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000169472 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\pyexpat.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000048128 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\win32inet.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000103424 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\wx._html2.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000046080 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\_psutil_windows.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000633272 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\windows._cacheinvalidation.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000011776 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\win32crypt.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000301568 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\PIL._imaging.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000032256 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\_multiprocessing.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 005458944 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\cello.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000026112 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\_yappi.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000044032 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\win32process.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000027648 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\win32pipe.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000010752 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\select.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000029696 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\win32pdh.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000038400 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\windows.connectivity.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000073216 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\windows.device_monitor.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000020480 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\win32profile.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000026624 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\win32ts.pyd
2016-12-17 12:58 - 2018-07-10 12:17 - 005406208 _____ () C:\Program Files\Pale Moon\mozjs.dll
2017-05-17 06:16 - 2017-05-17 06:16 - 000073728 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2018-07-30 03:20 - 2018-07-24 23:06 - 087838808 _____ () C:\Program Files (x86)\Opera\54.0.2952.64\opera_browser.dll
2018-07-30 03:20 - 2018-07-24 23:06 - 003871320 _____ () C:\Program Files (x86)\Opera\54.0.2952.64\libglesv2.dll
2018-07-30 03:20 - 2018-07-24 23:06 - 000086616 _____ () C:\Program Files (x86)\Opera\54.0.2952.64\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:DED17083 [286]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 20:34 - 2018-08-09 10:02 - 000001707 _____ C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
216.239.32.20 www.google.ae # bck9
216.239.32.20 www.google.at # bck9
216.239.32.20 www.google.be # bck9
216.239.32.20 www.google.ca # bck9
216.239.32.20 www.google.ch # bck9
216.239.32.20 www.google.cl # bck9
216.239.32.20 www.google.co.il # bck9
216.239.32.20 www.google.co.in # bck9
216.239.32.20 www.google.co.jp # bck9
216.239.32.20 www.google.co.kr # bck9
216.239.32.20 www.google.co.nz # bck9
216.239.32.20 www.google.co.uk # bck9
216.239.32.20 www.google.co.ve # bck9
216.239.32.20 www.google.co.za # bck9
216.239.32.20 www.google.com # bck9
216.239.32.20 www.google.com.ar # bck9
216.239.32.20 www.google.com.au # bck9
216.239.32.20 www.google.com.br # bck9
216.239.32.20 www.google.com.co # bck9
216.239.32.20 www.google.com.gr # bck9
216.239.32.20 www.google.com.hk # bck9
216.239.32.20 www.google.com.mx # bck9
216.239.32.20 www.google.com.my # bck9
216.239.32.20 www.google.com.pe # bck9
216.239.32.20 www.google.com.ph # bck9
216.239.32.20 www.google.com.pk # bck9
216.239.32.20 www.google.com.sg # bck9
216.239.32.20 www.google.com.tr # bck9
216.239.32.20 www.google.com.tw # bck9
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dave\Downloads\Wallpapers\Thomas Herbich\SMOKE_176_HD.jpg
HKU\S-1-5-21-4063716828-1680190529-1648852121-1006\Control Panel\Desktop\\Wallpaper -> C:\Users\Office Administrator\AppData\Local\Microsoft\Windows\Themes\img16.jpg
DNS Servers: 208.67.222.222 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows"
HKU\S-1-5-21-4063716828-1680190529-1648852121-1006\...\StartupApproved\Run: => "Plex Media Server"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{C97E4394-8A48-4F21-B464-9A6A5D5A54A1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{93776A94-90D5-4519-B1A0-E098CE312A7F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DA8A793E-A5E4-47D7-81AE-84BF66EC42C4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4D080D92-8DEC-4CE0-BCEA-A1F319E1E296}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D6AC1967-FD24-478D-8B49-891B52A2AE67}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [Threshold.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\Threshold.exe
