PDA

View Full Version : Nothing is detecting this!


DragonC
2018-10-25, 19:22
I can't seem to find where it is either. but it's aggravating. j7fs.wcontentdelivery.info pops up constantly bottom right corner. Nothign i run has detected it, and either i'm looking in the wrong place or I just can't find it. Any google search of it just takes me to garbage tools to d/l to get rid of it. Obviously i'm not doing that. After this no one else gets on my PC.

https://imgur.com/kiBYYn0 (the offending pop up)

I ran FRST but aswMBR crashes windows in a BSoD. I've only tried Spybot, windows deff. and malwarebytes for removal, but nothing is detecting it. Of course thank you in advance

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24.10.2018
Ran by Chuck (administrator) on DRAGON (25-10-2018 12:30:23)
Running from C:\Users\Chuck\Desktop
Loaded Profiles: Chuck (Available Profiles: Chuck & VTUDKZXOX9)
Platform: Windows 10 Pro Version 1803 17134.345 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\DriverStore\FileRepository\c0331246.inf_amd64_7dbd15b8c381571a\B330925\atiesrxx.exe
(AMD) C:\Windows\System32\DriverStore\FileRepository\c0331246.inf_amd64_7dbd15b8c381571a\B330925\atieclxx.exe
() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
() C:\Windows\System32\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Electronic Arts) D:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\MsMpEng.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAgent.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\PlacesServer.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(Discord Inc.) C:\Users\Chuck\AppData\Local\Discord\app-0.0.301\Discord.exe
(Discord Inc.) C:\Users\Chuck\AppData\Local\Discord\app-0.0.301\Discord.exe
(Discord Inc.) C:\Users\Chuck\AppData\Local\Discord\app-0.0.301\Discord.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\PlacesServer.exe
(Discord Inc.) C:\Users\Chuck\AppData\Local\Discord\app-0.0.301\Discord.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15120504 2016-02-17] (Logitech Inc.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-10-20] (Apple Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8529152 2015-10-02] (Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1540896 2015-06-08] (Seagate Technology LLC)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58584 2017-05-30] (Raptr, Inc)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-07-27] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\Run: [HP ENVY 5530 series (NET)] => C:\Program Files\HP\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe [3487240 2014-03-06] (Hewlett-Packard Co.)
HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25638872 2018-04-23] (Google)
HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53282944 2015-06-29] (Skype Technologies S.A.)
HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127816 2015-06-08] (Seagate Technology LLC)
HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\Run: [KiesPDLR.exe] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1015104 2015-07-27] (Samsung)
HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\Run: [WallpaperEngine] => D:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper64.exe [1733096 2017-09-20] ()
HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\Run: [Discord] => C:\Users\Chuck\AppData\Local\Discord\app-0.0.301\Discord.exe [57816920 2018-04-30] (Discord Inc.)
HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\RunOnce: [Application Restart #2] => C:\Program Files\pia_manager\nwjs\pia_nw.exe [1827608 2018-05-22] (The NWJS Community)
Startup: C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EOS Utility.lnk [2015-07-11]
ShortcutTarget: EOS Utility.lnk -> C:\Program Files (x86)\Canon\EOS Utility\EOS Utility.exe (No File)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicyUsers\S-1-5-21-4180532363-1903722274-3440195036-1006\User: Restriction <==== ATTENTION
GroupPolicyUsers\S-1-5-21-4180532363-1903722274-3440195036-1001\User: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0e2171fd-e2ed-402d-accf-ca224d3de9e4}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{25421258-f5d4-43c1-81a9-75819a50c9c2}: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{5a1072d4-f5c7-48f5-bd4d-23429767d88f}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{d739f7a1-697d-4edf-9c7d-e9269163ca8e}: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{debcc456-b294-40d4-a70c-08d95d15cbe2}: [DhcpNameServer] 209.18.47.61 209.18.47.62 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKU\S-1-5-21-4180532363-1903722274-3440195036-1001 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={3A5DD0DC-8EA8-4D4F-91A3-CDA0237EC081}&mid=36224f07768747cca0fb252442305beb-1274ee933e1210bc95767ed0807ffc3bbea0032b&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516piz&pr=fr&d=2016-07-03 17:03:31&v=4.3.2.18&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4180532363-1903722274-3440195036-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={3A5DD0DC-8EA8-4D4F-91A3-CDA0237EC081}&mid=36224f07768747cca0fb252442305beb-1274ee933e1210bc95767ed0807ffc3bbea0032b&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516piz&pr=fr&d=2016-07-03 17:03:31&v=4.3.2.18&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4180532363-1903722274-3440195036-1001 -> {B1DE1E7D-F861-4858-A236-004162AD9495} URL = hxxp://search.strtpoint.com/results.html?v=insMac&t=1411&ap=578080078&q={searchTerms}&r=452
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-10] (Oracle Corporation)
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-10] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-16] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-16] (Oracle Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll [2014-12-11] ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-10] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-10] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll [2014-12-11] ()
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin-x32: @FOSCAM Web Components -> C:\Program Files (x86)\Foscam Web Components Test\npIPcam.dll [2014-02-28] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-16] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin HKU\S-1-5-21-4180532363-1903722274-3440195036-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Chuck\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-28] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-4180532363-1903722274-3440195036-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-08-22] ()

