Results 1 to 10 of 21

Thread: Nothing is detecting this!

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Junior Member
    Join Date
    Oct 2018
    Posts
    13

    Default Nothing is detecting this!

    I can't seem to find where it is either. but it's aggravating. j7fs.wcontentdelivery.info pops up constantly bottom right corner. Nothign i run has detected it, and either i'm looking in the wrong place or I just can't find it. Any google search of it just takes me to garbage tools to d/l to get rid of it. Obviously i'm not doing that. After this no one else gets on my PC.

    https://imgur.com/kiBYYn0 (the offending pop up)

    I ran FRST but aswMBR crashes windows in a BSoD. I've only tried Spybot, windows deff. and malwarebytes for removal, but nothing is detecting it. Of course thank you in advance

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24.10.2018
    Ran by Chuck (administrator) on DRAGON (25-10-2018 12:30:23)
    Running from C:\Users\Chuck\Desktop
    Loaded Profiles: Chuck (Available Profiles: Chuck & VTUDKZXOX9)
    Platform: Windows 10 Pro Version 1803 17134.345 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\DriverStore\FileRepository\c0331246.inf_amd64_7dbd15b8c381571a\B330925\atiesrxx.exe
    (AMD) C:\Windows\System32\DriverStore\FileRepository\c0331246.inf_amd64_7dbd15b8c381571a\B330925\atieclxx.exe
    () C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
    (Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
    () C:\Windows\System32\PnkBstrA.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Electronic Arts) D:\Program Files (x86)\Origin\OriginWebHelperService.exe
    (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
    (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
    (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
    (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
    (Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
    (DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\MsMpEng.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe
    (Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
    () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
    (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
    (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAgent.exe
    (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\NisSrv.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
    () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\Video.UI.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeApp.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\PlacesServer.exe
    (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
    (Discord Inc.) C:\Users\Chuck\AppData\Local\Discord\app-0.0.301\Discord.exe
    (Discord Inc.) C:\Users\Chuck\AppData\Local\Discord\app-0.0.301\Discord.exe
    (Discord Inc.) C:\Users\Chuck\AppData\Local\Discord\app-0.0.301\Discord.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\PlacesServer.exe
    (Discord Inc.) C:\Users\Chuck\AppData\Local\Discord\app-0.0.301\Discord.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
    HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15120504 2016-02-17] (Logitech Inc.)
    HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-10-20] (Apple Inc.)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8529152 2015-10-02] (Realtek Semiconductor)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)
    HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1540896 2015-06-08] (Seagate Technology LLC)
    HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58584 2017-05-30] (Raptr, Inc)
    HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-07-27] (Samsung Electronics Co., Ltd.)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd.)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
    HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
    HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\Run: [HP ENVY 5530 series (NET)] => C:\Program Files\HP\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe [3487240 2014-03-06] (Hewlett-Packard Co.)
    HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25638872 2018-04-23] (Google)
    HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53282944 2015-06-29] (Skype Technologies S.A.)
    HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127816 2015-06-08] (Seagate Technology LLC)
    HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
    HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\Run: [KiesPDLR.exe] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1015104 2015-07-27] (Samsung)
    HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\Run: [WallpaperEngine] => D:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper64.exe [1733096 2017-09-20] ()
    HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\Run: [Discord] => C:\Users\Chuck\AppData\Local\Discord\app-0.0.301\Discord.exe [57816920 2018-04-30] (Discord Inc.)
    HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\RunOnce: [Application Restart #2] => C:\Program Files\pia_manager\nwjs\pia_nw.exe [1827608 2018-05-22] (The NWJS Community)
    Startup: C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EOS Utility.lnk [2015-07-11]
    ShortcutTarget: EOS Utility.lnk -> C:\Program Files (x86)\Canon\EOS Utility\EOS Utility.exe (No File)
    BootExecute: autocheck autochk * sdnclean64.exe
    GroupPolicyUsers\S-1-5-21-4180532363-1903722274-3440195036-1006\User: Restriction <==== ATTENTION
    GroupPolicyUsers\S-1-5-21-4180532363-1903722274-3440195036-1001\User: Restriction <==== ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{0e2171fd-e2ed-402d-accf-ca224d3de9e4}: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{25421258-f5d4-43c1-81a9-75819a50c9c2}: [DhcpNameServer] 209.18.47.62 209.18.47.61
    Tcpip\..\Interfaces\{5a1072d4-f5c7-48f5-bd4d-23429767d88f}: [DhcpNameServer] 209.222.18.222 209.222.18.218
    Tcpip\..\Interfaces\{d739f7a1-697d-4edf-9c7d-e9269163ca8e}: [DhcpNameServer] 209.18.47.62 209.18.47.61
    Tcpip\..\Interfaces\{debcc456-b294-40d4-a70c-08d95d15cbe2}: [DhcpNameServer] 209.18.47.61 209.18.47.62 192.168.1.1