FirewallRules: [Threshold.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\Threshold.exe
FirewallRules: [StreamNet.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\StreamNet.exe
FirewallRules: [StreamNet.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\StreamNet.exe
FirewallRules: [SlopeAveDown.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\SlopeAveDown.exe
FirewallRules: [SlopeAveDown.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\SlopeAveDown.exe
FirewallRules: [SlopeAreaRatio.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\SlopeAreaRatio.exe
FirewallRules: [SlopeAreaRatio.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\SlopeAreaRatio.exe
FirewallRules: [SlopeArea.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\SlopeArea.exe
FirewallRules: [SlopeArea.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\SlopeArea.exe
FirewallRules: [PitRemove.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\PitRemove.exe
FirewallRules: [PitRemove.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\PitRemove.exe
FirewallRules: [PeukerDouglas.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\PeukerDouglas.exe
FirewallRules: [PeukerDouglas.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\PeukerDouglas.exe
FirewallRules: [MoveOutletsToStreams.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\MoveOutletsToStreams.exe
FirewallRules: [MoveOutletsToStreams.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\MoveOutletsToStreams.exe
FirewallRules: [LengthArea.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\LengthArea.exe
FirewallRules: [LengthArea.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\LengthArea.exe
FirewallRules: [GridNet.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\GridNet.exe
FirewallRules: [GridNet.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\GridNet.exe
FirewallRules: [DropAnalysis.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\DropAnalysis.exe
FirewallRules: [DropAnalysis.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\DropAnalysis.exe
FirewallRules: [DinfUpDependence.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\DinfUpDependence.exe
FirewallRules: [DinfUpDependence.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\DinfUpDependence.exe
FirewallRules: [DinfTransLimAccum.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\DinfTransLimAccum.exe
FirewallRules: [DinfTransLimAccum.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\DinfTransLimAccum.exe
FirewallRules: [DinfRevAccum.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\DinfRevAccum.exe
FirewallRules: [DinfRevAccum.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\DinfRevAccum.exe
FirewallRules: [DinfFlowDir.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\DinfFlowDir.exe
FirewallRules: [DinfFlowDir.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\DinfFlowDir.exe
FirewallRules: [DinfDistUp.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\DinfDistUp.exe
FirewallRules: [DinfDistUp.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\DinfDistUp.exe
FirewallRules: [DinfDistDown.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\DinfDistDown.exe
FirewallRules: [DinfDistDown.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\DinfDistDown.exe
FirewallRules: [DinfDecayAccum.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\DinfDecayAccum.exe
FirewallRules: [DinfDecayAccum.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\DinfDecayAccum.exe
FirewallRules: [DinfConcLimAccum.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\DinfConcLimAccum.exe
FirewallRules: [DinfConcLimAccum.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\DinfConcLimAccum.exe
FirewallRules: [DinfAvalanche.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\DinfAvalanche.exe
FirewallRules: [DinfAvalanche.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\DinfAvalanche.exe
FirewallRules: [D8HDistToStrm.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\D8HDistToStrm.exe
FirewallRules: [D8HDistToStrm.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\D8HDistToStrm.exe
FirewallRules: [D8FlowPathExtremeUp.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\D8FlowPathExtremeUp.exe
FirewallRules: [D8FlowPathExtremeUp.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\D8FlowPathExtremeUp.exe
FirewallRules: [D8FlowDir.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\D8FlowDir.exe
FirewallRules: [D8FlowDir.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\D8FlowDir.exe
FirewallRules: [AreaDinf.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\AreaDinf.exe
FirewallRules: [AreaDinf.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\AreaDinf.exe
FirewallRules: [AreaD8.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\AreaD8.exe
FirewallRules: [AreaD8.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\AreaD8.exe
FirewallRules: [{B64BF283-2A93-45C4-9DD1-59549F5FAD14}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe
FirewallRules: [{C7BC21A7-C3FA-4E28-BC1A-A557808EF625}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D2A9995C-573D-4870-A196-E6F92C7FEA75}] => (Allow) LPort=2869
FirewallRules: [{98FA0158-258F-4FA8-89DD-ECE5A11273C6}] => (Allow) LPort=1900