Chrome:
=======
CHR DefaultProfile: Profile 1
CHR HomePage: Profile 1 -> mysearch.avg.com/?rvt=1
CHR StartupUrls: Profile 1 -> "hxxp://www.google.com/","hxxps://homepage-web.com/?s=toshibaupd&m=start"
CHR DefaultSearchKeyword: Profile 1 -> hxxp://www.google.com__
CHR Session Restore: Profile 1 -> is enabled.
CHR Profile: C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default [2018-10-24]
CHR Extension: (Google Slides) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-20]
CHR Extension: (Google Docs) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-20]
CHR Extension: (Google Drive) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-20]
CHR Extension: (YouTube) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-20]
CHR Extension: (Google Sheets) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-20]
CHR Extension: (Google Docs Offline) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-20]
CHR Extension: (Skype) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-03-20]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-03-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-20]
CHR Extension: (Gmail) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-20]
CHR Extension: (Chrome Media Router) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-20]
CHR Profile: C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1 [2018-10-25]
CHR Extension: (Slides) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Entanglement Web App) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aciahcmjmecflokailenpkdchphgkefd [2015-06-08]
CHR Extension: (Bejeweled) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm [2015-06-08]
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2015-06-08]
CHR Extension: (Docs) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-16]
CHR Extension: (TV) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\beobeededemalmllhkmnkinmfembdimh [2015-06-08]
CHR Extension: (YouTube) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Freecell Solitaire) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cabpjbpfakfhcfidnjahmdophhihafkh [2016-03-06]
CHR Extension: (Adblock Plus) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-09-11]
CHR Extension: (Google Search) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (WGT Golf Challenge) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dcilimldmomiaihcfkmaldanopfejefg [2015-06-08]
CHR Extension: (Netflix) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\deceagebecbceejblnlcjooeohmmeldh [2015-06-08]
CHR Extension: (Google Play Music) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2018-09-26]
CHR Extension: (Sheets) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (The QR Code Generator) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gcmhlmapohffdglflokbgknlknnmogbb [2015-06-08]
CHR Extension: (Google Docs Offline) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-17]
CHR Extension: (Planetarium) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp [2015-08-06]
CHR Extension: (AdBlock) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-10-13]
CHR Extension: (Google Play Music) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2016-06-06]
CHR Extension: (Dubsmash Video) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\idakfimamgbniacjdkigmkjocjbhllgk [2016-02-04]
CHR Extension: (EasyHome Homestyler) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb [2017-05-22]
CHR Extension: (Little Alchemy) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2016-02-07]
CHR Extension: (Google Play) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2015-06-08]
CHR Extension: (Numerics Calculator & Converter) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\liglcienpnkhdajdfmnpbgmpjglonipe [2015-06-08]
CHR Extension: (FromDocToPDF) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mallpejgeafdahhflmliiahjdpgbegpk [2018-10-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (TypingClub) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\obdbgibnhfcjmmpfijkpcihjieedpfah [2015-06-08]
CHR Extension: (Gmail) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-08]
CHR Extension: (Chrome Media Router) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-17]
CHR Extension: (Abstract Blue) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\plnacehkknmafkjgkikclamogikoiaaa [2016-06-11]
CHR Profile: C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\System Profile [2015-12-24]
CHR Extension: (Google Slides) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-08]
CHR Extension: (Google Docs) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-08]
CHR Extension: (Google Drive) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-08]
CHR Extension: (YouTube) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-08]
CHR Extension: (Google Search) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-08]
CHR Extension: (Google Sheets) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-08]
CHR Extension: (Bookmark Manager) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-06-11]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-08]
CHR Extension: (Skype Click to Call) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-06-08]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-06-08]
CHR Extension: (Google Wallet) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-08]
CHR Extension: (Gmail) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-08]
CHR HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\WINDOWS\System32\DriverStore\FileRepository\c0331246.inf_amd64_7dbd15b8c381571a\B330925\atiesrxx.exe [473904 2018-07-19] (AMD)
R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2016-07-18] (Advanced Micro Devices) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-10-11] (Apple Inc.)
S2 AUEPLauncher; C:\Program Files (x86)\AMD\Performance Profile Client\AUEPLauncher.exe [7680 2018-07-11] () [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6893704 2018-06-30] ()
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [780928 2018-06-27] (EasyAntiCheat Ltd)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2016-05-24] (Futuremark)
S3 HnGSteamService; d:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngservice.exe [754984 2018-10-24] (Reto-Moto ApS)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-02-17] (Logitech Inc.)
S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [2268992 2018-10-09] (Electronic Arts)
R2 Origin Web Helper Service; D:\Program Files (x86)\Origin\OriginWebHelperService.exe [3129160 2018-10-09] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-10-01] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-10-01] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd.)
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16216 2015-06-08] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [143656 2015-06-08] (Seagate Technology LLC)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-07-14] (Microsoft Corporation)
R2 SplashtopRemoteService; C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [739840 2018-08-06] (Splashtop Inc.) [File not signed]
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11644656 2018-09-10] (TeamViewer GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\NisSrv.exe [3917016 2018-10-22] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MsMpEng.exe [114208 2018-10-22] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 amdacpksd; C:\WINDOWS\system32\drivers\amdacpksd.sys [313760 2016-07-25] (Advanced Micro Devices)
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0331246.inf_amd64_7dbd15b8c381571a\B330925\atikmdag.sys [44331304 2018-07-19] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0331246.inf_amd64_7dbd15b8c381571a\B330925\atikmpag.sys [559408 2018-07-19] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [107496 2018-05-28] (Advanced Micro Devices)
S3 CorsairAudioFilter; C:\WINDOWS\system32\DRIVERS\corsveng2kamd64.sys [112808 2015-09-21] (Corsair Components, Inc.)
S3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [47840 2016-01-20] (Corsair)
S3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [21728 2016-01-20] (Corsair)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO64A.SYS [27552 2016-07-26] (REALiX(tm))
S3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
R3 ladfGSS; C:\WINDOWS\system32\drivers\ladfGSS.sys [45200 2016-02-15] (Logitech Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [68384 2015-06-10] (Logitech Inc.)
S3 LGSHidFilt; C:\WINDOWS\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 massfilter_hs; C:\WINDOWS\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated)
S4 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_c1a085cc86772d3f\nvlddmkm.sys [17544792 2018-03-25] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [59240 2018-03-23] (NVIDIA Corporation)
S3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [58816 2018-03-23] (NVIDIA Corporation)
S3 OSFMount; C:\Program Files\OSFMount\OSFMount.sys [1299384 2014-02-07] (PassMark Software)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-11] (Realtek )
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14024 2016-10-24] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 stdpms; C:\WINDOWS\System32\drivers\stdpms.sys [28904 2014-08-06] (Splashtop Inc.)
R3 sthid; C:\WINDOWS\System32\drivers\sthid.sys [21216 2014-08-06] (Splashtop Inc.)
S3 taphss6; C:\WINDOWS\System32\drivers\taphss6.sys [42088 2016-01-13] (Anchorfree Inc.)
U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [44544 2018-04-11] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46184 2018-10-22] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [328696 2018-10-22] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60408 2018-10-22] (Microsoft Corporation)
U0 Partizan; system32\drivers\Partizan.sys [X]
S3 pbfilter; \??\C:\Program Files\PeerBlock\pbfilter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-25 12:30 - 2018-10-25 12:30 - 000031887 _____ C:\Users\Chuck\Desktop\FRST.txt
2018-10-25 12:29 - 2018-10-25 12:29 - 1351150137 _____ C:\WINDOWS\MEMORY.DMP
2018-10-25 12:29 - 2018-10-25 12:29 - 000750988 _____ C:\WINDOWS\Minidump\102518-18015-01.dmp
2018-10-25 12:20 - 2018-10-25 12:20 - 000045143 _____ C:\Users\Chuck\Desktop\Addition.txt
2018-10-25 12:18 - 2018-10-25 12:18 - 000045145 _____ C:\Users\Chuck\Downloads\Addition.txt
2018-10-25 12:17 - 2018-10-25 12:18 - 005198336 _____ (AVAST Software) C:\Users\Chuck\Desktop\aswMBR.exe
2018-10-25 12:14 - 2018-10-25 12:17 - 000000000 ____D C:\FRST
2018-10-25 12:12 - 2018-10-25 12:14 - 002414592 _____ (Farbar) C:\Users\Chuck\Desktop\FRST64.exe
2018-10-25 11:16 - 2018-10-25 11:16 - 000000000 ___HD C:\OneDriveTemp
2018-10-24 17:26 - 2018-10-24 17:27 - 000000524 _____ C:\WINDOWS\SysWOW64\Partizan.RRI
2018-10-24 17:23 - 2018-10-25 11:14 - 000000000 ____D C:\ProgramData\RegRun
2018-10-24 17:18 - 2018-10-25 11:15 - 000000000 ____D C:\Users\Public\Documents\RegRunInfo
2018-10-24 17:18 - 2018-10-24 17:27 - 000000000 ____D C:\Users\Chuck\Documents\RegRun2
2018-10-24 17:18 - 2018-10-23 23:07 - 000454851 ____R C:\WINDOWS\system32\Drivers\etc\hosts.old
2018-10-24 16:49 - 2018-10-24 16:49 - 000000000 ___HD C:\$SysReset
2018-10-23 23:07 - 2018-10-23 22:37 - 000453362 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20181023-230751.backup
2018-10-23 23:04 - 2018-10-23 23:04 - 000001513 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2018-10-23 23:04 - 2018-10-23 23:04 - 000001501 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2018-10-23 23:04 - 2018-10-23 23:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2018-10-23 23:04 - 2018-02-06 19:04 - 000032168 _____ (Safer-Networking Ltd.) C:\WINDOWS\system32\sdnclean64.exe
2018-10-23 22:49 - 2018-10-23 22:50 - 080022264 _____ (Malwarebytes ) C:\Users\Chuck\Downloads\mb3-setup-54035.54035-3.6.1.2711-1.0.463-1.0.6913.exe
2018-10-23 21:18 - 2018-01-30 23:16 - 000036600 _____ (Riverbed Technology, Inc.) C:\WINDOWS\system32\Drivers\npf.sys
2018-10-23 19:40 - 2018-10-23 19:40 - 000505517 _____ C:\Users\Chuck\AppData\Local\census.cache
2018-10-23 19:40 - 2018-10-23 19:40 - 000000000 _____ C:\Users\Chuck\AppData\Local\ars.cache
2018-10-23 16:59 - 2018-10-23 17:10 - 000126075 _____ C:\Users\Chuck\Desktop\insane.txt
2018-10-23 13:12 - 2018-10-23 16:25 - 000000010 _____ C:\Users\Chuck\AppData\Local\sponge.last.runtime.cache
2018-10-23 12:59 - 2018-10-23 12:59 - 000002426 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-10-23 12:59 - 2018-10-23 12:59 - 000002385 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-10-23 12:56 - 2018-10-23 12:56 - 055454464 _____ (Safer-Networking Ltd. ) C:\Users\Chuck\Downloads\SpybotSD2.exe
2018-10-19 18:46 - 2018-10-19 18:46 - 000000965 _____ C:\Users\Chuck\Desktop\Uplay.lnk
2018-10-19 11:53 - 2018-09-04 18:36 - 001476904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2018-10-19 11:27 - 2018-10-19 11:43 - 000000000 ____D C:\Users\Chuck\AppData\Local\UltraStorage
2018-10-14 19:06 - 2012-05-22 16:40 - 000002997 _____ C:\Users\Chuck\Desktop\HL_LN_MailTrash.package
2018-10-12 15:17 - 2018-10-18 01:48 - 000000000 ____D C:\Users\Chuck\AppData\Local\CrashDumps
2018-10-11 13:50 - 2015-09-06 14:16 - 000068760 _____ (Google, inc) C:\WINDOWS\AdbWinUsbApi.dll
2018-10-11 13:50 - 2015-09-06 14:15 - 000104088 _____ (Google, inc) C:\WINDOWS\AdbWinApi.dll
2018-10-11 13:50 - 2015-09-06 14:09 - 001017496 _____ C:\WINDOWS\adb.exe
2018-10-11 13:50 - 2012-06-20 11:51 - 000020232 _____ (HandSet Incorporated) C:\WINDOWS\system32\Drivers\massfilter_hs.sys
2018-10-09 16:56 - 2018-09-21 05:21 - 001786168 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2018-10-09 16:56 - 2018-09-21 05:18 - 021386888 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-10-09 16:56 - 2018-09-21 04:22 - 020381784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-10-09 16:56 - 2018-09-21 00:12 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-10-09 16:56 - 2018-09-21 00:09 - 004790160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-10-09 16:56 - 2018-09-21 00:09 - 002253696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-10-09 16:56 - 2018-09-21 00:08 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-10-09 16:56 - 2018-09-21 00:08 - 002765344 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-10-09 16:56 - 2018-09-20 23:58 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2018-10-09 16:56 - 2018-09-20 23:43 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2018-10-09 16:56 - 2018-09-20 23:41 - 003396096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-10-09 16:56 - 2018-09-20 23:40 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-10-09 16:56 - 2018-09-20 23:39 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-10-09 16:56 - 2018-09-20 23:38 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-10-09 16:56 - 2018-09-20 23:37 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-10-09 16:56 - 2018-09-20 23:37 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-10-09 16:56 - 2018-09-20 23:37 - 001211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2018-10-09 16:56 - 2018-09-20 23:37 - 000604160 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-10-09 16:56 - 2018-09-20 23:36 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-10-09 16:56 - 2018-09-20 23:36 - 001034240 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-10-09 16:56 - 2018-09-20 05:23 - 006602240 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-10-09 16:56 - 2018-09-20 05:18 - 003649024 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-10-09 16:56 - 2018-09-20 05:17 - 001856000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-10-09 16:56 - 2018-09-20 05:17 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-10-09 16:56 - 2018-09-20 04:46 - 001454440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-10-09 16:56 - 2018-09-20 04:35 - 005669888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-10-09 16:56 - 2018-09-20 04:29 - 002891776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-10-09 16:56 - 2018-09-20 00:29 - 006569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-10-09 16:56 - 2018-09-20 00:29 - 006039368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-10-09 16:56 - 2018-09-20 00:29 - 001989232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-10-09 16:56 - 2018-09-20 00:21 - 022013440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-10-09 16:56 - 2018-09-20 00:17 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-10-09 16:56 - 2018-09-20 00:15 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-10-09 16:56 - 2018-09-20 00:13 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-10-09 16:56 - 2018-09-20 00:11 - 005777920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-10-09 16:56 - 2018-09-20 00:10 - 001221128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-10-09 16:56 - 2018-09-20 00:10 - 001029432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-10-09 16:56 - 2018-09-20 00:09 - 009089848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-10-09 16:56 - 2018-09-20 00:09 - 007520096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-10-09 16:56 - 2018-09-20 00:09 - 007432136 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-10-09 16:56 - 2018-09-20 00:09 - 002825232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-10-09 16:56 - 2018-09-20 00:09 - 002462888 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-10-09 16:56 - 2018-09-20 00:09 - 002421248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-10-09 16:56 - 2018-09-20 00:08 - 004191232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-10-09 16:56 - 2018-09-20 00:08 - 001627648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-10-09 16:56 - 2018-09-19 23:53 - 025851392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-10-09 16:56 - 2018-09-19 23:46 - 022715392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-10-09 16:56 - 2018-09-19 23:44 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-10-09 16:56 - 2018-09-19 23:44 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-10-09 16:56 - 2018-09-19 23:42 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-10-09 16:56 - 2018-09-19 23:41 - 007577088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-10-09 16:56 - 2018-09-19 23:40 - 003090432 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-10-09 16:56 - 2018-09-19 23:40 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-10-09 16:56 - 2018-09-19 23:37 - 004615680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-10-09 16:56 - 2018-09-19 23:37 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-10-09 16:56 - 2018-09-19 23:36 - 001375232 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-10-09 16:56 - 2018-09-08 04:12 - 000452112 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-10-09 16:56 - 2018-09-08 04:07 - 002868536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-10-09 16:56 - 2018-09-08 04:07 - 001610552 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-10-09 16:56 - 2018-09-08 04:07 - 000792376 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-10-09 16:56 - 2018-09-08 04:07 - 000689464 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-10-09 16:56 - 2018-09-08 04:07 - 000612360 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-10-09 16:56 - 2018-09-08 04:03 - 002267136 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2018-10-09 16:56 - 2018-09-08 04:02 - 000540984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-10-09 16:56 - 2018-09-08 03:58 - 001520744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-10-09 16:56 - 2018-09-08 03:40 - 001724928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2018-10-09 16:56 - 2018-09-08 03:40 - 000677888 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-10-09 16:56 - 2018-09-08 03:40 - 000522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2018-10-09 16:56 - 2018-09-08 03:39 - 002052096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2018-10-09 16:56 - 2018-09-08 03:39 - 001787904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2018-10-09 16:56 - 2018-09-08 03:38 - 001288192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-10-09 16:56 - 2018-09-08 03:38 - 001004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2018-10-09 16:56 - 2018-09-08 03:38 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2018-10-09 16:56 - 2018-09-08 03:38 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2018-10-09 16:56 - 2018-09-08 03:17 - 001540104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2018-10-09 16:56 - 2018-09-08 03:14 - 001328056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-10-09 16:56 - 2018-09-08 02:59 - 001530368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2018-10-09 16:56 - 2018-09-08 02:59 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2018-10-09 16:56 - 2018-09-08 02:58 - 001308672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2018-10-09 16:56 - 2018-09-08 02:58 - 000775680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2018-10-09 16:56 - 2018-09-08 02:57 - 000625664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2018-10-09 16:56 - 2018-09-08 00:08 - 000462880 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-10-09 16:56 - 2018-09-07 23:59 - 000361544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2018-10-09 16:56 - 2018-09-07 23:57 - 002571128 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-10-09 16:56 - 2018-09-07 23:57 - 001016984 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-10-09 16:56 - 2018-09-07 23:57 - 000930616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-10-09 16:56 - 2018-09-07 23:51 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-10-09 16:56 - 2018-09-07 23:44 - 001980984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-10-09 16:56 - 2018-09-07 23:44 - 000829752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-10-09 16:56 - 2018-09-07 23:43 - 001174448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-10-09 16:56 - 2018-09-07 23:30 - 003601920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dll
2018-10-09 16:56 - 2018-09-07 23:29 - 004771840 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-10-09 16:56 - 2018-09-07 23:28 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2018-10-09 16:56 - 2018-09-07 23:28 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2018-10-09 16:56 - 2018-09-07 23:27 - 003348992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2018-10-09 16:56 - 2018-09-07 23:27 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2018-10-09 16:56 - 2018-09-07 23:27 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2018-10-09 16:56 - 2018-09-07 23:26 - 002328064 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmsipc.dll
2018-10-09 16:56 - 2018-09-07 23:26 - 000784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2018-10-09 16:56 - 2018-09-07 23:25 - 003553792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2018-10-09 16:56 - 2018-09-07 23:25 - 002789376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2018-10-09 16:56 - 2018-09-07 23:25 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2018-10-09 16:56 - 2018-09-07 23:24 - 001457664 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2018-10-09 16:56 - 2018-09-07 23:24 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2018-10-09 16:56 - 2018-09-07 23:24 - 000845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2018-10-09 16:56 - 2018-09-07 23:23 - 001655296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmsipc.dll
2018-10-09 16:56 - 2018-09-07 23:23 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll
2018-10-09 16:56 - 2018-09-07 23:22 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2018-10-09 16:55 - 2018-09-21 05:23 - 000257848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVFileSystemMetadata.dll
2018-10-09 16:55 - 2018-09-21 05:21 - 001626936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2018-10-09 16:55 - 2018-09-21 05:21 - 001422648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2018-10-09 16:55 - 2018-09-21 05:21 - 001038136 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2018-10-09 16:55 - 2018-09-21 05:21 - 000954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2018-10-09 16:55 - 2018-09-21 05:21 - 000830264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2018-10-09 16:55 - 2018-09-21 05:21 - 000825144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2018-10-09 16:55 - 2018-09-21 05:21 - 000749880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2018-10-09 16:55 - 2018-09-21 05:21 - 000670008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2018-10-09 16:55 - 2018-09-21 05:21 - 000652288 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2018-10-09 16:55 - 2018-09-21 05:21 - 000495416 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2018-10-09 16:55 - 2018-09-21 05:21 - 000399672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2018-10-09 16:55 - 2018-09-21 05:21 - 000231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2018-10-09 16:55 - 2018-09-21 05:21 - 000228152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamMap.dll
2018-10-09 16:55 - 2018-09-21 05:21 - 000201528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamingUX.dll
2018-10-09 16:55 - 2018-09-21 05:21 - 000180736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVDllSurrogate.exe
2018-10-09 16:55 - 2018-09-21 05:21 - 000173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVNice.exe
2018-10-09 16:55 - 2018-09-21 05:21 - 000034304 _____ C:\WINDOWS\system32\SyncAppvPublishingServer.exe
2018-10-09 16:55 - 2018-09-21 05:01 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2018-10-09 16:55 - 2018-09-21 04:12 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2018-10-09 16:55 - 2018-09-21 00:14 - 000661056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2018-10-09 16:55 - 2018-09-21 00:13 - 000480568 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-10-09 16:55 - 2018-09-21 00:11 - 000753056 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2018-10-09 16:55 - 2018-09-21 00:09 - 001427968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2018-10-09 16:55 - 2018-09-21 00:09 - 001062920 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-10-09 16:55 - 2018-09-21 00:09 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-10-09 16:55 - 2018-09-21 00:08 - 001566720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2018-10-09 16:55 - 2018-09-21 00:08 - 001456720 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-10-09 16:55 - 2018-09-21 00:08 - 001257864 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-10-09 16:55 - 2018-09-21 00:08 - 001140672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-10-09 16:55 - 2018-09-21 00:08 - 000982600 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-10-09 16:55 - 2018-09-21 00:08 - 000709936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-10-09 16:55 - 2018-09-21 00:08 - 000261008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-10-09 16:55 - 2018-09-21 00:08 - 000170808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-10-09 16:55 - 2018-09-21 00:07 - 000604664 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-10-09 16:55 - 2018-09-20 23:57 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-10-09 16:55 - 2018-09-20 23:57 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-10-09 16:55 - 2018-09-20 23:56 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-10-09 16:55 - 2018-09-20 23:54 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-10-09 16:55 - 2018-09-20 23:53 - 001006080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2018-10-09 16:55 - 2018-09-20 23:42 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-10-09 16:55 - 2018-09-20 23:39 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-10-09 16:55 - 2018-09-20 23:39 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-10-09 16:55 - 2018-09-20 23:39 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-10-09 16:55 - 2018-09-20 23:38 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-10-09 16:55 - 2018-09-20 23:36 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-10-09 16:55 - 2018-09-20 23:36 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-10-09 16:55 - 2018-09-20 23:36 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-10-09 16:55 - 2018-09-20 05:40 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-10-09 16:55 - 2018-09-20 05:37 - 001634944 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-10-09 16:55 - 2018-09-20 05:19 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2018-10-09 16:55 - 2018-09-20 05:18 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-10-09 16:55 - 2018-09-20 05:18 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinit.exe
2018-10-09 16:55 - 2018-09-20 05:17 - 002874368 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2018-10-09 16:55 - 2018-09-20 05:17 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe
2018-10-09 16:55 - 2018-09-20 04:30 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-10-09 16:55 - 2018-09-20 04:29 - 002824704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2018-10-09 16:55 - 2018-09-20 04:29 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-10-09 16:55 - 2018-09-20 02:43 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-10-09 16:55 - 2018-09-20 01:52 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-10-09 16:55 - 2018-09-20 00:29 - 001513032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2018-10-09 16:55 - 2018-09-20 00:29 - 000357056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-10-09 16:55 - 2018-09-20 00:28 - 001129544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-10-09 16:55 - 2018-09-20 00:28 - 000581792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-10-09 16:55 - 2018-09-20 00:28 - 000567256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-10-09 16:55 - 2018-09-20 00:12 - 000272200 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-10-09 16:55 - 2018-09-20 00:12 - 000269128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-10-09 16:55 - 2018-09-20 00:11 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-10-09 16:55 - 2018-09-20 00:11 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-10-09 16:55 - 2018-09-20 00:11 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-10-09 16:55 - 2018-09-20 00:11 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2018-10-09 16:55 - 2018-09-20 00:10 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-10-09 16:55 - 2018-09-20 00:10 - 000566800 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-10-09 16:55 - 2018-09-20 00:10 - 000500536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2018-10-09 16:55 - 2018-09-20 00:10 - 000355840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2018-10-09 16:55 - 2018-09-20 00:10 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-10-09 16:55 - 2018-09-20 00:10 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-10-09 16:55 - 2018-09-20 00:09 - 001767096 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2018-10-09 16:55 - 2018-09-20 00:09 - 001540096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2018-10-09 16:55 - 2018-09-20 00:09 - 001097744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-10-09 16:55 - 2018-09-20 00:09 - 000885952 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-10-09 16:55 - 2018-09-20 00:09 - 000793088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-10-09 16:55 - 2018-09-20 00:09 - 000713472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-10-09 16:55 - 2018-09-20 00:09 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-10-09 16:55 - 2018-09-19 23:43 - 000052736 _____ C:\WINDOWS\system32\runexehelper.exe
2018-10-09 16:55 - 2018-09-19 23:42 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-10-09 16:55 - 2018-09-19 23:42 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2018-10-09 16:55 - 2018-09-19 23:41 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-10-09 16:55 - 2018-09-19 23:41 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-10-09 16:55 - 2018-09-19 23:41 - 000319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-10-09 16:55 - 2018-09-19 23:41 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-10-09 16:55 - 2018-09-19 23:40 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-10-09 16:55 - 2018-09-19 23:38 - 001724416 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-10-09 16:55 - 2018-09-19 23:38 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2018-10-09 16:55 - 2018-09-19 22:21 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2018-10-09 16:55 - 2018-09-19 21:28 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2018-10-09 16:55 - 2018-09-08 04:07 - 000309560 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-10-09 16:55 - 2018-09-08 04:07 - 000144696 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-10-09 16:55 - 2018-09-08 04:07 - 000069944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-10-09 16:55 - 2018-09-08 04:02 - 000645112 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-10-09 16:55 - 2018-09-08 03:58 - 001639352 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2018-10-09 16:55 - 2018-09-08 03:57 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2018-10-09 16:55 - 2018-09-08 03:44 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdBth.dll
2018-10-09 16:55 - 2018-09-08 03:43 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\INETRES.dll
2018-10-09 16:55 - 2018-09-08 03:43 - 000047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardBi.dll
2018-10-09 16:55 - 2018-09-08 03:42 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2018-10-09 16:55 - 2018-09-08 03:42 - 000188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2018-10-09 16:55 - 2018-09-08 03:42 - 000169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.XamlHost.dll
2018-10-09 16:55 - 2018-09-08 03:42 - 000114176 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthci.dll
2018-10-09 16:55 - 2018-09-08 03:41 - 000258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2018-10-09 16:55 - 2018-09-08 03:40 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2018-10-09 16:55 - 2018-09-08 03:40 - 000402944 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2018-10-09 16:55 - 2018-09-08 03:40 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl
2018-10-09 16:55 - 2018-09-08 03:39 - 005505024 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2018-10-09 16:55 - 2018-09-08 03:39 - 000615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2018-10-09 16:55 - 2018-09-08 03:38 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-10-09 16:55 - 2018-09-08 03:37 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2018-10-09 16:55 - 2018-09-08 03:16 - 000482080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2018-10-09 16:55 - 2018-09-08 03:13 - 001626656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2018-10-09 16:55 - 2018-09-08 03:13 - 000181288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2018-10-09 16:55 - 2018-09-08 03:03 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\INETRES.dll
2018-10-09 16:55 - 2018-09-08 03:03 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdBth.dll
2018-10-09 16:55 - 2018-09-08 03:02 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2018-10-09 16:55 - 2018-09-08 03:00 - 000548864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2018-10-09 16:55 - 2018-09-08 02:59 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2018-10-09 16:55 - 2018-09-08 02:59 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.XamlHost.dll
2018-10-09 16:55 - 2018-09-08 02:58 - 000897536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-10-09 16:55 - 2018-09-08 02:57 - 005391360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2018-10-09 16:55 - 2018-09-08 02:57 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2018-10-09 16:55 - 2018-09-08 02:57 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl
2018-10-09 16:55 - 2018-09-08 02:56 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2018-10-09 16:55 - 2018-09-07 23:59 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-10-09 16:55 - 2018-09-07 23:58 - 000744976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-10-09 16:55 - 2018-09-07 23:58 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2018-10-09 16:55 - 2018-09-07 23:58 - 000368440 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2018-10-09 16:55 - 2018-09-07 23:57 - 000482384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-10-09 16:55 - 2018-09-07 23:57 - 000368448 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2018-10-09 16:55 - 2018-09-07 23:57 - 000267576 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-10-09 16:55 - 2018-09-07 23:45 - 000295416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2018-10-09 16:55 - 2018-09-07 23:45 - 000286824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2018-10-09 16:55 - 2018-09-07 23:43 - 000269104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2018-10-09 16:55 - 2018-09-07 23:32 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2018-10-09 16:55 - 2018-09-07 23:31 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2018-10-09 16:55 - 2018-09-07 23:31 - 000272384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Proxy.dll
2018-10-09 16:55 - 2018-09-07 23:30 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2018-10-09 16:55 - 2018-09-07 23:30 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2018-10-09 16:55 - 2018-09-07 23:30 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2018-10-09 16:55 - 2018-09-07 23:30 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2018-10-09 16:55 - 2018-09-07 23:29 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2018-10-09 16:55 - 2018-09-07 23:29 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2018-10-09 16:55 - 2018-09-07 23:29 - 000183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2018-10-09 16:55 - 2018-09-07 23:29 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2018-10-09 16:55 - 2018-09-07 23:28 - 000481280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2018-10-09 16:55 - 2018-09-07 23:28 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-10-09 16:55 - 2018-09-07 23:28 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Bluetooth.Proxy.dll
2018-10-09 16:55 - 2018-09-07 23:27 - 000596992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-10-09 16:55 - 2018-09-07 23:27 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\winipcfile.dll
2018-10-09 16:55 - 2018-09-07 23:27 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
2018-10-09 16:55 - 2018-09-07 23:26 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-10-09 16:55 - 2018-09-07 23:26 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2018-10-09 16:55 - 2018-09-07 23:26 - 000387584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2018-10-09 16:55 - 2018-09-07 23:26 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-10-09 16:55 - 2018-09-07 23:26 - 000359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winipcfile.dll
2018-10-09 16:55 - 2018-09-07 23:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2018-10-09 16:55 - 2018-09-07 23:25 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winipcsecproc.dll
2018-10-09 16:55 - 2018-09-07 23:25 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-10-09 16:55 - 2018-09-07 23:25 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Proximity.dll
2018-10-09 16:55 - 2018-09-07 23:24 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\das.dll
2018-10-09 16:55 - 2018-09-07 23:23 - 000807936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winipcsecproc.dll
2018-10-09 16:55 - 2018-09-07 23:23 - 000314368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Proximity.dll
2018-10-06 18:59 - 2018-10-24 21:04 - 000003124 _____ C:\WINDOWS\System32\Tasks\MSIAfterburner
2018-10-01 22:00 - 2018-10-01 22:00 - 000000000 ____D C:\Users\Chuck\AppData\Local\Adobe
2018-09-30 12:10 - 2018-09-30 12:10 - 000060916 _____ C:\Users\Chuck\Desktop\6e227a41f55da4d9d5919bd9eca69f79.jpeg
2018-09-29 22:46 - 2018-09-29 22:46 - 007971011 _____ C:\Users\Chuck\Desktop\murray track 2 manual.pdf
2018-09-29 01:14 - 2018-09-29 01:14 - 000125308 _____ C:\Users\Chuck\Desktop\asd.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-25 12:29 - 2018-07-31 17:02 - 000000000 ____D C:\WINDOWS\Minidump
2018-10-25 12:29 - 2018-07-13 15:06 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-10-25 12:29 - 2018-07-13 14:58 - 000000000 ____D C:\Users\Chuck
2018-10-25 12:29 - 2018-07-13 14:56 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-10-25 12:29 - 2018-04-11 19:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-10-25 12:29 - 2016-03-01 01:40 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-10-25 12:29 - 2015-10-09 00:53 - 000000145 _____ C:\HaxLogs.txt
2018-10-25 12:29 - 2015-09-15 18:06 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-10-25 12:29 - 2014-08-10 17:32 - 000000000 ___RD C:\Users\Chuck\OneDrive
2018-10-25 12:16 - 2017-05-20 17:35 - 000000000 ____D C:\Users\Chuck\AppData\LocalLow\Mozilla
2018-10-24 17:41 - 2018-07-15 12:38 - 000000000 ____D C:\Users\Chuck\AppData\Local\D3DSCache
2018-10-24 17:15 - 2018-07-13 15:08 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-10-24 17:15 - 2018-04-11 19:36 - 000000000 ____D C:\WINDOWS\INF
2018-10-24 17:11 - 2018-06-06 21:40 - 000000000 ____D C:\Users\Chuck\AppData\Roaming\EliteKeyboards
2018-10-24 17:09 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-10-24 17:08 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-10-24 17:08 - 2018-04-11 17:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-10-24 17:08 - 2017-08-13 13:06 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2018-10-24 17:06 - 2016-01-03 19:08 - 000000000 ____D C:\Users\Chuck\AppData\Local\MindGems
2018-10-24 17:03 - 2015-02-23 21:35 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2018-10-24 15:09 - 2018-07-13 15:06 - 000004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D9040790-EFB8-4757-B11B-96FE706DAA00}
2018-10-23 23:12 - 2016-08-01 23:11 - 000000000 ____D C:\Users\Chuck\AppData\Local\ElevatedDiagnostics
2018-10-23 23:04 - 2015-09-15 18:06 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-10-23 21:55 - 2018-04-11 19:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-10-23 17:45 - 2014-08-07 18:16 - 000000000 ____D C:\Users\Chuck\AppData\Roaming\Origin
2018-10-23 17:45 - 2014-08-07 18:15 - 000000000 ____D C:\ProgramData\Origin
2018-10-23 17:41 - 2014-08-07 18:58 - 000000000 ____D C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2018-10-23 16:40 - 2018-04-11 19:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-10-23 13:17 - 2017-03-08 20:04 - 000000000 ____D C:\Program Files (x86)\Origin Games
2018-10-23 12:59 - 2014-08-07 19:47 - 000000000 ____D C:\Program Files (x86)\Google
2018-10-23 12:44 - 2018-04-27 18:03 - 000000000 ____D C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2018-10-23 12:31 - 2017-03-02 19:18 - 000000000 ____D C:\Users\Chuck\AppData\Roaming\FileAdvisor
2018-10-22 20:03 - 2018-03-07 22:36 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-10-22 15:15 - 2015-12-13 13:17 - 000000000 ____D C:\Users\Chuck\AppData\Local\Corsair
2018-10-22 15:15 - 2015-04-16 18:50 - 000000000 ____D C:\Program Files (x86)\Corsair
2018-10-22 15:15 - 2014-08-08 23:40 - 000000000 ____D C:\Users\Chuck\AppData\Roaming\Corsair
2018-10-22 15:14 - 2014-08-25 19:34 - 000000000 ____D C:\Program Files\Futuremark
2018-10-22 15:14 - 2014-08-07 19:06 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-10-22 15:13 - 2018-08-04 16:36 - 000000000 ____D C:\ProgramData\NVIDIA
2018-10-22 15:13 - 2018-08-04 16:35 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-10-22 15:13 - 2018-08-04 16:35 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-10-22 15:13 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\Help
2018-10-22 15:13 - 2016-04-24 23:39 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-10-22 15:13 - 2016-03-30 23:28 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-10-22 15:08 - 2014-08-07 19:51 - 000000000 ____D C:\Program Files (x86)\Diablo III
2018-10-22 01:08 - 2014-08-22 15:46 - 000000000 ____D C:\Users\Chuck\AppData\Local\Ubisoft Game Launcher
2018-10-21 22:11 - 2018-06-25 00:14 - 000000000 ____D C:\CMS2000
2018-10-19 18:55 - 2014-08-22 15:46 - 000000000 ____D C:\Users\Chuck\Documents\Assassin's Creed Revelations
2018-10-19 11:44 - 2018-04-27 18:05 - 000000000 ____D C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2018-10-19 11:44 - 2017-11-10 12:27 - 000000000 ____D C:\Program Files\Send To Toys
2018-10-19 11:43 - 2018-07-13 14:58 - 000000000 ____D C:\Users\VTUDKZXOX9
2018-10-19 11:43 - 2017-04-18 21:27 - 000000000 ____D C:\Users\Chuck\AppData\Roaming\discord
2018-10-19 11:43 - 2017-01-24 01:58 - 000000000 ____D C:\Users\Chuck\AppData\Local\ConnectedDevicesPlatform
2018-10-19 11:43 - 2017-01-02 03:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Instagiffer
2018-10-19 11:43 - 2015-10-07 22:29 - 000000000 ____D C:\Users\Chuck\AppData\Roaming\OBS
2018-10-19 11:43 - 2015-10-07 22:29 - 000000000 ____D C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2018-10-19 11:43 - 2015-10-07 22:29 - 000000000 ____D C:\Program Files\OBS
2018-10-19 11:43 - 2015-10-07 22:29 - 000000000 ____D C:\Program Files (x86)\OBS
2018-10-19 11:43 - 2014-08-23 12:35 - 000000000 ____D C:\Users\Chuck\AppData\Roaming\vlc
2018-10-19 11:36 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\InfusedApps
2018-10-19 11:35 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\registration
2018-10-16 17:10 - 2014-08-07 18:15 - 000559880 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-10-15 16:48 - 2018-07-11 13:03 - 000000000 ____D C:\ProgramData\Packages
2018-10-12 15:21 - 2018-07-13 15:06 - 000003360 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4180532363-1903722274-3440195036-1001
2018-10-12 15:21 - 2018-07-13 14:58 - 000002411 _____ C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-10-11 20:58 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-10-11 13:50 - 2014-08-07 19:37 - 000000000 ____D C:\Users\Chuck\.android
2018-10-11 09:30 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-10-10 14:52 - 2018-01-24 19:37 - 000001089 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
2018-10-10 14:26 - 2018-07-13 14:56 - 000279968 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-10-10 14:26 - 2016-11-20 14:54 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-10-10 14:26 - 2015-09-19 22:41 - 000000000 ___RD C:\Users\Chuck\3D Objects
2018-10-09 22:52 - 2018-04-11 19:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-10-09 22:52 - 2018-04-11 19:38 - 000000000 ___RD C:\Program Files\Windows Defender
2018-10-09 22:52 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-10-09 22:52 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2018-10-09 22:52 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-10-09 22:52 - 2018-04-11 19:38 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2018-10-09 17:00 - 2014-08-07 18:14 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-10-09 16:58 - 2014-08-07 18:14 - 136745976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-10-09 16:17 - 2015-02-16 01:40 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner
2018-10-02 16:13 - 2018-04-11 19:41 - 000835152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-10-02 16:13 - 2018-04-11 19:41 - 000179792 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-10-01 22:00 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-10-01 22:00 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\Macromed

