PDA

View Full Version : Something's Trying to Get Out



BooBounder
2018-08-09, 20:27
This is for the main computer in the household. Secondary one will follow when this one is taken care of. This PC has 2 hard drives, and is wired directly to a router (which also has NAS wired to it).

This PC has K9 Bluecoat installed. It has not been happy with some traffic that's going out, and which I don't seem to be actively sending.

I have followed the "Before You Post ..." thread.

The registry backup tool reported 27/29 successful.

Ran FRST. Two log files pasted between asterisks below.

Ran aswMBR. Updated virus list. Clicked Scan button with QuickScan selected in the drop down menu. Started and ran for a minute or two before getting a BSOD. Repeated. Same behavior. No log to attach.

**********************************

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
Ran by Office Administrator (administrator) on 2012_OFFICE (09-08-2018 10:24:51)
Running from C:\Users\Dave\Desktop
Loaded Profiles: Dave & Office Administrator (Available Profiles: Dave & Hope & Ben & Mary Jo & Office Administrator & Share_with_Office & Rich & Administrator & DefaultAppPool)
Platform: Windows 10 Home Version 1803 17134.165 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE
() C:\Program Files\Everything\Everything.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Blue Coat Systems, Inc.) C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(PaperCut Software International Pty Ltd) C:\Program Files (x86)\PaperCut Print Logger\pcpl.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1807.18075-0\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.13911.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1807.18075-0\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.0_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe
() C:\Program Files\Everything\Everything.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(f.lux Software LLC) C:\Users\Dave\AppData\Local\FluxSoftware\Flux\flux.exe
() C:\Program Files\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Users\Dave\Documents\My Program Files\AutoHotkey\Compiler\keywords.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files\Google\Drive\googledrivesync.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.64\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
(Moonchild Productions) C:\Program Files\Pale Moon\palemoon.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-04] (CANON INC.)
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [1441792 2014-08-05] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-07-06] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [CloneCDTray] => C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe [57344 2009-01-29] (SlySoft, Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2109952 2014-10-07] (Dominik Reichl)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1224704 2017-05-17] (Cisco Systems, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\...\Run: [F.lux] => C:\Users\Dave\AppData\Local\FluxSoftware\Flux\flux.exe [1806344 2018-07-03] (f.lux Software LLC)
HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\...\Run: [GoogleChromeAutoLaunch_C62251D359A8F5B5CC8EADB510991ABB] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1577816 2018-08-07] (Google Inc.)
HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [46281248 2018-05-30] ()
HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1577816 2018-08-07] (Google Inc.)
HKU\S-1-5-21-4063716828-1680190529-1648852121-1006\...\Run: [AnyDVD] => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe [109480 2014-11-08] (SlySoft, Inc.)
HKU\S-1-5-21-4063716828-1680190529-1648852121-1006\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [5127304 2014-11-20] (Plex, Inc.)
HKU\S-1-5-21-4063716828-1680190529-1648852121-1006\...\Run: [SynchronossPC] => C:\Program Files\Verizon\Verizon Cloud\VerizonCloud.exe [2862384 2016-10-10] ()
HKU\S-1-5-21-4063716828-1680190529-1648852121-1006\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-06-26] (Apple Inc.)
HKU\S-1-5-21-4063716828-1680190529-1648852121-1006\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-4063716828-1680190529-1648852121-1006\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [67384 2018-06-26] (Apple Inc.)
HKU\S-1-5-21-4063716828-1680190529-1648852121-1006\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-4063716828-1680190529-1648852121-1006\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-21-4063716828-1680190529-1648852121-1006\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\SysWOW64\2017SC~1.SCR [3170336 2017-08-08] (Finalhit Ltd.)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ShellExecuteHooks-x32: Eudora's Shell Extension - {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files (x86)\Eudora\EuShlExt.dll [86016 2005-08-09] (Qualcomm Inc.)
Startup: C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\keywords - Shortcut.lnk [2012-07-31]
ShortcutTarget: keywords - Shortcut.lnk -> C:\Users\Dave\Documents\My Program Files\AutoHotkey\Compiler\keywords.exe ()
Startup: C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2016-07-28]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
GroupPolicyUsers\S-1-5-21-4063716828-1680190529-1648852121-1004\User: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 74.211.15.210 74.211.15.211 24.56.178.102
Tcpip\..\Interfaces\{2e0767a7-1000-4233-b9a4-a7209860729f}: [DhcpNameServer] 74.211.15.210 74.211.15.211 24.56.178.102
Tcpip\..\Interfaces\{e41e13c2-fdb5-4a91-bf30-2f642af83cec}: [NameServer] 208.67.222.222,8.8.8.8
Tcpip\..\Interfaces\{e41e13c2-fdb5-4a91-bf30-2f642af83cec}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://drudgereport.com/
HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
HKU\S-1-5-21-4063716828-1680190529-1648852121-1006\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-4063716828-1680190529-1648852121-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4063716828-1680190529-1648852121-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4063716828-1680190529-1648852121-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-4063716828-1680190529-1648852121-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-4063716828-1680190529-1648852121-1006 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4063716828-1680190529-1648852121-1006 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4063716828-1680190529-1648852121-1006 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://isearch.avg.com/search?cid={1B9CC6B6-62E7-4842-A87E-60C6CEC9B3DC}&mid=&lang=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4063716828-1680190529-1648852121-1006 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-4063716828-1680190529-1648852121-1006 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL => No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Silverlight\Office14\URLREDIR.DLL => No File
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Octh Class -> {000123B4-9B42-4900-B3F7-F4B073EFC214} -> C:\Program Files (x86)\Orbitdownloader\orbitcth.dll [2013-05-02] (Orbitdownloader.com)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-03-01] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-03-01] (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll [2013-05-02] ()
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-4063716828-1680190529-1648852121-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-4063716828-1680190529-1648852121-1006 -> No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File

FireFox:
========
FF ProfilePath: C:\Users\Office Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\63hhxx68.default [2017-08-14]
FF Homepage: Mozilla\Firefox\Profiles\63hhxx68.default -> google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_30_0_0_134.dll [2018-07-10] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2012-06-21] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Silverlight\Office14\NPAUTHZ.DLL [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-07-10] ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2012-06-21] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-03-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-03-01] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.4.2609412\npmathplugin.dll [2011-10-03] (Wolfram Research, Inc.)
FF Plugin HKU\S-1-5-21-4063716828-1680190529-1648852121-1006: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2012-06-21] (Tracker Software Products (Canada) Ltd.)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\itms.js [2011-01-24]

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\Office Administrator\AppData\Local\Google\Chrome\User Data\Default [2017-08-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Office Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-05]
CHR Extension: (Chrome Media Router) - C:\Users\Office Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-05]
CHR HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Dave\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2017-03-12]
CHR HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