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
    SearchScopes: HKU\S-1-5-21-4180532363-1903722274-3440195036-1001 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={3A5DD0DC-8EA8-4D4F-91A3-CDA0237EC081}&mid=36224f07768747cca0fb252442305beb-1274ee933e1210bc95767ed0807ffc3bbea0032b&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516piz&pr=fr&d=2016-07-03 17:03:31&v=4.3.2.18&pid=wtu&sg=&sap=dsp&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4180532363-1903722274-3440195036-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={3A5DD0DC-8EA8-4D4F-91A3-CDA0237EC081}&mid=36224f07768747cca0fb252442305beb-1274ee933e1210bc95767ed0807ffc3bbea0032b&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516piz&pr=fr&d=2016-07-03 17:03:31&v=4.3.2.18&pid=wtu&sg=&sap=dsp&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4180532363-1903722274-3440195036-1001 -> {B1DE1E7D-F861-4858-A236-004162AD9495} URL = hxxp://search.strtpoint.com/results.html?v=insMac&t=1411&ap=578080078&q={searchTerms}&r=452
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-10] (Oracle Corporation)
    BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-10] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-16] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-16] (Oracle Corporation)

    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll [2014-12-11] ()
    FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [2014-09-01] (EA Digital Illusions CE AB)
    FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB)
    FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-10] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-10] (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
    FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll [2014-12-11] ()
    FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [2014-09-01] (EA Digital Illusions CE AB)
    FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB)
    FF Plugin-x32: @FOSCAM Web Components -> C:\Program Files (x86)\Foscam Web Components Test\npIPcam.dll [2014-02-28] ()
    FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-16] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-16] (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
    FF Plugin HKU\S-1-5-21-4180532363-1903722274-3440195036-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Chuck\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-28] (Unity Technologies ApS)
    FF Plugin HKU\S-1-5-21-4180532363-1903722274-3440195036-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-08-22] ()