==================== Files in the root of some directories =======

2014-08-08 23:40 - 2015-02-03 18:26 - 000000021 _____ () C:\Users\Chuck\AppData\Roaming\config_data.dat
2018-10-23 19:40 - 2018-10-23 19:40 - 000000000 _____ () C:\Users\Chuck\AppData\Local\ars.cache
2018-10-23 19:40 - 2018-10-23 19:40 - 000505517 _____ () C:\Users\Chuck\AppData\Local\census.cache
2018-10-23 13:07 - 2018-10-23 13:07 - 000000036 _____ () C:\Users\Chuck\AppData\Local\housecall.guid.cache
2018-08-26 21:19 - 2018-08-26 21:19 - 000005186 _____ () C:\Users\Chuck\AppData\Local\recently-used.xbel
2014-08-23 19:32 - 2014-08-23 19:32 - 000007605 _____ () C:\Users\Chuck\AppData\Local\Resmon.ResmonCfg
2018-10-23 13:12 - 2018-10-23 16:25 - 000000010 _____ () C:\Users\Chuck\AppData\Local\sponge.last.runtime.cache

Some files in TEMP:
====================
2018-10-22 15:12 - 2018-03-23 19:05 - 000374152 _____ (NVIDIA Corporation) C:\Users\Chuck\AppData\Local\Temp\nvStInst.exe
2018-10-21 16:43 - 2018-10-21 16:43 - 057158752 _____ (Acresso Software Inc.) C:\Users\Chuck\AppData\Local\Temp\ubi2C59.tmp.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-07-13 14:56

==================== End of FRST.txt ============================
Juliet
2018-10-26, 00:31
Hi

When Farbar Recovery Scan Tool was first run it should had also created a txt Addition.txt

Can you post this for me.
DragonC
2018-10-26, 00:57
Hi

When Farbar Recovery Scan Tool was first run it should had also created a txt Addition.txt

Can you post this for me.

Ahh Sorry. I knew i forgot something! haha

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24.10.2018
Ran by Chuck (25-10-2018 12:31:03)
Running from C:\Users\Chuck\Desktop
Windows 10 Pro Version 1803 17134.345 (X64) (2018-07-13 19:06:13)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4180532363-1903722274-3440195036-500 - Administrator - Disabled)
cdragonm (S-1-5-21-4180532363-1903722274-3440195036-1006 - Limited - Enabled)
Chrome (S-1-5-21-4180532363-1903722274-3440195036-1011 - Administrator - Enabled)
Chuck (S-1-5-21-4180532363-1903722274-3440195036-1001 - Administrator - Enabled) => C:\Users\Chuck
DefaultAccount (S-1-5-21-4180532363-1903722274-3440195036-503 - Limited - Disabled)
Guest (S-1-5-21-4180532363-1903722274-3440195036-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-4180532363-1903722274-3440195036-1014 - Limited - Enabled)
VTUDKZXOX9 (S-1-5-21-4180532363-1903722274-3440195036-1016 - Limited - Enabled) => C:\Users\VTUDKZXOX9
WDAGUtilityAccount (S-1-5-21-4180532363-1903722274-3440195036-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

A3Launcher version 0.1.4.4 (HKLM-x32\...\{1E29A86E-9AE2-4CD8-74C8-6B170ED3C4D2}_is1) (Version: 0.1.4.4 - Maca134)
ACP Application (HKLM\...\{F6191048-C738-9336-04C8-968455D82C31}) (Version: 2016.0718.1650.38 - Advanced Micro Devices, Inc.) Hidden
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 31 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 31.0.0.108 - Adobe Systems Incorporated)
Amazon Cloud Drive (HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\Amazon Cloud Drive) (Version: 2.4.2.25 - Amazon Digital Services, LLC.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 18.7.1 - Advanced Micro Devices, Inc.)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{D811A40A-9791-497C-B9DC-2D89C8E95EA1}) (Version: 6.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{8B47B514-F5D2-4E0D-B951-6E250618A7CD}) (Version: 6.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{31A0B634-BCF4-4D3F-8336-87FEACFEE142}) (Version: 11.0.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Assassin's Creed(R) III v1.03 (HKLM-x32\...\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}) (Version: 1.03 - Ubisoft)
ASTRA32 - Advanced System Information Tool 3.50 (HKLM-x32\...\ASTRA32_is1) (Version: 3.50 - Sysinfo Lab)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - )
Bethesda.net Launcher (HKLM-x32\...\{3448917E-E4FE-4E30-9502-9FD52EABB6F5}_is1) (Version: 1.0 - Bethesda Softworks)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Branding64 (HKLM\...\{EE2AFCE4-0238-4DE0-A140-1647021627C1}) (Version: 1.00.0001 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{118C2119-84B6-E32C-63E2-B56DBCF41CE5}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{3E245378-BF77-6946-C6F6-096DBE5EAB82}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{A16E186C-58C4-3BDC-5CCE-714EFEF5F27F}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{E7AA1A02-575C-14C6-FBEF-4BE6D46A5B74}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{45907537-804A-514F-5280-5F4F12A6DCBC}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{5A083A57-10D6-D4E5-292C-F274870E73A4}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{E42911E5-48F8-8557-ED20-D72AD1907D25}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{EB6C44F1-0F78-FE10-BC63-90BA50AB0CE9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{962364E4-08BB-347D-32E7-2B789F37BF8A}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B26D75B8-FAB7-6F8B-767F-BAF975383D91}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B4C30EF4-B2C5-1395-B534-7B63BCB6E8E4}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{DF0D7C1C-72B6-9FFB-DF66-B3720237BB80}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{238F6F6F-2544-86CF-3AB6-2CDADAB58CF0}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{36EDC500-E4C0-371C-9865-08450415C1E9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{62098A5F-E03B-31A3-5F9C-51A7F7D25744}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{A0407E39-2AA4-60B3-885F-3C5347B6909E}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{0989D0EA-AFF3-5F9A-3D25-20EE133E409B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{1757AD9B-0E3C-05F9-FE43-4343BED7DA85}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{4C2FB7FD-89FD-BA5C-585A-3811F326AD34}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{EC688BD0-240D-AE40-55F3-234E54919AE6}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{66B06F29-EE4F-9130-D96A-754826093FEA}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{A8689A0F-5928-7300-B82B-C5E85131B7BA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{D74218A3-C503-57EF-AC9F-2220082E7ADE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{E27224E3-7913-DA1E-5B08-9BEEC8FEE3D1}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{76AAF56B-93D8-161D-809A-EC05F3B913DA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{821D0A0E-F246-BE40-0D68-93883C14C410}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{95A52FC1-C728-841D-1BFC-CC793B77B0A4}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{DA433FCF-90A1-19A5-65A7-FDF82DE4826D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{063CED74-F5F0-870E-DC9C-2D78FDEDA3EE}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{88BD74C4-23AB-4554-915C-6E1F0C81F6CD}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{949F125B-A6CC-5A5E-EEE7-4AC50305C1FA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{A22CDEBA-6DB5-12CD-F6CE-6238C2D78363}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{13BB60AA-88F7-4B1F-2DEC-D81EEDE8B3AA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{20D46801-147B-30AD-7C5A-AC4560A79096}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{A48E2AB0-0866-7783-9657-E1709EB18D02}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{C0BFC67D-E447-02C8-6046-C078DFE9EC97}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{22C39711-2747-D264-319A-1550BEEAAEC6}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{37AA6227-FF2C-95AC-87C0-45DCC0BB87DA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{94C72EBE-2908-F0AC-62DA-D61951830F8F}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{E61CEF9A-BAC3-EAEE-F735-E257D2354DF2}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{1DBACFDB-5E43-7882-36BD-53526D34BD22}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{5B987681-3652-492B-6A11-E02AC0FE5959}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{DA0326BB-657D-AAFC-752C-363E8FA33755}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{EB328356-1DF0-1CCE-3607-6361DD329219}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{86BFE5B4-1FCE-3C02-6373-92B1AE6431E8}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{87E6EC29-AEC5-28CB-F773-93EB6C1B8A2B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{A91FC4BF-C1EC-ADCA-79D1-F4F0671F1D60}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{B873A1FB-5EA0-EE5F-A861-1E38880AD08E}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{0742432E-42D9-2240-4CA1-8595CCCBAA77}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{CA55697D-BD74-3ED8-6B21-D7EDAD3B7D02}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{EC9DF9FF-9D75-4CDD-1D58-A2E887B0A42E}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED75A775-03A7-F214-868D-497748707968}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{07BFBD5C-2F63-6828-1B61-B41A44113F3B}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{7ABACA7E-6E59-0EF9-8FA3-6B32E5F58127}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{CFC860C8-4F51-E08C-A74C-2E444ED06160}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{EAEAA839-44F4-22DF-D1CC-88C3B2A3D4B1}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{3E196AAF-F81C-B384-E2AB-28EE2398FE5F}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{9338D693-38B7-1ED4-9B42-BFA1D5600CCB}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{A3973655-E448-4A1B-477C-988A79D132D9}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{E6038D3E-5D87-8DF7-6D05-BE7532C3E73E}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{6DC92550-D065-4B36-C4D3-D8D7A702A7A7}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{C971C145-258D-6650-7088-13DDB161327A}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DAEFFE0C-CD05-1355-6AFC-7B3D4106A820}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DFAD9DAC-4768-C8BB-4E0E-5239605A9BEA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{B2A83706-3F14-1532-20CD-B4EE715A8945}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{E392A425-53A7-DF90-96A0-E287A75DD3B2}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{EBA09DAF-14B4-7BE7-676E-6E2FB21EDBDD}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{FFBFBD1F-B160-A119-7C43-8584FA2E5665}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{44ED2CDA-4197-E9E9-B328-26E1FB749116}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4D1D5407-9B69-6422-629C-8518A26004A4}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{9AA4DD93-94BF-22EA-C9D2-7084F304A31B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{D6F47BB4-700A-F612-0671-5F69EA311BB7}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{01FD9A26-3F61-9236-B360-BE5D043D82C0}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{3450566C-4561-0EE8-B1AB-D5C79CCE8D2C}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{379D900B-A785-6DB0-012E-434356A365B3}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{A8379BAB-59A9-C0A3-8BCC-4852EA403692}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{24DF617A-CD23-6E6A-126B-23630D2781CE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{366C4FB5-CF6E-258B-418D-E6D29549A278}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{64D4CCC3-63DF-252D-D29D-03491670225D}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{FCE8438C-3272-D63F-479F-670F082B294B}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{25D1751E-7CA2-5F6D-0125-0A16E47AF9FE}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{83DDDFD8-AD42-72F9-E4F1-5456FDB304C9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{8DF90937-B869-9F76-5D45-5A8BDA0A33B6}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{B10089DE-934F-6E0F-683A-B788F89348DF}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
CMS2000 version 1.0 (HKLM-x32\...\CMS2000_is1) (Version: 1.0 - )
Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
CPUID CPU-Z 1.75 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) <==== ATTENTION
CPUID HWMonitor Pro 1.25 (HKLM\...\CPUID HWMonitorPro_is1) (Version: - )
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Dead Space™ 2 (HKLM-x32\...\{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}) (Version: 1.0.941.0 - Electronic Arts)
Discord (HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\Discord) (Version: 0.0.301 - Discord Inc.)
Fallout Shelter (HKLM-x32\...\Fallout Shelter) (Version: - Bethesda Softworks)
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version: - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line)
Foscam Web Components Test 2.0.0.99 (HKLM-x32\...\{7E8ADAF8-7E63-4E11-88BF-9E0E7513D7A5}_is1) (Version: 2.0.0.99 - FOSCAM)
Futuremark SystemInfo (HKLM-x32\...\{4DB65855-2E10-47A2-AC3B-F8F826840125}) (Version: 4.46.595.0 - Futuremark)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.67 - Google Inc.)
Google Drive (HKLM-x32\...\{A8DC81F2-D365-4248-892A-FA3B5951F731}) (Version: 2.34.9392.7803 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
HP ENVY 5530 series Basic Device Software (HKLM\...\{CE838BCA-A2CA-4E8E-88C3-C2D4ECA150D1}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP ENVY 5530 series Help (HKLM-x32\...\{97EAE055-1BE8-4775-8101-453E9715EC3F}) (Version: 30.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
Intel® Hardware Accelerated Execution Manager (HKLM\...\{ECCB31F5-435D-4F37-A98D-5854D3C62718}) (Version: 1.1.1 - Intel Corporation)
iTunes (HKLM\...\{F2517A28-8CB8-4206-B86C-5EDD4EA26682}) (Version: 12.7.1.14 - Apple Inc.)
Java 7 Update 79 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417079FF}) (Version: 7.0.790 - Oracle)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java SE Development Kit 7 Update 79 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170790}) (Version: 1.7.0.790 - Oracle)
Logitech Gaming Software 8.81 (HKLM\...\Logitech Gaming Software) (Version: 8.81.15 - Logitech Inc.)
LOOT version 0.11.0 (HKLM-x32\...\{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.11.0 - LOOT Team)
Mass Effect™ 2 (HKLM-x32\...\{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}) (Version: 1.2.1604.0 - Electronic Arts)
Microsoft Flight Simulator SimConnect Client v10.0.62607.0 (HKLM-x32\...\{33D89314-361A-4495-A1E1-0ACBCE08F78D}) (Version: 10.0.62607.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\OneDriveSetup.exe) (Version: 18.172.0826.0010 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mozilla Thunderbird 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Thunderbird 52.9.1 (x86 en-US) (HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\Mozilla Thunderbird 52.9.1 (x86 en-US)) (Version: 52.9.1 - Mozilla)
MSI Afterburner 4.3.0 (HKLM-x32\...\Afterburner) (Version: 4.3.0 - MSI Co., LTD)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Mumble 1.2.7 (HKLM-x32\...\{CF8BBFA2-5502-4904-A9E9-8D5CAA8DF785}) (Version: 1.2.7 - Thorvald Natvig)
MyFreeCodec (HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\MyFreeCodec) (Version: - )
Need for Speed(TM) Hot Pursuit (HKLM-x32\...\{83A606F5-BF6F-42ED-9F33-B9F74297CDED}) (Version: 1.0.0.0 - Electronic Arts)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.65.2 - Black Tree Gaming)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.3 - Notepad++ Team)
NVIDIA HD Audio Driver 1.3.36.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.36.6 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OBDwiz (HKLM-x32\...\{2AAF92BA-E688-43F7-9A6D-96A01FF606D4}) (Version: 2.16.4 - OCTech, LLC)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.29.14153 - Electronic Arts, Inc.)
OSFMount v1.5 (HKLM\...\OSFMount_is1) (Version: 1.5.1015 - Passmark Software)
Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games)
Plants vs. Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Private Internet Access v80 (HKLM-x32\...\{148169C2-5558-4C3E-B38A-7B1813A264CA}_is1) (Version: 80 - London Trust Media, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.10-r123135-release - Raptr, Inc)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7572 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.3.8 - Rockstar Games)
Samsung Kies (HKLM-x32\...\{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15075.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15075.2 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
Seagate Dashboard (HKLM-x32\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.1.1402.0 - Seagate)
Send To Toys v2.71 (HKLM\...\Send To Toys_is1) (Version: - Gabriele Ponti)
SimCity 2000 Special Edition (HKLM-x32\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.98.0213 - Electronic Arts)
SketchUp 2014 (HKLM-x32\...\{F246092E-FA0B-47C8-9D3E-CF8C210293C8}) (Version: 14.1.1282 - Trimble Navigation Limited)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
Splashtop Personal (HKLM-x32\...\{E7CF0F14-8C1D-41F3-85ED-579C108262C7}) (Version: 2.6.4.0 - Splashtop Inc.)
Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.)
Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 3.2.6.0 - Splashtop Inc.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
Star Citizen Launcher (HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\Star Citizen Launcher) (Version: 00.01.00.00 - Cloud Imperium Games)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.2.26558 - TeamViewer)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.69.43.024017 - Electronic Arts Inc.)
The Sims™ 3 70s, 80s, & 90s Stuff (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}_The Sims 3 70s 80s & 90s Stuff) (Version: 1.0.0.0 - Electronic Arts Inc.)
The Sims™ 3 Ambitions (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
The Sims™ 3 Create a World Tool - Beta (HKLM-x32\...\{65761BAE-11E8-48FE-B30F-1F01011AB906}) (Version: 1.22.9 - Electronic Arts)
The Sims™ 3 Diesel Stuff (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}_The Sims 3 Diesel Stuff) (Version: 1.0.0.0 - Electronic Arts Inc.)
The Sims™ 3 Fast Lane Stuff (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}_The Sims 3 Fast Lane Stuff) (Version: 1.0.0.0 - Electronic Arts Inc.)
The Sims™ 3 Generations (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
The Sims™ 3 Into the Future (HKLM-x32\...\{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}) (Version: 21.0.150 - Electronic Arts)
The Sims™ 3 Island Paradise (HKLM-x32\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts)
The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
The Sims™ 3 Master Suite Stuff (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}_The Sims 3 Master Suite Stuff) (Version: 1.0.0.0 - Electronic Arts Inc.)
The Sims™ 3 Outdoor Living Stuff (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}_The Sims 3 Outdoor Living Stuff) (Version: 1.0.0.0 - Electronic Arts Inc.)
The Sims™ 3 Pets (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
The Sims™ 3 Seasons (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
The Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
The Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
The Sims™ 3 Town Life Stuff (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}_The Sims 3 Town Life Stuff) (Version: 1.0.0.0 - Electronic Arts Inc.)
The Sims™ 3 University Life (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
The Sims™ 3 World Adventures (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
Theme Hospital (HKLM-x32\...\{5118A4C2-C8A4-4CE5-AC37-F3E51C25402F}) (Version: 3.0.0.5 - Electronic Arts)
Trove North America (HKLM-x32\...\Glyph Trove North America) (Version: - Trion Worlds, Inc.)
TroveTools .NET (HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\0ad522f4516a2a4e) (Version: 1.2.0.5 - Dazo)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\UnityWebPlayer) (Version: 5.2.0f3 - Unity Technologies ApS)
Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{8CFAB044-7D2E-4655-B86D-99932E988980}) (Version: 2.45.0.0 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 32.1 - Ubisoft)
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0) (Version: 1.0.17.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.51.0 (HKLM\...\VulkanRT1.0.51.0) (Version: 1.0.51.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)
Win32DiskImager version 1.0.0 (HKLM-x32\...\{3DFFA293-DF2C-4B23-92E5-3433BDC310E1}}_is1) (Version: 1.0.0 - ImageWriter Developers)
Winamp (HKLM-x32\...\Winamp) (Version: 5.623 - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
Windows Migration Assistant (HKLM-x32\...\{94C6D9B4-884B-4FD7-B89D-849ADD76057D}) (Version: 2.0.5.0 - Apple Inc.)
Wing Commander III (HKLM-x32\...\{F96B9930-E22A-44D6-81B5-6C8E92C21B4B}) (Version: 2.0.0.2 - Electronic Arts)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-08-28] ()
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2014-06-10] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2014-06-10] (Alexander Roshal)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-07-11] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => -> No File
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => -> No File
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2014-06-10] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2014-06-10] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1F20BCE3-86FC-429F-86A8-7720C825555D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {1FBF9A2B-44D9-4A96-8FE4-75B6841946F3} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {23015562-5B1A-4E4F-ABCD-5A43D073C742} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-22] (Microsoft Corporation)
Task: {242B16B9-C21E-4365-84A2-265C8AD98E34} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-22] (Microsoft Corporation)
Task: {26A5F1C4-ADAB-445D-B243-BFF64AD1CA03} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {3348B140-EF69-44A5-844C-201B3D2C57FE} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {34816B2A-5E2E-4FAE-966D-767224A108FC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2018-04-20] (Safer-Networking Ltd.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3875A0C8-729A-4FFE-AE65-756AAE3E971F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2018-04-20] (Safer-Networking Ltd.)
Task: {4AFD0069-725D-47C6-9E33-26612FF31612} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2018-07-11] (Advanced Micro Devices, Inc.)
Task: {63610CD7-16E3-431C-A290-5AC66E5B70F3} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {6D733F13-29DC-4DB7-902B-2958C60D1A92} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe
Task: {7C57D682-87F0-4DED-BB4E-DE202085721C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2018-10-09] (Microsoft Corporation)
Task: {7D9B7AF0-A80F-4FBE-8FC2-C77EE9D7D2CC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {8BFB9C1D-1B83-4A42-A583-D00A2ACB0E77} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {9BA01F53-566E-4EF4-BD47-3A6FCEA8C927} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {9DEE82AB-509D-4657-B24E-E0EAE262B113} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {A5F2DC0C-E94F-4098-BFC7-BA812FA7AF68} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2016-10-24] ()
Task: {AE89AD3F-AA5D-4CED-8D8A-1070C3843FF6} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2015-06-08] (Seagate Technology LLC)
Task: {AFD580E8-96C6-449B-B19B-884C7A033239} - System32\Tasks\{1EF2C581-B9DB-4018-9D32-916C517E750E} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.8.64.102/en/abandoninstall?page=tsBing
Task: {B535E689-044B-4B1F-BC73-968DB16E3DC1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {B5D8B1A5-4956-4C45-811C-4F1FE209CEAF} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {B872B500-2291-40CA-AFB4-A21E4235ED2B} - System32\Tasks\StartPoint Updater => C:\Users\Chuck\AppData\Local\StartPoint\startpoint\1.3.18.7\startup.exe <==== ATTENTION
Task: {C36575E9-7361-40F8-9548-270A9935A64C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-22] (Microsoft Corporation)
Task: {D9BF6923-B521-4D5D-B87A-A36CC7A004AE} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {D9FBE760-8F58-428D-A782-D24EF042FC80} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {DA88A7B9-6A8F-4052-A385-F042D66AD013} - System32\Tasks\{28CD1A87-F9EC-4E74-B18E-9782CA38749B} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\PeerGuardian2\pg2.exe" -d C:\Users\Chuck\Desktop
Task: {DDBA78EC-BCFE-48E6-B4A4-07F4501322B2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-22] (Microsoft Corporation)
Task: {E1E6F005-7BAC-464A-9C3C-14938BBB8E0E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2018-04-20] (Safer-Networking Ltd.)
Task: {E2983D0C-699D-48D2-A79C-53AAA59B9945} - System32\Tasks\StartPoint => C:\Users\Chuck\AppData\Local\StartPoint\startpoint\1.3.18.7\startpoint.exe <==== ATTENTION
Task: {E3CB0C76-F081-440C-99F6-C37324D818E2} - System32\Tasks\Private Internet Access Startup => C:/Program Files/pia_manager/pia_manager.exe [2018-05-22] ()
Task: {E80C0B61-0806-4726-918B-B5F750F56581} - \WPD\SqmUpload_S-1-5-21-4180532363-1903722274-3440195036-1007 -> No File <==== ATTENTION
Task: {EAB09DC3-AD0C-477D-8620-F1B786326164} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe [2018-07-11] (Advanced Micro Devices, Inc.)
Task: {EB84D48F-2FD4-4C23-A5DF-F02834A59E8F} - \WPD\SqmUpload_S-1-5-21-4180532363-1903722274-3440195036-1001 -> No File <==== ATTENTION
Task: {F3E251B6-E4E1-4C5A-A3EB-2EB6F4B1B6DD} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {FD0254E7-DA38-4D78-A883-5092F2F34FFA} - System32\Tasks\Start Corsair Link => C:\Program Files (x86)\Corsair\Corsair Link\CorsairLINK.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Chuck\Documents\Electronic Arts\The Sims 3\Custom Music\02.Battery.mp3 - Shortcut.lnk -> E:\All Access Music\02.Battery.mp3 ()
Shortcut: C:\Users\Chuck\Documents\Electronic Arts\The Sims 3\Custom Music\13.Battle Theme.mp3 - Shortcut.lnk -> E:\All Access Music\13.Battle Theme.mp3 ()