Opera:
=======
OPR Extension: (No Name) - C:\Users\Office Administrator\AppData\Roaming\Opera Software\Opera Stable\Extensions\jacmgnhcnfdmjdkdlfndaccecdegacba [2015-03-01]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-07-05] (Apple Inc.)
R2 bckwfs; C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2122000 2012-02-13] (Blue Coat Systems, Inc.)
R2 Everything; C:\Program Files\Everything\Everything.exe [1441792 2014-08-05] () [File not signed]
S3 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-16] (Hewlett-Packard)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-03] (Malwarebytes)
R2 PCPrintLogger; C:\Program Files (x86)\PaperCut Print Logger\pcpl.exe [929792 2013-07-03] (PaperCut Software International Pty Ltd) [File not signed]
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\NisSrv.exe [3905952 2018-07-31] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MsMpEng.exe [110944 2018-07-31] (Microsoft Corporation)
S3 WMPNetworkSvc; C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe [913408 2006-10-18] (Microsoft Corporation) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [138664 2014-04-24] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138664 2014-04-24] (SlySoft, Inc.)
R1 bckd; C:\WINDOWS\System32\drivers\bckd.sys [108304 2012-02-13] (Blue Coat Systems, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [40648 2007-02-15] (SlySoft, Inc.)
R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-15] (SlySoft, Inc.)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-08-09] (Malwarebytes)
R3 netr28x; C:\WINDOWS\System32\drivers\netr28x.sys [2537984 2018-04-11] (MediaTek Inc.)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-08-19] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [984032 2017-07-24] (Realtek )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 vpnva; C:\WINDOWS\System32\drivers\vpnva64-6.sys [52592 2015-09-23] (Cisco Systems, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46584 2018-07-31] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [340008 2018-07-31] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-07-31] (Microsoft Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-09 10:24 - 2018-08-09 10:26 - 000028584 _____ C:\Users\Dave\Desktop\FRST.txt
2018-08-09 10:24 - 2018-08-09 10:24 - 000000000 ____D C:\FRST
2018-08-09 10:23 - 2018-08-09 10:23 - 002412544 _____ (Farbar) C:\Users\Dave\Desktop\FRST64.exe
2018-08-09 10:20 - 2018-08-09 10:20 - 000017999 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2018-08-09 10:20 - 2018-08-09 10:20 - 000002314 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2018-08-09 10:20 - 2018-08-09 10:20 - 000000207 _____ C:\WINDOWS\tweaking.com-regbackup-2012_OFFICE-Windows-10-Home-(64-bit).dat
2018-08-09 10:20 - 2018-08-09 10:20 - 000000000 ____D C:\RegBackup
2018-08-09 10:20 - 2018-08-09 10:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2018-08-09 10:20 - 2018-08-09 10:20 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2018-08-09 10:18 - 2018-08-09 10:18 - 005766144 _____ (Tweaking.com) C:\Users\Dave\Desktop\tweaking.com_registry_backup_setup.exe
2018-08-08 11:30 - 2018-08-08 11:31 - 000007794 _____ C:\Users\Dave\Downloads\Grateful Dead Releases by Date.txt
2018-08-06 13:26 - 2018-08-06 13:26 - 000428662 _____ C:\Users\Dave\Downloads\Know Your Vehicle.pdf
2018-07-29 11:12 - 2018-07-29 11:13 - 000000000 ____D C:\Users\Dave\Downloads\Ginger Rides Again
2018-07-27 16:48 - 2018-07-27 16:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2018-07-27 11:33 - 2018-07-27 11:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-07-27 11:33 - 2018-07-27 11:33 - 000000000 ____D C:\Program Files\iPod
2018-07-27 11:31 - 2018-07-27 11:33 - 000000000 ____D C:\Program Files\iTunes
2018-07-21 09:18 - 2018-07-21 09:18 - 000000000 ___HD C:\OneDriveTemp
2018-07-16 11:34 - 2018-08-09 10:01 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-07-15 22:28 - 2018-07-15 22:28 - 000001132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinRAR.lnk
2018-07-15 22:28 - 2018-07-15 22:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-07-15 22:27 - 2018-07-15 22:28 - 000000000 ____D C:\Program Files\WinRAR
2018-07-15 12:59 - 2018-07-15 13:06 - 000000000 ____D C:\Users\Dave\Desktop\New folder
2018-07-12 22:53 - 2018-07-12 22:54 - 001680189 _____ C:\Users\Dave\Downloads\SUU Salaray 18-07-12.pdf
2018-07-12 00:22 - 2018-07-12 00:22 - 009253888 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2018-07-11 01:08 - 2018-06-28 19:13 - 000835064 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-07-11 01:08 - 2018-06-28 19:13 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-07-10 22:56 - 2018-07-06 08:20 - 002868640 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-07-10 22:56 - 2018-07-06 08:20 - 001610648 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-07-10 22:56 - 2018-07-06 08:20 - 000689560 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-07-10 22:56 - 2018-07-06 08:17 - 003932672 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-07-10 22:56 - 2018-07-06 07:56 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2018-07-10 22:56 - 2018-07-06 07:51 - 003652608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-07-10 22:56 - 2018-07-06 05:26 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-07-10 22:56 - 2018-07-06 05:25 - 023863296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-07-10 22:56 - 2018-07-06 01:31 - 000462752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-07-10 22:56 - 2018-07-06 01:25 - 009147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-07-10 22:56 - 2018-07-06 01:25 - 002571728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-07-10 22:56 - 2018-07-06 01:10 - 025845760 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-07-10 22:56 - 2018-07-06 01:07 - 022006272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-07-10 22:56 - 2018-07-06 01:04 - 022713856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-07-10 22:56 - 2018-07-06 01:03 - 004371456 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-07-10 22:56 - 2018-07-06 01:02 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-07-10 22:56 - 2018-07-06 01:01 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-07-10 22:56 - 2018-07-06 01:01 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2018-07-10 22:56 - 2018-07-06 01:00 - 019403264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-07-10 22:56 - 2018-07-06 00:58 - 004867584 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-07-10 22:56 - 2018-07-06 00:57 - 007579648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-07-10 22:56 - 2018-07-06 00:57 - 005779456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-07-10 22:56 - 2018-07-06 00:56 - 001817600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2018-07-10 22:56 - 2018-07-06 00:55 - 003440128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-07-10 22:56 - 2018-06-15 11:49 - 021388856 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-07-10 22:56 - 2018-06-15 11:48 - 002395056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2018-07-10 22:56 - 2018-06-15 11:33 - 012710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-07-10 22:56 - 2018-06-15 09:25 - 020383720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-07-10 22:56 - 2018-06-15 09:07 - 011901952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-07-10 22:56 - 2018-06-14 23:21 - 001213368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2018-07-10 22:56 - 2018-06-14 23:12 - 007519992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-07-10 22:56 - 2018-06-14 23:11 - 006817872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-07-10 22:56 - 2018-06-14 23:09 - 007436120 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-07-10 22:56 - 2018-06-14 23:09 - 001798552 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2018-07-10 22:56 - 2018-06-14 23:08 - 004403304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-07-10 22:56 - 2018-06-14 23:08 - 002371392 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-07-10 22:56 - 2018-06-14 23:08 - 001784584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-07-10 22:56 - 2018-06-14 23:08 - 001288840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-07-10 22:56 - 2018-06-14 23:07 - 001611584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2018-07-10 22:56 - 2018-06-14 23:07 - 001145696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2018-07-10 22:56 - 2018-06-14 23:04 - 002331576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-07-10 22:56 - 2018-06-14 23:03 - 006572000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-07-10 22:56 - 2018-06-14 23:03 - 006528600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2018-07-10 22:56 - 2018-06-14 23:03 - 006043600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-07-10 22:56 - 2018-06-14 23:03 - 004788504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-07-10 22:56 - 2018-06-14 23:03 - 001710240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2018-07-10 22:56 - 2018-06-14 23:03 - 001144120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2018-07-10 22:56 - 2018-06-14 23:03 - 001020160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-07-10 22:56 - 2018-06-14 22:46 - 004706816 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-07-10 22:56 - 2018-06-14 22:45 - 002548736 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2018-07-10 22:56 - 2018-06-14 22:42 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-07-10 22:56 - 2018-06-14 22:42 - 002367488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-07-10 22:56 - 2018-06-14 22:41 - 004561920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-07-10 22:56 - 2018-06-14 22:41 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-07-10 22:55 - 2018-07-06 08:20 - 000792472 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-07-10 22:55 - 2018-07-06 08:20 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-07-10 22:55 - 2018-07-06 08:20 - 000451992 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-07-10 22:55 - 2018-07-06 08:20 - 000309664 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-07-10 22:55 - 2018-07-06 08:20 - 000144792 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-07-10 22:55 - 2018-07-06 08:20 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-07-10 22:55 - 2018-07-06 08:14 - 000541592 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-07-10 22:55 - 2018-07-06 07:53 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-07-10 22:55 - 2018-07-06 07:53 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-07-10 22:55 - 2018-07-06 07:52 - 001787392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2018-07-10 22:55 - 2018-07-06 07:51 - 002051584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2018-07-10 22:55 - 2018-07-06 07:51 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-07-10 22:55 - 2018-07-06 07:51 - 001004032 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2018-07-10 22:55 - 2018-07-06 07:51 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-07-10 22:55 - 2018-07-06 07:50 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2018-07-10 22:55 - 2018-07-06 06:06 - 003611368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-07-10 22:55 - 2018-07-06 05:54 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2018-07-10 22:55 - 2018-07-06 05:54 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-07-10 22:55 - 2018-07-06 05:53 - 000775168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2018-07-10 22:55 - 2018-07-06 05:53 - 000347136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-07-10 22:55 - 2018-07-06 05:52 - 002895360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-07-10 22:55 - 2018-07-06 05:52 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2018-07-10 22:55 - 2018-07-06 05:52 - 001308160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2018-07-10 22:55 - 2018-07-06 05:51 - 002401280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-07-10 22:55 - 2018-07-06 05:01 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-07-10 22:55 - 2018-07-06 01:32 - 000480672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-07-10 22:55 - 2018-07-06 01:31 - 000035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-07-10 22:55 - 2018-07-06 01:29 - 000272296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-07-10 22:55 - 2018-07-06 01:29 - 000269224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-07-10 22:55 - 2018-07-06 01:27 - 001174432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-07-10 22:55 - 2018-07-06 01:27 - 001063320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-07-10 22:55 - 2018-07-06 01:27 - 001012632 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-07-10 22:55 - 2018-07-06 01:27 - 000709824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-07-10 22:55 - 2018-07-06 01:27 - 000567176 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-07-10 22:55 - 2018-07-06 01:27 - 000134552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-07-10 22:55 - 2018-07-06 01:27 - 000057440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.ShellCommon.Broker.dll
2018-07-10 22:55 - 2018-07-06 01:26 - 002712992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-07-10 22:55 - 2018-07-06 01:26 - 001148800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2018-07-10 22:55 - 2018-07-06 01:26 - 000930720 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-07-10 22:55 - 2018-07-06 01:26 - 000766608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2018-07-10 22:55 - 2018-07-06 01:26 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-07-10 22:55 - 2018-07-06 01:25 - 002753040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-07-10 22:55 - 2018-07-06 01:25 - 002420632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-07-10 22:55 - 2018-07-06 01:25 - 001945784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-07-10 22:55 - 2018-07-06 01:25 - 001026464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-07-10 22:55 - 2018-07-06 01:25 - 001018616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-07-10 22:55 - 2018-07-06 01:25 - 000885856 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-07-10 22:55 - 2018-07-06 01:25 - 000483048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-07-10 22:55 - 2018-07-06 01:25 - 000335776 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2018-07-10 22:55 - 2018-07-06 01:25 - 000267680 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-07-10 22:55 - 2018-07-06 01:25 - 000139672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2018-07-10 22:55 - 2018-07-06 01:24 - 000380824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-07-10 22:55 - 2018-07-06 01:16 - 000567144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-07-10 22:55 - 2018-07-06 01:14 - 002242208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-07-10 22:55 - 2018-07-06 01:14 - 001981896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-07-10 22:55 - 2018-07-06 01:14 - 001175568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-07-10 22:55 - 2018-07-06 01:14 - 000988640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2018-07-10 22:55 - 2018-07-06 01:14 - 000829856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-07-10 22:55 - 2018-07-06 01:14 - 000573904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2018-07-10 22:55 - 2018-07-06 01:13 - 001620872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-07-10 22:55 - 2018-07-06 00:59 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2018-07-10 22:55 - 2018-07-06 00:59 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-07-10 22:55 - 2018-07-06 00:59 - 001153536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2018-07-10 22:55 - 2018-07-06 00:59 - 000453632 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2018-07-10 22:55 - 2018-07-06 00:59 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\NmaDirect.dll
2018-07-10 22:55 - 2018-07-06 00:59 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2018-07-10 22:55 - 2018-07-06 00:58 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-07-10 22:55 - 2018-07-06 00:58 - 001931776 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeangle.dll
2018-07-10 22:55 - 2018-07-06 00:58 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-07-10 22:55 - 2018-07-06 00:58 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-07-10 22:55 - 2018-07-06 00:58 - 000670720 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2018-07-10 22:55 - 2018-07-06 00:58 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2018-07-10 22:55 - 2018-07-06 00:58 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProv2faHelper.dll
2018-07-10 22:55 - 2018-07-06 00:58 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
2018-07-10 22:55 - 2018-07-06 00:57 - 003712512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-07-10 22:55 - 2018-07-06 00:57 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-07-10 22:55 - 2018-07-06 00:57 - 000839680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2018-07-10 22:55 - 2018-07-06 00:57 - 000813056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-07-10 22:55 - 2018-07-06 00:57 - 000676864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Devices.dll
2018-07-10 22:55 - 2018-07-06 00:57 - 000614912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-07-10 22:55 - 2018-07-06 00:57 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2018-07-10 22:55 - 2018-07-06 00:57 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2018-07-10 22:55 - 2018-07-06 00:56 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2018-07-10 22:55 - 2018-07-06 00:56 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-07-10 22:55 - 2018-07-06 00:56 - 001567744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2018-07-10 22:55 - 2018-07-06 00:56 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-07-10 22:55 - 2018-07-06 00:56 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-07-10 22:55 - 2018-07-06 00:56 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-07-10 22:55 - 2018-07-06 00:56 - 000784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2018-07-10 22:55 - 2018-07-06 00:56 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-07-10 22:55 - 2018-07-06 00:56 - 000508416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2018-07-10 22:55 - 2018-07-06 00:56 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-07-10 22:55 - 2018-07-06 00:56 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2018-07-10 22:55 - 2018-07-06 00:56 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioCredProv.dll
2018-07-10 22:55 - 2018-07-06 00:56 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProv2faHelper.dll
2018-07-10 22:55 - 2018-07-06 00:55 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-07-10 22:55 - 2018-07-06 00:55 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-07-10 22:55 - 2018-07-06 00:55 - 001395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-07-10 22:55 - 2018-07-06 00:55 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2018-07-10 22:55 - 2018-07-06 00:55 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-07-10 22:55 - 2018-07-06 00:55 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2018-07-10 22:55 - 2018-07-06 00:54 - 003015680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-07-10 22:55 - 2018-07-06 00:54 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2018-07-10 22:55 - 2018-07-06 00:54 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-07-10 22:55 - 2018-07-06 00:54 - 001214976 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2018-07-10 22:55 - 2018-07-06 00:54 - 000999936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-07-10 22:55 - 2018-07-06 00:54 - 000978944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2018-07-10 22:55 - 2018-07-06 00:54 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2018-07-10 22:55 - 2018-07-06 00:54 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2018-07-10 22:55 - 2018-07-06 00:54 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2018-07-10 22:55 - 2018-07-06 00:54 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2018-07-10 22:55 - 2018-07-06 00:54 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-07-10 22:55 - 2018-07-06 00:54 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-07-10 22:55 - 2018-07-06 00:54 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2018-07-10 22:55 - 2018-07-06 00:54 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BioCredProv.dll
2018-07-10 22:55 - 2018-07-06 00:53 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2018-07-10 22:55 - 2018-07-06 00:53 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2018-07-10 22:55 - 2018-07-06 00:53 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2018-07-10 22:55 - 2018-07-06 00:52 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-07-10 22:55 - 2018-06-28 22:16 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-07-10 22:55 - 2018-06-15 11:55 - 000542888 _____ C:\WINDOWS\system32\FaceProcessorCore.dll
2018-07-10 22:55 - 2018-06-15 11:53 - 000348256 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-07-10 22:55 - 2018-06-15 11:53 - 000094104 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-07-10 22:55 - 2018-06-15 11:50 - 001376576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-07-10 22:55 - 2018-06-15 11:48 - 000338352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSrvPolicyManager.dll
2018-07-10 22:55 - 2018-06-15 11:34 - 008623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-07-10 22:55 - 2018-06-15 11:34 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfnet.dll
2018-07-10 22:55 - 2018-06-15 11:33 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys
2018-07-10 22:55 - 2018-06-15 11:32 - 000301568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2018-07-10 22:55 - 2018-06-15 11:32 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2018-07-10 22:55 - 2018-06-15 11:31 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-07-10 22:55 - 2018-06-15 11:31 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-07-10 22:55 - 2018-06-15 11:30 - 001308672 _____ C:\WINDOWS\system32\FaceProcessor.dll
2018-07-10 22:55 - 2018-06-15 11:30 - 001254400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-07-10 22:55 - 2018-06-15 11:30 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2018-07-10 22:55 - 2018-06-15 11:30 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-07-10 22:55 - 2018-06-15 11:29 - 002084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-07-10 22:55 - 2018-06-15 11:29 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-07-10 22:55 - 2018-06-15 11:29 - 000740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-07-10 22:55 - 2018-06-15 11:29 - 000248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2018-07-10 22:55 - 2018-06-15 11:29 - 000103424 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSoftwareInstallationClient.dll
2018-07-10 22:55 - 2018-06-15 11:28 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpd_ci.dll
2018-07-10 22:55 - 2018-06-15 11:28 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2018-07-10 22:55 - 2018-06-15 09:22 - 001026896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-07-10 22:55 - 2018-06-15 09:16 - 002206528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
2018-07-10 22:55 - 2018-06-15 09:06 - 007987712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-07-10 22:55 - 2018-06-15 09:06 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfnet.dll
2018-07-10 22:55 - 2018-06-15 09:04 - 000373248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2018-07-10 22:55 - 2018-06-15 09:03 - 000667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-07-10 22:55 - 2018-06-15 09:02 - 000704000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-07-10 22:55 - 2018-06-15 09:01 - 002015744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-07-10 22:55 - 2018-06-15 07:23 - 000788992 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2018-07-10 22:55 - 2018-06-15 01:11 - 000611232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-07-10 22:55 - 2018-06-15 01:10 - 000048544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2018-07-10 22:55 - 2018-06-15 01:03 - 000083360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-07-10 22:55 - 2018-06-14 23:21 - 000761440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-07-10 22:55 - 2018-06-14 23:19 - 001034632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-07-10 22:55 - 2018-06-14 23:19 - 000116632 _____ (Microsoft Corporation) C:\WINDOWS\system32\DTUHandler.exe
2018-07-10 22:55 - 2018-06-14 23:19 - 000093600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-07-10 22:55 - 2018-06-14 23:18 - 000228768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-07-10 22:55 - 2018-06-14 23:16 - 000562080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-07-10 22:55 - 2018-06-14 23:16 - 000433560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-07-10 22:55 - 2018-06-14 23:15 - 002563960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-07-10 22:55 - 2018-06-14 23:15 - 000753152 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2018-07-10 22:55 - 2018-06-14 23:13 - 000510904 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2018-07-10 22:55 - 2018-06-14 23:13 - 000324000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-07-10 22:55 - 2018-06-14 23:12 - 000661152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2018-07-10 22:55 - 2018-06-14 23:12 - 000491304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-07-10 22:55 - 2018-06-14 23:12 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-07-10 22:55 - 2018-06-14 23:12 - 000118872 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2018-07-10 22:55 - 2018-06-14 23:10 - 001934400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-07-10 22:55 - 2018-06-14 23:10 - 001097640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-07-10 22:55 - 2018-06-14 23:10 - 000717208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2018-07-10 22:55 - 2018-06-14 23:10 - 000326024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExecModelClient.dll
2018-07-10 22:55 - 2018-06-14 23:09 - 002830240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-07-10 22:55 - 2018-06-14 23:09 - 002546592 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-07-10 22:55 - 2018-06-14 23:09 - 001742272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-07-10 22:55 - 2018-06-14 23:09 - 001659296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2018-07-10 22:55 - 2018-06-14 23:09 - 001209800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-07-10 22:55 - 2018-06-14 23:09 - 001112600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2018-07-10 22:55 - 2018-06-14 23:09 - 000594128 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-07-10 22:55 - 2018-06-14 23:09 - 000247984 _____ (Microsoft Corporation) C:\WINDOWS\system32\RESAMPLEDMO.DLL
2018-07-10 22:55 - 2018-06-14 23:08 - 002062488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2018-07-10 22:55 - 2018-06-14 23:08 - 001946752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-07-10 22:55 - 2018-06-14 23:08 - 001921944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2018-07-10 22:55 - 2018-06-14 23:08 - 001457128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-07-10 22:55 - 2018-06-14 23:08 - 001258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-07-10 22:55 - 2018-06-14 23:08 - 001150408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2018-07-10 22:55 - 2018-06-14 23:08 - 001140568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-07-10 22:55 - 2018-06-14 23:08 - 000983008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-07-10 22:55 - 2018-06-14 23:08 - 000945568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2018-07-10 22:55 - 2018-06-14 23:08 - 000898760 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-07-10 22:55 - 2018-06-14 23:08 - 000642088 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp_win.dll
2018-07-10 22:55 - 2018-06-14 23:08 - 000604576 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-07-10 22:55 - 2018-06-14 23:08 - 000500552 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2018-07-10 22:55 - 2018-06-14 23:08 - 000413816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-07-10 22:55 - 2018-06-14 23:08 - 000072768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WindowsTrustedRT.sys
2018-07-10 22:55 - 2018-06-14 23:05 - 000550608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2018-07-10 22:55 - 2018-06-14 23:05 - 000444240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2018-07-10 22:55 - 2018-06-14 23:04 - 001462824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2018-07-10 22:55 - 2018-06-14 23:04 - 001397192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2018-07-10 22:55 - 2018-06-14 23:04 - 001251736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContentDeliveryManager.Utilities.dll
2018-07-10 22:55 - 2018-06-14 23:04 - 000719552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-07-10 22:55 - 2018-06-14 23:04 - 000281080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExecModelClient.dll
2018-07-10 22:55 - 2018-06-14 23:04 - 000105376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2018-07-10 22:55 - 2018-06-14 23:03 - 002535032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2018-07-10 22:55 - 2018-06-14 23:03 - 002163184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2018-07-10 22:55 - 2018-06-14 23:03 - 001805752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-07-10 22:55 - 2018-06-14 23:03 - 001559368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-07-10 22:55 - 2018-06-14 23:03 - 001380192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-07-10 22:55 - 2018-06-14 23:03 - 001129640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-07-10 22:55 - 2018-06-14 23:03 - 001011968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-07-10 22:55 - 2018-06-14 23:03 - 000770152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2018-07-10 22:55 - 2018-06-14 23:03 - 000472136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2018-07-10 22:55 - 2018-06-14 23:03 - 000356960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-07-10 22:55 - 2018-06-14 23:03 - 000232488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL
2018-07-10 22:55 - 2018-06-14 23:03 - 000129192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-07-10 22:55 - 2018-06-14 22:49 - 002962944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-07-10 22:55 - 2018-06-14 22:48 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-07-10 22:55 - 2018-06-14 22:48 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Diagnostics.dll
2018-07-10 22:55 - 2018-06-14 22:47 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2018-07-10 22:55 - 2018-06-14 22:46 - 004333568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-07-10 22:55 - 2018-06-14 22:46 - 001356800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2018-07-10 22:55 - 2018-06-14 22:46 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2018-07-10 22:55 - 2018-06-14 22:46 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll
2018-07-10 22:55 - 2018-06-14 22:46 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2018-07-10 22:55 - 2018-06-14 22:45 - 000992768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2018-07-10 22:55 - 2018-06-14 22:45 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-07-10 22:55 - 2018-06-14 22:44 - 001632256 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2018-07-10 22:55 - 2018-06-14 22:44 - 001342976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2018-07-10 22:55 - 2018-06-14 22:44 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2018-07-10 22:55 - 2018-06-14 22:44 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2018-07-10 22:55 - 2018-06-14 22:44 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-07-10 22:55 - 2018-06-14 22:43 - 001114112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll
2018-07-10 22:55 - 2018-06-14 22:43 - 001110528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-07-10 22:55 - 2018-06-14 22:43 - 000675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2018-07-10 22:55 - 2018-06-14 22:43 - 000426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-07-10 22:55 - 2018-06-14 22:43 - 000312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagnosticLogCSP.dll
2018-07-10 22:55 - 2018-06-14 22:43 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2018-07-10 22:55 - 2018-06-14 22:43 - 000191488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VideoHandlers.dll
2018-07-10 22:55 - 2018-06-14 22:43 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2018-07-10 22:55 - 2018-06-14 22:42 - 000431104 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2018-07-10 22:55 - 2018-06-14 22:42 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2018-07-10 22:55 - 2018-06-14 22:42 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Diagnostics.dll
2018-07-10 22:55 - 2018-06-14 22:42 - 000319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-07-10 22:55 - 2018-06-14 22:42 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-07-10 22:55 - 2018-06-14 22:42 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2018-07-10 22:55 - 2018-06-14 22:42 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2018-07-10 22:55 - 2018-06-14 22:42 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2018-07-10 22:55 - 2018-06-14 22:41 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-07-10 22:55 - 2018-06-14 22:41 - 001724928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2018-07-10 22:55 - 2018-06-14 22:41 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-07-10 22:55 - 2018-06-14 22:41 - 000811520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Input.dll
2018-07-10 22:55 - 2018-06-14 22:41 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-07-10 22:55 - 2018-06-14 22:41 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-07-10 22:55 - 2018-06-14 22:41 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll
2018-07-10 22:55 - 2018-06-14 22:40 - 001550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-07-10 22:55 - 2018-06-14 22:40 - 001487360 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-07-10 22:55 - 2018-06-14 22:40 - 000827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2018-07-10 22:55 - 2018-06-14 22:40 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2018-07-10 22:55 - 2018-06-14 22:40 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2018-07-10 22:55 - 2018-06-14 22:39 - 002903040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-07-10 22:55 - 2018-06-14 22:39 - 002583552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-07-10 22:55 - 2018-06-14 22:39 - 002172416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-07-10 22:55 - 2018-06-14 22:39 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2018-07-10 22:55 - 2018-06-14 22:39 - 000916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-07-10 22:55 - 2018-06-14 22:39 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-07-10 22:55 - 2018-06-14 22:39 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-07-10 22:55 - 2018-06-14 22:38 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-07-10 22:55 - 2018-06-14 22:38 - 001581568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.PointOfService.dll
2018-07-10 22:55 - 2018-06-14 22:38 - 001305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2018-07-10 22:55 - 2018-06-14 22:38 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2018-07-10 22:55 - 2018-06-14 22:38 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-07-10 22:55 - 2018-06-14 22:38 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2018-07-10 22:55 - 2018-06-14 22:38 - 000910848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2018-07-10 22:55 - 2018-06-14 22:38 - 000596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-07-10 22:55 - 2018-06-14 22:37 - 001374208 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-07-10 22:55 - 2018-06-14 22:37 - 000883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-07-10 22:55 - 2018-05-20 05:53 - 000792984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-07-10 22:55 - 2018-05-20 05:52 - 000413080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-07-10 22:54 - 2018-07-06 07:53 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2018-07-10 22:54 - 2018-07-06 07:52 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-07-10 22:54 - 2018-07-06 07:49 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2018-07-10 22:54 - 2018-07-06 05:51 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2018-07-10 22:54 - 2018-07-06 01:01 - 000104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2018-07-10 22:54 - 2018-07-06 01:01 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
2018-07-10 22:54 - 2018-07-06 01:00 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2018-07-10 22:54 - 2018-07-06 01:00 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2018-07-10 22:54 - 2018-07-06 01:00 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2018-07-10 22:54 - 2018-07-06 01:00 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
2018-07-10 22:54 - 2018-07-06 01:00 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsTelemetry.dll
2018-07-10 22:54 - 2018-07-06 01:00 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
2018-07-10 22:54 - 2018-07-06 00:59 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Geolocation.dll
2018-07-10 22:54 - 2018-07-06 00:59 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2018-07-10 22:54 - 2018-07-06 00:59 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2018-07-10 22:54 - 2018-07-06 00:58 - 000236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Core.dll
2018-07-10 22:54 - 2018-07-06 00:58 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Cortana.dll
2018-07-10 22:54 - 2018-07-06 00:58 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-07-10 22:54 - 2018-07-06 00:58 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2018-07-10 22:54 - 2018-07-06 00:58 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2018-07-10 22:54 - 2018-07-06 00:57 - 000262656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NmaDirect.dll
2018-07-10 22:54 - 2018-07-06 00:56 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2018-07-10 22:54 - 2018-07-06 00:56 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-07-10 22:54 - 2018-07-06 00:56 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll
2018-07-10 22:54 - 2018-07-06 00:56 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-07-10 22:54 - 2018-07-06 00:55 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-07-10 22:54 - 2018-07-06 00:55 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-07-10 22:54 - 2018-07-06 00:53 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2018-07-10 22:54 - 2018-07-05 23:41 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2018-07-10 22:54 - 2018-06-15 11:35 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-07-10 22:54 - 2018-06-15 11:34 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\DsmUserTask.exe
2018-07-10 22:54 - 2018-06-15 11:33 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManagerAPI.dll
2018-07-10 22:54 - 2018-06-15 11:33 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2018-07-10 22:54 - 2018-06-15 11:31 - 000907776 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2018-07-10 22:54 - 2018-06-15 11:29 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2018-07-10 22:54 - 2018-06-15 09:04 - 000851968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2018-07-10 22:54 - 2018-06-15 09:03 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
2018-07-10 22:54 - 2018-06-15 09:01 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2018-07-10 22:54 - 2018-06-14 22:47 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2018-07-10 22:54 - 2018-06-14 22:47 - 000515072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2018-07-10 22:54 - 2018-06-14 22:46 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2018-07-10 22:54 - 2018-06-14 22:45 - 000871424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2018-07-10 22:54 - 2018-06-14 22:45 - 000740352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2018-07-10 22:54 - 2018-06-14 22:45 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-07-10 22:54 - 2018-06-14 22:45 - 000193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2018-07-10 22:54 - 2018-06-14 22:45 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\DTUHandlerPS.dll
2018-07-10 22:54 - 2018-06-14 22:44 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2018-07-10 22:54 - 2018-06-14 22:44 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2018-07-10 22:54 - 2018-06-14 22:44 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2018-07-10 22:54 - 2018-06-14 22:44 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\cellulardatacapabilityhandler.dll
2018-07-10 22:54 - 2018-06-14 22:43 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpRelayTransport.dll
2018-07-10 22:54 - 2018-06-14 22:43 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-07-10 22:54 - 2018-06-14 22:43 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2018-07-10 22:54 - 2018-06-14 22:42 - 000978432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2018-07-10 22:54 - 2018-06-14 22:42 - 000558592 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2018-07-10 22:54 - 2018-06-14 22:42 - 000287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2018-07-10 22:54 - 2018-06-14 22:42 - 000273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2018-07-10 22:54 - 2018-06-14 22:41 - 000953856 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2018-07-10 22:54 - 2018-06-14 22:41 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2018-07-10 22:54 - 2018-06-14 22:41 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2018-07-10 22:54 - 2018-06-14 22:36 - 000159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdrom.sys
2018-07-10 22:54 - 2018-05-31 23:18 - 000058524 _____ C:\WINDOWS\system32\srms.dat
2018-07-10 20:14 - 2018-07-31 10:44 - 000000000 ____D C:\ProgramData\Packages