FirewallRules: [{EA34BF9A-7A5F-4F3F-A5BD-663CC060D6E3}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{ED82AD9C-AFA6-4735-A920-DC574204A409}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [TCP Query User{C66D7923-A783-41D0-84CF-2B67EFA6E8AC}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{6A6D3589-27E9-4166-A941-B67F7F496C4F}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{A25D23CA-7804-4EA6-B0D3-955DA76CFA0F}C:\windows\syswow64\java.exe] => (Allow) C:\windows\syswow64\java.exe
FirewallRules: [UDP Query User{64406E4F-99E3-47BB-AE74-B49BD5C4A72A}C:\windows\syswow64\java.exe] => (Allow) C:\windows\syswow64\java.exe
FirewallRules: [TCP Query User{C8F951DB-8AFE-49F0-9B60-F0027E091968}C:\program files (x86)\orbitdownloader\orbitnet.exe] => (Allow) C:\program files (x86)\orbitdownloader\orbitnet.exe
FirewallRules: [UDP Query User{35055077-0589-4225-B25A-778393990304}C:\program files (x86)\orbitdownloader\orbitnet.exe] => (Allow) C:\program files (x86)\orbitdownloader\orbitnet.exe
FirewallRules: [TCP Query User{6578A75B-A845-4BFE-A275-8FD74C984758}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{85D6766B-6445-4445-ABA5-C4818CC9EBDC}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{99BEEB2A-E79C-439B-9A70-3D225C43D63F}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{3EB3C082-397F-411C-9636-9ED1253AE631}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{EA796675-EE94-497F-BC35-CA9CBC9616C1}] => (Allow) C:\Program Files (x86)\Wolfram Research\Wolfram CDF Player\8.0\WolframCDFPlayer.exe
FirewallRules: [{46D7AF76-9E5A-4ABE-A0E2-E0E055EDF20F}] => (Allow) C:\Program Files (x86)\Wolfram Research\Wolfram CDF Player\8.0\WolframCDFPlayer.exe
FirewallRules: [{C4776A0E-63A8-4BF4-9607-AFD7FD9FC2B1}] => (Allow) C:\Program Files (x86)\Wolfram Research\Wolfram CDF Player\8.0\math.exe
FirewallRules: [{F0EA1B3E-80F1-44FB-A051-2AB84E74E76B}] => (Allow) C:\Program Files (x86)\Wolfram Research\Wolfram CDF Player\8.0\math.exe
FirewallRules: [{176B5412-E9D4-4293-8F3C-E1FE768D2BB1}] => (Allow) C:\Users\Office Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{F2A368AD-A5F5-49FB-BB32-A5A798EF5AC8}] => (Allow) C:\Users\Dave\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{D79BB384-A9B2-4C88-950E-CB3217FCF8B9}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{EB64F111-26BF-419C-873E-0DB8B100F120}C:\users\dave\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\dave\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{58913BBD-D8FB-45F6-A6D3-A6F3557780AB}C:\users\dave\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\dave\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [{E21B9340-397D-4611-BF10-2984A0055970}] => (Block) C:\users\dave\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [{10379A70-582A-44A7-A7CA-55594BB13019}] => (Block) C:\users\dave\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [TCP Query User{7C2313F0-154A-4E6E-90D6-7E90379CA707}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{A94DDC9C-3777-4D71-8BBE-4D876BCD135D}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{9C966373-284D-4353-ACE9-CD031EB094C4}] => (Allow) LPort=8298
FirewallRules: [{45DAD556-0BDA-4265-83C2-FE50B971192F}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{05D180E3-1AED-45AF-B671-62836A25F3DB}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{5BA111A5-F7EE-4FA6-9FCF-182CBE7BCFA4}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
FirewallRules: [{4528EE72-9CE0-421E-8550-3B24C363B9F5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{F6C09B32-9999-462F-AB77-DF7799C0C78F}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{CD2A1F08-F0C1-4981-90F7-5D39F3D41DA8}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [{21CC09DF-8C0C-4A80-9937-5AABCB29BBCF}] => (Block) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [{D9C5B658-463C-4498-B23A-2ABFB367CC8A}] => (Block) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [{E025775D-8895-4976-BA29-A879288BC421}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CA7BBAD6-8275-43AD-A8F5-B21337FA9A66}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{7AA5E096-F108-4834-88E6-661BC0F25167}C:\users\dave\documents\screenscraper basic\screen-scraper basic edition\screen-scraper.exe] => (Allow) C:\users\dave\documents\screenscraper basic\screen-scraper basic edition\screen-scraper.exe
FirewallRules: [UDP Query User{4F2DEC60-AB57-4F30-B6FC-8328AC5AB464}C:\users\dave\documents\screenscraper basic\screen-scraper basic edition\screen-scraper.exe] => (Allow) C:\users\dave\documents\screenscraper basic\screen-scraper basic edition\screen-scraper.exe
FirewallRules: [TCP Query User{6D1B4B3D-DC44-4E97-ABF5-BF0A5D719339}C:\users\dave\documents\screenscraper basic\screen-scraper basic edition\jre\bin\java.exe] => (Allow) C:\users\dave\documents\screenscraper basic\screen-scraper basic edition\jre\bin\java.exe
FirewallRules: [UDP Query User{6717A046-F10E-44A8-A0C4-9552514FD275}C:\users\dave\documents\screenscraper basic\screen-scraper basic edition\jre\bin\java.exe] => (Allow) C:\users\dave\documents\screenscraper basic\screen-scraper basic edition\jre\bin\java.exe
FirewallRules: [{61999273-0528-4DEE-9F0F-38CB07458FF8}] => (Block) C:\users\dave\documents\screenscraper basic\screen-scraper basic edition\screen-scraper.exe