ShortcutWithArgument: C:\Users\Chuck\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) ==============

2018-04-11 19:34 - 2018-04-11 19:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2016-10-24 06:03 - 2016-10-24 06:03 - 000589512 _____ () C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
2018-04-11 19:34 - 2018-04-11 19:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 19:34 - 2018-04-11 19:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2017-10-19 00:51 - 2017-10-19 00:51 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-10-19 00:51 - 2017-10-19 00:51 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-01 23:10 - 2014-10-01 23:10 - 000076152 _____ () C:\Windows\system32\PnkBstrA.exe
2018-10-09 16:56 - 2018-09-19 23:38 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-07-13 18:51 - 2018-07-13 18:51 - 001308672 _____ () c:\windows\system32\FaceProcessor.dll
2018-07-13 18:51 - 2018-07-13 18:51 - 000542888 _____ () c:\windows\system32\FaceProcessorCore.dll
2018-04-11 19:34 - 2018-04-11 19:34 - 001348664 _____ () c:\windows\system32\FaceTrackerInternal.dll
2018-10-01 16:48 - 2018-10-01 16:48 - 002959872 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.1808.2473.0_x64__8wekyb3d8bbwe\People.BackgroundTasks.dll
2018-10-01 16:48 - 2018-10-01 16:48 - 000119808 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.1808.2473.0_x64__8wekyb3d8bbwe\PeopleUtilRT.dll
2018-10-01 16:48 - 2018-10-01 16:48 - 009026560 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.1808.2473.0_x64__8wekyb3d8bbwe\Microsoft.People.NativeComponents.dll
2018-04-05 15:12 - 2018-04-05 15:12 - 004734464 _____ () C:\Program Files\WindowsApps\Microsoft.Wallet_2.2.18065.0_x64__8wekyb3d8bbwe\Microsoft.Wallet.dll
2018-10-23 16:40 - 2018-10-23 16:40 - 000183808 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2018-10-23 16:40 - 2018-10-23 16:40 - 000019456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll
2018-10-09 17:20 - 2018-10-09 17:20 - 004389888 _____ () C:\Program Files\WindowsApps\Microsoft.OneConnect_5.1809.2571.0_x64__8wekyb3d8bbwe\OneConnect.dll
2018-10-05 18:30 - 2018-10-05 18:30 - 000066048 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11809.1001.8.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
2018-10-05 18:30 - 2018-10-05 18:30 - 000194048 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11809.1001.8.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-07-13 18:51 - 2018-07-13 18:51 - 002060288 _____ () C:\Windows\System32\speech_onecore\engines\tts\MSTTSEngine_OneCore.dll
2018-10-23 16:40 - 2018-10-23 16:40 - 035118592 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\Video.UI.exe
2018-10-23 16:40 - 2018-10-23 16:40 - 000290816 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-10-23 16:40 - 2018-10-23 16:40 - 005987328 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\EntCommon.dll
2018-03-26 16:20 - 2018-03-26 16:21 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-10-23 16:40 - 2018-10-23 16:40 - 009064448 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\EntPlat.dll
2018-10-04 15:11 - 2018-10-04 15:12 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2018-10-23 16:40 - 2018-10-23 16:40 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2018-10-23 16:40 - 2018-10-23 16:40 - 010978304 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\LibWrapper.dll
2018-10-23 16:40 - 2018-10-23 16:40 - 002810368 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\skypert.dll
2018-10-23 16:40 - 2018-10-23 16:40 - 000685056 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-08-14 17:21 - 2018-08-14 17:21 - 034701824 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_44.44.7002.0_x64__8wekyb3d8bbwe\XboxApp.dll
2018-03-07 22:47 - 2018-03-07 22:52 - 000258560 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_44.44.7002.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2015-03-06 20:07 - 2015-03-06 20:07 - 000908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2016-02-17 19:01 - 2016-02-17 19:01 - 001095448 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-06 20:07 - 2015-03-06 20:07 - 000060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2016-02-17 19:01 - 2016-02-17 19:01 - 000240408 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2016-10-10 12:46 - 2016-10-10 12:46 - 000071680 _____ () C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
2016-10-10 12:46 - 2016-10-10 12:46 - 000228864 _____ () C:\Program Files (x86)\MSI Afterburner\RTCore.dll
2016-10-10 12:46 - 2016-10-10 12:46 - 000056832 _____ () C:\Program Files (x86)\MSI Afterburner\RTFC.dll
2016-10-10 12:46 - 2016-10-10 12:46 - 000357888 _____ () C:\Program Files (x86)\MSI Afterburner\RTUI.dll
2016-10-10 12:46 - 2016-10-10 12:46 - 000526848 _____ () C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
2018-05-03 13:18 - 2018-04-30 23:01 - 001891672 _____ () C:\Users\Chuck\AppData\Local\Discord\app-0.0.301\ffmpeg.dll
2018-05-03 13:18 - 2018-04-30 23:01 - 001937752 _____ () C:\Users\Chuck\AppData\Local\Discord\app-0.0.301\libglesv2.dll
2018-05-03 13:18 - 2018-04-30 23:01 - 000095576 _____ () C:\Users\Chuck\AppData\Local\Discord\app-0.0.301\libegl.dll
2018-05-03 13:19 - 2018-08-30 10:13 - 011321176 _____ () \\?\C:\Users\Chuck\AppData\Roaming\discord\0.0.301\modules\discord_voice\discord_voice.node
2018-05-03 13:19 - 2018-09-13 12:29 - 001615704 _____ () \\?\C:\Users\Chuck\AppData\Roaming\discord\0.0.301\modules\discord_utils\discord_utils.node
2018-05-03 13:19 - 2018-05-03 13:19 - 001910104 _____ () \\?\C:\Users\Chuck\AppData\Roaming\discord\0.0.301\modules\discord_spellcheck\node_modules\cld\build\Release\cld.node
2018-05-03 13:19 - 2018-05-03 13:19 - 000422744 _____ () \\?\C:\Users\Chuck\AppData\Roaming\discord\0.0.301\modules\discord_spellcheck\node_modules\spellchecker\build\Release\spellchecker.node
2018-05-03 13:19 - 2018-05-03 13:19 - 000145240 _____ () \\?\C:\Users\Chuck\AppData\Roaming\discord\0.0.301\modules\discord_spellcheck\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node
2018-05-03 13:19 - 2018-05-03 13:19 - 000512856 _____ () \\?\C:\Users\Chuck\AppData\Roaming\discord\0.0.301\modules\discord_erlpack\discord_erlpack.node
2018-05-03 13:19 - 2018-10-17 10:41 - 001629016 _____ () \\?\C:\Users\Chuck\AppData\Roaming\discord\0.0.301\modules\discord_game_utils\discord_game_utils.node
2018-10-01 15:36 - 2018-10-10 14:26 - 009621848 _____ () \\?\C:\Users\Chuck\AppData\Roaming\discord\0.0.301\modules\discord_cloudsync\discord_cloudsync.node
2018-05-03 13:19 - 2018-10-17 10:41 - 001705816 _____ () \\?\C:\Users\Chuck\AppData\Roaming\discord\0.0.301\modules\discord_overlay2\discord_overlay2.node
2018-05-03 13:19 - 2018-05-03 13:19 - 002722648 _____ () \\?\C:\Users\Chuck\AppData\Roaming\discord\0.0.301\modules\discord_rpc\discord_rpc.node
2018-08-11 10:42 - 2018-10-23 12:30 - 001253720 _____ () \\?\C:\Users\Chuck\AppData\Roaming\discord\0.0.301\modules\discord_modules\discord_modules.node
2018-08-11 10:42 - 2018-10-18 19:18 - 024993624 _____ () \\?\C:\Users\Chuck\AppData\Roaming\discord\0.0.301\modules\discord_dispatch\discord_dispatch.node
2018-05-03 13:19 - 2018-05-03 13:19 - 002760536 _____ () \\?\C:\Users\Chuck\AppData\Roaming\discord\0.0.301\modules\discord_contact_import\discord_contact_import.node
2018-05-03 13:19 - 2018-05-03 13:19 - 001249112 _____ () \\?\C:\Users\Chuck\AppData\Roaming\discord\0.0.301\modules\discord_vigilante\discord_vigilante.node
2018-07-11 13:51 - 2018-07-11 13:51 - 000007680 _____ () C:\Program Files (x86)\AMD\Performance Profile Client\AUEPLauncher.exe
2018-07-11 13:51 - 2018-07-11 13:51 - 000082432 _____ () C:\Program Files (x86)\AMD\Performance Profile Client\AUEPMaster.exe
2018-07-11 13:51 - 2018-07-11 13:51 - 000062976 _____ () C:\Program Files (x86)\AMD\Performance Profile Client\AUEPDU.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7940 more sites.

IE restricted site: HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\123simsen.com -> www.123simsen.com

There are 7942 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-10-23 22:37 - 2018-10-23 23:07 - 000454851 ____R C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com