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-09 10:17 - 2018-04-11 17:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-08-09 10:12 - 2015-03-01 12:24 - 000000000 ____D C:\Program Files (x86)\Opera
2018-08-09 10:06 - 2016-11-26 00:39 - 000000000 ____D C:\Users\Dave\AppData\LocalLow\Mozilla
2018-08-09 10:06 - 2012-06-20 13:19 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-08-09 10:05 - 2017-04-30 13:14 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-08-09 10:05 - 2013-03-03 20:11 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-08-09 10:04 - 2016-07-23 22:49 - 000000000 ___RD C:\Users\Dave\OneDrive
2018-08-09 10:00 - 2018-05-16 00:43 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-08-09 09:59 - 2018-05-16 00:01 - 000000000 ____D C:\Users\Dave
2018-08-09 09:59 - 2018-04-11 15:04 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2018-08-09 09:58 - 2015-08-03 11:34 - 000000000 ____D C:\Users\Dave\AppData\Roaming\Everything
2018-08-09 09:57 - 2018-06-29 12:48 - 000001307 _____ C:\Users\Dave\Desktop\Device Manager - Shortcut.lnk
2018-08-09 09:53 - 2012-06-19 10:07 - 000000000 ____D C:\Users\Dave\AppData\Roaming\vlc
2018-08-09 09:22 - 2018-05-15 23:51 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-08-09 05:07 - 2018-05-16 00:43 - 000004158 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CB1BE535-6F0F-4578-8662-9C0E1D1C3C7F}
2018-08-08 23:00 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-08-08 22:58 - 2012-06-29 00:10 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-08-08 13:13 - 2018-04-11 17:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-08-08 11:32 - 2018-07-09 23:11 - 000001106 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2018-08-07 23:42 - 2016-05-13 18:01 - 000000000 ____D C:\Users\Dave\AppData\Roaming\GrabIt
2018-08-06 10:03 - 2015-08-08 17:19 - 000001414 _____ C:\Users\Dave\Desktop\Everything.exe - Shortcut.lnk
2018-08-05 02:24 - 2018-04-11 17:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-08-02 14:26 - 2015-03-01 10:56 - 000000000 ____D C:\Users\Dave\AppData\Roaming\Apple Computer
2018-07-31 10:32 - 2018-02-27 22:40 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-07-30 03:20 - 2018-05-16 00:43 - 000003962 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1425234319
2018-07-30 03:20 - 2017-06-30 11:17 - 000001122 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2018-07-29 11:17 - 2018-01-25 00:57 - 000000000 ____D C:\Users\Dave\Downloads\Memes I Liked
2018-07-29 11:14 - 2012-08-19 10:49 - 000000000 ____D C:\Users\Dave\Downloads\Posted Cartoons
2018-07-27 16:48 - 2018-03-12 08:35 - 000000000 ____D C:\Program Files\Common Files\Apple
2018-07-27 16:48 - 2015-03-01 10:56 - 000000000 ____D C:\Users\Dave\AppData\Local\Apple Computer
2018-07-27 11:33 - 2009-07-13 21:20 - 000000000 __RHD C:\Users\Public\Public Desktop
2018-07-26 11:07 - 2014-12-11 00:49 - 000000000 ____D C:\Users\Dave\AppData\Roaming\KeePass
2018-07-23 00:48 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-07-21 09:14 - 2016-12-17 12:58 - 000000000 ____D C:\Program Files\Pale Moon
2018-07-21 08:48 - 2013-06-11 13:27 - 000000968 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pale Moon.lnk
2018-07-21 08:48 - 2013-06-11 13:27 - 000000956 _____ C:\Users\Public\Desktop\Pale Moon.lnk
2018-07-19 23:25 - 2016-02-15 01:00 - 000000000 ____D C:\Users\Dave\Downloads\Podcasts
2018-07-16 23:05 - 2010-11-20 21:27 - 000563832 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-07-16 11:34 - 2017-12-23 20:30 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-07-15 22:52 - 2012-08-19 09:00 - 000016384 _____ C:\Users\Dave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-07-15 22:28 - 2012-06-24 14:43 - 000000000 ____D C:\Users\Office Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-07-14 00:46 - 2018-05-16 00:43 - 000003368 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4063716828-1680190529-1648852121-1000
2018-07-14 00:46 - 2018-05-16 00:01 - 000002409 _____ C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-07-12 00:23 - 2018-05-16 00:43 - 000004530 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-07-12 00:22 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-07-12 00:22 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-07-11 04:04 - 2018-04-11 17:36 - 000000000 ____D C:\WINDOWS\INF
2018-07-11 01:13 - 2018-05-15 23:56 - 000968400 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-07-11 01:08 - 2017-12-23 20:18 - 000000000 ___RD C:\Users\Dave\3D Objects
2018-07-11 01:08 - 2016-07-23 22:45 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-07-11 01:07 - 2018-05-15 23:51 - 000453184 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-07-11 01:03 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-07-11 01:03 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-07-11 01:03 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-07-11 01:02 - 2018-04-11 17:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-07-11 01:02 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-07-11 01:02 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-07-10 23:28 - 2013-08-14 09:15 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-07-10 23:10 - 2012-06-16 13:56 - 134675576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-07-10 20:07 - 2018-05-16 00:43 - 000004578 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier

==================== Files in the root of some directories =======

2011-08-19 16:02 - 2011-06-09 17:44 - 000002792 _____ () C:\Program Files\HP SimplePass 2011
2009-04-20 23:51 - 2007-12-14 19:33 - 000262144 _____ (ZoneAlarm) C:\Program Files (x86)\Uninstall Spy Blocker.dll
2012-07-27 11:57 - 2012-07-27 11:57 - 000007859 _____ () C:\Users\Office Administrator\AppData\Roaming\pcouffin.cat
2012-07-27 11:57 - 2012-07-27 11:57 - 000001167 _____ () C:\Users\Office Administrator\AppData\Roaming\pcouffin.inf
2012-07-27 11:57 - 2012-07-27 11:57 - 000000034 _____ () C:\Users\Office Administrator\AppData\Roaming\pcouffin.log
2012-07-27 11:57 - 2012-07-27 11:57 - 000082816 _____ (VSO Software) C:\Users\Office Administrator\AppData\Roaming\pcouffin.sys
2012-10-13 19:45 - 2012-10-13 19:45 - 000000600 _____ () C:\Users\Office Administrator\AppData\Roaming\winscp.rnd

Some files in TEMP:
====================
2018-08-08 11:31 - 2018-08-08 11:31 - 004264384 _____ (Don HO don.h@free.fr) C:\Users\Dave\AppData\Local\Temp\npp.7.5.8.Installer.exe
2018-05-24 19:49 - 2018-05-24 19:49 - 004299968 _____ (Don HO don.h@free.fr) C:\Users\Office Administrator\AppData\Local\Temp\npp.7.5.6.Installer.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-15 23:51