FirewallRules: [{216A7450-775A-4FEE-B105-4DD82BA1CE49}] => (Block) C:\users\dave\documents\screenscraper basic\screen-scraper basic edition\screen-scraper.exe
FirewallRules: [{F184E7F9-BEAD-4372-85AE-AFD57A3276BD}] => (Block) C:\users\dave\documents\screenscraper basic\screen-scraper basic edition\jre\bin\java.exe
FirewallRules: [{418F4DC2-5545-48F0-A759-AB3BAB8BFBC4}] => (Block) C:\users\dave\documents\screenscraper basic\screen-scraper basic edition\jre\bin\java.exe
FirewallRules: [TCP Query User{8F8E1440-4D93-43AB-A3D6-201C8C23F463}K:\_personal\software\screenscraper basic\screen-scraper basic edition\screen-scraper.exe] => (Allow) K:\_personal\software\screenscraper basic\screen-scraper basic edition\screen-scraper.exe
FirewallRules: [UDP Query User{40CCAE81-8109-420E-AF87-77E26890B7F5}K:\_personal\software\screenscraper basic\screen-scraper basic edition\screen-scraper.exe] => (Allow) K:\_personal\software\screenscraper basic\screen-scraper basic edition\screen-scraper.exe
FirewallRules: [{C9ECCCEC-27ED-4620-9248-4C5E5EEAC2DC}] => (Block) K:\_personal\software\screenscraper basic\screen-scraper basic edition\screen-scraper.exe
FirewallRules: [{97E2E5D7-3C8D-4277-8621-2AEDEA7CD348}] => (Block) K:\_personal\software\screenscraper basic\screen-scraper basic edition\screen-scraper.exe
FirewallRules: [TCP Query User{A8769730-A01D-4989-8620-3ADE44A7D02B}C:\users\dave\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dave\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{046F220F-EFB1-4E01-B03D-8F38DD13339A}C:\users\dave\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dave\appdata\roaming\spotify\spotify.exe
FirewallRules: [{66F7B5B5-ED35-4329-B549-A95D03B9B1F1}] => (Block) C:\users\dave\appdata\roaming\spotify\spotify.exe
FirewallRules: [{58B041DA-DDE2-43FC-B32A-71F354676EB8}] => (Block) C:\users\dave\appdata\roaming\spotify\spotify.exe
FirewallRules: [{4EEFD3C5-14F1-4076-8EE4-F389AD479545}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{6D39C845-E020-45D1-BBE6-56AFA68C82DE}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{D5D7FE67-D60F-48B3-BD94-753E4765D5C4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{60D599F0-5D17-4685-A9AA-02518D2C3139}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{FB4981A4-3783-4464-B83E-AE98B5232A38}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{341C4F30-A9D6-4890-B70C-C049009C3C6F}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{5BF1087A-9375-4BE7-BD86-6FAAC9AE90CA}] => (Allow) C:\Program Files (x86)\Opera\54.0.2952.60\opera.exe
FirewallRules: [{033619D0-9520-42E2-83E8-ADC19A261AC1}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{11BBCA25-52E8-4C6D-9047-B9C87502457D}] => (Allow) C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
FirewallRules: [{BF968F8D-7C5E-4EB9-B0CF-C0CE516F489F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Orbitdownloader\orbitdm.exe] => Enabled:Orbit
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Orbitdownloader\orbitnet.exe] => Enabled:Orbit
==================== Restore Points =========================
20-07-2018 12:20:10 Scheduled Checkpoint
30-07-2018 01:14:58 Scheduled Checkpoint
01-08-2018 12:21:28 Windows Modules Installer
02-08-2018 14:21:59 Windows Modules Installer
04-08-2018 00:21:27 Windows Modules Installer
05-08-2018 02:21:20 Windows Modules Installer
06-08-2018 10:21:23 Windows Modules Installer
07-08-2018 11:12:08 Windows Modules Installer
08-08-2018 13:12:34 Windows Modules Installer
==================== Faulty Device Manager Devices =============
Name: MyBookWorld
Description: My Book World Edition Network Storage
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: Western Digital Corporation
Service: UmPass
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (08/09/2018 10:03:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ACDaemon.exe, version: 1.1.0.49, time stamp: 0x4cc808ec
Faulting module name: ACDaemon.exe, version: 1.1.0.49, time stamp: 0x4cc808ec
Exception code: 0xc0000005
Fault offset: 0x0001af76
Faulting process id: 0x1e9c
Faulting application start time: 0x01d42ffa76dac540
Faulting application path: C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
Faulting module path: C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
Report Id: 7429d9e5-3dd6-4173-b733-1b4df495a33c
Faulting package full name:
Faulting package-relative application ID:
Error: (08/09/2018 10:02:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdge.exe, version: 11.0.17134.165, time stamp: 0x5b3f1749
Faulting module name: ntdll.dll, version: 10.0.17134.165, time stamp: 0xf4df6dc2
Exception code: 0xcfffffff
Fault offset: 0x000000000009d7a4
Faulting process id: 0x2010
Faulting application start time: 0x01d42ffa3de81707
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: e61de093-9764-4afa-8a11-93d030da99fe
Faulting package full name: Microsoft.MicrosoftEdge_42.17134.1.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge
Error: (08/07/2018 10:39:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ACDaemon.exe, version: 1.1.0.49, time stamp: 0x4cc808ec
Faulting module name: ACDaemon.exe, version: 1.1.0.49, time stamp: 0x4cc808ec
Exception code: 0xc0000005
Fault offset: 0x0001af76
Faulting process id: 0x2844