There are 15610 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Chuck\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\IMG_2026.JPG
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\StartupFolder: => "ImageBrowser EX Agent.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "XboxStat"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKLM\...\StartupApproved\Run32: => "Corsair Utility Engine"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKLM\...\StartupApproved\Run32: => "PlaysTV"
HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\StartupApproved\StartupFolder: => "EOS Utility.lnk"
HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_9001C7D091CC23E7588EE40C1DFED158"
HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\StartupApproved\Run: => "HydraVisionDesktopManager"
HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\StartupApproved\Run: => "HP ENVY 5530 series (NET)"
HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\StartupApproved\Run: => "Octoshape Streaming Services"
HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\StartupApproved\Run: => "PCShowServer"
HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\StartupApproved\Run: => "Spybot-S&D Cleaning"
HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\StartupApproved\Run: => "GoD-G910-ColorProfileSwitcher"
HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\StartupApproved\Run: => "KiesPDLR.exe"
HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\StartupApproved\Run: => "WallpaperEngine"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{62D1D5DA-89EB-4BAC-8D01-E22BB6E6C683}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\rust\Rust.exe
FirewallRules: [{7C32241A-339D-4384-99D8-A7498D9C8194}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\rust\Rust.exe
FirewallRules: [UDP Query User{7868E7C8-8DD7-474E-B46F-2A7CF210B702}C:\cms2000\cms2000.exe] => (Allow) C:\cms2000\cms2000.exe
FirewallRules: [TCP Query User{18D2A1E5-2601-4A01-ABED-9ACD96402E2B}C:\cms2000\cms2000.exe] => (Allow) C:\cms2000\cms2000.exe
FirewallRules: [{60EA7B9C-04F4-4F58-9862-959CD74EEA7F}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{F8E11C3E-408A-40C5-AD89-A160D31C2DC7}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{8C603115-23EB-4249-8218-1C8B3B9AAB49}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Prison Architect\Prison Architect64.exe
FirewallRules: [{45B56E38-8BD5-4865-844F-BCBD343FA14D}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Prison Architect\Prison Architect64.exe
FirewallRules: [UDP Query User{26B1ACC8-8DCE-4D37-BB2B-1EDB25B81201}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe
FirewallRules: [TCP Query User{3CD26E90-5900-4A03-B2EB-27CB8F9FDBC7}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe
FirewallRules: [{36D3E7DB-E3CA-4C4E-9F68-5C028E757242}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroesOmega.exe
FirewallRules: [{9E5D8E37-28A2-4ECE-90D9-0F8B9B4CF0F1}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroesOmega.exe
FirewallRules: [{A8222B9A-2599-488E-AA9E-598E09BFF952}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{63F00BE4-FAB8-4AAD-BF85-391F5BAC21A0}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{5B1CF29C-C35E-4825-910E-C25843994A3E}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{D208CCA8-F16C-4869-84AD-D8D21E5EC486}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{D8B44E43-42F5-4CA4-ACBC-9EDA9A12CBFF}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Trove\GlyphClient.exe
FirewallRules: [{CCFADD8A-7A72-4C13-AB14-91991BB40268}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Trove\GlyphClient.exe
FirewallRules: [{31514A0C-A378-4D7D-829B-46F08743E041}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Fallout Shelter\FalloutShelter.exe
FirewallRules: [{727AAF78-E4CB-4930-812E-0528948F2A70}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Fallout Shelter\FalloutShelter.exe
FirewallRules: [{C9B07C6D-2386-456E-8B44-6959AB43D04A}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\WOG\disasm.exe
FirewallRules: [{D1E1AEDB-D0BD-48A5-80DD-B41D14F5116B}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\WOG\disasm.exe
FirewallRules: [{CF3A24D7-AE9F-4FEA-9CE3-A22386C7283B}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\wallpaper_engine\launcher.exe
FirewallRules: [{A13B6777-6CC2-4B3E-9642-55EB3748F6B8}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\wallpaper_engine\launcher.exe
FirewallRules: [{BD9A136B-B1F3-4C62-89CB-2EF3A0DDF6CE}] => (Allow) D:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe
FirewallRules: [{D02E6CF0-1681-41CF-B092-FA0D77968A40}] => (Allow) D:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe
FirewallRules: [{03B736B5-BB7C-447E-8D83-BF555728BD2C}] => (Allow) D:\Program Files (x86)\Origin Games\Mass Effect 2\Binaries\MassEffect2.exe
FirewallRules: [{36E805CE-DDC7-462F-ABE3-5E95E8B210DF}] => (Allow) D:\Program Files (x86)\Origin Games\Mass Effect 2\Binaries\MassEffect2.exe
FirewallRules: [{EA4227CA-9D44-48CB-9F19-DC69B9692800}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{A076B6C8-6680-4AEC-B2E6-7CE19DB934B7}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{051DAD22-7229-40C6-8F74-E1C9E0D3E5AF}] => (Allow) D:\Program Files (x86)\Origin Games\Theme Hospital\data\Game\DOSBox\EALaunchHelper.exe
FirewallRules: [{9D9E82BD-5C2A-469B-AF59-1951F82CA3C4}] => (Allow) D:\Program Files (x86)\Origin Games\Theme Hospital\data\Game\DOSBox\EALaunchHelper.exe
FirewallRules: [{4F99C55C-8B4A-4CFE-8FE5-431242B8D306}] => (Allow) LPort=8888
FirewallRules: [UDP Query User{1984F13C-86D2-4A6E-8A05-3E68E5DDF3DC}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [TCP Query User{B0445D29-54F4-4A3A-B028-2C1522635F33}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{CBED3DB5-20F2-4ECF-9D2A-CD418C6D166B}] => (Allow) LPort=8888
FirewallRules: [{C9A17E19-DDF2-421D-A729-AD77E44069F4}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\PlagueInc\PlagueIncEvolved.exe
FirewallRules: [{B6C73401-E236-4B3D-B8EB-48C7E58AC836}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\PlagueInc\PlagueIncEvolved.exe
FirewallRules: [UDP Query User{C5F5BDA4-5E1B-456E-BF40-A43824808175}D:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) D:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{AC81D507-D003-4A7A-8846-83094503C764}D:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) D:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{0E06E4EA-C40C-451F-B529-4819F68028EF}D:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe] => (Block) D:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe
FirewallRules: [TCP Query User{57AF21D1-24E4-4133-8029-3A1147FB02BA}D:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe] => (Block) D:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe
FirewallRules: [UDP Query User{1C96CCDC-403D-4E8C-959E-C181480E71AE}C:\program files (x86)\diablo iii public test\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii public test\diablo iii.exe
FirewallRules: [TCP Query User{C2523839-B025-4D88-AB17-2CDA9878E27E}C:\program files (x86)\diablo iii public test\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii public test\diablo iii.exe
FirewallRules: [UDP Query User{7B31A629-596A-4F41-AD4C-AF88EF7A5464}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [TCP Query User{10336B83-0974-4CC2-BAED-D78473F0F376}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [{D783D0D5-64DB-483E-98C9-58735F52F049}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Miscreated\Miscreated.exe
FirewallRules: [{14E0B170-D844-4D7B-AE99-EE15673FF062}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Miscreated\Miscreated.exe
FirewallRules: [UDP Query User{EF91BC2B-D8B2-4656-A18F-9880031F75E8}D:\program files (x86)\steam\steamapps\common\life is feudal your own\server\cm_yo_server.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\life is feudal your own\server\cm_yo_server.exe
FirewallRules: [TCP Query User{45D48D09-B8CE-417D-ABE4-C3F8A6463B02}D:\program files (x86)\steam\steamapps\common\life is feudal your own\server\cm_yo_server.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\life is feudal your own\server\cm_yo_server.exe
FirewallRules: [{9C677E9C-9BC6-44F6-BB55-E0D0142365F9}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\SimCity 4 Deluxe\Apps\SimCity 4.exe
FirewallRules: [{943F71FD-ADBB-4B76-BD4B-0BB52595241E}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\SimCity 4 Deluxe\Apps\SimCity 4.exe
FirewallRules: [{C1486EE5-DDAE-43E2-AD9C-7B8AA6C5AE6F}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Life is Feudal Your Own\yo_cm_client.exe
FirewallRules: [{2D06D2D2-DA52-40E3-A040-F380FF313855}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Life is Feudal Your Own\yo_cm_client.exe
FirewallRules: [{4D5558E0-4997-4AF7-A95B-0D7B54EC863A}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{4EAFAB89-717D-4D25-9CAE-F6D61956CC92}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{67C52708-ABDB-449B-82A7-EEE836C93A57}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{EE99486D-EBED-4774-8961-A93CFA37533D}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{FC016E15-2ADD-4C08-A01B-E2136F5630F2}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\FSX\fsx.exe
FirewallRules: [{09E86756-2FFB-4FAD-80E9-867E90E26F16}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\FSX\fsx.exe
FirewallRules: [{83630C42-CDBB-4932-9770-A29CB8961637}] => (Allow) D:\Program Files (x86)\Origin Games\SimCity 2000 SE\Game\Game\DOSBox\DOSBox.exe
FirewallRules: [{E8A4BD10-0540-4F36-AC18-E808FB86ED29}] => (Allow) D:\Program Files (x86)\Origin Games\SimCity 2000 SE\Game\Game\DOSBox\DOSBox.exe
FirewallRules: [{9CB07561-9B92-4C17-A4A0-18EE1B980BE2}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ_BE.exe
FirewallRules: [{48773769-2135-4281-A832-C1F065226A6D}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ_BE.exe
FirewallRules: [{350112F0-387E-46E6-9599-33A05295F78A}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{DAF24764-EA28-43F6-9BFE-61B981EBBD83}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{315C94A6-25D2-46C1-B9D0-33AA44B308B8}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{9A5FD1CD-FF55-43BF-897A-636E75490AD4}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{55901A0E-095B-413B-A00A-AB07BA0FE271}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Batman Arkham Origins\Online\Binaries\Win32\BatmanOriginsOnline.exe
FirewallRules: [{42DF26BD-5C89-413A-AF7F-75E79A95E1A0}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Batman Arkham Origins\Online\Binaries\Win32\BatmanOriginsOnline.exe
FirewallRules: [{9CED4785-DFF0-4809-BE12-1E94980BA707}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Batman Arkham Origins\SinglePlayer\Binaries\Win32\BatmanOrigins.exe
FirewallRules: [{08AB4070-D604-4B74-9EBC-AA6A67C637BB}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Batman Arkham Origins\SinglePlayer\Binaries\Win32\BatmanOrigins.exe
FirewallRules: [{3F76E01B-B748-4751-A658-4740A945D744}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto San Andreas\gta-sa.exe
FirewallRules: [{A6BB6744-9962-47FE-A5C2-72F95F603207}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto San Andreas\gta-sa.exe
FirewallRules: [{02DABD3D-1E3C-49AA-A0E4-45163BA3FC4B}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Miscreated\Bin64\Miscreated.exe
FirewallRules: [{5917E38F-6579-4A7E-9023-B3BAD14E7DCD}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Miscreated\Bin64\Miscreated.exe
FirewallRules: [UDP Query User{06B8EA62-F4B8-406F-A4B2-7CFD6219A744}D:\program files (x86)\dayzlauncher\dayzlauncher.exe] => (Allow) D:\program files (x86)\dayzlauncher\dayzlauncher.exe
FirewallRules: [TCP Query User{29751EB7-D23F-4A8F-96AE-94ADC5609369}D:\program files (x86)\dayzlauncher\dayzlauncher.exe] => (Allow) D:\program files (x86)\dayzlauncher\dayzlauncher.exe
FirewallRules: [UDP Query User{9026D26E-5089-4BEE-811D-03E05511B9D8}D:\users\chuck\documents\starcitizen\citizenclient\bin64\starcitizen.exe] => (Allow) D:\users\chuck\documents\starcitizen\citizenclient\bin64\starcitizen.exe
FirewallRules: [TCP Query User{93D45488-CC55-4843-BFEA-338D2B7EB0A6}D:\users\chuck\documents\starcitizen\citizenclient\bin64\starcitizen.exe] => (Allow) D:\users\chuck\documents\starcitizen\citizenclient\bin64\starcitizen.exe
FirewallRules: [{A3D34F29-A2FF-458A-8FF0-5AF268DA6D4F}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{4D0933D6-D209-4DD9-BEA3-98E876FEAF1A}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{07CA0F98-66D7-46C8-9382-14267B80BD71}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{22D80FA2-F630-4152-A337-729625D0E6F9}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{02DCA2FE-1A00-4D4A-A42C-1616D1864C66}] => (Allow) D:\Program Files (x86)\Origin Games\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{5E4C4AD1-FF5E-4C25-9998-C6CC09A21AEA}] => (Allow) D:\Program Files (x86)\Origin Games\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{D2313727-21CC-4FBC-A278-C5BF2C8163EE}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{AE1E55C4-58F0-4388-AF61-DC4EEE0686CC}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{325CD53C-4527-4D21-9836-7FE9D491E11E}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\ArmaTactics\ArmaTactics.exe
FirewallRules: [{33CBCE1D-920C-4BEC-A559-73A764C7DFB1}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\ArmaTactics\ArmaTactics.exe
FirewallRules: [{2CF610A7-DA1F-461C-8BFF-0181DDE7DB08}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Game Dev Tycoon\nw.exe
FirewallRules: [{D594A129-DC20-4FB1-B580-6D3826B21081}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Game Dev Tycoon\nw.exe
FirewallRules: [{A4418DBD-FC0B-49BF-B5FF-0026B234A3F9}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\7 Days To Die\7DaysToDie_EAC.exe
FirewallRules: [{4FDB2C75-7E48-4333-AC5B-0A68B2187540}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\7 Days To Die\7DaysToDie_EAC.exe
FirewallRules: [UDP Query User{697B2AEB-952E-4E45-8AA2-F43ED33B1714}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [TCP Query User{9402E211-54A3-449C-954E-9E5CB951A22D}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{39790539-520F-468E-9380-0CC48038AA29}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{CAE4E5ED-1542-4EF9-A902-F66DD0086C65}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{062DE237-CF8A-42E1-B78F-ED1AADF855C1}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\arma 2 operation arrowhead\Expansion\beta\Arma2OA.exe
FirewallRules: [{D74A7BDC-8493-4BEE-B84D-240FB50773AA}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\arma 2 operation arrowhead\Expansion\beta\Arma2OA.exe
FirewallRules: [{02BF0E43-DB6A-44BB-B5CC-1192479C36EA}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{9DDFBA43-43D5-4ECC-9DDF-8BAC3396D623}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{75F3548A-877A-46EC-8A1C-34900DEBE808}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{1FB25ECC-ABF7-4855-9246-078DB493578D}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{F385432D-BC1C-4D43-B3F2-C2263A1ACCE6}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{AE4BEB5C-FD49-493F-B4FD-2AC9E13E03E2}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{BF6182C4-E691-4810-B32F-7DA797C5F29A}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Assassin's Creed IV Black Flag\AC4BFSP.exe
FirewallRules: [{94514730-AF25-4207-B879-D1BD51FD1F47}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Assassin's Creed IV Black Flag\AC4BFSP.exe
FirewallRules: [{0D10C69D-0746-46F4-BEF8-A53DA4AED7C8}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{7DD32D6C-3A8E-413D-B374-632C4FF3D217}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{90D8998B-7D5A-4338-A276-48E9C0B8662B}] => (Allow) C:\Program Files\HP\HP ENVY 5530 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{BDA041B6-292F-457B-892B-D3BEEC4C589F}] => (Allow) LPort=5357
FirewallRules: [{1AE032E8-7F20-4F49-BD45-6000C2CAAF23}] => (Allow) C:\Program Files\HP\HP ENVY 5530 series\Bin\DeviceSetup.exe
FirewallRules: [{A8C5101B-E8E0-4E84-80B2-97C99D00E673}] => (Allow) D:\Program Files (x86)\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe
FirewallRules: [{891B30CA-607D-47C9-A7FC-3894189B7D2E}] => (Allow) D:\Program Files (x86)\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe
FirewallRules: [{CF608D47-DE77-4D04-9609-65060B1BEE0A}] => (Allow) D:\Program Files (x86)\Origin Games\Need for Speed Hot Pursuit\Launcher.exe
FirewallRules: [{7FF78E4F-B8C5-4099-A3D0-779A789736F3}] => (Allow) D:\Program Files (x86)\Origin Games\Need for Speed Hot Pursuit\Launcher.exe
FirewallRules: [UDP Query User{60149D1D-AB29-4550-B566-A614DB083E58}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{3BAA2B51-3DF8-4DD8-8A79-C37D90FFF674}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{116A6727-8FF9-484C-BD05-0B8B18543C1D}] => (Allow) D:\Program Files (x86)\Origin Games\Peggle Deluxe\Peggle.exe
FirewallRules: [{6D01B0CB-878A-44C1-A30E-0818746CA532}] => (Allow) D:\Program Files (x86)\Origin Games\Peggle Deluxe\Peggle.exe
FirewallRules: [UDP Query User{FA01AEE9-8D23-42FB-8029-73B2EA23335F}C:\program files (x86)\ps3 media server\jre64\bin\javaw.exe] => (Allow) C:\program files (x86)\ps3 media server\jre64\bin\javaw.exe
FirewallRules: [TCP Query User{22905A12-1BBA-4725-B5D9-22C9E7B48260}C:\program files (x86)\ps3 media server\jre64\bin\javaw.exe] => (Allow) C:\program files (x86)\ps3 media server\jre64\bin\javaw.exe
FirewallRules: [{C53A7B78-240D-4DC6-ACEE-680281AA43D9}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\State of Decay\StateOfDecay.exe
FirewallRules: [{03A60BAF-F073-4E03-97A9-C9D61FF24358}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\State of Decay\StateOfDecay.exe
FirewallRules: [{2971E36D-F010-406D-8150-3CA5DE6C757F}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\red faction armageddon\rf4_launcher.exe
FirewallRules: [{D0B690E3-ABDB-4C78-AD2B-2411A7F76B6F}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\red faction armageddon\rf4_launcher.exe
FirewallRules: [{C3BDE659-620B-4251-8B50-D5CD9FFFDA0C}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Metro 2033\metro2033.exe
FirewallRules: [{DC36A209-3EDA-43EA-8C13-284A8692CB01}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Metro 2033\metro2033.exe
FirewallRules: [{18998332-A6BB-4904-9C1E-957A076E1575}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\bin\SniperEliteV2.exe
FirewallRules: [{00D1E0B9-3FE0-4CF0-9A37-D1884F00BCB3}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\bin\SniperEliteV2.exe
FirewallRules: [{C52FBCA3-B085-4F36-B022-6B1058E570F9}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\RailWorks\RailWorks.exe
FirewallRules: [{0F75C9A4-F8B0-43CD-B98D-4E60A5075FD7}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\RailWorks\RailWorks.exe
FirewallRules: [{AA861787-5CA3-46EC-9C3C-6AB59D36E174}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{2E9C59EC-C91B-4261-947A-B8C46C3DED57}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{1F983F8B-0F2F-46DC-92C2-1C2D8AC4A807}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\7 Days To Die\7DaysToDie.exe
FirewallRules: [{B8A83DBA-0B04-4F8E-9EB1-558FE50C8434}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\7 Days To Die\7DaysToDie.exe
FirewallRules: [{6B80204F-6265-4C38-A983-0D5E2B2AAB9C}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Game Dev Tycoon\GameDevTycoon.exe
FirewallRules: [{FF3BAE12-117A-435F-BC1E-AC5C66902274}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Game Dev Tycoon\GameDevTycoon.exe
FirewallRules: [{094CBC99-B464-4D83-93A3-1F4292643B8A}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{4CE3F5C5-2418-4D45-89D5-5389EDA2BD61}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{BEFBECF2-6BA1-43BA-9184-A6DB2C712D9F}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Company of Heroes Relaunch\RelicCOH.exe
FirewallRules: [{25C65C9D-DF4B-4C30-918B-96FD4C4147D8}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Company of Heroes Relaunch\RelicCOH.exe
FirewallRules: [{125D962E-7AB6-4EDD-9794-131E8EB556A3}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{C5D45F7A-55E9-40D0-A911-2E91B37DEB39}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{D753A31B-FDC3-44F5-BF2C-BCFCCCF21421}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{CCC67F3A-3C3E-42BA-9060-36FD44A15C7F}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{E4F8E98A-F603-432C-AE47-C67DFE2EC178}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{6D2AE3C5-12E1-4B54-935D-BF6A014EFA7F}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{8A8BE60E-F39E-4428-90D0-95E7BBEBEBDF}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\arma 2 operation arrowhead\ArmA2OA.exe
FirewallRules: [{519CC4D3-93C6-4B7A-9179-AA0BD065C856}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\arma 2 operation arrowhead\ArmA2OA.exe
FirewallRules: [{4A0A4B5F-AEB3-4386-8545-DF2FA2BE907C}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\arma 2 operation arrowhead\ArmA2OA_BE.exe
FirewallRules: [{56783ECF-0008-4D7D-9C1D-9982C6288CE2}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\arma 2 operation arrowhead\ArmA2OA_BE.exe
FirewallRules: [{A00F50F2-CF73-43FE-B61F-7A79E61B4BAB}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Borderlands\Binaries\Borderlands.exe
FirewallRules: [{C923BF60-0319-4CE9-8AD9-001745F3793F}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Borderlands\Binaries\Borderlands.exe
FirewallRules: [{C6648712-D19B-4DF5-9D94-1CF37221DD51}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{6686FAF9-CE2D-4A0D-9D9F-42F94BED8E85}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{66DB41BC-180C-4B28-A992-6AF210BE5420}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{D5D56C06-24D1-4A3D-A48F-1B6AAAF7352A}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{3B5EA2E5-5DD2-401F-868C-0398CF51E323}] => (Allow) D:\Program Files (x86)\Origin Games\Wing Commander III\Game\Game\DOSBox\DOSBox.exe
FirewallRules: [{6E321AA7-E2A3-4398-961C-EDBBDA62970E}] => (Allow) D:\Program Files (x86)\Origin Games\Wing Commander III\Game\Game\DOSBox\DOSBox.exe
FirewallRules: [{3941ED32-1675-4455-A872-6333AA5D70EF}] => (Allow) D:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{5BA51D18-3B08-450C-8E02-3BFEE33A583B}] => (Allow) D:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{EF0EC83C-49D2-450D-BF6C-0E3BAD43E631}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BC4F6168-F2B8-4A94-9775-E3EE02266CCF}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3CB410BE-E874-4041-B619-FA46AE0B22AE}] => (Allow) D:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [{190373F8-3F53-486E-B9E7-B85CED49BEA0}] => (Allow) D:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [{26F48EE6-DF4D-4874-95E0-8958D9897DFD}] => (Allow) C:\Program Files (x86)\Canon\EOS Utility\EOSUPNPSV.exe
FirewallRules: [{1A47526F-DA83-4304-91FD-E9D6179C7872}] => (Allow) C:\Program Files (x86)\Canon\EOS Utility\EOSUPNPSV.exe
FirewallRules: [{7BCF6567-3B94-4BBB-A34D-6253DDB02459}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Robocraft\Robocraft.exe
FirewallRules: [{247EC89C-8292-4640-8330-3BBA8A81B622}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Robocraft\Robocraft.exe
FirewallRules: [TCP Query User{67FF7F31-A4C0-4894-91B7-B09228C1FE7B}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [UDP Query User{0B497CA8-408D-4F47-A806-58BEBB23FCA0}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [TCP Query User{43EFA249-C6D2-4638-8E5F-301C71E7ADEC}C:\program files\java\jdk1.7.0_79\bin\java.exe] => (Allow) C:\program files\java\jdk1.7.0_79\bin\java.exe
FirewallRules: [UDP Query User{7B25FB60-5662-4A41-AA5A-980ECB81006E}C:\program files\java\jdk1.7.0_79\bin\java.exe] => (Allow) C:\program files\java\jdk1.7.0_79\bin\java.exe
FirewallRules: [TCP Query User{11425680-F098-4CC9-BABA-F65955D47D32}D:\program files (x86)\steam\steamapps\common\siryouarebeinghunted\x64\multiplayer\sir.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\siryouarebeinghunted\x64\multiplayer\sir.exe
FirewallRules: [UDP Query User{35DAEFE3-05A8-4B71-A255-99937CF8415B}D:\program files (x86)\steam\steamapps\common\siryouarebeinghunted\x64\multiplayer\sir.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\siryouarebeinghunted\x64\multiplayer\sir.exe
FirewallRules: [{3EB40E2F-680C-4D42-A501-DDC1A015D88E}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Super Street Fighter IV - Arcade Edition\SSFIV.exe
FirewallRules: [{61716F15-F1C0-4431-9A1E-67D8E0873815}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Super Street Fighter IV - Arcade Edition\SSFIV.exe
FirewallRules: [TCP Query User{2F07E946-E2C6-46FA-9A8E-CF87E799162E}D:\program files (x86)\steam\steamapps\common\fallout 4\fallout4.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\fallout 4\fallout4.exe
FirewallRules: [UDP Query User{D48E03DC-4D1D-4C3E-B161-D5D559F3CD77}D:\program files (x86)\steam\steamapps\common\fallout 4\fallout4.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\fallout 4\fallout4.exe
FirewallRules: [{6BF732EE-5CFE-4972-94D3-06F4244A5B35}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Arma 2\arma2.exe
FirewallRules: [{A34D60C5-7CEC-4CE9-9242-F705042EB0A1}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Arma 2\arma2.exe
FirewallRules: [{45012A1E-E30D-419B-BD0E-9F25048212E9}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{B4C20EA1-7DFC-4D2F-94E5-9C1E8D50D3DA}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{F4FE2675-8B05-46CD-8161-D966FA4E6DA5}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Besiege\Besiege.exe
FirewallRules: [{3A47844F-0321-44B0-8907-7B17BF86A4BB}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Besiege\Besiege.exe
FirewallRules: [TCP Query User{B2D8293A-DFCB-4869-9DC8-F29C654766C7}D:\program files (x86)\steam\steamapps\common\beamng.drive\bin64\beamng.drive.x64.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\beamng.drive\bin64\beamng.drive.x64.exe
FirewallRules: [UDP Query User{757EBEBC-2EF1-44C8-9A68-BC30DA8D65CC}D:\program files (x86)\steam\steamapps\common\beamng.drive\bin64\beamng.drive.x64.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\beamng.drive\bin64\beamng.drive.x64.exe
FirewallRules: [{7FC53B15-DBD4-4C6E-8584-969255E10AEB}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Arma 3\arma3launcher.exe
FirewallRules: [{AE95A6CE-FF2C-4D81-8A6F-79C52CFB4BAB}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Arma 3\arma3launcher.exe
FirewallRules: [TCP Query User{38973BD1-DB25-462F-99BE-F373836FA0C8}C:\program files (x86)\a3launcher\a3launcher.exe] => (Allow) C:\program files (x86)\a3launcher\a3launcher.exe
FirewallRules: [UDP Query User{22F5E4D0-E5C0-4208-B4F7-83CA32A6E3B4}C:\program files (x86)\a3launcher\a3launcher.exe] => (Allow) C:\program files (x86)\a3launcher\a3launcher.exe
FirewallRules: [TCP Query User{973B6395-9FC1-449B-9963-6EAEDC2F7AE3}D:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe
FirewallRules: [UDP Query User{3CD94820-C89A-4EE1-B8BA-0C7561153BF7}D:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe
FirewallRules: [{73D51B00-224F-4E9C-AE73-888A0A617241}] => (Block) D:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe
FirewallRules: [{FD96CDB1-83A2-4C10-A751-DF0D90590FE6}] => (Block) D:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe
FirewallRules: [TCP Query User{F04B1C22-934B-4A5B-9BC9-B1849FDF7DD8}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{6FF95DD4-182A-4195-917A-7888E29896A3}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [TCP Query User{0A41175A-F97F-4ABE-8250-E1A997489B3A}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{49CC993B-18ED-456B-92D2-1BE41001CD34}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [{D27E2C7B-209D-4292-A2E4-96D40FCD1C1E}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Starships\Starships64.exe
FirewallRules: [{C4AED4B6-1D06-4CFD-AA68-6349EFE5D69C}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Starships\Starships64.exe
FirewallRules: [{9D5D0DD6-BDFF-4448-9C7B-7C9F4F84F4E1}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2016.exe
FirewallRules: [{F4E47123-60BF-46D5-99B9-C274B2DBD277}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2016.exe
FirewallRules: [TCP Query User{261F992D-0FEC-42AF-AE1B-3247265C007B}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{EEB1F861-2267-49FF-A29D-CE70B581D9BC}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{1B9E97A3-8ED9-41C3-B074-5D7B035A6CD4}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{A1CFC2A9-6AD1-40A7-8A8A-546F2D5D6E99}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{431D2DD9-4D55-473C-920F-51C802163A42}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{2256614C-9664-49F6-A399-395383461B87}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{27B28BC1-9111-4B92-B801-FA007855F538}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\FINAL FANTASY VII\FF7_Launcher.exe
FirewallRules: [{ADC03E9A-9724-4A80-8116-A935755C6430}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\FINAL FANTASY VII\FF7_Launcher.exe
FirewallRules: [{F0256AFA-3F50-4B9F-B6B2-BAB3D92658CA}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\SirYouAreBeingHunted\launcher\sir.exe
FirewallRules: [{EFE3B230-48B9-42CA-9BE4-0AB15D86F602}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\SirYouAreBeingHunted\launcher\sir.exe
FirewallRules: [TCP Query User{33E036BD-C128-44D5-A460-6FE7F29F2B9C}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{CEB8D552-F822-46C8-BD28-DDBF44E875CA}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{DF239200-F3D4-4888-8441-A8A1B8E4D4E6}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{F7138611-139F-4EDA-AB5B-D16518CCFCD9}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [{7025B53D-2E53-408B-AC56-63AB30F2833B}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{0E5AE7D3-1064-41EC-A9D4-A202258DA61A}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{9825DF64-68BC-48CF-8471-879A63BF2793}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{CA9B85A8-BE2E-48AF-BB4E-4AC726BD2617}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{55B310B4-9881-44D0-B6A6-B23283F7F4AA}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\7 Days To Die\7dLauncher.exe
FirewallRules: [{E45FC94A-9FBD-411A-80F1-476D339DC688}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\7 Days To Die\7dLauncher.exe
FirewallRules: [{292B2C54-70AF-483D-B9A7-81BF0C1DFEB6}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\ARMA Cold War Assault\ColdWarAssault.exe
FirewallRules: [{3FF53525-D9D5-4997-925D-571EB5220CA6}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\ARMA Cold War Assault\ColdWarAssault.exe
FirewallRules: [{A3850071-62DA-4042-BD37-8E6F60175B68}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\ARMA Cold War Assault\ColdWarAssaultPreferences.exe
FirewallRules: [{B90EB835-F728-4883-928B-A17F5007BF61}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\ARMA Cold War Assault\ColdWarAssaultPreferences.exe
FirewallRules: [{72A337A5-1D6C-4B11-904E-CFF277E37AC9}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Subnautica\Subnautica.exe
FirewallRules: [{73713B54-529A-4113-90F2-43603AE3AF57}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Subnautica\Subnautica.exe
FirewallRules: [{11E08264-8DE8-430C-9660-F3F190F312D8}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\InjusticeGodsAmongUs_UltimateEdition\DiscContentPCG\Injustice.exe
FirewallRules: [{C446B827-C0BF-4378-BCC2-F86A0CB2D4EE}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\InjusticeGodsAmongUs_UltimateEdition\DiscContentPCG\Injustice.exe
FirewallRules: [{EA592B2B-BCC8-4E4B-88EC-85F9A9FD8B8D}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\InjusticeGodsAmongUs_UltimateEdition\DiscContentPCG\InjusticeLauncher.exe
FirewallRules: [{125067EF-2B3D-4E39-ADD4-B63CCF4C1448}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\InjusticeGodsAmongUs_UltimateEdition\DiscContentPCG\InjusticeLauncher.exe
FirewallRules: [{8F883755-8E66-4BB9-9588-85416CA155C7}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{F52B4BA5-93E0-4908-A595-3E659DCD5B08}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [TCP Query User{D79BC556-E282-4EC4-95DC-1B39A815842B}C:\users\chuck\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\chuck\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{1ED75261-85B4-4F29-9BBA-70B97026532D}C:\users\chuck\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\chuck\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{7D1CB1DE-D422-40AC-B655-ABA268C2B30B}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{E6F782E7-0BE9-4881-BE2B-62F7B243E59F}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [TCP Query User{1BE8DF9C-FC70-44FC-B033-DD4DC37CA5D8}D:\program files (x86)\steam\steamapps\common\fallout 4\fallout4.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\fallout 4\fallout4.exe
FirewallRules: [UDP Query User{3A5F421E-0234-4C6F-9361-C19794E15110}D:\program files (x86)\steam\steamapps\common\fallout 4\fallout4.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\fallout 4\fallout4.exe
FirewallRules: [{D4FD116D-C8B6-4BE8-9532-B26DAF07C439}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{78043A71-8708-4BDD-9D5B-09EE3039FC56}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{F05D9999-D56E-4ED0-B4D4-970356DF7A77}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B5F44319-D272-47A9-9209-A68D28C038C2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E5A717C4-E197-4475-A682-109C6C49D976}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{B90C8B36-F3E4-4ED9-84FC-902D0556BCC7}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{996D9711-B1E0-48A5-A5F7-03493F4E0159}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{845F7C72-48BF-4E3E-A4FE-543C36488FBC}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{BC12F71F-65F5-43A3-BEF2-F0C70FC018E4}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{792FC0EF-E3B8-4176-B9D3-652C021DC6D1}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{1F6D4BB9-8C64-45ED-9E88-482A2C448655}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Windows Migration Assistant\MigrationAssistant.exe
FirewallRules: [{B449569D-414F-46B4-BC3D-C1F8D08861C8}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Windows Migration Assistant\MigrationAssistant.exe
FirewallRules: [{2CFA8DEC-E05F-4156-85E0-3D1BD9CDE14F}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Skyrim Special Edition\SkyrimSELauncher.exe
FirewallRules: [{6D4902E0-55A1-465F-8D76-E403574D26BB}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Skyrim Special Edition\SkyrimSELauncher.exe
FirewallRules: [{57712D15-4861-4DCF-AA2B-EA9145AAB08A}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Deus Ex Mankind Divided\retail\DXMD.exe
FirewallRules: [{577E7114-154E-423B-BDC2-15F888F3EFDE}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Deus Ex Mankind Divided\retail\DXMD.exe
FirewallRules: [{2B6A2C4E-72B7-4EFC-8662-5E08EDA2F8FE}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Skyrim\CreationKit.exe
FirewallRules: [{BF1DDB27-B8BE-4726-B4C5-5D2F967F0071}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Skyrim\CreationKit.exe
FirewallRules: [{505E82E4-1439-4116-B1D5-1903BC364FD9}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe
FirewallRules: [{81CC83F9-61EC-4F50-A2EF-9D9D65B48B50}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe
FirewallRules: [{A7224047-19B7-482B-9D8D-D14DAF70E6F0}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto IV Episodes from Liberty City\EFLC\LaunchEFLC.exe
FirewallRules: [{774C7091-7E9C-42E5-B245-5ABB1D37AFCA}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto IV Episodes from Liberty City\EFLC\LaunchEFLC.exe
FirewallRules: [{3CEC9AB9-0838-4C30-AE0B-57D80EAFA665}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{BBBC10B5-F2F5-43E6-B650-72D5C4CC9ACC}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{7E09DA22-0FA3-483D-AE18-B6FA57496C35}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
FirewallRules: [{2B2E8652-2CBC-4960-9359-02368FB1826D}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe
FirewallRules: [TCP Query User{57FBC5FE-9477-4BFA-BA7F-EDF2A65DBDEC}D:\program files (x86)\steam\steamapps\common\dayz\dayz_x64.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\dayz\dayz_x64.exe
FirewallRules: [UDP Query User{4535FE84-6738-4C07-8D33-55EE38763E67}D:\program files (x86)\steam\steamapps\common\dayz\dayz_x64.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\dayz\dayz_x64.exe
FirewallRules: [{12E77D8B-B867-4F23-B4CF-9925258C6BBB}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Squad\squad_launcher.exe
FirewallRules: [{4E6522BC-428B-4715-BFB7-5E30F929D9E0}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Squad\squad_launcher.exe
FirewallRules: [TCP Query User{E4DD2ECB-542C-41E0-8220-2A5AEA18F9BB}D:\program files (x86)\steam\steamapps\common\squad\squad\binaries\win64\squad.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\squad\squad\binaries\win64\squad.exe
FirewallRules: [UDP Query User{E212C57C-6001-4CEC-9108-D6F48B853AEE}D:\program files (x86)\steam\steamapps\common\squad\squad\binaries\win64\squad.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\squad\squad\binaries\win64\squad.exe
FirewallRules: [TCP Query User{847F05B1-5E53-4A8B-808D-649CFC115DE6}D:\program files\cloud imperium games\patcher\cigpatcher.exe] => (Allow) D:\program files\cloud imperium games\patcher\cigpatcher.exe
FirewallRules: [UDP Query User{2B97C08B-78E6-4C19-AE2F-5C6EBC9017D4}D:\program files\cloud imperium games\patcher\cigpatcher.exe] => (Allow) D:\program files\cloud imperium games\patcher\cigpatcher.exe
FirewallRules: [TCP Query User{34D341EC-50BF-473D-9994-54C84C9A7623}D:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe] => (Allow) D:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe
FirewallRules: [UDP Query User{D27DCE8B-2BAB-4A8D-BC03-556EFC4373C9}D:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe] => (Allow) D:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe
FirewallRules: [{A139A3A5-E298-47A3-AD55-E48B016A9F38}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Ultimate Epic Battle Simulator\UEBS.exe
FirewallRules: [{460B0CC3-7AE8-44FB-85A2-E40C553BCA32}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Ultimate Epic Battle Simulator\UEBS.exe
FirewallRules: [{5268A0C0-14E0-4195-908A-F0A1887C40CA}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{63C2517B-9996-4ED3-92AC-478F8F172646}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{81FF77B6-C3F8-4627-971D-8CF410A95B3C}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Mafia III\launcher.exe
FirewallRules: [{356081B3-53E9-4ED1-8B6C-44E87C9D73DB}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Mafia III\launcher.exe
FirewallRules: [{BBDAC0E8-DEC4-4DD7-AC94-DAFD6A3E57DD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{919AFE8C-861C-4D2B-98FD-D6F24B12A007}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{08D4D95B-420B-4AFF-8B47-1032CCFB1C44}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EFF09521-36B7-4E58-85D3-307B5AA171AD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FC490018-804E-4030-AF13-56D4E2105DCA}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{5E6333A4-B664-4FF2-A9D3-C110A8B5A1B8}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\theHunterPrimal\launcher\launcher.exe
FirewallRules: [{C8612844-46AB-44AD-B9DD-BCF31835EF4B}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\theHunterPrimal\launcher\launcher.exe
FirewallRules: [{F1C6D003-CF6C-4CDC-A1B4-09FB28CD186C}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\King's Quest\Binaries\Win\KingsQuest.exe
FirewallRules: [{7CE33702-22D6-4C48-9323-DCDF0EDADAA1}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\King's Quest\Binaries\Win\KingsQuest.exe
FirewallRules: [{3D4470DD-250F-4E4B-AAB2-8D7D602D7A7B}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\House Flipper\HouseFlipper.exe
FirewallRules: [{34BAB8BE-F969-45E2-957F-78C790E0943D}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\House Flipper\HouseFlipper.exe
FirewallRules: [{B56D1FA9-D364-4120-981B-ECF7ADCD55F9}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{CB0FB86D-4D43-4C4E-9D34-9D1ED9B60BAC}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{292556CD-39D0-4C15-94C8-93DC5E1101DB}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{58734264-EA58-4CC4-9090-0CB421F91D89}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [TCP Query User{F6130784-27DD-4F77-B65E-FE151431DA6A}D:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe
FirewallRules: [UDP Query User{D959751B-6DC7-41C7-BCD6-873989F6FB62}D:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe
FirewallRules: [{A628862C-CC7A-4975-93D0-D6B0440D5292}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Factorio\bin\x64\factorio.exe
FirewallRules: [{38FCEFA7-308C-486B-B152-A1AF589297CA}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Factorio\bin\x64\factorio.exe
FirewallRules: [{9559FE6E-D4FF-4EE3-971B-DEBD2E7093F2}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [{B0A5FC6D-FC17-4AF9-AA70-DD394620CB7D}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [TCP Query User{9A6BF76E-77FF-4B40-9282-4B61981E21B9}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{BF5B881D-1548-4F05-828B-95685C00EDC0}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{0D34AB40-E490-42E1-957F-46EFA84B9FFB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7272982E-233C-40A2-8569-CAA193D35F99}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{9CADA842-E5DF-4738-9B58-83E69681CC45}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{57E7B1D4-B4CD-4331-A098-20A5670B1605}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{4E7ED6BD-F401-4C8F-A970-B55E6C83D3EE}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\RailWorks\RailWorks64.exe
FirewallRules: [{4956D241-AA8E-4A2A-ABCC-8F796DCF896D}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\RailWorks\RailWorks64.exe
FirewallRules: [{41F2AF64-4E40-4CA9-A86D-62FE46AA879E}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{C2243A30-D9B1-4F7F-9798-7C58102D0937}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{01AB9036-C45F-425C-A0F5-82529B0A8D7D}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed III\AC3SP.exe
FirewallRules: [{D3F5E9D9-1F34-4543-BE35-DA44CA211EA7}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed III\AC3SP.exe
FirewallRules: [{73AFE879-5200-46E1-A393-2EB6144FA2C7}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed III\AC3MP.exe
FirewallRules: [{9FAC5375-3EAE-4633-9AE8-41ABE784150D}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed III\AC3MP.exe
FirewallRules: [{760EF367-D8BC-4FFF-8E2D-3E3B4637AA07}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed III\AssassinsCreed3.exe
FirewallRules: [{855541A0-06B5-49A9-B14B-9590E7C3F64A}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed III\AssassinsCreed3.exe
FirewallRules: [{358ACF5E-5D74-4F69-8345-9EC985CCDD01}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{92149023-79E8-4323-ACD0-771542076AD3}] => (Allow) C:\Users\Chuck\AppData\Local\Temp\HouseCall\tmase\nmap\nmap.exe
FirewallRules: [{1928B473-44A4-4E8D-85D5-1EFE40D7CF43}] => (Allow) C:\Users\Chuck\AppData\Local\Temp\HouseCall\tmase\nmap\bonjour.exe
FirewallRules: [{4EDE81C2-50B8-4F4A-A25E-16DE5D33E2CF}] => (Allow) C:\Users\Chuck\AppData\Local\Temp\HouseCall\tmase\nmap\nmap.exe
FirewallRules: [{116C8756-77F8-4A53-9214-8B0DB7E24BD5}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{327468BB-1953-4E37-8139-9B9B33DB01B1}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{2CBC9BED-3ED8-4CDF-B3E9-A733E46DB6E3}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