==================== End of FRST.txt ============================
**********************************
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by Office Administrator (09-08-2018 10:27:44)
Running from C:\Users\Dave\Desktop
Windows 10 Home Version 1803 17134.165 (X64) (2018-05-16 06:45:36)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4063716828-1680190529-1648852121-500 - Administrator - Disabled) => C:\Users\Administrator
Ben (S-1-5-21-4063716828-1680190529-1648852121-1004 - Limited - Enabled) => C:\Users\Ben
Dave (S-1-5-21-4063716828-1680190529-1648852121-1000 - Limited - Enabled) => C:\Users\Dave
DefaultAccount (S-1-5-21-4063716828-1680190529-1648852121-503 - Limited - Disabled)
Guest (S-1-5-21-4063716828-1680190529-1648852121-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4063716828-1680190529-1648852121-1002 - Limited - Enabled)
Hope (S-1-5-21-4063716828-1680190529-1648852121-1003 - Limited - Enabled) => C:\Users\Hope
Mary Jo (S-1-5-21-4063716828-1680190529-1648852121-1005 - Limited - Enabled) => C:\Users\Mary Jo
Office Administrator (S-1-5-21-4063716828-1680190529-1648852121-1006 - Administrator - Enabled) => C:\Users\Office Administrator
Rich (S-1-5-21-4063716828-1680190529-1648852121-1008 - Limited - Enabled) => C:\Users\Rich
Share_with_Office (S-1-5-21-4063716828-1680190529-1648852121-1007 - Limited - Enabled) => C:\Users\Share_with_Office
WDAGUtilityAccount (S-1-5-21-4063716828-1680190529-1648852121-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.2.0 - )
2017 Screen Saver (HKLM-x32\...\2017 Screen Saver_is1) (Version: - Access Analytic)
4K YouTube to MP3 3.3 (HKLM-x32\...\{35F6F72F-08F5-4885-8B69-7A3C6C1F038E}) (Version: 3.3.5.1797 - Open Media LLC)
802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.01.18.0 - Ralink)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.4 - Adobe Systems Incorporated)
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 30 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\...\Amazon Kindle) (Version: 1.20.1.47037 - Amazon)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.5.3.0 - SlySoft)
Apple Application Support (32-bit) (HKLM-x32\...\{E5347310-C82F-4833-AA36-8D11E5A8A86A}) (Version: 6.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D745E014-74DD-43A3-98DF-E7D38164B681}) (Version: 6.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C29B636B-9015-4ED1-A12F-6375A337F23B}) (Version: 11.4.1.46 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
ArcSoft ShowBiz (HKLM-x32\...\{9D41D2EF-2D33-4CFD-8A3E-C7E6FCC3303B}) (Version: 3.5.13.64 - ArcSoft)
Asterisk Key 10.0 (HKLM-x32\...\asterisk key) (Version: - )
Audacity 2.0 (HKLM-x32\...\Audacity_is1) (Version: - Audacity Team)
AVIcodec (remove only) (HKLM-x32\...\AVIcodec) (Version: - )
Avidemux 2.6 (32-bit) (HKLM-x32\...\Avidemux 2.6) (Version: 2.6.1.8321 - )
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
Backup and Sync from Google (HKLM\...\{AEFBDB5B-899F-4AE6-B789-BA56A652A476}) (Version: 3.42.9858.3671 - Google, Inc.)
Bandicam (HKLM-x32\...\Bandicam) (Version: 2.1.1.731 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com)
Beyond Compare 4.2.2 (HKLM\...\BeyondCompare4_is1) (Version: 4.2.2.22384 - Scooter Software)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Blue Coat K9 Web Protection (HKLM\...\Blue Coat K9 Web Protection) (Version: 4.3.188 - Blue Coat Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
calibre (HKLM-x32\...\{D2DCF339-7EBC-4D88-B515-A504297796EA}) (Version: 3.6.0 - Kovid Goyal)
Canon MP Navigator EX 2.0 (HKLM-x32\...\MP Navigator EX 2.0) (Version: - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - )
CanoScan LiDE 200 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807) (Version: - )
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.4.03034 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{EB629A98-5E69-40E8-BA9E-C393899F959D}) (Version: 4.4.03034 - Cisco Systems, Inc.) Hidden
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.12334.0 - Cisco Consumer Products LLC)
Cisco WebEx Meetings (HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
CloneCD (HKLM-x32\...\CloneCD) (Version: - SlySoft)
CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version: 2.9.3.0 - Elaborate Bytes)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.1) (Version: 5.0.0.1 - Coupons.com Incorporated)
CPUID CPU-Z 1.68 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) <==== ATTENTION
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DjVuLibre DjView 3.5.27+4.10.4 (HKLM-x32\...\DjVuLibre+DjView) (Version: 3.5.27+4.10.4 - DjVuZone)
Driver Install 64-Bit (HKLM-x32\...\{AA107568-1B58-407E-9867-D51F71C9F446}) (Version: 6.0.107.0 - China) Hidden
Driver Install 64-Bit (HKLM-x32\...\InstallShield_{AA107568-1B58-407E-9867-D51F71C9F446}) (Version: 6.0.107.0 - China)
EPubsoft Adobe PDF ePub DRM Removal 8.9.6 (HKLM-x32\...\{917CB2F3-7BAF-4E1E-9444-1241BF3D6B92}) (Version: 8.9.6 - EPUBSOFT)
Eudora (HKLM-x32\...\{FC40342A-B862-4F02-9B85-EBC13BE78AD1}) (Version: 7.0 - )
Everything 1.3.4.686 (x64) (HKLM\...\Everything) (Version: - )
Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
EZ Grabber (HKLM-x32\...\{8543A572-5993-4101-BACC-C83884E183A4}) (Version: 2.00.0000 - EZ Grabber)
f.lux (HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\...\Flux) (Version: - f.lux Software LLC)
Family Tree Maker 2012 (HKLM-x32\...\{1CB0993B-1CD4-4A18-9C85-9732AFD9843F}) (Version: 21.0.452 - Ancestry.com, Inc.) Hidden
Family Tree Maker 2012 (HKLM-x32\...\Family Tree Maker 2012) (Version: 21.0.452 - Ancestry.com, Inc.)
FeedDemon (HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\...\FeedDemon_is1) (Version: 4.5.0.0 - NewsGator Technologies, Inc.)
Flash Decompiler Trillix (HKLM-x32\...\Flash Decompiler Trillix_is1) (Version: 5.3 - Eltima Software)
foobar2000 v1.3.10 (HKLM-x32\...\foobar2000) (Version: 1.3.10 - Peter Pawlowski)
FormatFactory 3.0.1 (HKLM-x32\...\FormatFactory) (Version: 3.0.1 - Free Time)
FREE EML File Viewer version v2.0 (HKLM-x32\...\{6B16A616-C931-4D4B-B1C5-E04F2D4DDD63}_is1) (Version: v2.0 - www.freeviewer.org)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Gmail Backup (HKLM-x32\...\gmailbackup) (Version: - )
GnuWin32: Wget-1.11.4-1 (HKLM-x32\...\Wget-1.11.4-1_is1) (Version: 1.11.4-1 - GnuWin32)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GrabIt 1.7.3 Beta (build 1010) (HKLM-x32\...\GrabIt_is1) (Version: - Ilan Shemes)
HandBrake 0.9.6 (HKLM-x32\...\HandBrake) (Version: 0.9.6 - )
Huffyuv AVI lossless video codec - MultiThread (Remove Only) (HKLM-x32\...\HuffyuvcodecMT) (Version: - )
iCloud (HKLM\...\{82FCC407-A0E5-4B80-9241-5ABA78B61090}) (Version: 7.6.0.15 - Apple Inc.)
ImageMagick 6.8.9-5 Q8 (64-bit) (2014-07-15) (HKLM\...\ImageMagick 6.8.9 Q8 (64-bit)_is1) (Version: 6.8.9 - ImageMagick Studio LLC)
iMazing HEIC Converter version 1.0.5 (HKLM\...\{FA58AFA9-B210-409C-88F1-2A90D577C170}_is1) (Version: 1.0.5 - DigiDNA)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
iTunes (HKLM\...\{36F365B3-05C2-455D-9D96-B73829DE046D}) (Version: 12.8.0.150 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KeePass Password Safe 2.28 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.28 - Dominik Reichl)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - )
Lame ACM MP3 Codec (HKLM-x32\...\LameACM) (Version: - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Link Shell Extension (HKLM\...\HardlinkShellExt) (Version: 3.7.5.1 - Hermann Schinagl)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
MapWindow GIS (HKLM-x32\...\{0018DC60-E4CB-4884-81EC-52CF2BAF54EF}_is1) (Version: 4.8.8 - MapWindow GIS)
Mathematica Extras 8.0 (2609412) (HKLM\...\A-WIN-Extras 8.0.4 2609412_is1) (Version: 8.0.4 - Wolfram Research, Inc.)
MediaHuman YouTube to MP3 Converter version 3.9.8.10 (HKLM-x32\...\MediaHuman YouTube to MP3 Converter_is1) (Version: 3.9.8.10 - )
MediaInfo 0.7.67 (HKLM\...\MediaInfo) (Version: 0.7.67 - MediaArea.net)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\...\OneDriveSetup.exe) (Version: 18.111.0603.0006 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4063716828-1680190529-1648852121-1006\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 61.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 61.0.2 (x64 en-US)) (Version: 61.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)
MP4Tools v3.1 (HKLM-x32\...\MP4Tools_is1) (Version: - )
MuseScore 2 (HKLM-x32\...\{703926DE-F24B-11E4-AA68-472FB664A5DC}) (Version: 2.0.1 - Werner Schweer and Others)
MyFreeCodec (HKU\S-1-5-21-4063716828-1680190529-1648852121-1006\...\MyFreeCodec) (Version: - )
Neat Video v3.0 Demo plug-in for VirtualDub (32-bit) (HKLM-x32\...\Neat Video for VirtualDub (32-bit)_is1) (Version: - Neat Video team, ABSoft)
Network Stumbler 0.4.0 (remove only) (HKLM-x32\...\Network Stumbler) (Version: - )
NirSoft VideoCacheView (HKLM-x32\...\NirSoft VideoCacheView) (Version: - )
NLOGIT 4.0 (HKLM-x32\...\{162D8CCE-79C2-4587-A026-22B8D8B73015}) (Version: 04.00.0001 - Econometric Software, Inc.)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.8 - Notepad++ Team)
NZBLeecher (HKLM-x32\...\NZBLeecher) (Version: - )
Open Live Writer (HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\...\OpenLiveWriter) (Version: 0.6.2 - Open Live Writer)
Opera Stable 54.0.2952.64 (HKLM-x32\...\Opera 54.0.2952.64) (Version: 54.0.2952.64 - Opera Software)
Orbit Downloader (HKLM-x32\...\Orbit_is1) (Version: - www.orbitdownloader.com)
paint.net (HKLM\...\{E8FA8815-3817-4128-A814-E2EAC456ADF0}) (Version: 4.0.21 - dotPDN LLC)
Pale Moon (x64 en-US) (HKLM\...\Pale Moon (x64 en-US)) (Version: 27.9.4 - Moonchild Productions)
Pale Moon 27.0.2 (x86 en-US) (HKLM-x32\...\Pale Moon 27.0.2 (x86 en-US)) (Version: 27.0.2 - Moonchild Productions)
PaperCut Print Logger 1.10 (HKLM-x32\...\PaperCut Print Logger_is1) (Version: - PaperCut Software Int. Pty. Ltd.)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.4.1 - Frank Heindörfer, Philip Chinery)
PdfMerge (HKLM-x32\...\{1CD59184-5172-4899-BAE4-4F06D57B2004}) (Version: 1.19.0 - PdfMerge)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.203.0 - Tracker Software Products Ltd)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Plex Media Server (HKLM-x32\...\{16eca963-68c5-4756-80f9-db9094a4d6f0}) (Version: 0.9.1104 - Plex, Inc.)
Plex Media Server (HKLM-x32\...\{A6BF4853-41E9-4DA1-AD81-4B16FEE938C2}) (Version: 0.9.1104 - Plex, Inc.) Hidden
POV-Ray for Windows v3.6.1c (HKLM-x32\...\POV-Ray for Windows v3.6) (Version: 3.6 - Persistence of Vision Raytracer Pty. Ltd.)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5331 - CyberLink Corp.) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5331 - CyberLink Corp.)
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.4320 - CyberLink Corp.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Respondus 4.0 Campus-Wide (HKLM-x32\...\{8DB14A0D-7D84-46B3-AEE4-D265729C78BD}) (Version: 4.00.0000 - Respondus, Inc.)
Respondus LockDown Browser 2 (HKLM-x32\...\{BBC7F69B-7A94-41E9-8A4B-B55A8D06431F}) (Version: 2.00.0000 - Respondus)
SABnzbd 1.0.2 (HKLM-x32\...\SABnzbd) (Version: 1.0.2 - The SABnzbd Team)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
screen-scraper Basic Edition (HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\...\5814-3494-4319-2342) (Version: 7.0 - ekiwi, LLC)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.16052.2 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.16052.2 - Samsung Electronics Co., Ltd.)
Snagit 12 (HKLM-x32\...\{B298CE4A-880B-4D6E-8987-2D8A616BF568}) (Version: 12.0.0 - TechSmith Corporation) Hidden
Snagit 12 (HKLM-x32\...\{bdac23f5-7943-42cf-ba56-4732fc20b6a7}) (Version: 12.0.0.1001 - TechSmith Corporation)
SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
ThumbNailer (HKLM\...\{4FF14ED2-7B23-4EBF-A88B-CAE3590F9388}) (Version: 10.1.0.10 - Smaller Animals Software) Hidden
ThumbNailer 10 (HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\...\ThumbNailer 10.1.0.10) (Version: 10.1.0.10 - Smaller Animals Software)
TreeSize Free V2.7 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.7 - JAM Software)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{DE083343-D24D-4495-919E-18C65EC0F289}) (Version: 2.8.0.0 - Microsoft Corporation)
Verizon Cloud (HKLM\...\Verizon Cloud) (Version: 16.1.8.13 - Verizon)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VSO Inspector 2.0.2 (HKLM-x32\...\VSO Inspector_is1) (Version: - VSO-Software SARL)
WD Link (HKLM-x32\...\WD Link) (Version: 1.00.03 - Western Digital)
WebP Codec for Windows 0.19 (HKLM\...\{9D2F4EB8-98AD-4C8B-A0C5-4C114B3F1287}) (Version: 0.19.9 - Google Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinRAR 5.60 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.60.0 - win.rar GmbH)
WinSCP 5.1 (HKLM-x32\...\winscp3_is1) (Version: 5.1 - Martin Prikryl)
Wolfram CDF Player (M-WIN-D 8.0.4 2609533) (HKLM-x32\...\M-WIN-D 8.0.4 2609533_is1) (Version: 8.0.4 - Wolfram Research, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers: [ SncrOverlays (Blocked)] -> {C418E880-6280-4010-A888-FD76028E5511} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll [2016-10-10] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (InSync)] -> {5F4A6070-DB92-4C56-A487-F3850430608F} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll [2016-10-10] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (Pending)] -> {EE73A341-C788-4A6B-B1EF-DDBFC0F190B6} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll [2016-10-10] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (Syncing)] -> {28CDCD88-B179-49D6-8B21-1A9AF9C0AE13} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll [2016-10-10] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2013-08-23] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2013-08-23] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2013-08-23] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ SncrOverlays (Blocked)] -> {C418E880-6280-4010-A888-FD76028E5511} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll [2016-10-10] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers-x32: [ SncrOverlays (InSync)] -> {5F4A6070-DB92-4C56-A487-F3850430608F} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll [2016-10-10] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers-x32: [ SncrOverlays (Pending)] -> {EE73A341-C788-4A6B-B1EF-DDBFC0F190B6} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll [2016-10-10] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers-x32: [ SncrOverlays (Syncing)] -> {28CDCD88-B179-49D6-8B21-1A9AF9C0AE13} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll [2016-10-10] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers-x32: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2013-08-23] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2013-08-23] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2013-08-23] (Hermann Schinagl)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2018-07-22] ()
ContextMenuHandlers1: [CirrusShellEx] -> {57FA2D12-D22D-490A-805A-5CB48E84F12A} => C:\My Program Files (x86)\Beyond Compare 4\BCShellEx64.dll [2017-05-18] (Scooter Software)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-05-30] (Google)
ContextMenuHandlers1: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2013-08-23] (Hermann Schinagl)
ContextMenuHandlers1: [Notepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2018-07-22] ()
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2018-06-26] (Apple Inc.)
ContextMenuHandlers1: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files (x86)\TechSmith\Snagit 12\DLLx64\SnagitShellExt64.dll [2014-04-18] (TechSmith Corporation)
ContextMenuHandlers1: [VerizonCtxMenu] -> {8CA825D9-C7DB-4833-9901-E7400521CE04} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.ContextMenus.dll [2016-10-10] (Synchronoss Technologies Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers1-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-03] (Malwarebytes)
ContextMenuHandlers3: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ContextMenuHandlers4: [CirrusShellEx] -> {57FA2D12-D22D-490A-805A-5CB48E84F12A} => C:\My Program Files (x86)\Beyond Compare 4\BCShellEx64.dll [2017-05-18] (Scooter Software)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-05-30] (Google)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers4: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files (x86)\TechSmith\Snagit 12\DLLx64\SnagitShellExt64.dll [2014-04-18] (TechSmith Corporation)
ContextMenuHandlers4: [VerizonCtxMenu] -> {8CA825D9-C7DB-4833-9901-E7400521CE04} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.ContextMenus.dll [2016-10-10] (Synchronoss Technologies Inc.)
ContextMenuHandlers4: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers5: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2013-08-23] (Hermann Schinagl)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Intel Corporation)
ContextMenuHandlers5: [VerizonCtxMenu] -> {8CA825D9-C7DB-4833-9901-E7400521CE04} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.ContextMenus.dll [2016-10-10] (Synchronoss Technologies Inc.)
ContextMenuHandlers5: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ContextMenuHandlers6: [CirrusShellEx] -> {57FA2D12-D22D-490A-805A-5CB48E84F12A} => C:\My Program Files (x86)\Beyond Compare 4\BCShellEx64.dll [2017-05-18] (Scooter Software)
ContextMenuHandlers6: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2013-08-23] (Hermann Schinagl)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-03] (Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers6: [VerizonCtxMenu] -> {8CA825D9-C7DB-4833-9901-E7400521CE04} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.ContextMenus.dll [2016-10-10] (Synchronoss Technologies Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers6-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {032B01CC-1874-43B4-A40E-0A34AE5B0219} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {042937CB-5476-4C2A-8480-C5E036578E2B} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0CC3794B-E509-49AE-AF82-09F758E715B3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {0EBF683C-73C8-427B-888B-F5FEDFA0A8B8} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Unlock -> No File <==== ATTENTION
Task: {14160C5A-0629-4486-AD42-B50AD57381FA} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {15CDA51F-2714-4EDB-A171-93B428EB5EAB} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\OutOfIdle -> No File <==== ATTENTION
Task: {225F401F-D757-4C63-9C5E-338A1BF1A40C} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {22B36131-D912-447F-8E3A-93B96D768A49} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {310AE0D2-A029-42FE-9CBF-BE9D3169809C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {3311EDC2-3EB7-44C7-98E3-001274DB87E2} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {35A742C1-2971-4943-A2E3-29AD462FFAAC} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3ACF76E4-F5DF-431C-BEA2-BE70CF85AE6D} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {3D5FD92F-118C-45D9-B0B3-3723CAC9801B} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {3F0B4EA2-4D7B-4D23-876A-75BCC92FE9AF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-07-12] (Adobe Systems Incorporated)
Task: {40916EEB-6F1E-4999-9E15-7F491478CD18} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {442A0DF8-035C-4EC9-9586-E841BDA7E761} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-07-31] (Microsoft Corporation)
Task: {448270B0-5154-498D-B24D-AE71E7DB5927} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {453D4E41-9E0A-450B-ABEE-1E59AE056970} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {4BC2A2DA-AFD4-4150-A965-394C5A98BC48} - System32\Tasks\SetupManager => C:\Program Files (x86)\Hewlett-Packard\Setup Manager\toaster.exe
Task: {4EA06D77-9D3C-4D8D-87AC-E943886E5F61} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\OnIdle -> No File <==== ATTENTION
Task: {4EF9C94A-BEB8-4886-8EFB-6F8DC72DE967} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {53ABC437-1B0B-41C8-BFA8-0949927B2CAE} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {55FDF64B-3C5A-49F4-9EC4-597B575CA285} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {60C6872D-D8C5-4B88-8980-45D08F81447E} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {66373DB8-4A8D-49A8-88A9-7AC45A9257AE} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {6F313266-B64D-44AE-A7BB-DE6293968188} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {72D3B183-DAE2-4C2A-B083-2F775CA56B84} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {76028AB5-AC97-4F06-8327-7D5A47A19935} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8019363D-BCAD-4773-B90D-F17D42075CBA} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {81CF05AE-D06C-4C08-9EC1-EF7705F329D2} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Logon -> No File <==== ATTENTION
Task: {8D77A25D-FD6A-481A-B0D6-9678902CB9A5} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {92371601-C4C9-4886-8F49-55A1B31041CA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {962F44DF-9C5B-4695-A5B2-B3B13C819136} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-07-31] (Microsoft Corporation)
Task: {97D57FBC-B035-440C-88E7-9E676CD64057} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9EE88514-786B-4C6B-B761-AD00A3815399} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {A67499BF-E58D-4F6B-808F-5521BCB22C84} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {AA322EE6-D956-4A82-83A1-15E2310DA8ED} - System32\Tasks\Opera scheduled Autoupdate 1425234319 => C:\Program Files (x86)\Opera\launcher.exe [2018-07-24] (Opera Software)
Task: {AAAF2967-9FCF-4FE5-B8ED-82D0D1916F31} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-07-31] (Microsoft Corporation)
Task: {ABE81196-0AAC-419A-993A-CA0F9FA7E738} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {B0783751-AFAE-4BFF-B02A-3C74BBADC98E} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B45BD574-7084-4DF1-82B3-CD8D60EDDB56} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {B575AFE0-AF73-4398-9D64-5D7A4249CF40} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {B7A8F376-2E78-4061-83AB-BD6CC226463C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {B887A7D3-7A91-488D-87DA-512ED75B31E7} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {BB891099-3F04-45DA-8DFA-066AB33B0F7D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C0F395F2-9715-4314-A840-2E6C417F6A32} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C1C94E11-56D4-42FD-B052-F12EAEB7E8A4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {C29AFA7A-269B-4DEC-95F3-09270AAEC4FB} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_Plugin.exe [2018-07-10] (Adobe Systems Incorporated)
Task: {C6429797-F491-4F5C-BD36-6AC08CF60D18} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {CC5E2665-C32E-472A-B456-DD8263A22363} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Time -> No File <==== ATTENTION
Task: {DB90AE6C-A7F3-4DCB-8F95-73AC04603218} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {DC0B13A5-A3AF-44DB-A8AF-45ED1E90A3D1} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2014-04-17] (TechSmith Corporation)
Task: {DD8F35AB-434A-41DE-9AD1-1257D3D4E48B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {E40AF1E4-E26D-4DF8-BF69-C3737ACB46AC} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {E4E1AB3F-C6DC-443F-A040-1F71DC7EA004} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-07-31] (Microsoft Corporation)
Task: {E63BAE5A-5EBA-47EA-A20E-B92FD497F1B2} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\RunCampaignManager2 -> No File <==== ATTENTION
Task: {E715D404-048F-428E-B4E3-3091D17C67DF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {EE44F1BC-3A65-4249-BBAC-F4DEB17CDF61} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F1B34399-703E-4852-B06A-F538BC5472CA} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {F2511BEE-366D-49C8-BB06-D1D74AAAE162} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FE713D77-2EF1-4348-86DE-E0815C71AAD4} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_pepper.exe [2018-07-12] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2015-08-03 10:45 - 2014-08-05 19:04 - 001441792 _____ () C:\Program Files\Everything\Everything.exe
2018-01-05 00:14 - 2018-01-05 00:14 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-06-23 06:56 - 2018-06-23 06:56 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-05-15 16:00 - 2018-07-16 11:34 - 002433744 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2013-08-05 00:15 - 2013-08-05 00:15 - 000070712 _____ () c:\windows\system32\bdmpega64.acm
2018-04-11 17:34 - 2018-04-11 17:34 - 000491744 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2004-09-30 12:15 - 2004-09-30 12:15 - 000192000 _____ () C:\Program Files\LinkShellExtension\RockallDLL.dll
2018-04-11 17:34 - 2018-04-11 17:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 17:34 - 2018-04-11 17:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-07-22 18:14 - 2018-07-22 18:14 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2018-07-10 22:56 - 2018-07-06 00:55 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-07-17 15:13 - 2018-07-17 15:13 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-07-17 15:13 - 2018-07-17 15:13 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-07-17 15:13 - 2018-07-17 15:14 - 022373888 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-07-17 15:13 - 2018-07-17 15:13 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\skypert.dll
2018-07-27 10:37 - 2018-07-27 10:37 - 035195392 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.13911.0_x64__8wekyb3d8bbwe\Video.UI.exe
2018-07-27 10:37 - 2018-07-27 10:37 - 000290816 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.13911.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-07-27 10:37 - 2018-07-27 10:37 - 006373376 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.13911.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-09-25 22:50 - 2017-09-25 22:50 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.13911.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-07-27 10:37 - 2018-07-27 10:37 - 008903168 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.13911.0_x64__8wekyb3d8bbwe\EntPlat.dll
2018-07-10 20:13 - 2018-07-10 20:13 - 001922224 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2017-03-09 02:16 - 2017-03-09 02:16 - 000112264 _____ () C:\Windows\System32\IccLibDll_x64.dll
2018-07-06 02:00 - 2018-07-06 02:00 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
2018-07-06 02:00 - 2018-07-06 02:00 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2018-05-30 11:03 - 2018-05-30 11:03 - 046281248 _____ () C:\Program Files\Google\Drive\googledrivesync.exe
2011-12-22 11:10 - 2011-12-22 11:58 - 000207717 _____ () C:\Users\Dave\Documents\My Program Files\AutoHotkey\Compiler\keywords.exe
2018-08-08 22:58 - 2018-08-07 18:41 - 004855640 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.106\libglesv2.dll
2018-08-08 22:58 - 2018-08-07 18:41 - 000115544 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.106\libegl.dll
2018-08-09 10:03 - 2018-08-09 10:03 - 000113152 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\_ctypes.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000080896 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\bz2.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 001585152 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\_hashlib.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000128512 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\win32api.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000137728 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\pywintypes27.dll
2018-08-09 10:03 - 2018-08-09 10:03 - 000548864 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\pythoncom27.dll
2018-08-09 10:03 - 2018-08-09 10:03 - 000689664 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\unicodedata.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000438784 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\win32com.shell.shell.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 001489408 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\wx._core_.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 001007104 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\wx._gdi_.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 001039872 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\wx._windows_.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 001325056 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\wx._controls_.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000916992 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\wx._misc_.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 001084416 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\pysqlite2._sqlite.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000149504 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\win32file.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000136192 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\win32security.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000007680 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\hashobjs_ext.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000020992 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\thumbnails_ext.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000118784 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\usb_ext.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000047616 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\_socket.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 002224640 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\_ssl.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000014848 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\common.time34.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000023040 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\win32event.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000034304 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\windows.conditional.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000020480 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\windows.winwrap.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000110080 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\windows.volumes.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000223232 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\win32gui.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000173568 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\_elementtree.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000169472 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\pyexpat.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000048128 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\win32inet.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000103424 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\wx._html2.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000046080 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\_psutil_windows.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000633272 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\windows._cacheinvalidation.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000011776 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\win32crypt.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000301568 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\PIL._imaging.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000032256 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\_multiprocessing.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 005458944 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\cello.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000026112 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\_yappi.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000044032 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\win32process.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000027648 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\win32pipe.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000010752 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\select.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000029696 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\win32pdh.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000038400 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\windows.connectivity.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000073216 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\windows.device_monitor.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000020480 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\win32profile.pyd
2018-08-09 10:03 - 2018-08-09 10:03 - 000026624 _____ () C:\Users\Dave\AppData\Local\Temp\_MEI10442\win32ts.pyd
2016-12-17 12:58 - 2018-07-10 12:17 - 005406208 _____ () C:\Program Files\Pale Moon\mozjs.dll
2017-05-17 06:16 - 2017-05-17 06:16 - 000073728 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2018-07-30 03:20 - 2018-07-24 23:06 - 087838808 _____ () C:\Program Files (x86)\Opera\54.0.2952.64\opera_browser.dll
2018-07-30 03:20 - 2018-07-24 23:06 - 003871320 _____ () C:\Program Files (x86)\Opera\54.0.2952.64\libglesv2.dll
2018-07-30 03:20 - 2018-07-24 23:06 - 000086616 _____ () C:\Program Files (x86)\Opera\54.0.2952.64\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:DED17083 [286]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2018-08-09 10:02 - 000001707 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost
216.239.32.20 www.google.ae # bck9
216.239.32.20 www.google.at # bck9
216.239.32.20 www.google.be # bck9
216.239.32.20 www.google.ca # bck9
216.239.32.20 www.google.ch # bck9
216.239.32.20 www.google.cl # bck9
216.239.32.20 www.google.co.il # bck9
216.239.32.20 www.google.co.in # bck9
216.239.32.20 www.google.co.jp # bck9
216.239.32.20 www.google.co.kr # bck9
216.239.32.20 www.google.co.nz # bck9
216.239.32.20 www.google.co.uk # bck9
216.239.32.20 www.google.co.ve # bck9
216.239.32.20 www.google.co.za # bck9
216.239.32.20 www.google.com # bck9
216.239.32.20 www.google.com.ar # bck9
216.239.32.20 www.google.com.au # bck9
216.239.32.20 www.google.com.br # bck9
216.239.32.20 www.google.com.co # bck9
216.239.32.20 www.google.com.gr # bck9
216.239.32.20 www.google.com.hk # bck9
216.239.32.20 www.google.com.mx # bck9
216.239.32.20 www.google.com.my # bck9
216.239.32.20 www.google.com.pe # bck9
216.239.32.20 www.google.com.ph # bck9
216.239.32.20 www.google.com.pk # bck9
216.239.32.20 www.google.com.sg # bck9
216.239.32.20 www.google.com.tr # bck9
216.239.32.20 www.google.com.tw # bck9