    Chrome:
    =======
    CHR DefaultProfile: Profile 1
    CHR HomePage: Profile 1 -> mysearch.avg.com/?rvt=1
    CHR StartupUrls: Profile 1 -> "hxxp://www.google.com/","hxxps://homepage-web.com/?s=toshibaupd&m=start"
    CHR DefaultSearchKeyword: Profile 1 -> hxxp://www.google.com__
    CHR Session Restore: Profile 1 -> is enabled.
    CHR Profile: C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default [2018-10-24]
    CHR Extension: (Google Slides) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-20]
    CHR Extension: (Google Docs) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-20]
    CHR Extension: (Google Drive) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-20]
    CHR Extension: (YouTube) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-20]
    CHR Extension: (Google Sheets) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-20]
    CHR Extension: (Google Docs Offline) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-20]
    CHR Extension: (Skype) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-03-20]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-03-20]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-20]
    CHR Extension: (Gmail) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-20]
    CHR Extension: (Chrome Media Router) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-20]
    CHR Profile: C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1 [2018-10-25]
    CHR Extension: (Slides) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
    CHR Extension: (Entanglement Web App) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aciahcmjmecflokailenpkdchphgkefd [2015-06-08]
    CHR Extension: (Bejeweled) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm [2015-06-08]
    CHR Extension: (BIODIGITAL HUMAN) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2015-06-08]
    CHR Extension: (Docs) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
    CHR Extension: (Google Drive) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-16]
    CHR Extension: (TV) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\beobeededemalmllhkmnkinmfembdimh [2015-06-08]
    CHR Extension: (YouTube) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
    CHR Extension: (Freecell Solitaire) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cabpjbpfakfhcfidnjahmdophhihafkh [2016-03-06]
    CHR Extension: (Adblock Plus) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-09-11]
    CHR Extension: (Google Search) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
    CHR Extension: (WGT Golf Challenge) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dcilimldmomiaihcfkmaldanopfejefg [2015-06-08]
    CHR Extension: (Netflix) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\deceagebecbceejblnlcjooeohmmeldh [2015-06-08]
    CHR Extension: (Google Play Music) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2018-09-26]
    CHR Extension: (Sheets) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
    CHR Extension: (The QR Code Generator) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gcmhlmapohffdglflokbgknlknnmogbb [2015-06-08]
    CHR Extension: (Google Docs Offline) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-17]
    CHR Extension: (Planetarium) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp [2015-08-06]
    CHR Extension: (AdBlock) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-10-13]
    CHR Extension: (Google Play Music) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2016-06-06]
    CHR Extension: (Dubsmash Video) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\idakfimamgbniacjdkigmkjocjbhllgk [2016-02-04]
    CHR Extension: (EasyHome Homestyler) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb [2017-05-22]
    CHR Extension: (Little Alchemy) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2016-02-07]
    CHR Extension: (Google Play) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2015-06-08]
    CHR Extension: (Numerics Calculator & Converter) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\liglcienpnkhdajdfmnpbgmpjglonipe [2015-06-08]
    CHR Extension: (FromDocToPDF) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mallpejgeafdahhflmliiahjdpgbegpk [2018-10-24]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
    CHR Extension: (TypingClub) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\obdbgibnhfcjmmpfijkpcihjieedpfah [2015-06-08]
    CHR Extension: (Gmail) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-08]
    CHR Extension: (Chrome Media Router) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-17]
    CHR Extension: (Abstract Blue) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\plnacehkknmafkjgkikclamogikoiaaa [2016-06-11]
    CHR Profile: C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\System Profile [2015-12-24]
    CHR Extension: (Google Slides) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-08]
    CHR Extension: (Google Docs) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-08]
    CHR Extension: (Google Drive) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-08]
    CHR Extension: (YouTube) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-08]
    CHR Extension: (Google Search) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-08]
    CHR Extension: (Google Sheets) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-08]
    CHR Extension: (Bookmark Manager) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-06-11]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-08]
    CHR Extension: (Skype Click to Call) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-06-08]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-06-08]
    CHR Extension: (Google Wallet) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-08]
    CHR Extension: (Gmail) - C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-08]