23-10-2018 12:42:41 Removed Chrome Remote Desktop Host
24-10-2018 17:03:38 Removed Windows 7 USB/DVD Download Tool

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/25/2018 12:29:28 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: Event-ID 0

Error: (10/25/2018 12:19:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 24.10.2018.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 3488

Start Time: 01d46c7e25a3b02c

Termination Time: 4294967295

Application Path: C:\Users\Chuck\Downloads\FRST64.exe

Report Id: 4d9722ca-771d-4b2b-99ad-3b53d05eda02

Faulting package full name:

Faulting package-relative application ID:

Error: (10/25/2018 11:14:48 AM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: Event-ID 0

Error: (10/24/2018 09:04:31 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: Event-ID 0

Error: (10/24/2018 05:11:18 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (10/24/2018 05:11:17 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (10/24/2018 05:09:11 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: Event-ID 0

Error: (10/23/2018 10:49:51 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF.


System errors:
=============
Error: (10/25/2018 12:29:27 PM) (Source: IntelHaxm) (EventID: 10) (User: )
Description: HAXM can't work on system with VT disabled

Error: (10/25/2018 12:29:25 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0xffffc10126bf3010, 0x00000000000000ff, 0x0000000000000000, 0xfffff80cf6a195ae). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 0f6c3ab8-853a-4760-87f4-6abcc5b84b3d.

Error: (10/25/2018 12:29:19 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:26:15 PM on ‎10/‎25/‎2018 was unexpected.

Error: (10/25/2018 11:16:04 AM) (Source: DCOM) (EventID: 10016) (User: Dragon)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user Dragon\Chuck SID (S-1-5-21-4180532363-1903722274-3440195036-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/24/2018 09:04:26 PM) (Source: DCOM) (EventID: 10010) (User: Dragon)
Description: The server {D7FD466D-F6CF-4C8E-86DD-12E9B0FDAE48} did not register with DCOM within the required timeout.

Error: (10/24/2018 09:04:26 PM) (Source: DCOM) (EventID: 10010) (User: Dragon)
Description: The server {D7FD466D-F6CF-4C8E-86DD-12E9B0FDAE48} did not register with DCOM within the required timeout.

Error: (10/24/2018 09:04:26 PM) (Source: DCOM) (EventID: 10010) (User: Dragon)
Description: The server {D7FD466D-F6CF-4C8E-86DD-12E9B0FDAE48} did not register with DCOM within the required timeout.

Error: (10/24/2018 09:04:26 PM) (Source: DCOM) (EventID: 10010) (User: Dragon)
Description: The server {D7FD466D-F6CF-4C8E-86DD-12E9B0FDAE48} did not register with DCOM within the required timeout.