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dave\Downloads\Wallpapers\Thomas Herbich\SMOKE_176_HD.jpg
HKU\S-1-5-21-4063716828-1680190529-1648852121-1006\Control Panel\Desktop\\Wallpaper -> C:\Users\Office Administrator\AppData\Local\Microsoft\Windows\Themes\img16.jpg
DNS Servers: 208.67.222.222 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows"
HKU\S-1-5-21-4063716828-1680190529-1648852121-1006\...\StartupApproved\Run: => "Plex Media Server"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C97E4394-8A48-4F21-B464-9A6A5D5A54A1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{93776A94-90D5-4519-B1A0-E098CE312A7F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DA8A793E-A5E4-47D7-81AE-84BF66EC42C4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4D080D92-8DEC-4CE0-BCEA-A1F319E1E296}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D6AC1967-FD24-478D-8B49-891B52A2AE67}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [Threshold.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\Threshold.exe
FirewallRules: [Threshold.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\Threshold.exe
FirewallRules: [StreamNet.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\StreamNet.exe
FirewallRules: [StreamNet.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\StreamNet.exe
FirewallRules: [SlopeAveDown.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\SlopeAveDown.exe
FirewallRules: [SlopeAveDown.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\SlopeAveDown.exe
FirewallRules: [SlopeAreaRatio.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\SlopeAreaRatio.exe
FirewallRules: [SlopeAreaRatio.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\SlopeAreaRatio.exe
FirewallRules: [SlopeArea.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\SlopeArea.exe
FirewallRules: [SlopeArea.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\SlopeArea.exe
FirewallRules: [PitRemove.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\PitRemove.exe
FirewallRules: [PitRemove.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\PitRemove.exe
FirewallRules: [PeukerDouglas.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\PeukerDouglas.exe
FirewallRules: [PeukerDouglas.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\PeukerDouglas.exe
FirewallRules: [MoveOutletsToStreams.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\MoveOutletsToStreams.exe
FirewallRules: [MoveOutletsToStreams.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\MoveOutletsToStreams.exe
FirewallRules: [LengthArea.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\LengthArea.exe
FirewallRules: [LengthArea.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\LengthArea.exe
FirewallRules: [GridNet.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\GridNet.exe
FirewallRules: [GridNet.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\GridNet.exe
FirewallRules: [DropAnalysis.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\DropAnalysis.exe
FirewallRules: [DropAnalysis.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\DropAnalysis.exe
FirewallRules: [DinfUpDependence.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\DinfUpDependence.exe
FirewallRules: [DinfUpDependence.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\DinfUpDependence.exe
FirewallRules: [DinfTransLimAccum.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\DinfTransLimAccum.exe
FirewallRules: [DinfTransLimAccum.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\DinfTransLimAccum.exe
FirewallRules: [DinfRevAccum.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\DinfRevAccum.exe
FirewallRules: [DinfRevAccum.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\DinfRevAccum.exe
FirewallRules: [DinfFlowDir.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\DinfFlowDir.exe
FirewallRules: [DinfFlowDir.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\DinfFlowDir.exe
FirewallRules: [DinfDistUp.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\DinfDistUp.exe
FirewallRules: [DinfDistUp.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\DinfDistUp.exe
FirewallRules: [DinfDistDown.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\DinfDistDown.exe
FirewallRules: [DinfDistDown.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\DinfDistDown.exe
FirewallRules: [DinfDecayAccum.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\DinfDecayAccum.exe
FirewallRules: [DinfDecayAccum.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\DinfDecayAccum.exe
FirewallRules: [DinfConcLimAccum.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\DinfConcLimAccum.exe
FirewallRules: [DinfConcLimAccum.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\DinfConcLimAccum.exe
FirewallRules: [DinfAvalanche.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\DinfAvalanche.exe
FirewallRules: [DinfAvalanche.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\DinfAvalanche.exe
FirewallRules: [D8HDistToStrm.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\D8HDistToStrm.exe
FirewallRules: [D8HDistToStrm.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\D8HDistToStrm.exe
FirewallRules: [D8FlowPathExtremeUp.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\D8FlowPathExtremeUp.exe
FirewallRules: [D8FlowPathExtremeUp.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\D8FlowPathExtremeUp.exe
FirewallRules: [D8FlowDir.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\D8FlowDir.exe
FirewallRules: [D8FlowDir.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\D8FlowDir.exe
FirewallRules: [AreaDinf.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\AreaDinf.exe
FirewallRules: [AreaDinf.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\AreaDinf.exe
FirewallRules: [AreaD8.exe-UDP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\AreaD8.exe
FirewallRules: [AreaD8.exe-TCP] => (Block) C:\Program Files (x86)\MapWindow\Taudem5Exe\AreaD8.exe
FirewallRules: [{B64BF283-2A93-45C4-9DD1-59549F5FAD14}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe
FirewallRules: [{C7BC21A7-C3FA-4E28-BC1A-A557808EF625}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D2A9995C-573D-4870-A196-E6F92C7FEA75}] => (Allow) LPort=2869
FirewallRules: [{98FA0158-258F-4FA8-89DD-ECE5A11273C6}] => (Allow) LPort=1900
FirewallRules: [{EA34BF9A-7A5F-4F3F-A5BD-663CC060D6E3}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{ED82AD9C-AFA6-4735-A920-DC574204A409}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [TCP Query User{C66D7923-A783-41D0-84CF-2B67EFA6E8AC}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{6A6D3589-27E9-4166-A941-B67F7F496C4F}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{A25D23CA-7804-4EA6-B0D3-955DA76CFA0F}C:\windows\syswow64\java.exe] => (Allow) C:\windows\syswow64\java.exe
FirewallRules: [UDP Query User{64406E4F-99E3-47BB-AE74-B49BD5C4A72A}C:\windows\syswow64\java.exe] => (Allow) C:\windows\syswow64\java.exe
FirewallRules: [TCP Query User{C8F951DB-8AFE-49F0-9B60-F0027E091968}C:\program files (x86)\orbitdownloader\orbitnet.exe] => (Allow) C:\program files (x86)\orbitdownloader\orbitnet.exe
FirewallRules: [UDP Query User{35055077-0589-4225-B25A-778393990304}C:\program files (x86)\orbitdownloader\orbitnet.exe] => (Allow) C:\program files (x86)\orbitdownloader\orbitnet.exe
FirewallRules: [TCP Query User{6578A75B-A845-4BFE-A275-8FD74C984758}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{85D6766B-6445-4445-ABA5-C4818CC9EBDC}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{99BEEB2A-E79C-439B-9A70-3D225C43D63F}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{3EB3C082-397F-411C-9636-9ED1253AE631}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{EA796675-EE94-497F-BC35-CA9CBC9616C1}] => (Allow) C:\Program Files (x86)\Wolfram Research\Wolfram CDF Player\8.0\WolframCDFPlayer.exe
FirewallRules: [{46D7AF76-9E5A-4ABE-A0E2-E0E055EDF20F}] => (Allow) C:\Program Files (x86)\Wolfram Research\Wolfram CDF Player\8.0\WolframCDFPlayer.exe
FirewallRules: [{C4776A0E-63A8-4BF4-9607-AFD7FD9FC2B1}] => (Allow) C:\Program Files (x86)\Wolfram Research\Wolfram CDF Player\8.0\math.exe
FirewallRules: [{F0EA1B3E-80F1-44FB-A051-2AB84E74E76B}] => (Allow) C:\Program Files (x86)\Wolfram Research\Wolfram CDF Player\8.0\math.exe
FirewallRules: [{176B5412-E9D4-4293-8F3C-E1FE768D2BB1}] => (Allow) C:\Users\Office Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{F2A368AD-A5F5-49FB-BB32-A5A798EF5AC8}] => (Allow) C:\Users\Dave\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{D79BB384-A9B2-4C88-950E-CB3217FCF8B9}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{EB64F111-26BF-419C-873E-0DB8B100F120}C:\users\dave\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\dave\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{58913BBD-D8FB-45F6-A6D3-A6F3557780AB}C:\users\dave\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\dave\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [{E21B9340-397D-4611-BF10-2984A0055970}] => (Block) C:\users\dave\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [{10379A70-582A-44A7-A7CA-55594BB13019}] => (Block) C:\users\dave\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [TCP Query User{7C2313F0-154A-4E6E-90D6-7E90379CA707}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{A94DDC9C-3777-4D71-8BBE-4D876BCD135D}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{9C966373-284D-4353-ACE9-CD031EB094C4}] => (Allow) LPort=8298
FirewallRules: [{45DAD556-0BDA-4265-83C2-FE50B971192F}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{05D180E3-1AED-45AF-B671-62836A25F3DB}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{5BA111A5-F7EE-4FA6-9FCF-182CBE7BCFA4}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
FirewallRules: [{4528EE72-9CE0-421E-8550-3B24C363B9F5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{F6C09B32-9999-462F-AB77-DF7799C0C78F}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{CD2A1F08-F0C1-4981-90F7-5D39F3D41DA8}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [{21CC09DF-8C0C-4A80-9937-5AABCB29BBCF}] => (Block) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [{D9C5B658-463C-4498-B23A-2ABFB367CC8A}] => (Block) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [{E025775D-8895-4976-BA29-A879288BC421}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CA7BBAD6-8275-43AD-A8F5-B21337FA9A66}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{7AA5E096-F108-4834-88E6-661BC0F25167}C:\users\dave\documents\screenscraper basic\screen-scraper basic edition\screen-scraper.exe] => (Allow) C:\users\dave\documents\screenscraper basic\screen-scraper basic edition\screen-scraper.exe
FirewallRules: [UDP Query User{4F2DEC60-AB57-4F30-B6FC-8328AC5AB464}C:\users\dave\documents\screenscraper basic\screen-scraper basic edition\screen-scraper.exe] => (Allow) C:\users\dave\documents\screenscraper basic\screen-scraper basic edition\screen-scraper.exe
FirewallRules: [TCP Query User{6D1B4B3D-DC44-4E97-ABF5-BF0A5D719339}C:\users\dave\documents\screenscraper basic\screen-scraper basic edition\jre\bin\java.exe] => (Allow) C:\users\dave\documents\screenscraper basic\screen-scraper basic edition\jre\bin\java.exe
FirewallRules: [UDP Query User{6717A046-F10E-44A8-A0C4-9552514FD275}C:\users\dave\documents\screenscraper basic\screen-scraper basic edition\jre\bin\java.exe] => (Allow) C:\users\dave\documents\screenscraper basic\screen-scraper basic edition\jre\bin\java.exe
FirewallRules: [{61999273-0528-4DEE-9F0F-38CB07458FF8}] => (Block) C:\users\dave\documents\screenscraper basic\screen-scraper basic edition\screen-scraper.exe
FirewallRules: [{216A7450-775A-4FEE-B105-4DD82BA1CE49}] => (Block) C:\users\dave\documents\screenscraper basic\screen-scraper basic edition\screen-scraper.exe
FirewallRules: [{F184E7F9-BEAD-4372-85AE-AFD57A3276BD}] => (Block) C:\users\dave\documents\screenscraper basic\screen-scraper basic edition\jre\bin\java.exe
FirewallRules: [{418F4DC2-5545-48F0-A759-AB3BAB8BFBC4}] => (Block) C:\users\dave\documents\screenscraper basic\screen-scraper basic edition\jre\bin\java.exe
FirewallRules: [TCP Query User{8F8E1440-4D93-43AB-A3D6-201C8C23F463}K:\_personal\software\screenscraper basic\screen-scraper basic edition\screen-scraper.exe] => (Allow) K:\_personal\software\screenscraper basic\screen-scraper basic edition\screen-scraper.exe
FirewallRules: [UDP Query User{40CCAE81-8109-420E-AF87-77E26890B7F5}K:\_personal\software\screenscraper basic\screen-scraper basic edition\screen-scraper.exe] => (Allow) K:\_personal\software\screenscraper basic\screen-scraper basic edition\screen-scraper.exe
FirewallRules: [{C9ECCCEC-27ED-4620-9248-4C5E5EEAC2DC}] => (Block) K:\_personal\software\screenscraper basic\screen-scraper basic edition\screen-scraper.exe
FirewallRules: [{97E2E5D7-3C8D-4277-8621-2AEDEA7CD348}] => (Block) K:\_personal\software\screenscraper basic\screen-scraper basic edition\screen-scraper.exe
FirewallRules: [TCP Query User{A8769730-A01D-4989-8620-3ADE44A7D02B}C:\users\dave\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dave\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{046F220F-EFB1-4E01-B03D-8F38DD13339A}C:\users\dave\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dave\appdata\roaming\spotify\spotify.exe
FirewallRules: [{66F7B5B5-ED35-4329-B549-A95D03B9B1F1}] => (Block) C:\users\dave\appdata\roaming\spotify\spotify.exe
FirewallRules: [{58B041DA-DDE2-43FC-B32A-71F354676EB8}] => (Block) C:\users\dave\appdata\roaming\spotify\spotify.exe
FirewallRules: [{4EEFD3C5-14F1-4076-8EE4-F389AD479545}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{6D39C845-E020-45D1-BBE6-56AFA68C82DE}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{D5D7FE67-D60F-48B3-BD94-753E4765D5C4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{60D599F0-5D17-4685-A9AA-02518D2C3139}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{FB4981A4-3783-4464-B83E-AE98B5232A38}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{341C4F30-A9D6-4890-B70C-C049009C3C6F}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{5BF1087A-9375-4BE7-BD86-6FAAC9AE90CA}] => (Allow) C:\Program Files (x86)\Opera\54.0.2952.60\opera.exe
FirewallRules: [{033619D0-9520-42E2-83E8-ADC19A261AC1}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{11BBCA25-52E8-4C6D-9047-B9C87502457D}] => (Allow) C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
FirewallRules: [{BF968F8D-7C5E-4EB9-B0CF-C0CE516F489F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Orbitdownloader\orbitdm.exe] => Enabled:Orbit
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Orbitdownloader\orbitnet.exe] => Enabled:Orbit

==================== Restore Points =========================

20-07-2018 12:20:10 Scheduled Checkpoint
30-07-2018 01:14:58 Scheduled Checkpoint
01-08-2018 12:21:28 Windows Modules Installer
02-08-2018 14:21:59 Windows Modules Installer
04-08-2018 00:21:27 Windows Modules Installer
05-08-2018 02:21:20 Windows Modules Installer
06-08-2018 10:21:23 Windows Modules Installer
07-08-2018 11:12:08 Windows Modules Installer
08-08-2018 13:12:34 Windows Modules Installer

==================== Faulty Device Manager Devices =============

Name: MyBookWorld
Description: My Book World Edition Network Storage
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: Western Digital Corporation
Service: UmPass
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/09/2018 10:03:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ACDaemon.exe, version: 1.1.0.49, time stamp: 0x4cc808ec
Faulting module name: ACDaemon.exe, version: 1.1.0.49, time stamp: 0x4cc808ec
Exception code: 0xc0000005
Fault offset: 0x0001af76
Faulting process id: 0x1e9c
Faulting application start time: 0x01d42ffa76dac540
Faulting application path: C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
Faulting module path: C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
Report Id: 7429d9e5-3dd6-4173-b733-1b4df495a33c
Faulting package full name:
Faulting package-relative application ID:

Error: (08/09/2018 10:02:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdge.exe, version: 11.0.17134.165, time stamp: 0x5b3f1749
Faulting module name: ntdll.dll, version: 10.0.17134.165, time stamp: 0xf4df6dc2
Exception code: 0xcfffffff
Fault offset: 0x000000000009d7a4
Faulting process id: 0x2010
Faulting application start time: 0x01d42ffa3de81707
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: e61de093-9764-4afa-8a11-93d030da99fe
Faulting package full name: Microsoft.MicrosoftEdge_42.17134.1.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge

Error: (08/07/2018 10:39:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ACDaemon.exe, version: 1.1.0.49, time stamp: 0x4cc808ec
Faulting module name: ACDaemon.exe, version: 1.1.0.49, time stamp: 0x4cc808ec
Exception code: 0xc0000005
Fault offset: 0x0001af76
Faulting process id: 0x2844
Faulting application start time: 0x01d42ed1b51eccb0
Faulting application path: C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
Faulting module path: C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
Report Id: 4e997c31-4fbb-4618-99b7-6f26f02de4b6
Faulting package full name:
Faulting package-relative application ID:

Error: (08/04/2018 06:23:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14490266

Error: (08/04/2018 06:23:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14490266

Error: (08/04/2018 06:23:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/04/2018 06:23:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14480828

Error: (08/04/2018 06:23:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14480828


System errors:
=============
Error: (08/09/2018 10:08:08 AM) (Source: DCOM) (EventID: 10016) (User: 2012_Office)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user 2012_Office\Dave SID (S-1-5-21-4063716828-1680190529-1648852121-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/09/2018 10:07:18 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/09/2018 10:05:38 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Delivery Optimization service hung on starting.

Error: (08/09/2018 10:04:40 AM) (Source: DCOM) (EventID: 10016) (User: 2012_Office)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscCloudBackupProvider
and APPID
Unavailable
to the user 2012_Office\Dave SID (S-1-5-21-4063716828-1680190529-1648852121-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/09/2018 10:04:06 AM) (Source: DCOM) (EventID: 10016) (User: 2012_Office)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user 2012_Office\Dave SID (S-1-5-21-4063716828-1680190529-1648852121-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/09/2018 10:03:25 AM) (Source: DCOM) (EventID: 10016) (User: 2012_Office)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user 2012_Office\Dave SID (S-1-5-21-4063716828-1680190529-1648852121-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/09/2018 05:49:41 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (08/09/2018 02:22:36 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4


Windows Defender:
===================================
Date: 2018-07-06 18:09:01.541
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {7583C69C-F8A2-44A6-94BE-DF876712C433}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-08-09 10:12:58.689
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.273.1112.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15100.1
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

CodeIntegrity:
===================================

Date: 2018-08-09 10:04:01.404
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume2\Program Files\LinkShellExtension\HardlinkShellExt.dll that did not meet the Microsoft signing level requirements.