Faulting application start time: 0x01d42ed1b51eccb0
Faulting application path: C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
Faulting module path: C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
Report Id: 4e997c31-4fbb-4618-99b7-6f26f02de4b6
Faulting package full name:
Faulting package-relative application ID:
Error: (08/04/2018 06:23:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14490266
Error: (08/04/2018 06:23:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14490266
Error: (08/04/2018 06:23:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (08/04/2018 06:23:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14480828
Error: (08/04/2018 06:23:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14480828
System errors:
=============
Error: (08/09/2018 10:08:08 AM) (Source: DCOM) (EventID: 10016) (User: 2012_Office)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user 2012_Office\Dave SID (S-1-5-21-4063716828-1680190529-1648852121-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (08/09/2018 10:07:18 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (08/09/2018 10:05:38 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Delivery Optimization service hung on starting.
Error: (08/09/2018 10:04:40 AM) (Source: DCOM) (EventID: 10016) (User: 2012_Office)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscCloudBackupProvider
and APPID
Unavailable
to the user 2012_Office\Dave SID (S-1-5-21-4063716828-1680190529-1648852121-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (08/09/2018 10:04:06 AM) (Source: DCOM) (EventID: 10016) (User: 2012_Office)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user 2012_Office\Dave SID (S-1-5-21-4063716828-1680190529-1648852121-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (08/09/2018 10:03:25 AM) (Source: DCOM) (EventID: 10016) (User: 2012_Office)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user 2012_Office\Dave SID (S-1-5-21-4063716828-1680190529-1648852121-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (08/09/2018 05:49:41 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (08/09/2018 02:22:36 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Windows Defender:
===================================
Date: 2018-07-06 18:09:01.541
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {7583C69C-F8A2-44A6-94BE-DF876712C433}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-08-09 10:12:58.689
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.273.1112.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15100.1
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
CodeIntegrity:
===================================
Date: 2018-08-09 10:04:01.404
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume2\Program Files\LinkShellExtension\HardlinkShellExt.dll that did not meet the Microsoft signing level requirements.
Date: 2018-08-09 10:04:01.398
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume2\Program Files\LinkShellExtension\HardlinkShellExt.dll that did not meet the Microsoft signing level requirements.
Date: 2018-08-09 10:04:01.393
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume2\Program Files\LinkShellExtension\HardlinkShellExt.dll that did not meet the Microsoft signing level requirements.
Date: 2018-08-09 10:04:00.671
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume2\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll that did not meet the Microsoft signing level requirements.
Date: 2018-08-09 10:04:00.666
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume2\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll that did not meet the Microsoft signing level requirements.
Date: 2018-08-09 10:04:00.660
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume2\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll that did not meet the Microsoft signing level requirements.
Date: 2018-08-09 10:04:00.654
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume2\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll that did not meet the Microsoft signing level requirements.
Date: 2018-08-09 10:03:59.998
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume2\Program Files\Google\Drive\googledrivesync64.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz
Percentage of memory in use: 58%
Total physical RAM: 8098.51 MB
Available physical RAM: 3370.99 MB
Total Virtual: 11938.51 MB
Available Virtual: 6728.67 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:919.45 GB) (Free:83.63 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:11.52 GB) (Free:1.4 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive p: (New Volume) (Fixed) (Total:2794.39 GB) (Free:86.94 GB) NTFS
\\?\Volume{28a723c4-b7ed-11e1-ac0c-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{a1e71db5-0000-0000-0000-20e3e5000000}\ () (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: A1E71DB5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=919.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=11.5 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Protective MBR) (Size: 2794.5 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt ============================
**********************************
**********************************