Windows Defender:
===================================
Date: 2018-10-23 14:16:26.589
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {DBCEA5CD-7FD6-442C-BE96-EAA787A965A7}
Scan Type: Antimalware
Scan Parameters: Full Scan

Date: 2018-10-23 12:37:55.464
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {030E213D-2440-482D-B0FB-85AD58D5BDF7}
Scan Type: Antimalware
Scan Parameters: Full Scan

Date: 2018-10-22 23:05:34.324
Description:
Windows Defender Antivirus has detected a suspicious behavior.
Name: Informational:Behavior/ModifiedKernel
ID: 4243965719
Severity: Low
Category: Suspicious Behavior
Path Found: process:_0
Detection Origin: Unknown
Detection Type: Suspicious
Detection Source: Real-Time Protection
Status: Executing
Process Name: Unknown
Signature ID: 717259538435
Signature Version: AV: 1.279.319.0, AS: 1.279.319.0
Engine Version: 1.1.15400.4
Fidelity Label: Medium
Target File Name: c:\windows\\system32\drivers\vrtaucbl.sys

Date: 2018-10-21 13:30:41.532
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {71EED63B-73D2-473B-9BCD-4698B2F3420E}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-10-21 13:30:06.461
Description:
Windows Defender Antivirus has detected a suspicious behavior.
Name: Informational:Behavior/ModifiedKernel
ID: 775295020
Severity: Low
Category: Suspicious Behavior
Path Found: process:_0
Detection Origin: Unknown
Detection Type: Suspicious
Detection Source: Real-Time Protection
Status: Executing
Process Name: Unknown
Signature ID: 717259538435
Signature Version: AV: 1.279.192.0, AS: 1.279.192.0
Engine Version: 1.1.15400.4
Fidelity Label: Medium
Target File Name: c:\windows\\system32\drivers\vrtaucbl.sys

CodeIntegrity:
===================================

Date: 2018-08-12 14:50:47.586
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-08-12 14:50:47.581
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-08-12 14:50:47.516
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-08-12 14:50:47.508
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-08-12 14:50:47.500
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsreg.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-08-12 14:50:47.496
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsreg.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-08-12 14:50:47.266
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-08-12 14:50:47.249
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
Percentage of memory in use: 17%
Total physical RAM: 24557.38 MB
Available physical RAM: 20311.52 MB
Total Virtual: 28141.38 MB
Available Virtual: 23098.42 MB

==================== Drives ================================

Drive c: (SSD-RAID0) (Fixed) (Total:222.4 GB) (Free:57.07 GB) NTFS
Drive d: (Double 750s) (Fixed) (Total:1397.27 GB) (Free:221.19 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Seagate Backup Plus Drive) (Fixed) (Total:7452.03 GB) (Free:5930.9 GB) NTFS

\\?\Volume{a88527e1-1ea8-11e4-8250-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.08 GB) NTFS
\\?\Volume{2e24967b-0000-0000-0000-40af37000000}\ () (Fixed) (Total:0.84 GB) (Free:0.45 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: 2E24967B)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=222.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=856 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 1397.3 GB) (Disk ID: 6E697373)
Partition 1: (Active) - (Size=1397.3 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 2.

==================== End of Addition.txt ============================
Juliet
2018-10-26, 03:56
The below items need to be uninstalled or deleted from your programs list in the control panel.

CPUID CPU-Z 1.75 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) <==== ATTENTION
Java 7 Update 79 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417079FF}) (Version: 7.0.790 - Oracle)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)

we can install the most current version of Java later.

****************************************

Start Farbar Recovery Scan Tool with Administrator privileges
(Right click on the FRST icon and select Run as administrator)

highlight on the text below and select Copy.
beginning with Start:: and finishing with End::