Date: 2018-08-09 10:04:01.398
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume2\Program Files\LinkShellExtension\HardlinkShellExt.dll that did not meet the Microsoft signing level requirements.

Date: 2018-08-09 10:04:01.393
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume2\Program Files\LinkShellExtension\HardlinkShellExt.dll that did not meet the Microsoft signing level requirements.

Date: 2018-08-09 10:04:00.671
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume2\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll that did not meet the Microsoft signing level requirements.

Date: 2018-08-09 10:04:00.666
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume2\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll that did not meet the Microsoft signing level requirements.

Date: 2018-08-09 10:04:00.660
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume2\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll that did not meet the Microsoft signing level requirements.

Date: 2018-08-09 10:04:00.654
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume2\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll that did not meet the Microsoft signing level requirements.

Date: 2018-08-09 10:03:59.998
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume2\Program Files\Google\Drive\googledrivesync64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz
Percentage of memory in use: 58%
Total physical RAM: 8098.51 MB
Available physical RAM: 3370.99 MB
Total Virtual: 11938.51 MB
Available Virtual: 6728.67 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:919.45 GB) (Free:83.63 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:11.52 GB) (Free:1.4 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive p: (New Volume) (Fixed) (Total:2794.39 GB) (Free:86.94 GB) NTFS

\\?\Volume{28a723c4-b7ed-11e1-ac0c-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{a1e71db5-0000-0000-0000-20e3e5000000}\ () (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: A1E71DB5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=919.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=11.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Protective MBR) (Size: 2794.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

**********************************

**********************************

Juliet
2018-08-10, 00:22
It has not been happy with some traffic that's going out, and which I don't seem to be actively sending.
Can you give me some kind of log that shows if its coming from a browser or application?

It seems aswMBR is having issues running on Windows 10 machines lately.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

I see you have peer-to-peer (P2P) file sharing software installed on your computer (uTorrent). I advise you avoid P2P file sharing programmes; they are a security risk which can make your computer susceptible to malware. File sharing networks are thoroughly infested with malware - worms (http://en.wikipedia.org/wiki/Computer_worm), backdoor Trojans (http://www.symantec.com/security_response/writeup.jsp?docid=2001-062614-1754-99), IRCBots (http://en.wikipedia.org/wiki/IRC_bot), and rootkits (http://en.wikipedia.org/wiki/Rootkit) propagate via P2P file sharing networks, gaming, and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install malware. The best way to reduce the risk of infection is to avoid these types of web sites and P2P programmes. Please read the following articles for more information.

Risks of File-Sharing Technology (http://www.us-cert.gov/cas/tips/ST05-007.html)
P2P Software User Advisories (http://aresgalaxy.sourceforge.net/p2prisks.htm)
More malware is traveling on P2P networks these days (http://www.computerworld.com/s/article/9240067/More_malware_is_traveling_on_P2P_networks_these_days)


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

Remove this program in bold via the Control Panel > Programs > Programs and Features.
CPUID CPU-Z 1.77 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) <==== ATTENTION

The version is not signed and may be compromised. If you need it download the latest from the Head Office.
https://www.cpuid.com/

~~~~~~~~~~~~~~~~~~~~~~~~~

Highlight the entire content of the quote box below and select Copy.




Start::
CloseProcesses:
CreateRestorePoint:
C:\Windows\Temp\*.*
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
GroupPolicyUsers\S-1-5-21-4063716828-1680190529-1648852121-1004\User: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-4063716828-1680190529-1648852121-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4063716828-1680190529-1648852121-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4063716828-1680190529-1648852121-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-4063716828-1680190529-1648852121-1006 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4063716828-1680190529-1648852121-1006 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4063716828-1680190529-1648852121-1006 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://isearch.avg.com/search?cid={1B9CC6B6-62E7-4842-A87E-60C6CEC9B3DC}&mid=&lang=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4063716828-1680190529-1648852121-1006 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Octh Class -> {000123B4-9B42-4900-B3F7-F4B073EFC214} -> C:\Program Files (x86)\Orbitdownloader\orbitcth.dll [2013-05-02] (Orbitdownloader.com)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)Toolbar: HKU\S-1-5-21-4063716828-1680190529-1648852121-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-4063716828-1680190529-1648852121-1006 -> No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
2018-08-08 11:31 - 2018-08-08 11:31 - 004264384 _____ (Don HO don.h@free.fr) C:\Users\Dave\AppData\Local\Temp\npp.7.5.8.Installer.exe
2018-05-24 19:49 - 2018-05-24 19:49 - 004299968 _____ (Don HO don.h@free.fr) C:\Users\Office Administrator\AppData\Local\Temp\npp.7.5.6.Installer.exe
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ContextMenuHandlers1-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ContextMenuHandlers3: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ContextMenuHandlers4: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers5: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ContextMenuHandlers6-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
Task: {032B01CC-1874-43B4-A40E-0A34AE5B0219} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {0CC3794B-E509-49AE-AF82-09F758E715B3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {0EBF683C-73C8-427B-888B-F5FEDFA0A8B8} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Unlock -> No File <==== ATTENTION
Task: {14160C5A-0629-4486-AD42-B50AD57381FA} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {15CDA51F-2714-4EDB-A171-93B428EB5EAB} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\OutOfIdle -> No File <==== ATTENTION
Task: {225F401F-D757-4C63-9C5E-338A1BF1A40C} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {310AE0D2-A029-42FE-9CBF-BE9D3169809C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {3311EDC2-3EB7-44C7-98E3-001274DB87E2} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {3D5FD92F-118C-45D9-B0B3-3723CAC9801B} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {453D4E41-9E0A-450B-ABEE-1E59AE056970} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {4EA06D77-9D3C-4D8D-87AC-E943886E5F61} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\OnIdle -> No File <==== ATTENTION
Task: {72D3B183-DAE2-4C2A-B083-2F775CA56B84} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {81CF05AE-D06C-4C08-9EC1-EF7705F329D2} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Logon -> No File <==== ATTENTION
Task: {92371601-C4C9-4886-8F49-55A1B31041CA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {A67499BF-E58D-4F6B-808F-5521BCB22C84} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {B45BD574-7084-4DF1-82B3-CD8D60EDDB56} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {B575AFE0-AF73-4398-9D64-5D7A4249CF40} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {B7A8F376-2E78-4061-83AB-BD6CC226463C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {B887A7D3-7A91-488D-87DA-512ED75B31E7} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {CC5E2665-C32E-472A-B456-DD8263A22363} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Time -> No File <==== ATTENTION
Task: {DB90AE6C-A7F3-4DCB-8F95-73AC04603218} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {E63BAE5A-5EBA-47EA-A20E-B92FD497F1B2} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\RunCampaignManager2 -> No File <==== ATTENTION
Task: {E715D404-048F-428E-B4E3-3091D17C67DF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F1B34399-703E-4852-B06A-F538BC5472CA} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:DED17083 [286]
Emptytemp:
End::



Start FRST (FRST64) with Administrator privileges
Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

http://i.imgur.com/zcMPezJ.pngAdwCleaner - Fix Mode

Download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) and move it to your Desktop
Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Accept the EULA (I accept), then click on Scan
Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean & Repair button. This will kill all the active processes
Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


~~~~~~~~~~~~~~~~~~~`
http://i.imgur.com/RQKuhw1.pngRogueKiller

Download the right version of RogueKiller (http://www.adlice.com/download/roguekiller/#download) for your Windows version (32 or 64-bit)
Once done, move the executable file to your Desktop, right-click on it and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
Wait for the scan to complete
On completion, the results will be displayed
Check every single entry (threat found), and click on the Remove Selected button
On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
This will open the report in Notepad. Copy/paste its content in your next reply


created by Aura
**
Your next reply(ies) should therefore contain:

Copy/pasted Fixlog.txt
Copy/pasted AdwCleaner clean log
Copy/pasted RogueKiller clean log

BooBounder
2018-08-10, 08:43
I am not sure how to get out what I am seeing from K9. Yes it has logs, but they don't seem very detailed. I am getting popups for blocked URL's. Not sure how to capture that information.

I am going to go through the rest of Juliet's post. Just not sure what to do with this first part.

BooBounder
2018-08-10, 11:05
Removed CPUID as requested.

Three requested log files pasted below. (Still not sure how to get a log you can use out of K9).

Only problem was with AdwCleaner. Version 7.2.1 downloaded from your link. It indicated there was a new version. But I could not get it to download the new version. I ran the one you linked to, instead of something I might find on my own.

Your scans found an unrecognized program called Keywords.exe. This one is probably not a threat. It is my keystroke macro loader for AutoHotKey, a program from the site LifeHacker.

******************************************************************************
Fix result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by Office Administrator (09-08-2018 23:46:16) Run:1
Running from C:\Users\Dave\Desktop
Loaded Profiles: Dave & Office Administrator (Available Profiles: Dave & Hope & Ben & Mary Jo & Office Administrator & Share_with_Office & Rich & Administrator & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
C:\Windows\Temp\*.*
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
GroupPolicyUsers\S-1-5-21-4063716828-1680190529-1648852121-1004\User: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-4063716828-1680190529-1648852121-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4063716828-1680190529-1648852121-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4063716828-1680190529-1648852121-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-4063716828-1680190529-1648852121-1006 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4063716828-1680190529-1648852121-1006 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4063716828-1680190529-1648852121-1006 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://isearch.avg.com/search?cid={1B9CC6B6-62E7-4842-A87E-60C6CEC9B3DC}&mid=&lang=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4063716828-1680190529-1648852121-1006 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Octh Class -> {000123B4-9B42-4900-B3F7-F4B073EFC214} -> C:\Program Files (x86)\Orbitdownloader\orbitcth.dll [2013-05-02] (Orbitdownloader.com)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)Toolbar: HKU\S-1-5-21-4063716828-1680190529-1648852121-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-4063716828-1680190529-1648852121-1006 -> No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
2018-08-08 11:31 - 2018-08-08 11:31 - 004264384 _____ (Don HO don.h@free.fr) C:\Users\Dave\AppData\Local\Temp\npp.7.5.8.Installer.exe
2018-05-24 19:49 - 2018-05-24 19:49 - 004299968 _____ (Don HO don.h@free.fr) C:\Users\Office Administrator\AppData\Local\Temp\npp.7.5.6.Installer.exe
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ContextMenuHandlers1-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ContextMenuHandlers3: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ContextMenuHandlers4: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers5: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
ContextMenuHandlers6-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\Program Files\Microsoft Silverlight\Office14\GROOVEEX.DLL -> No File
Task: {032B01CC-1874-43B4-A40E-0A34AE5B0219} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {0CC3794B-E509-49AE-AF82-09F758E715B3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {0EBF683C-73C8-427B-888B-F5FEDFA0A8B8} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Unlock -> No File <==== ATTENTION
Task: {14160C5A-0629-4486-AD42-B50AD57381FA} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {15CDA51F-2714-4EDB-A171-93B428EB5EAB} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\OutOfIdle -> No File <==== ATTENTION
Task: {225F401F-D757-4C63-9C5E-338A1BF1A40C} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {310AE0D2-A029-42FE-9CBF-BE9D3169809C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {3311EDC2-3EB7-44C7-98E3-001274DB87E2} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {3D5FD92F-118C-45D9-B0B3-3723CAC9801B} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {453D4E41-9E0A-450B-ABEE-1E59AE056970} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {4EA06D77-9D3C-4D8D-87AC-E943886E5F61} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\OnIdle -> No File <==== ATTENTION
Task: {72D3B183-DAE2-4C2A-B083-2F775CA56B84} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {81CF05AE-D06C-4C08-9EC1-EF7705F329D2} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Logon -> No File <==== ATTENTION
Task: {92371601-C4C9-4886-8F49-55A1B31041CA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {A67499BF-E58D-4F6B-808F-5521BCB22C84} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {B45BD574-7084-4DF1-82B3-CD8D60EDDB56} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {B575AFE0-AF73-4398-9D64-5D7A4249CF40} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {B7A8F376-2E78-4061-83AB-BD6CC226463C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {B887A7D3-7A91-488D-87DA-512ED75B31E7} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {CC5E2665-C32E-472A-B456-DD8263A22363} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Time -> No File <==== ATTENTION
Task: {DB90AE6C-A7F3-4DCB-8F95-73AC04603218} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {E63BAE5A-5EBA-47EA-A20E-B92FD497F1B2} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\RunCampaignManager2 -> No File <==== ATTENTION
Task: {E715D404-048F-428E-B4E3-3091D17C67DF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F1B34399-703E-4852-B06A-F538BC5472CA} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:DED17083 [286]
Emptytemp:

*****************

Processes closed successfully.
Restore point was successfully created.

=========== "C:\Windows\Temp\*.*" ==========

C:\Windows\Temp\ASPNETSetup_00000.log => moved successfully
C:\Windows\Temp\ASPNETSetup_00001.log => moved successfully
C:\Windows\Temp\ccleaner64.exe.png => moved successfully
C:\Windows\Temp\chrome_installer.log => moved successfully
C:\Windows\Temp\CProgram Files (x86)Opera52.0.2871.64opera_autoupdate.download.lock => moved successfully
C:\Windows\Temp\CProgram Files (x86)Opera53.0.2907.68opera_autoupdate.download.lock => moved successfully
C:\Windows\Temp\CProgram Files (x86)Opera53.0.2907.99opera_autoupdate.download.lock => moved successfully
C:\Windows\Temp\CProgram Files (x86)Opera54.0.2952.51opera_autoupdate.download.lock => moved successfully
C:\Windows\Temp\CProgram Files (x86)Opera54.0.2952.54opera_autoupdate.download.lock => moved successfully
C:\Windows\Temp\CProgram Files (x86)Opera54.0.2952.64opera_autoupdate.download.lock => moved successfully
C:\Windows\Temp\easyclea.exe.png => moved successfully
C:\Windows\Temp\FXSAPIDebugLogFile.txt => moved successfully
C:\Windows\Temp\FXSTIFFDebugLogFile.txt => moved successfully
C:\Windows\Temp\MpCmdRun.log => moved successfully
C:\Windows\Temp\MpSigStub.log => moved successfully
C:\Windows\Temp\opera_crashreporter.log => moved successfully
C:\Windows\Temp\Opera_installer_180516065107578.dll => moved successfully
C:\Windows\Temp\Opera_installer_180517003808963.dll => moved successfully
C:\Windows\Temp\Opera_installer_180517141350204.dll => moved successfully
C:\Windows\Temp\Opera_installer_180517231321000.dll => moved successfully
C:\Windows\Temp\Opera_installer_180517232424842.dll => moved successfully
C:\Windows\Temp\Opera_installer_180518001313655.dll => moved successfully
C:\Windows\Temp\Opera_installer_180518003809164.dll => moved successfully
C:\Windows\Temp\Opera_installer_180518061320300.dll => moved successfully
C:\Windows\Temp\Opera_installer_180519003809063.dll => moved successfully
C:\Windows\Temp\Opera_installer_180519061325579.dll => moved successfully
C:\Windows\Temp\Opera_installer_180520025744624.dll => moved successfully
C:\Windows\Temp\Opera_installer_180520061334625.dll => moved successfully
C:\Windows\Temp\Opera_installer_180521003808944.dll => moved successfully
C:\Windows\Temp\Opera_installer_180521061340919.dll => moved successfully
C:\Windows\Temp\Opera_installer_180522003809702.dll => moved successfully
C:\Windows\Temp\Opera_installer_180522061359177.dll => moved successfully
C:\Windows\Temp\Opera_installer_180523053058263.dll => moved successfully
C:\Windows\Temp\Opera_installer_180523061414625.dll => moved successfully
C:\Windows\Temp\Opera_installer_180523153712496.dll => moved successfully
C:\Windows\Temp\Opera_installer_180523155327936.dll => moved successfully
C:\Windows\Temp\Opera_installer_180523172527527.dll => moved successfully
C:\Windows\Temp\Opera_installer_180524003808798.dll => moved successfully
C:\Windows\Temp\Opera_installer_180524172536263.dll => moved successfully
C:\Windows\Temp\Opera_installer_180525013519843.dll => moved successfully
C:\Windows\Temp\Opera_installer_180525172543227.dll => moved successfully
C:\Windows\Temp\Opera_installer_180526064750140.dll => moved successfully
C:\Windows\Temp\Opera_installer_180526161634847.dll => moved successfully
C:\Windows\Temp\Opera_installer_180526221506407.dll => moved successfully
C:\Windows\Temp\Opera_installer_180527003809198.dll => moved successfully
C:\Windows\Temp\Opera_installer_180527221515581.dll => moved successfully
C:\Windows\Temp\Opera_installer_180529064602222.dll => moved successfully
C:\Windows\Temp\Opera_installer_180529163744323.dll => moved successfully
C:\Windows\Temp\Opera_installer_180529221612512.dll => moved successfully
C:\Windows\Temp\Opera_installer_180529223729324.dll => moved successfully
C:\Windows\Temp\Opera_installer_180531064515685.dll => moved successfully
C:\Windows\Temp\Opera_installer_180601064706678.dll => moved successfully
C:\Windows\Temp\Opera_installer_180602064617077.dll => moved successfully
C:\Windows\Temp\Opera_installer_180602064937738.dll => moved successfully
C:\Windows\Temp\Opera_installer_180606041226536.dll => moved successfully
C:\Windows\Temp\sa.007CAC78-C79B-923B-71A8-B5DFAE2AF4C2_5__.Public.AppUpdate.dat => moved successfully
C:\Windows\Temp\sa.00D57B0F-01FA-B79F-08D6-878ED20C4C9B_5__.Public.AppUpdate.dat => moved successfully
C:\Windows\Temp\sa.0116DC02-781B-D1D1-FC1C-C80195511E17_5__.Public.AppUpdate.dat => moved successfully
C:\Windows\Temp\sa.0251D65D-E887-28BD-A226-3ECD72FB59C6_5__.Public.AppUpdate.dat => moved successfully
C:\Windows\Temp\sa.0862A72D-A96C-83E5-AD0F-78B6AA06F9C6_5__.Public.AppUpdate.dat => moved successfully
C:\Windows\Temp\sa.0A55FA08-ED1C-797E-BCC1-BBA3F550B119_5__.Public.AppUpdate.dat => moved successfully
C:\Windows\Temp\sa.0C8CF327-9D17-CCDE-18AF-DFF4F20070E5_5__.Public.AppUpdate.dat => moved successfully
C:\Windows\Temp\sa.18DDC675-D472-0DB4-9563-7DF7C34F512C_5__.Public.AppUpdate.dat => moved successfully
C:\Windows\Temp\sa.1A7994D6-5342-8581-71FB-A2BD1C895D93_5__.Public.AppUpdate.dat => moved successfully
C:\Windows\Temp\sa.1F63B8C3-2D48-9497-0A0A-2CBD462EDE76_5__.Public.AppUpdate.dat => moved successfully
C:\Windows\Temp\sa.1FE89C0B-9BED-CC5D-7426-9E4025D6BDD9_5__.Public.AppUpdate.dat => moved successfully
C:\Windows\Temp\sa.31A692E0-F967-E4F8-A441-21A804580E9E_5__.Public.AppUpdate.dat => moved successfully
C:\Windows\Temp\sa.32A48683-F264-932C-7870-B93BB448ED69_5__.Public.AppUpdate.dat => moved successfully
C:\Windows\Temp\sa.3BFD26C9-8DA9-B940-F638-55890012AAB4_5__.Public.AppUpdate.dat => moved successfully
C:\Windows\Temp\sa.49F33C48-B2DE-F82A-56F2-64425F298B84_5__.Public.AppUpdate.dat => moved successfully
C:\Windows\Temp\sa.50611331-FE19-D366-B049-694B8AC9D758_5__.Public.AppUpdate.dat => moved successfully
C:\Windows\Temp\sa.557EA3BB-623E-ADD9-4DFB-629A8648A038_5__.Public.AppUpdate.dat => moved successfully
C:\Windows\Temp\sa.558F5D32-0827-EB7B-6AD6-D5DB4138B3AA_5__.Public.AppUpdate.dat => moved successfully
C:\Windows\Temp\sa.62B49C0A-499E-A02D-EBCB-EB168E148E52_5__.Public.AppUpdate.dat => moved successfully
C:\Windows\Temp\sa.6447326C-966E-1B7C-F7BE-35D29235B75F_5__.Public.AppUpdate.dat => moved successfully
C:\Windows\Temp\sa.664AA17A-2D25-0823-3315-3708FE16147A_5__.Public.AppUpdate.dat => moved successfully
C:\Windows\Temp\sa.674C4C14-7BAA-F782-E214-956DC3BEDF39_5__.Public.AppUpdate.dat => moved successfully
C:\Windows\Temp\sa.68BC3251-2D8B-A604-92BA-893638CA72EA_5__.Public.AppUpdate.dat => moved successfully
C:\Windows\Temp\sa.68E019EB-0B92-5E08-5D86-9BFE6DBA8517_5__.Public.AppUpdate.dat => moved successfully
C:\Windows\Temp\sa.69F3BCAB-8975-C526-30F5-39FA70C77AD9_5__.Public.AppUpdate.dat => moved successfully
C:\Windows\Temp\sa.6D151227-6BD9-726D-B30E-A8A018DCC82B_5__.Public.AppUpdate.dat => moved successfully
C:\Windows\Temp\sa.6DA3D5C0-A460-4E4E-3B2A-8530BC7CAFDA_5__.Public.AppUpdate.dat => moved successfully
C:\Windows\Temp\sa.6EA6FC2E-9305-586B-3411-02826D151533_5__.Public.AppUpdate.dat => moved successfully
C:\Windows\Temp\sa.70BC17F8-0AA7-CB35-CEE0-EF1B47A0FD3E_5__.Public.AppUpdate.dat => moved successfully
C:\Windows\Temp\sa.7583E141-6210-5A36-BB89-80D0397C4721_5__.Public.AppUpdate.dat => moved successfully
C:\Windows\Temp\sa.8F700A8E-3731-B777-A6DD-000FE1F8FCB2_5__.Public.AppUpdate.dat => moved successfully
C:\Windows\Temp\sa.97612282-D1E8-1D6A-9E92-C271E7F177EF_5__.Public.AppUpdate.dat => moved successfully
C:\Windows\Temp\sa.993325CD-9CA8-DD49-50C4-377C092AEF1B_5__.Public.AppUpdate.dat => moved successfully
C:\Windows\Temp\sa.9D4DED89-CABC-F4FB-8133-BC5EDB1C7EDA_5__.Public.AppUpdate.dat => moved successfully
C:\Windows\Temp\sa.A715D489-C343-F20B-B22E-F8D749061B0C_5__.Public.AppUpdate.dat => moved successfully
C:\Windows\Temp\sa.A8849751-10C4-3F5D-1F42-DA79DB2C7BE9_5__.Public.AppUpdate.dat => moved successfully
C:\Windows\Temp\sa.A90B8400-D36D-8235-8BF2-A21A53D3FB65_5__.Public.AppUpdate.dat => moved successfully
C:\Windows\Temp\sa.AB7C46F6-66DE-8533-C6B1-FFE36BF92E97_5__.Public.AppUpdate.dat => moved successfully
C:\Windows\Temp\sa.B1B6FBCA-CD11-CB52-6CA7-06B47EB7C197_5__.Public.AppUpdate.dat => moved successfully
C:\Windows\Temp\sa.BBFD7549-71AE-D8FD-9F58-2EF4C874B21C_5__.Public.AppUpdate.dat => moved successfully
C:\Windows\Temp\sa.D73AFAA4-7387-FEF0-0786-A226F43AD6F5_5__.Public.AppUpdate.dat => moved successfully
C:\Windows\Temp\sa.DFBE09D0-1F22-A9C0-2D3D-3F4C6351E58F_5__.Public.AppUpdate.dat => moved successfully
C:\Windows\Temp\sa.E336BB8F-16ED-7CBE-AFEE-971DD3041585_5__.Public.AppUpdate.dat => moved successfully
C:\Windows\Temp\sa.E6658C19-4221-2EBE-763A-F0493FBA2BB0_5__.Public.AppUpdate.dat => moved successfully
C:\Windows\Temp\sa.E6D3B497-80AF-7F14-F9E6-9606EE369FC3_5__.Public.AppUpdate.dat => moved successfully
C:\Windows\Temp\sa.FACF9DDE-1FF1-B57D-4D1D-CE479FDD42AF_5__.Public.AppUpdate.dat => moved successfully
C:\Windows\Temp\sa.FB06EF95-BC48-1A6A-26FB-4450CE9A5906_5__.Public.AppUpdate.dat => moved successfully
C:\Windows\Temp\tem8429.tmp => moved successfully
C:\Windows\Temp\wmsetup.log => moved successfully

========= End -> "C:\Windows\Temp\*.*" ========

C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\system32\GroupPolicy\User => moved successfully
C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-4063716828-1680190529-1648852121-1004\User => moved successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => removed successfully
HKLM\Software\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => not found
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => removed successfully
HKLM\Software\Classes\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => not found
"HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
"HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => removed successfully
HKLM\Software\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => not found
"HKU\S-1-5-21-4063716828-1680190529-1648852121-1006\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKU\S-1-5-21-4063716828-1680190529-1648852121-1006\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
"HKU\S-1-5-21-4063716828-1680190529-1648852121-1006\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => removed successfully
HKLM\Software\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => not found
"HKU\S-1-5-21-4063716828-1680190529-1648852121-1006\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => removed successfully
HKLM\Software\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}" => removed successfully
"HKLM\Software\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{000123B4-9B42-4900-B3F7-F4B073EFC214}" => removed successfully
"HKU\Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)S-1-5-21-4063716828-1680190529-1648852121-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8dcb7100-df86-4384-8842-8fa844297b3f}" => not found
"HKLM\Software\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}" => removed successfully
"HKU\S-1-5-21-4063716828-1680190529-1648852121-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}" => removed successfully
HKLM\Software\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} => not found
"HKLM\Software\Classes\PROTOCOLS\Handler\livecall" => removed successfully
HKLM\Software\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => not found
"HKLM\Software\Classes\PROTOCOLS\Handler\msnim" => removed successfully
HKLM\Software\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => not found
C:\Users\Dave\AppData\Local\Temp\npp.7.5.8.Installer.exe => moved successfully
C:\Users\Office Administrator\AppData\Local\Temp\npp.7.5.6.Installer.exe => moved successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 1 (GFS Unread Stub)" => removed successfully
"HKLM\Software\Classes\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2 (GFS Stub)" => removed successfully
"HKLM\Software\Classes\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" => removed successfully
"HKLM\Software\Classes\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 3 (GFS Folder)" => removed successfully
"HKLM\Software\Classes\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 4 (GFS Unread Mark)" => removed successfully
"HKLM\Software\Classes\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" => removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 1 (GFS Unread Stub)" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}" => removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2 (GFS Stub)" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" => removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}" => removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 3 (GFS Folder)" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}" => removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 4 (GFS Unread Mark)" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" => removed successfully
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D}" => removed successfully
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX" => removed successfully
"HKLM\Software\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D}" => removed successfully
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX" => removed successfully
HKLM\Software\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D} => not found
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets" => removed successfully
HKLM\Software\Classes\CLSID\{6B9228DA-9C15-419e-856C-19E768A13BDC} => not found
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX" => removed successfully
HKLM\Software\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D} => not found
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{032B01CC-1874-43B4-A40E-0A34AE5B0219}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{032B01CC-1874-43B4-A40E-0A34AE5B0219}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0CC3794B-E509-49AE-AF82-09F758E715B3}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0CC3794B-E509-49AE-AF82-09F758E715B3}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0EBF683C-73C8-427B-888B-F5FEDFA0A8B8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0EBF683C-73C8-427B-888B-F5FEDFA0A8B8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Unlock" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{14160C5A-0629-4486-AD42-B50AD57381FA}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{14160C5A-0629-4486-AD42-B50AD57381FA}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{15CDA51F-2714-4EDB-A171-93B428EB5EAB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{15CDA51F-2714-4EDB-A171-93B428EB5EAB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\OutOfIdle" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{225F401F-D757-4C63-9C5E-338A1BF1A40C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{225F401F-D757-4C63-9C5E-338A1BF1A40C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{310AE0D2-A029-42FE-9CBF-BE9D3169809C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{310AE0D2-A029-42FE-9CBF-BE9D3169809C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3311EDC2-3EB7-44C7-98E3-001274DB87E2}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3311EDC2-3EB7-44C7-98E3-001274DB87E2}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3D5FD92F-118C-45D9-B0B3-3723CAC9801B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D5FD92F-118C-45D9-B0B3-3723CAC9801B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-Weekend" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{453D4E41-9E0A-450B-ABEE-1E59AE056970}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{453D4E41-9E0A-450B-ABEE-1E59AE056970}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4EA06D77-9D3C-4D8D-87AC-E943886E5F61}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4EA06D77-9D3C-4D8D-87AC-E943886E5F61}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\OnIdle" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{72D3B183-DAE2-4C2A-B083-2F775CA56B84}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72D3B183-DAE2-4C2A-B083-2F775CA56B84}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{81CF05AE-D06C-4C08-9EC1-EF7705F329D2}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{81CF05AE-D06C-4C08-9EC1-EF7705F329D2}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Logon" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{92371601-C4C9-4886-8F49-55A1B31041CA}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92371601-C4C9-4886-8F49-55A1B31041CA}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A67499BF-E58D-4F6B-808F-5521BCB22C84}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A67499BF-E58D-4F6B-808F-5521BCB22C84}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B45BD574-7084-4DF1-82B3-CD8D60EDDB56}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B45BD574-7084-4DF1-82B3-CD8D60EDDB56}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B575AFE0-AF73-4398-9D64-5D7A4249CF40}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B575AFE0-AF73-4398-9D64-5D7A4249CF40}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B7A8F376-2E78-4061-83AB-BD6CC226463C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7A8F376-2E78-4061-83AB-BD6CC226463C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B887A7D3-7A91-488D-87DA-512ED75B31E7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B887A7D3-7A91-488D-87DA-512ED75B31E7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CC5E2665-C32E-472A-B456-DD8263A22363}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC5E2665-C32E-472A-B456-DD8263A22363}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Time" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DB90AE6C-A7F3-4DCB-8F95-73AC04603218}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB90AE6C-A7F3-4DCB-8F95-73AC04603218}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E63BAE5A-5EBA-47EA-A20E-B92FD497F1B2}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E63BAE5A-5EBA-47EA-A20E-B92FD497F1B2}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\RunCampaignManager2" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E715D404-048F-428E-B4E3-3091D17C67DF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E715D404-048F-428E-B4E3-3091D17C67DF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F1B34399-703E-4852-B06A-F538BC5472CA}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F1B34399-703E-4852-B06A-F538BC5472CA}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => not found
C:\ProgramData\Temp => ":DED17083" ADS removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 9199616 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 2245638 B
Java, Flash, Steam htmlcache => 1650 B
Windows/system/drivers => 2013057 B
Edge => 9573 B
Chrome => 48077512 B
Firefox => 104223863 B
Opera => 22643417 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 7616 B
LocalService => 0 B
NetworkService => 175062 B
NetworkService => 0 B
Dave => 109713227 B
Hope => 82751493 B
Ben => 700139 B
Mary Jo => 439931 B
Office Administrator => 411743592 B
Share_with_Office => 174146 B
Rich => 135222 B
Administrator => 1313530 B
DefaultAppPool => 6656 B

RecycleBin => 695648941 B
EmptyTemp: => 1.4 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 23:49:42 ====
******************************************************************************

# -------------------------------
# Malwarebytes AdwCleaner 7.2.1.0
# -------------------------------
# Build: 06-26-2018
# Database: 2018-08-09.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 08-10-2018
# Duration: 00:00:39
# OS: Windows 10 Home
# Scanned: 41484
# Detected: 78


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Ask C:\Program Files (x86)\Ask.com
PUP.Optional.Legacy C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
PUP.Optional.Legacy C:\Program Files (x86)\myfree codec
PUP.Optional.Legacy C:\Program Files (x86)\orbitdownloader
PUP.Optional.Legacy C:\Users\Ben\AppData\Roaming\GrabPro
PUP.Optional.Legacy C:\Users\Hope\AppData\Roaming\GrabPro
PUP.Optional.Legacy C:\Users\Office Administrator\AppData\Roaming\GrabPro
PUP.Optional.Legacy C:\Users\Share_with_Office\AppData\Roaming\GrabPro
PUP.Optional.Legacy C:\Users\Dave\AppData\Roaming\ProgSense
PUP.Optional.Legacy C:\Users\Office Administrator\AppData\Roaming\ProgSense
PUP.Optional.Legacy C:\Users\Share_with_Office\AppData\Roaming\ProgSense
PUP.Optional.Spigot.Generic C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
PUP.Optional.Spigot.Generic C:\Program Files (x86)\Coupons

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Conduit HKCU\Software\Conduit
PUP.Optional.Conduit HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\Software\Conduit
PUP.Optional.Legacy HKCU\Software\AppDataLow\Software\Smartbar
PUP.Optional.Legacy HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\Software\AppDataLow\Software\Smartbar
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
PUP.Optional.Legacy HKCU\Software\PIP
PUP.Optional.Legacy HKLM\Software\Wow6432Node\PIP
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Orbit_is1
PUP.Optional.Legacy HKCU\Software\Orbit
PUP.Optional.Legacy HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\Software\Orbit
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Orbit
PUP.Optional.Legacy HKCU\Software\AVG Secure Search
PUP.Optional.Legacy HKLM\Software\Wow6432Node\AVG Secure Search
PUP.Optional.Legacy HKCU\Software\APN PIP
PUP.Optional.Legacy HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\Software\Appscion
PUP.Optional.Legacy HKCU\Software\ProgSense
PUP.Optional.Legacy HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\Software\ProgSense
PUP.Optional.Legacy HKCU\Software\Myfree Codec
PUP.Optional.Legacy HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\Software\Myfree Codec
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Myfree Codec
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\MenuExt\Down&load all by Orbit
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\MenuExt\Do&wnload selected by Orbit
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Grab video by Orbit
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Download by Orbit
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar|{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
PUP.Optional.Legacy HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
PUP.Optional.Legacy HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\TypeLib\{BCDDE143-FAE3-4C57-B22B-C4E8678CFDC0}
PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{BCDDE143-FAE3-4C57-B22B-C4E8678CFDC0}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\TypeLib\{A0880527-DC28-4EBB-BA27-D22102F22A9F}
PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{A0880527-DC28-4EBB-BA27-D22102F22A9F}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{7854F00C-DC77-477E-A10E-603F48442D3B}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
PUP.Optional.Legacy HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{3F1D494B-0CEF-4468-96C9-386E2E4DEC90}
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000123B4-9B42-4900-B3F7-F4B073EFC214}
PUP.Optional.Legacy HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000123B4-9B42-4900-B3F7-F4B073EFC214}
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
PUP.Optional.Legacy HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
PUP.Optional.Legacy HKU\S-1-5-21-4063716828-1680190529-1648852121-1000\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

PUP.Optional.Legacy Mysearchdial
PUP.Optional.Legacy Ask
PUP.Optional.Legacy Ask
PUP.Optional.Legacy Ask
PUP.Optional.Legacy Ask
PUP.Optional.Legacy Ask
PUP.Optional.Legacy Ask
PUP.Optional.Legacy Ask
PUP.Optional.Legacy AOL
PUP.Optional.Legacy AOL
PUP.Optional.Legacy AOL
PUP.Optional.Legacy AOL
PUP.Optional.Legacy AOL
PUP.Optional.Legacy AOL
PUP.Optional.Legacy AOL
PUP.Optional.Legacy turnoffsafesearch.com

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########


******************************************************************************

RogueKiller V12.12.30.0 (x64) [Aug 6 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.17134) 64 bits version
Started in : Normal mode
User : Office Administrator [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 08/10/2018 00:19:23 (Duration : 01:25:18)

¤¤¤ Processes : 1 ¤¤¤
[VT.Unknown] keywords.exe(9840) -- C:\Users\Dave\Documents\My Program Files\AutoHotkey\Compiler\keywords.exe[-] -> Killed [TermProc]

¤¤¤ Registry : 10 ¤¤¤
[PUP.Gen0] (X86) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {C55BBCD6-41AD-48AD-9953-3609C48EACC7} : -> Deleted
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-4063716828-1680190529-1648852121-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://drudgereport.com/ -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-4063716828-1680190529-1648852121-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://drudgereport.com/ -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 74.211.15.210 74.211.15.211 24.56.178.102 ([-][United States][-]) -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2e0767a7-1000-4233-b9a4-a7209860729f} | DhcpNameServer : 74.211.15.210 74.211.15.211 24.56.178.102 ([-][United States][-]) -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{e41e13c2-fdb5-4a91-bf30-2f642af83cec} | DhcpNameServer : 74.211.15.210 74.211.15.211 24.56.178.102 ([-][United States][-]) -> Replaced ()
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{C8F951DB-8AFE-49F0-9B60-F0027E091968}C:\program files (x86)\orbitdownloader\orbitnet.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\orbitdownloader\orbitnet.exe|Name=P2P service of Orbit Downloader|Desc=P2P service of Orbit Downloader|Defer=User| [x] -> Deleted
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{35055077-0589-4225-B25A-778393990304}C:\program files (x86)\orbitdownloader\orbitnet.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\orbitdownloader\orbitnet.exe|Name=P2P service of Orbit Downloader|Desc=P2P service of Orbit Downloader|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {176B5412-E9D4-4293-8F3C-E1FE768D2BB1} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Office Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe|Name=Microsoft SkyDrive| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {F2A368AD-A5F5-49FB-BB32-A5A798EF5AC8} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Dave\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe|Name=Microsoft SkyDrive| [x] -> Deleted

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 2 ¤¤¤
[PUP.Gen1][Folder] C:\Users\Office Administrator\AppData\Local\PackageAware -> Deleted
[PUP.Gen0][Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browsers -> Deleted
[PUP.Gen0][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browsers\desktop.ini -> Deleted

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST31000524AS +++++
--- User ---
[MBR] c62efa630f21217b93ee1e13634f2a44
[BSP] c6b0d55b4b7c1e3e60d613bb891ac76b : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 941517 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1928433664 | Size: 450 MB
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1929355264 | Size: 11800 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ST3000DM001-1CH166 +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - Microsoft reserved partition | Offset (sectors): 34 | Size: 128 MB
1 - Basic data partition | Offset (sectors): 264192 | Size: 2861459 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive5: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

Juliet
2018-08-10, 12:41
Still not sure how to get a log you can use out of K9
Dont worry about it, we can continue with out it.