Start::
CloseProcesses:
CreateRestorePoint:
GroupPolicyUsers\S-1-5-21-4180532363-1903722274-3440195036-1006\User: Restriction <==== ATTENTION
GroupPolicyUsers\S-1-5-21-4180532363-1903722274-3440195036-1001\User: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-4180532363-1903722274-3440195036-1001 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={3A5DD0DC-8EA8-4D4F-91A3-CDA0237EC081}&mid=36224f07768747cca0fb252442305beb-1274ee933e1210bc95767ed0807ffc3bbea0032b&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516piz&pr=fr&d=2016-07-03 17:03:31&v=4.3.2.18&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4180532363-1903722274-3440195036-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={3A5DD0DC-8EA8-4D4F-91A3-CDA0237EC081}&mid=36224f07768747cca0fb252442305beb-1274ee933e1210bc95767ed0807ffc3bbea0032b&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516piz&pr=fr&d=2016-07-03 17:03:31&v=4.3.2.18&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4180532363-1903722274-3440195036-1001 -> {B1DE1E7D-F861-4858-A236-004162AD9495} URL = hxxp://search.strtpoint.com/results.html?v=insMac&t=1411&ap=578080078&q={searchTerms}&r=452
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-10] (Oracle Corporation)
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-10] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-16] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-16] (Oracle Corporation)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-10] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-10] (Oracle Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-16] (Oracle Corporation)
2018-10-22 15:12 - 2018-03-23 19:05 - 000374152 _____ (NVIDIA Corporation) C:\Users\Chuck\AppData\Local\Temp\nvStInst.exe
2018-10-21 16:43 - 2018-10-21 16:43 - 057158752 _____ (Acresso Software Inc.) C:\Users\Chuck\AppData\Local\Temp\ubi2C59.tmp.exe
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => -> No File
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => -> No File
Task: {1F20BCE3-86FC-429F-86A8-7720C825555D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {1FBF9A2B-44D9-4A96-8FE4-75B6841946F3} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {26A5F1C4-ADAB-445D-B243-BFF64AD1CA03} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {3348B140-EF69-44A5-844C-201B3D2C57FE} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {63610CD7-16E3-431C-A290-5AC66E5B70F3} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {7D9B7AF0-A80F-4FBE-8FC2-C77EE9D7D2CC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {9DEE82AB-509D-4657-B24E-E0EAE262B113} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B535E689-044B-4B1F-BC73-968DB16E3DC1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {B5D8B1A5-4956-4C45-811C-4F1FE209CEAF} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {B872B500-2291-40CA-AFB4-A21E4235ED2B} - System32\Tasks\StartPoint Updater => C:\Users\Chuck\AppData\Local\StartPoint\startpoint\1.3.18.7\startup.exe <==== ATTENTION
Task: {D9BF6923-B521-4D5D-B87A-A36CC7A004AE} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {D9FBE760-8F58-428D-A782-D24EF042FC80} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTIONTask: {E2983D0C-699D-48D2-A79C-53AAA59B9945} - System32\Tasks\StartPoint => C:\Users\Chuck\AppData\Local\StartPoint\startpoint\1.3.18.7\startpoint.exe <==== ATTENTION
Task: {E80C0B61-0806-4726-918B-B5F750F56581} - \WPD\SqmUpload_S-1-5-21-4180532363-1903722274-3440195036-1007 -> No File <==== ATTENTION
Task: {EB84D48F-2FD4-4C23-A5DF-F02834A59E8F} - \WPD\SqmUpload_S-1-5-21-4180532363-1903722274-3440195036-1001 -> No File <==== ATTENTION
Task: {F3E251B6-E4E1-4C5A-A3EB-2EB6F4B1B6DD} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
ShortcutWithArgument: C:\Users\Chuck\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
C:\Windows\Temp\*.*
Emptytemp:
End::
Start FRST (FRST64) with Administrator privileges
Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

~~~~~~~~~~~~~~~~`

http://i.imgur.com/zcMPezJ.pngAdwCleaner - Fix Mode

Download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) and move it to your Desktop
Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Accept the EULA (I accept), then click on Scan
Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean & Repair button. This will kill all the active processes
Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


http://i.imgur.com/RQKuhw1.pngRogueKiller

Download the right version of RogueKiller (http://www.adlice.com/download/roguekiller/#download) for your Windows version (32 or 64-bit)
Once done, move the executable file to your Desktop, right-click on it and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
Wait for the scan to complete
On completion, the results will be displayed
Check every single entry (threat found), and click on the Remove Selected button
On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
This will open the report in Notepad. Copy/paste its content in your next reply

** created by Aura


Your next reply(ies) should therefore contain:

Copy/pasted Fixlog.txt
Copy/pasted AdwCleaner clean log
Copy/pasted RogueKiller clean log
DragonC
2018-10-26, 16:18
Hope i got this all right lol



Fix result of Farbar Recovery Scan Tool (x64) Version: 24.10.2018
Ran by Chuck (25-10-2018 23:30:40) Run:1
Running from C:\Users\Chuck\Desktop
Loaded Profiles: Chuck (Available Profiles: Chuck & VTUDKZXOX9)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
GroupPolicyUsers\S-1-5-21-4180532363-1903722274-3440195036-1006\User: Restriction <==== ATTENTION
GroupPolicyUsers\S-1-5-21-4180532363-1903722274-3440195036-1001\User: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-4180532363-1903722274-3440195036-1001 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={3A5DD0DC-8EA8-4D4F-91A3-CDA0237EC081}&mid=36224f07768747cca0fb252442305beb-1274ee933e1210bc95767ed0807ffc3bbea0032b&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516piz&pr=fr&d=2016-07-03 17:03:31&v=4.3.2.18&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4180532363-1903722274-3440195036-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={3A5DD0DC-8EA8-4D4F-91A3-CDA0237EC081}&mid=36224f07768747cca0fb252442305beb-1274ee933e1210bc95767ed0807ffc3bbea0032b&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516piz&pr=fr&d=2016-07-03 17:03:31&v=4.3.2.18&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4180532363-1903722274-3440195036-1001 -> {B1DE1E7D-F861-4858-A236-004162AD9495} URL = hxxp://search.strtpoint.com/results.html?v=insMac&t=1411&ap=578080078&q={searchTerms}&r=452
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-10] (Oracle Corporation)
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-10] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-16] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-16] (Oracle Corporation)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-10] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-10] (Oracle Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-16] (Oracle Corporation)
2018-10-22 15:12 - 2018-03-23 19:05 - 000374152 _____ (NVIDIA Corporation) C:\Users\Chuck\AppData\Local\Temp\nvStInst.exe
2018-10-21 16:43 - 2018-10-21 16:43 - 057158752 _____ (Acresso Software Inc.) C:\Users\Chuck\AppData\Local\Temp\ubi2C59.tmp.exe
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => -> No File
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => -> No File
Task: {1F20BCE3-86FC-429F-86A8-7720C825555D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {1FBF9A2B-44D9-4A96-8FE4-75B6841946F3} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {26A5F1C4-ADAB-445D-B243-BFF64AD1CA03} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {3348B140-EF69-44A5-844C-201B3D2C57FE} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {63610CD7-16E3-431C-A290-5AC66E5B70F3} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {7D9B7AF0-A80F-4FBE-8FC2-C77EE9D7D2CC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {9DEE82AB-509D-4657-B24E-E0EAE262B113} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B535E689-044B-4B1F-BC73-968DB16E3DC1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {B5D8B1A5-4956-4C45-811C-4F1FE209CEAF} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {B872B500-2291-40CA-AFB4-A21E4235ED2B} - System32\Tasks\StartPoint Updater => C:\Users\Chuck\AppData\Local\StartPoint\startpoint\1.3.18.7\startup.exe <==== ATTENTION
Task: {D9BF6923-B521-4D5D-B87A-A36CC7A004AE} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {D9FBE760-8F58-428D-A782-D24EF042FC80} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTIONTask: {E2983D0C-699D-48D2-A79C-53AAA59B9945} - System32\Tasks\StartPoint => C:\Users\Chuck\AppData\Local\StartPoint\startpoint\1.3.18.7\startpoint.exe <==== ATTENTION
Task: {E80C0B61-0806-4726-918B-B5F750F56581} - \WPD\SqmUpload_S-1-5-21-4180532363-1903722274-3440195036-1007 -> No File <==== ATTENTION
Task: {EB84D48F-2FD4-4C23-A5DF-F02834A59E8F} - \WPD\SqmUpload_S-1-5-21-4180532363-1903722274-3440195036-1001 -> No File <==== ATTENTION
Task: {F3E251B6-E4E1-4C5A-A3EB-2EB6F4B1B6DD} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
ShortcutWithArgument: C:\Users\Chuck\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
C:\Windows\Temp\*.*
Emptytemp:

*****************

Processes closed successfully.
Restore point was successfully created.
C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-4180532363-1903722274-3440195036-1006\User => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-4180532363-1903722274-3440195036-1001\User => moved successfully
"HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => removed successfully
HKLM\Software\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => not found
HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B1DE1E7D-F861-4858-A236-004162AD9495} => removed successfully
HKLM\Software\Classes\CLSID\{B1DE1E7D-F861-4858-A236-004162AD9495} => not found
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => removed successfully
HKLM\Software\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => removed successfully
HKLM\Software\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => not found
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => removed successfully
HKLM\Software\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => removed successfully
HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.31.2 => removed successfully
C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll => moved successfully
HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2 => removed successfully
C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll => moved successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.45.2 => removed successfully
C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll => moved successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.45.2 => removed successfully
C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll => moved successfully
C:\Users\Chuck\AppData\Local\Temp\nvStInst.exe => moved successfully
C:\Users\Chuck\AppData\Local\Temp\ubi2C59.tmp.exe => moved successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxDTCM => removed successfully
HKLM\Software\Classes\CLSID\{9B5F5829-A529-4B12-814A-E81BCB8D93FC} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxOSP => removed successfully
HKLM\Software\Classes\CLSID\{FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1F20BCE3-86FC-429F-86A8-7720C825555D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F20BCE3-86FC-429F-86A8-7720C825555D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1FBF9A2B-44D9-4A96-8FE4-75B6841946F3}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1FBF9A2B-44D9-4A96-8FE4-75B6841946F3}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{26A5F1C4-ADAB-445D-B243-BFF64AD1CA03}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{26A5F1C4-ADAB-445D-B243-BFF64AD1CA03}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3348B140-EF69-44A5-844C-201B3D2C57FE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3348B140-EF69-44A5-844C-201B3D2C57FE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{63610CD7-16E3-431C-A290-5AC66E5B70F3}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63610CD7-16E3-431C-A290-5AC66E5B70F3}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7D9B7AF0-A80F-4FBE-8FC2-C77EE9D7D2CC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D9B7AF0-A80F-4FBE-8FC2-C77EE9D7D2CC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9DEE82AB-509D-4657-B24E-E0EAE262B113}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9DEE82AB-509D-4657-B24E-E0EAE262B113}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B535E689-044B-4B1F-BC73-968DB16E3DC1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B535E689-044B-4B1F-BC73-968DB16E3DC1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B5D8B1A5-4956-4C45-811C-4F1FE209CEAF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5D8B1A5-4956-4C45-811C-4F1FE209CEAF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B872B500-2291-40CA-AFB4-A21E4235ED2B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B872B500-2291-40CA-AFB4-A21E4235ED2B}" => removed successfully
C:\WINDOWS\System32\Tasks\StartPoint Updater => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\StartPoint Updater" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D9BF6923-B521-4D5D-B87A-A36CC7A004AE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D9BF6923-B521-4D5D-B87A-A36CC7A004AE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D9FBE760-8F58-428D-A782-D24EF042FC80}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D9FBE760-8F58-428D-A782-D24EF042FC80}" => removed successfully
"C:\WINDOWS\\Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTIONTask: {E2983D0C-699D-48D2-A79C-53AAA59B9945} - System32\Tasks\StartPoint" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\TreeTask: {D9FBE760-8F58-428D-A782-D24EF042FC80} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION\StartPoint" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E80C0B61-0806-4726-918B-B5F750F56581}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E80C0B61-0806-4726-918B-B5F750F56581}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-4180532363-1903722274-3440195036-1007" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EB84D48F-2FD4-4C23-A5DF-F02834A59E8F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB84D48F-2FD4-4C23-A5DF-F02834A59E8F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-4180532363-1903722274-3440195036-1001" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3E251B6-E4E1-4C5A-A3EB-2EB6F4B1B6DD}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3E251B6-E4E1-4C5A-A3EB-2EB6F4B1B6DD}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
C:\Users\Chuck\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk => Shortcut argument removed successfully

=========== "C:\Windows\Temp\*.*" ==========

C:\Windows\Temp\HandsetInstallInfo.log => moved successfully
C:\Windows\Temp\MpCmdRun.log => moved successfully
C:\Windows\Temp\MpSigStub.log => moved successfully
C:\Windows\Temp\sa.9WZDNCRFJ9WM_0__.Public.InstallAgent.dat => moved successfully
C:\Windows\Temp\TS_884A.tmp => moved successfully

========= End -> "C:\Windows\Temp\*.*" ========


=========== EmptyTemp: ==========

BITS transfer queue => 9199616 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 308668795 B
Java, Flash, Steam htmlcache => 216757732 B
Windows/system/drivers => 5480 B
Edge => 1707640 B
Chrome => 628026414 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 12996 B
LocalService => 0 B
NetworkService => 217232 B
NetworkService => 974 B
Chuck => 719859574 B
VTUDKZXOX9 => 13124 B

RecycleBin => 0 B
EmptyTemp: => 1.8 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 23:32:56 ====



# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build: 09-25-2018
# Database: 2018-10-23.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 10-25-2018
# Duration: 00:00:02
# OS: Windows 10 Pro
# Cleaned: 28
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\ProgramData\AVG_UPDATE_0816TB
Deleted C:\Users\Chuck\Documents\TotalAV
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Deleted C:\Program Files (x86)\myfree codec
Deleted C:\Users\Chuck\AppData\Roaming\AdvertismentImages
Deleted C:\Users\Chuck\AppData\Local\StartPoint

***** [ Files ] *****

Deleted C:\Users\Chuck\Downloads\SpyHunter-Installer.exe

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted C:\Windows\System32\Tasks\startpoint

***** [ Registry ] *****

Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\driversupport.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\download.driversupport.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\driversupport.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\download.driversupport.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Deleted HKLM\Software\AVG Secure Search
Deleted HKCU\Software\Myfree Codec
Deleted HKLM\Software\Wow6432Node\Myfree Codec
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E2983D0C-699D-48D2-A79C-53AAA59B9945}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E2983D0C-699D-48D2-A79C-53AAA59B9945}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\startpoint
Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\thebrighttag.com
Deleted HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant

***** [ Chromium (and derivatives) ] *****

Deleted AVG Web TuneUp
Deleted FromDocToPDF

***** [ Chromium URLs ] *****

Deleted Ask
Deleted https://homepage-web.com/?s=toshibaupd&m=start
Deleted AOL

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [4014 octets] - [25/10/2018 23:39:14]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########


RogueKiller V12.13.6.0 (x64) [Oct 22 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.17134) 64 bits version
Started in : Normal mode
User : Chuck [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 10/25/2018 23:45:25 (Duration : 00:40:52)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 5 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {92149023-79E8-4323-ACD0-771542076AD3} : v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|App=C:\Users\Chuck\AppData\Local\Temp\HouseCall\tmase\nmap\nmap.exe|Name=nmap4trend|Desc=nmap4trend|EmbedCtxt=nmap4trend|Edge=TRUE|Defer=App| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1928B473-44A4-4E8D-85D5-1EFE40D7CF43} : v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|App=C:\Users\Chuck\AppData\Local\Temp\HouseCall\tmase\nmap\bonjour.exe|Name=bonjour4trend|Desc=bonjour4trend|EmbedCtxt=bonjour4trend|Edge=TRUE|Defer=App| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4EDE81C2-50B8-4F4A-A25E-16DE5D33E2CF} : v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|App=C:\Users\Chuck\AppData\Local\Temp\HouseCall\tmase\nmap\nmap.exe|Name=nmap4trend|Desc=nmap4trend|EmbedCtxt=nmap4trend|Edge=TRUE|Defer=App| [x] -> Not selected
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected

¤¤¤ Tasks : 1 ¤¤¤
[Hj.Shortcut] \{1EF2C581-B9DB-4018-9D32-916C517E750E} -- "c:\program files (x86)\google\chrome\application\chrome.exe" (http://ui.skype.com/ui/0/7.8.64.102/en/abandoninstall?page=tsBing) -> Deleted

¤¤¤ Files : 25 ¤¤¤
[PUP.uTorrentAds][File] C:\Users\Chuck\AppData\Roaming\uTorrent\updates\3.4.5_41073\utorrentie.exe -> Deleted
[PUP.uTorrentAds][File] C:\Users\Chuck\AppData\Roaming\uTorrent\updates\3.4.5_41162\utorrentie.exe -> Deleted
[PUP.uTorrentAds][File] C:\Users\Chuck\AppData\Roaming\uTorrent\updates\3.4.5_41202\utorrentie.exe -> Deleted
[PUP.uTorrentAds][File] C:\Users\Chuck\AppData\Roaming\uTorrent\updates\3.4.5_41865\utorrentie.exe -> Deleted
[PUP.uTorrentAds][File] C:\Users\Chuck\AppData\Roaming\uTorrent\updates\3.4.6_42094\utorrentie.exe -> Deleted
[PUP.uTorrentAds][File] C:\Users\Chuck\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe -> Deleted
[PUP.uTorrentAds][File] C:\Users\Chuck\AppData\Roaming\uTorrent\updates\3.4.8_42576\utorrentie.exe -> Deleted
[PUP.uTorrentAds][File] C:\Users\Chuck\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe -> Deleted
[PUP.uTorrentAds][File] C:\Users\Chuck\AppData\Roaming\uTorrent\updates\3.4.9_42923\utorrentie.exe -> Deleted
[PUP.uTorrentAds][File] C:\Users\Chuck\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe -> Deleted
[PUP.uTorrentAds][File] C:\Users\Chuck\AppData\Roaming\uTorrent\updates\3.4.9_43085\utorrentie.exe -> Deleted
[PUP.uTorrentAds][File] C:\Users\Chuck\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe -> Deleted
[PUP.uTorrentAds][File] C:\Users\Chuck\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe -> Deleted
[PUP.uTorrentAds][File] C:\Users\Chuck\AppData\Roaming\uTorrent\updates\3.5.0_43580\utorrentie.exe -> Deleted
[PUP.uTorrentAds][File] C:\Users\Chuck\AppData\Roaming\uTorrent\updates\3.5.0_43804\utorrentie.exe -> Deleted
[PUP.uTorrentAds][File] C:\Users\Chuck\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe -> Deleted
[PUP.uTorrentAds][File] C:\Users\Chuck\AppData\Roaming\uTorrent\updates\3.5.0_44090\utorrentie.exe -> Deleted
[PUP.uTorrentAds][File] C:\Users\Chuck\AppData\Roaming\uTorrent\updates\3.5.0_44294\utorrentie.exe -> Deleted
[PUP.uTorrentAds][File] C:\Users\Chuck\AppData\Roaming\uTorrent\updates\3.5.1_44332\utorrentie.exe -> Deleted
[PUP.uTorrentAds][File] C:\Users\Chuck\AppData\Roaming\uTorrent\updates\3.5.3_44358\utorrentie.exe -> Deleted
[PUP.uTorrentAds][File] C:\Users\Chuck\AppData\Roaming\uTorrent\updates\3.5.3_44396\utorrentie.exe -> Deleted
[PUP.uTorrentAds][File] C:\Users\Chuck\AppData\Roaming\uTorrent\updates\3.5.3_44494\utorrentie.exe -> Deleted
[PUP.uTorrentAds][File] C:\Users\Chuck\AppData\Roaming\uTorrent\updates\3.5.4_44520\utorrentie.exe -> Deleted
[PUP.uTorrentAds][File] C:\Users\Chuck\AppData\Roaming\uTorrent\updates\3.5.4_44632\utorrentie.exe -> Deleted
[PUP.AutoIt.Gen][File] C:\Users\Chuck\Desktop\AutoClicker.exe -> Deleted

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 2 ¤¤¤
[PUM.HomePage][Chrome:Config] Profile 1 [SecurePrefs] : homepage [http://192.168.1.1/] -> Not selected
[PUM.SearchPage][Chrome:Config] Profile 1 [SecurePrefs] : default_search_provider_data.template_url_data.keyword [http://www.google.com__] -> Not selected

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Intel Raid 0 Volume +++++
--- User ---
[MBR] a7dfa2b8098950cc4b128c949de6073d
[BSP] c8e9a80aaafed0d115bff0475d30f461 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 227732 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 467116032 | Size: 856 MB
User = LL1 ... OK
Error reading LL2 MBR! NOT VALID!

+++++ PhysicalDrive1: Intel Raid 0 Volume +++++
--- User ---
[MBR] 85cd56db8613aaff127661b076f28fcb
[BSP] cf217890c859cc1db567fd6ec7d9a10f : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1430802 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! NOT VALID!

+++++ PhysicalDrive2: Seagate Backup+ Desk SCSI Disk Device +++++
Error reading User MBR! ([57] The parameter is incorrect. )
Error reading LL1 MBR! ([45d] The request could not be performed because of an I/O device error. )
Error reading LL2 MBR! ([1] Incorrect function. )

+++++ PhysicalDrive3: HP ENVY 5530 series USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
Juliet
2018-10-26, 20:09
Let's check for remnants

Please download the Malwarebytes Anti-Malware (https://downloads.malwarebytes.org/file/mbam) setup file to your Desktop.

OR from this location Here (https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/)
~~

Open mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme.
Windows Vista, Windows 7 , 8, 8.1 and 10 : Right click and select "Run as Administrator"
After the installation IS complete let it update if it asks.
Under SETTINGS.....APPLICATIONS leave everything at default
Under SETTINGS.....PROTECTION make sure AUTOMATIC QUARANTINE is on.
Then go to the Dashboard and click on SCAN NOW
If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
Upon completion of the scan (or after the reboot), click the Reports tab.
Double-click the Scan Log.
At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.

You can access the logs by going in the "Reports" tab, clicking on the latest "Scan" entry (the one with detections), then clicking on the "Export" button in the bottom-left corner and select "Copy to clipboard". After that, all you have to do is paste it here
Then click on POST
Exit Malwarebytes

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

http://i.imgur.com/G0tu5D9.pngEmsisoft Emergency Kit - Fix Mode
Follow the instructions below to run a scan using the Emsisoft Emergency Kit.

Download the Emsisoft Emergency Kit (https://www.emsisoft.com/en/software/eek/download/) and execute it. From there, click on the Install button to extract the program in the EEK folder;
Once the extraction is complete, the EEK folder will open. Right-click on http://i.imgur.com/G0tu5D9.pngstart emergency kit scanner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
EEK will suggest that you run an online update before using the program. Click on Yes to launch it.
After the update, click on Malware Scan under 2. Scan and accept to let EEK detect PUPs (click on Yes).
Once the scan is complete, make sure that every item in the list is checked, and click on the Quarantine selected button;
If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
After the restart, open EEK again (in the C:\EEK folder);
This time, click on Logs;
From there, go under the Quarantine Log tab, and click on the Export button;
Save the log on your desktop, then open it, and copy/paste its content in your next reply;

Please post these 2 logs when finished.

Also, tell me how the computer is now.
DragonC
2018-10-26, 20:47
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 10/26/18
Scan Time: 2:36 PM
Log File: 1907aa32-d94e-11e8-ad91-f46d04d4b218.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.463
Update Package Version: 1.0.7547
License: Trial

-System Information-
OS: Windows 10 (Build 17134.345)
CPU: x64
File System: NTFS
User: Dragon\Chuck

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 347760
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 1 min, 23 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)


Emsisoft Emergency Kit - Version 2018.6
Last update: 10/26/2018 2:41:45 PM
User account: Dragon\Chuck
Computer name: DRAGON
OS version: Windows 10x64

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
Scan mail archives: Off
ADS Scan: On
File extension filter: Off
Direct disk access: Off

Scan start: 10/26/2018 2:45:55 PM

Scanned 86910
Found 0

Scan end: 10/26/2018 2:47:08 PM
Scan time: 0:01:13
DragonC
2018-10-26, 22:18
OK, just did a reboot as well still showing up. Read something about fileless malware, could this be something liek that
Juliet
2018-10-26, 23:37
I personally think it came in bundled with something.
Have you downloaded something recently and then you started noticing j7fs.wcontentdelivery.info pop ups?

**************************************************
Click the links that correspond to the browser(s).
Please bear in mind a reset will remove browser configurations, extensions, plugins and themes.


http://i.imgur.com/ehzOq95.png Internet Explorer: How to reset Internet Explorer settings (http://support.microsoft.com/kb/923737)
http://i.imgur.com/Qlf57ne.png Mozilla Firefox: Refresh Firefox (https://support.mozilla.org/en-US/kb/refresh-firefox-reset-add-ons-and-settings)
http://i.imgur.com/U5NwUGc.png Google Chrome: Reset Chrome settings to default (https://support.google.com/chrome/answer/3296214?hl=en)
http://i.imgur.com/kVTAnkd.png Microsoft Edge: How to Reset Microsoft Edge to Default (http://www.tenforums.com/tutorials/25353-microsoft-edge-reset-default-windows-10-a.html)



********************************
1.Please download HitmanPro

For 32-bit Operating System - http://i.imgur.com/dEMD6.gif (http://dl.surfright.nl/HitmanPro.exe).
For 64-bit Operating System - http://i.imgur.com/dEMD6.gif (http://dl.surfright.nl/HitmanPro_x64.exe)

2.Launch the program by double clicking on the http://i.imgur.com/5vo5F.jpg icon.

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 5-10 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!

8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.

Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

http://forums.majorgeeks.com/chaslang/images/Hitman/6-scanfin-choose.jpg (http://forums.majorgeeks.com/chaslang/images/Hitman/6-scanfin-choose.jpg)

Navigate to C:\Documents and Settings\All Users\Application Data\HitmanPro\Logs (for Windows XP) or to C:\ProgramData\HitmanPro\Logs (for Windows Vista/7) open the report and copy and paste it to your next reply.
DragonC
2018-10-27, 00:09
The most recent thing i installed was uplay from ubisoft. Before that nothing. And I think this pop up came around a week or so later. I was thinking it was some chrome extenson. I don't use Edge, never have...but I never looked at it either, my niece may have been using that. She plays the sims 3 a lot
Juliet
2018-10-27, 00:25
I was thinking it was some chrome extenson.
It's possible,

Make sure to follow through and reset Google Chrome.
DragonC
2018-10-27, 00:32
HitmanPro 3.8.0.295
www.hitmanpro.com

Computer name . . . . : DRAGON
Windows . . . . . . . : 10.0.0.17134.X64/8
User name . . . . . . : Dragon\Chuck
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free

Scan date . . . . . . : 2018-10-26 18:15:25
Scan mode . . . . . . : Normal
Scan duration . . . . : 9m 9s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No

Threats . . . . . . . : 0
Traces . . . . . . . : 12

Objects scanned . . . : 3,136,579
Files scanned . . . . : 158,057
Remnants scanned . . : 845,901 files / 2,132,621 keys

Suspicious files ____________________________________________________________

C:\Users\Chuck\AppData\Local\PunkBuster\BF4\pb\dll\wc002343.dll
Size . . . . . . . : 974,424 bytes
Age . . . . . . . : 1480.7 days (2014-10-07 01:17:52)
Entropy . . . . . : 7.6
SHA-256 . . . . . : E3050D29EB6CF5038F6723A7CD3D8C56D7334FF5B26237654FBAED56B3CF90F9
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 22.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
Program is code signed with a valid Authenticode certificate.

C:\Users\Chuck\AppData\Local\PunkBuster\BF4\pb\pbcl.dll
Size . . . . . . . : 974,424 bytes
Age . . . . . . . : 1480.7 days (2014-10-07 01:17:52)
Entropy . . . . . : 7.6
SHA-256 . . . . . : E3050D29EB6CF5038F6723A7CD3D8C56D7334FF5B26237654FBAED56B3CF90F9
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 22.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
Program is code signed with a valid Authenticode certificate.

C:\Users\Chuck\AppData\Local\PunkBuster\BF4\pb\pbclold.dll
Size . . . . . . . : 963,808 bytes
Age . . . . . . . : 1480.7 days (2014-10-07 01:04:28)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 606BF35587821588DF7788E9265CEA593E832F8F048BDAD480E8BFF45E52A60D
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 22.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
Program is code signed with a valid Authenticode certificate.

C:\Users\Chuck\AppData\Local\PunkBuster\BF4\pb\pbcls.dll
Size . . . . . . . : 974,424 bytes
Age . . . . . . . : 1480.7 days (2014-10-07 01:22:20)
Entropy . . . . . : 7.6
SHA-256 . . . . . : E3050D29EB6CF5038F6723A7CD3D8C56D7334FF5B26237654FBAED56B3CF90F9
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 22.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
Program is code signed with a valid Authenticode certificate.

C:\Users\Chuck\AppData\Local\PunkBuster\BF4\pb\pbsv.dll
Size . . . . . . . : 479,454 bytes
Age . . . . . . . : 1480.7 days (2014-10-07 01:22:32)
Entropy . . . . . : 7.0
SHA-256 . . . . . : 8A9AFCB32C8005FA7EC39230FFA05D331627FD83A9A58FC17B3D3E639B29DC7E
Fuzzy . . . . . . : 25.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.

C:\Users\Chuck\AppData\Local\PunkBuster\BF4\pb\PnkBstrK.sys
Size . . . . . . . : 139,264 bytes
Age . . . . . . . : 1485.8 days (2014-10-01 23:01:17)
Entropy . . . . . : 7.7
SHA-256 . . . . . : 641F3F332133540A507F1A6FDD59DC4D9356920F28C0AAEF152D1F727308D04C
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 22.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
Program is code signed with a valid Authenticode certificate.

C:\Users\Chuck\AppData\Local\PunkBuster\FC3\pb\pbcl.dll
Size . . . . . . . : 953,886 bytes
Age . . . . . . . : 1526.1 days (2014-08-22 15:57:04)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 6D5E2CD4A7A43EB00B600BA783AD3BEE6B817C030A40600D40367173A6ECEB13
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.

C:\Users\Chuck\AppData\Local\PunkBuster\FC3\pb\pbcls.dll
Size . . . . . . . : 953,886 bytes
Age . . . . . . . : 1526.1 days (2014-08-22 15:57:04)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 6D5E2CD4A7A43EB00B600BA783AD3BEE6B817C030A40600D40367173A6ECEB13
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.

C:\Users\Chuck\AppData\Local\PunkBuster\FC3\pb\PnkBstrK.sys
Size . . . . . . . : 138,032 bytes
Age . . . . . . . : 1526.1 days (2014-08-22 15:57:15)
Entropy . . . . . : 7.8
SHA-256 . . . . . : ABAF3FACF01E10E4C685F79C3B9E5D2118B3CF8629C4277EBE035B2A10474148
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 22.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
Program is code signed with a valid Authenticode certificate.

C:\Users\Chuck\Desktop\FRST64.exe
Size . . . . . . . : 2,414,592 bytes
Age . . . . . . . : 1.3 days (2018-10-25 12:12:43)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 5877A3EB21455DB627B824950727390F74BE4984CE928B92003013359C1A92E1
Needs elevation . : Yes
Fuzzy . . . . . . : 24.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
-0.0s C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\000026.ldb
0.0s C:\Users\Chuck\Desktop\FRST64.exe


Potential Unwanted Programs _________________________________________________

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar)
HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar)





Coupon bar is a bit wierd. I don't use edge or IE. I did the reset though before I ran that scan.
DragonC
2018-10-27, 01:40
I don't want to Jinx it just yet but I think the rest of the browsers may have worked. I'll give it another day and let ya know. in the meantime much appreciated, I will be saving this entire post for future reference.
Juliet
2018-10-27, 13:06
AdwCleaner should had taken out coupon bar.

Did you allow HitMan Pro to remove what it found?
Are you still having the same issues?

http://i.imgur.com/5KB3EXa.pngUpload a file on VirusTotal
Virus Total (Recommended) (http://www.virustotal.com/)

Open your favorite web browser, and go on virustotal.com
From there, click on the Select a file button and wait for the Windows Explorer to open
Browse to the file below, select it and click on Open


C:\Users\Chuck\AppData\Local\PunkBuster\BF4\pb\pbclold.dll

Once done, click on the Analyze button
If you get a message that the file was already analyzed, click on the Re-analyze button
At the end of the analysis, copy and paste the VirusTotal report URL in your next reply


Also

If you don't have an ad blocker installed I suggest you use Adblock Plus. Once installed click on its ABP icon at the top of the browser(s)
and choose Filter Preferences. Then UNcheck the box next to Allow some non-intrusive advertisements.
Adblock Plus :: Add-ons for Firefox (https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/) Adblock Plus - Chrome Web Store (https://chrome.google.com/webstore/detail/adblock-plus/cfhdojbkjhnklbpkdaibdccddilifddb?hl=en-US) Adblock Plus for IE (https://adblockplus.org/releases/adblock-plus-14-for-ie-released) Adblock Plus for Edge browser (https://adblockplus.org/en/edge)
DragonC
2018-10-27, 20:58
Yeah I wanted to give it a day but whatever it is it's gone. And I have adblock installed. Do you still want me to scan the punkbuster file? I've not played the game inover a year so I should really just install it all.
DragonC
2018-10-27, 21:02
Yeah I wanted to give it a day but whatever it is it's gone. And I have adblock installed. Do you still want me to scan the punkbuster file? I've not played the game it's for in over a year so I should really just uninstall it all.

**Did not see a way to edit the last post???
Juliet
2018-10-27, 22:21
It's up to you if you want to uninstall it.....
What I wouldn't want, and I did not check, if it has an auto-updater or not.

If the ad is gone, and you reset Google Chrome, I think that is our answer. My thought is, it was attached to an extension.
Or it could had come in by exploiting a very out dated version of Java...
Why, when, where, who's guess

Let me know if your ready to remove tools and quarantine folders.
DragonC
2018-11-01, 20:13
Ready. Sorry had some family issues come up. PC has been off since, but the good news is still no more pop up.
Juliet
2018-11-02, 00:09
Not a problem.

DelFix


Please download DelFix (https://www.bleepingcomputer.com/download/delfix/) or from Here (http://www.bleepingcomputer.com/download/delfix/) and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
Activate UAC
Remove disinfection tools
Click the Run button.
-- This will remove the specialized tools we used to disinfect your system.
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

************************************


Answers to common security questions - Best Practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/) by quietman7, MVP
How Malware Spreads - How did I get infected? (http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/) by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/) by Lawrence Abrams, MVP
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) by miekiemoes, MVP
How to backup and restore your data using Cobian Backup (http://www.bleepingcomputer.com/tutorials/backup-and-restore-data-with-cobian-backup/) by YourHighness
Slow Computer/browser? It May Not Be Malware (http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/) by quietman7, MVP


Keeping your programs up-to-date

Like keeping Windows updated, keeping your installed programs up-to-date is another important step in having a safe and secure system. Outdated programs can be exploited by hackers and malware to infect a system and take it over. This is especially true today with the rise of Exploit Kits (https://en.wikipedia.org/wiki/Exploit_kit) (and also 0-days (https://en.wikipedia.org/wiki/Zero-day_(computing))) which is one of the biggest attack vectors to distribute malware. Therefore, you should always keep vulnerable programs like Adobe Flash Player, Adobe Shockwave Player, Java, Silverlight, Google Chrome, Mozilla Firefox, VLC Media Player, etc. updated to their most recent version (even better, you don't have to install them if you don't use them). Programs like https://i.imgur.com/eF2jhaz.pngUCheck (https://www.adlice.com/download/ucheck/), ]SUMo (http://www.kcsoftwares.com/?sumo) and https://i.imgur.com/y5YE7At.pngHeimdal Free (http://www.bleepingcomputer.com/download/heimdal-free/) will scan your system for outdated programs, and help you identify them, as well as update them.


UCheck Documentation (https://www.adlice.com/documentation/ucheck/documentation/)



AdBlock (https://adblockplus.org/en/firefox) is a browser add-on that blocks annoying banners, pop-ups and video ads.
http://i.imgur.com/E8I37RF.pngCryptoPrevent (https://www.foolishit.com/) places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware.
http://i.imgur.com/EG85Vjt.png Malwarebytes Anti-Exploit (https://www.malwarebytes.org/antiexploit/) (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
http://i.imgur.com/6YRrgUC.png Malwarebytes Anti-Malware Premium (https://www.malwarebytes.org/) (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
http://i.imgur.com/jv4nhMJ.png NoScript (http://noscript.net/) is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
http://i.imgur.com/3O8r9Uq.png (http://www.sandboxie.com/) Sandboxie (http://www.sandboxie.com/) isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
http://i.imgur.com/DgW1XL2.png Secunia PSI (http://secunia.com/vulnerability_scanning/personal/) will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
http://i.imgur.com/j1OLIec.png SpywareBlaster (https://www.brightfort.com/spywareblaster.html) is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
http://i.imgur.com/sHjS79L.png Unchecky (http://unchecky.com/) automatically removes checkmarks for bunlded software in programme installers; helping you avoid adware and PUPs.
DragonC
2018-11-06, 17:21
Thanks again man. Everything is back to the way it should be. I was at my wits end on this. I will save this thread for a long time.
Juliet
2018-11-06, 18:58
Your welcome http://i.imgur.com/SakDYGv.gif