It indicated there was a new version. But I could not get it to download the new version
Odd but it was still able to run and found quite a bit. When you ran AdwCleaner, did you allow it to delete/quarantine what it found?


Your scans found an unrecognized program called Keywords.exe. This one is probably not a threat. It is my keystroke macro loader for AutoHotKey, a program from the site LifeHacker.
Very likely from what the tool is able to do to your machine, keyword, "keystroke" also follows a malicious route from malware.

~~~~~

Lets check for remnants

Open Malwarebytes Anti-Malware
click the Settings tab,at the top choose Protection and tick Scan for rootkits.
Click the Dashboard tab, choose Scan, Threat Scan is checked and click Start Scan.
If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
Upon completion of the scan (or after the reboot), click the Reports tab.
Double-click the Scan Log.
At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.

You can access the logs by going in the "Reports" tab, clicking on the latest "Scan" entry (the one with detections), then clicking on the "Export" button in the bottom-left corner and select "Copy to clipboard". After that, all you have to do is paste it here


~~~

[img=http://i.imgur.com/G0tu5D9.png]Emsisoft Emergency Kit - Fix Mode
Follow the instructions below to run a scan using the Emsisoft Emergency Kit.

Download the Emsisoft Emergency Kit (https://www.emsisoft.com/en/software/eek/download/) and execute it. From there, click on the Install button to extract the program in the EEK folder;
Once the extraction is complete, the EEK folder will open. Right-click on [img=http://i.imgur.com/G0tu5D9.png]start emergency kit scanner.exe and select [img=http://i.imgur.com/Spcusrh.png]Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
EEK will suggest that you run an online update before using the program. Click on Yes to launch it.
After the update, click on Malware Scan under 2. Scan and accept to let EEK detect PUPs (click on Yes).
Once the scan is complete, make sure that every item in the list is checked, and click on the Quarantine selected button;
If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
After the restart, open EEK again (in the C:\EEK folder);
This time, click on Logs;
From there, go under the Quarantine Log tab, and click on the Export button;
Save the log on your desktop, then open it, and copy/paste its content in your next reply;

Please post these 2 logs when finished.

Also, tell me how the computer is now.

BooBounder
2018-08-10, 23:27
Two logs pasted below.

I cannot tell yet if there has been an improvement to the computer (just too busy to use it today).

I did get a single popup from K9 about a site being accessed. I was not able to click on it fast enough. This may not always mean much: I'm sure they operate off a whitelist of some sort. Those popups do not arrive predictably or in huge numbers, so it's not something I can duplicate.

I am also wondering if I should rerun something until I get zero problems.

I am always curious about the things that were found that was most dangerous (if you care to explain).

************************************************************************

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 8/10/18
Scan Time: 11:13 AM
Log File: bccb5d8c-9cc0-11e8-8abf-3860774dacec.json
Administrator: No

-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.391
Update Package Version: 1.0.6289
License: Free

-System Information-
OS: Windows 10 (Build 17134.165)
CPU: x64
File System: NTFS
User: 2012_Office\Dave

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 580979
Threats Detected: 2
Threats Quarantined: 2
Time Elapsed: 24 min, 28 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 1
Adware.Zdengo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SABnzbd, Quarantined, [7861], [547781],1.0.6289

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
Adware.Zdengo, C:\PROGRAM FILES (X86)\SABNZBD\UNINSTALL.EXE, Quarantined, [7861], [547781],1.0.6289

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

************************************************************************

Emsisoft Emergency Kit 2018.6.0.8742 stable [en-us]
OS: Windows 10 (Version 10.0, Build 17134, 64-bit Edition)

Forensics log

Date Component Action Details
8/10/2018 2:00:34 PM User 2012_OFFICE\OFFICE ADMINISTRATOR Infection quarantined Medium risk Malware "Adware.Win32.Cydo (A)" in "adcache".
8/10/2018 2:00:34 PM User 2012_OFFICE\OFFICE ADMINISTRATOR Infection quarantined Malware "Application.AppInstall (A)" in "pdfforge".
8/10/2018 2:00:34 PM User 2012_OFFICE\OFFICE ADMINISTRATOR Infection quarantined Malware "Application.AdCoup (A)" in "couponprinter.ocx".
8/10/2018 2:00:33 PM User 2012_OFFICE\OFFICE ADMINISTRATOR Infection quarantined Malware "Application.AdExt (A)" in "npcouponprinter.dll".
8/10/2018 2:00:33 PM User 2012_OFFICE\OFFICE ADMINISTRATOR Infection quarantined Malware "Application.AdExt (A)" in "npmozcouponprinter.dll".
8/10/2018 2:00:33 PM User 2012_OFFICE\OFFICE ADMINISTRATOR Infection quarantined PUP "Application.Win32.PassRecover (A)" in "PSPV".
8/10/2018 2:00:32 PM User 2012_OFFICE\OFFICE ADMINISTRATOR Infection quarantined PUP "Application.InstallAd (A)" in "CONDUIT".
8/10/2018 2:00:31 PM User 2012_OFFICE\OFFICE ADMINISTRATOR Infection quarantined PUP "Application.InstallAd (A)" in "CONDUIT".
8/10/2018 2:00:30 PM User 2012_OFFICE\OFFICE ADMINISTRATOR Infection quarantined PUP "Application.InstallAd (A)" in "CONDUIT".
8/10/2018 2:00:30 PM User 2012_OFFICE\OFFICE ADMINISTRATOR Infection quarantined Malware "Application.AdOffer (A)" in "CouponPrinter.exe".
8/10/2018 2:00:30 PM User 2012_OFFICE\OFFICE ADMINISTRATOR Infection quarantined Malware "Application.AdOffer (A)" in "CouponPrinterServiceWin32.exe".
8/10/2018 2:00:29 PM User 2012_OFFICE\OFFICE ADMINISTRATOR Infection quarantined Malware "Application.AdOffer (A)" in "npCouponPrinter.dll".
8/10/2018 2:00:29 PM User 2012_OFFICE\OFFICE ADMINISTRATOR Infection quarantined Malware "Application.AdOffer (A)" in "npMozCouponPrinter.dll".
8/10/2018 2:00:29 PM User 2012_OFFICE\OFFICE ADMINISTRATOR Infection quarantined Malware "Application.Toolbar (A)" in "BrowserConnection.dll".
8/10/2018 2:00:28 PM User 2012_OFFICE\OFFICE ADMINISTRATOR Infection quarantined Malware "Application.Toolbar (A)" in "DataMngr.dll".
8/10/2018 2:00:28 PM User 2012_OFFICE\OFFICE ADMINISTRATOR Infection quarantined Malware "Application.Toolbar (A)" in "DnsBHO.dll".
8/10/2018 2:00:28 PM User 2012_OFFICE\OFFICE ADMINISTRATOR Infection quarantined Malware "Application.Generic (A)" in "FantastiGamesMediaBar.exe".
8/10/2018 2:00:28 PM User 2012_OFFICE\OFFICE ADMINISTRATOR Infection quarantined Malware "Application.Toolbar (A)" in "IEBHO.dll".
8/10/2018 2:00:27 PM User 2012_OFFICE\OFFICE ADMINISTRATOR Infection quarantined Malware "Application.Generic (A)" in "DataMngrUI.exe".
8/10/2018 2:00:27 PM User 2012_OFFICE\OFFICE ADMINISTRATOR Infection quarantined Malware "Application.AdConnect (A)" in "FirefoxCtype.dll".
8/10/2018 2:00:26 PM User 2012_OFFICE\OFFICE ADMINISTRATOR Infection quarantined Malware "Application.AdConnect (A)" in "npFirefoxPlugin.dll".
8/10/2018 2:00:25 PM User 2012_OFFICE\OFFICE ADMINISTRATOR Infection quarantined High risk Malware "Trojan.Spy.Goldun.NDS (B)" in "doc.zip".
8/10/2018 2:00:24 PM User 2012_OFFICE\OFFICE ADMINISTRATOR Infection quarantined Malware "Application.Downloader (A)" in "download-finaltorrent.exe".
8/10/2018 2:00:24 PM User 2012_OFFICE\OFFICE ADMINISTRATOR Infection quarantined Malware "Application.Hacktool.XM (B)" in "BulletsPassView.exe".
8/10/2018 2:00:24 PM User 2012_OFFICE\OFFICE ADMINISTRATOR Infection quarantined Malware "Application.AdOffer (A)" in "couponprinter.exe".
8/10/2018 2:00:23 PM User 2012_OFFICE\OFFICE ADMINISTRATOR Infection quarantined Malware "Application.AdLoad (A)" in "Brothersoft_downloader_For_Orbit_Downloader.exe".
8/10/2018 2:00:21 PM User 2012_OFFICE\OFFICE ADMINISTRATOR Infection quarantined Malware "Application.AdLoad (A)" in "Orbit_Downloader4.1.1.0.exe".
8/10/2018 2:00:20 PM User 2012_OFFICE\OFFICE ADMINISTRATOR Infection quarantined Malware "Application.AdLoad (A)" in "OrbitDownloaderSetup.exe".
8/10/2018 2:00:19 PM User 2012_OFFICE\OFFICE ADMINISTRATOR Infection quarantined Malware "Application.AdBundle (A)" in "TOSHIBA D-KR2 user guide provided through pdfretriever.com.exe".
8/10/2018 1:47:06 PM Scanner Scan finished Found 36 objects , user to decide on further actions.
8/10/2018 1:40:41 PM Scanner Detection PUP "Application.AdOffer (A)" in "CouponPrinter.ocx" (SHA1: 314401230bb0c7bb070241644e93f72f8a51e82b)
8/10/2018 1:36:37 PM Scanner Detection PUP "Application.AdLoad (A)" in "Brothersoft_downloader_For_Orbit_Downloader.exe" (SHA1: 3e9d2c916bc0b2125ca2a8ced98663fa3cad5672) and 3 other objects
8/10/2018 1:34:24 PM Scanner Detection PUP "Application.AdOffer (A)" in "couponprinter.exe" (SHA1: c28bbad02a01a56011d909a5100219944b3098cb)
8/10/2018 1:29:40 PM Scanner Detection PUP "Application.Hacktool.XM (B)" in "BulletsPassView.exe" (SHA1: 4df60b70c10ea3bcdcc3ba94fc38c69b7387be1b)
8/10/2018 1:22:30 PM Scanner Detection PUP "Application.Downloader (A)" in "download-finaltorrent.exe" (SHA1: 4a57f33e01fb9ce5b6cd006f2da117ded16c1f3f)
8/10/2018 12:56:30 PM Scanner Detection High risk Malware "Trojan.Spy.Goldun.NDS (B)" in "doc.zip" (SHA1: b02aeb5fb33ad3a0ec9148d5e4f6d4e1eee94190)
8/10/2018 12:54:24 PM Scanner Detection PUP "Application.AdConnect (A)" in "FirefoxCtype.dll" (SHA1: 7513ab7a813c4f3db55bee384c086c7723bb8004) and PUP "Application.AdConnect (A)" in "npFirefoxPlugin.dll" (SHA1: d7b30c8a2d612a75a8c600637102ec278a9340cb)
8/10/2018 12:44:29 PM Scanner Detection PUP "Application.AdOffer (A)" in "CouponPrinterServiceWin32.exe" (SHA1: 172984fbf481631eb219833839aae73d247d467f) and 8 other objects
8/10/2018 12:36:29 PM Scanner Detection PUP "Application.AdOffer (A)" in "CouponPrinter.exe" (SHA1: 59fbdeddb3e881557d16b29574eec96ee4160a93)
8/10/2018 12:28:58 PM Scanner Detection PUP "Application.AdOffer (A)" in "CouponPrinter.exe" (SHA1: 59fbdeddb3e881557d16b29574eec96ee4160a93)
8/10/2018 12:05:33 PM Scanner Detection PUP "Application.AdOffer (A)" in "npCouponPrinter.dll" (SHA1: c001bda5e0235a54792e808cf8b0ba3b8943e79d) and PUP "Application.AdOffer (A)" in "npMozCouponPrinter.dll" (SHA1: b50787fee8323bf786952e41f7c60770729f121f)
8/10/2018 11:56:15 AM Scanner Detection Medium risk Malware "Adware.Win32.Cydo (A)" in "adcache" and 9 other objects
8/10/2018 11:55:18 AM User 2012_OFFICE\Office Administrator Setting modified "Detect PUPs" has been changed to "Enabled".
8/10/2018 11:55:18 AM User 2012_OFFICE\Office Administrator Scan started Malware Scan
8/10/2018 11:54:54 AM User Update Downloaded and installed 104 files (36687 kb) (38 sec.).
8/10/2018 11:54:16 AM Core Notification "Recommended Reading:5 ways to protect yourself against encrypted email attachment malware".
8/10/2018 11:54:11 AM User Update Failed with error "Server returned error" (0 sec.).

************************************************************************

Juliet
2018-08-11, 12:36
I am also wondering if I should rerun something until I get zero problems.

I am always curious about the things that were found that was most dangerous (if you care to explain).
Below are a few notes of what was found


https://blog.malwarebytes.com/detections/adware-zdengo/
SABnzbd is an Open Source Binary Newsreader written in Python , adware came bundled with this download

PDFCreator , the same here

Coupon Printer, installs with Adware
Application.InstallAd, A popup message that encourages the user to download and install an application or to use an installed app

Trojan.Spy.Goldun.NDS, performing keylogging, monitoring processes on the computer
(my keystroke macro loader for AutoHotKey, a program from the site LifeHacker.)this was installed knowingly

BulletsPassView.exe, password recovery tool that reveals the passwords stored also came bundled with adware
this was installed knowingly

~~~~
I'd like for you to find AdwCleaner and delete it please.Let's install it again and ruyn the tool, please make sure to quarantine/delete what it finds.


Download AdwCleaner (https://www.malwarebytes.com/adwcleaner/) and move it to your Desktop
Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Accept the EULA (I accept), then click on Scan
Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
https://d2wqgvap25i10a.cloudfront.net/monthly_2018_04/5ace519a6ff4a_Dashboard-firstrun.png.567f0bf7b9e7977dba52035e2b33efa4.pn
Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

Your next reply

Copy/pasted AdwCleaner clean log

BooBounder
2018-08-11, 21:54
I need to go on a trip on short notice. I will run the new version of adwCleaner when I get back. Probably will post on Monday.

Juliet
2018-08-12, 13:19
We'll see you then.

BooBounder
2018-08-13, 09:21
# -------------------------------
# Malwarebytes AdwCleaner 7.2.2.0
# -------------------------------
# Build: 07-17-2018
# Database: 2018-08-10.2
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 08-12-2018
# Duration: 00:02:07
# OS: Windows 10 Home
# Scanned: 41771
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.


AdwCleaner[S00].txt - [8112 octets] - [10/08/2018 00:07:51]
AdwCleaner[C00].txt - [6888 octets] - [10/08/2018 00:10:11]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########

Juliet
2018-08-13, 12:25
How is the computer now?

BooBounder
2018-08-13, 19:26
I did not have a lot of symptoms before, other than old computer slowness. Seems fine now.

Warning messages from BlueCoat K9 were always sort of random, and were mostly related to sending information out. I have gotten one since we started this process.

If I get more that I can capture for documentation, I will start a new thread (and reference this one in it).

What is your recommendation for routine security going forward: Windows Defender and Malwarebytes?

Juliet
2018-08-13, 22:55
You know, it could be something simple or again complex I just don't know.

You could possibly go to their web site and ask a question there?, could be someone might know how to dig into those log files.

Let's remove tools and quarantine folders.


Please download DelFix (https://www.bleepingcomputer.com/download/delfix/) or from Here (http://www.bleepingcomputer.com/download/delfix/) and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
Activate UAC
Remove disinfection tools
Click the Run button.
-- This will remove the specialized tools we used to disinfect your system.
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

**************

BooBounder
2018-08-14, 00:39
Done. Log pasted below.

I have "Before you post" logs from a second computer ready to go. Let me know when I can start a new thread.

# DelFix v1.010 - Logfile created 13/08/2018 at 15:29:54
# Updated 26/04/2015 by Xplode
# Username : Office Administrator - 2012_OFFICE
# Operating System : Windows 10 Home (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : \Qoobox
Deleted : \FRST
Deleted : \AdwCleaner
Deleted : \RegBackup
Deleted : C:\Program Files (x86)\Trend Micro\Hijackthis
Deleted : \ComboFix.txt
Deleted : \TDSSKiller.2.5.1.0_24.05.2011_11.42.16_log.txt
Deleted : \TDSSKiller.2.5.11.0_25.07.2011_10.46.04_log.txt
Deleted : \TDSSKiller.2.5.2.0_24.05.2011_11.43.10_log.txt
Deleted : \TDSSKiller.2.8.15.0_09.12.2012_23.50.58_log.txt
Deleted : \TDSSKiller.2.8.15.0_19.12.2012_10.08.46_log.txt
Deleted : \TDSSKiller.2.8.16.0_27.09.2013_22.05.41_log.txt
Deleted : C:\Users\Office Administrator\Desktop\Rkill.txt
Deleted : C:\Users\Public\Desktop\RogueKiller.lnk
Deleted : C:\Users\Office Administrator\Downloads\tdsskiller.exe
Deleted : C:\WINDOWS\grep.exe
Deleted : C:\WINDOWS\PEV.exe
Deleted : C:\WINDOWS\NIRCMD.exe
Deleted : C:\WINDOWS\MBR.exe
Deleted : C:\WINDOWS\SED.exe
Deleted : C:\WINDOWS\SWREG.exe
Deleted : C:\WINDOWS\SWSC.exe
Deleted : C:\WINDOWS\SWXCACLS.exe
Deleted : C:\WINDOWS\Zip.exe
Deleted : HKLM\SOFTWARE\Swearware

########## - EOF - ##########

Juliet
2018-08-14, 12:12
logs from a second computer ready to go. Let me know when I can start a new thread.
We can do that here, no need to start another topic.

Never mind I see the new topic.