    CHR HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AMD External Events Utility; C:\WINDOWS\System32\DriverStore\FileRepository\c0331246.inf_amd64_7dbd15b8c381571a\B330925\atiesrxx.exe [473904 2018-07-19] (AMD)
    R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2016-07-18] (Advanced Micro Devices) [File not signed]
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-10-11] (Apple Inc.)
    S2 AUEPLauncher; C:\Program Files (x86)\AMD\Performance Profile Client\AUEPLauncher.exe [7680 2018-07-11] () [File not signed]
    S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6893704 2018-06-30] ()
    S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [780928 2018-06-27] (EasyAntiCheat Ltd)
    S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2016-05-24] (Futuremark)
    S3 HnGSteamService; d:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngservice.exe [754984 2018-10-24] (Reto-Moto ApS)
    R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-02-17] (Logitech Inc.)
    S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [2268992 2018-10-09] (Electronic Arts)
    R2 Origin Web Helper Service; D:\Program Files (x86)\Origin\OriginWebHelperService.exe [3129160 2018-10-09] (Electronic Arts)
    R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-10-01] ()
    R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-10-01] ()
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd.)
    R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16216 2015-06-08] (Seagate Technology LLC)
    R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [143656 2015-06-08] (Seagate Technology LLC)
    S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-07-14] (Microsoft Corporation)
    R2 SplashtopRemoteService; C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [739840 2018-08-06] (Splashtop Inc.) [File not signed]
    S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
    R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
    R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11644656 2018-09-10] (TeamViewer GmbH)
    R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\NisSrv.exe [3917016 2018-10-22] (Microsoft Corporation)
    R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MsMpEng.exe [114208 2018-10-22] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 amdacpksd; C:\WINDOWS\system32\drivers\amdacpksd.sys [313760 2016-07-25] (Advanced Micro Devices)
    S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
    R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0331246.inf_amd64_7dbd15b8c381571a\B330925\atikmdag.sys [44331304 2018-07-19] (Advanced Micro Devices, Inc.)
    R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0331246.inf_amd64_7dbd15b8c381571a\B330925\atikmpag.sys [559408 2018-07-19] (Advanced Micro Devices, Inc.)
    R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [107496 2018-05-28] (Advanced Micro Devices)
    S3 CorsairAudioFilter; C:\WINDOWS\system32\DRIVERS\corsveng2kamd64.sys [112808 2015-09-21] (Corsair Components, Inc.)
    S3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [47840 2016-01-20] (Corsair)
    S3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [21728 2016-01-20] (Corsair)
    S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
    R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO64A.SYS [27552 2016-07-26] (REALiX(tm))
    S3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
    R3 ladfGSS; C:\WINDOWS\system32\drivers\ladfGSS.sys [45200 2016-02-15] (Logitech Inc.)
    R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
    R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [68384 2015-06-10] (Logitech Inc.)
    S3 LGSHidFilt; C:\WINDOWS\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
    S3 massfilter_hs; C:\WINDOWS\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated)
    S4 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_c1a085cc86772d3f\nvlddmkm.sys [17544792 2018-03-25] (NVIDIA Corporation)
    S3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [59240 2018-03-23] (NVIDIA Corporation)
    S3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [58816 2018-03-23] (NVIDIA Corporation)
    S3 OSFMount; C:\Program Files\OSFMount\OSFMount.sys [1299384 2014-02-07] (PassMark Software)
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-11] (Realtek )
    R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14024 2016-10-24] ()
    S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
    R3 stdpms; C:\WINDOWS\System32\drivers\stdpms.sys [28904 2014-08-06] (Splashtop Inc.)
    R3 sthid; C:\WINDOWS\System32\drivers\sthid.sys [21216 2014-08-06] (Splashtop Inc.)
    S3 taphss6; C:\WINDOWS\System32\drivers\taphss6.sys [42088 2016-01-13] (Anchorfree Inc.)
    U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [44544 2018-04-11] (Microsoft Corporation)
    S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46184 2018-10-22] (Microsoft Corporation)
    R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [328696 2018-10-22] (Microsoft Corporation)
    R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60408 2018-10-22] (Microsoft Corporation)
    U0 Partizan; system32\drivers\Partizan.sys [X]
    S3 pbfilter; \??\C:\Program Files\PeerBlock\pbfilter.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-10-25 12:30 - 2018-10-25 12:30 - 000031887 _____ C:\Users\Chuck\Desktop\FRST.txt
    2018-10-25 12:29 - 2018-10-25 12:29 - 1351150137 _____ C:\WINDOWS\MEMORY.DMP
    2018-10-25 12:29 - 2018-10-25 12:29 - 000750988 _____ C:\WINDOWS\Minidump\102518-18015-01.dmp
    2018-10-25 12:20 - 2018-10-25 12:20 - 000045143 _____ C:\Users\Chuck\Desktop\Addition.txt
    2018-10-25 12:18 - 2018-10-25 12:18 - 000045145 _____ C:\Users\Chuck\Downloads\Addition.txt
    2018-10-25 12:17 - 2018-10-25 12:18 - 005198336 _____ (AVAST Software) C:\Users\Chuck\Desktop\aswMBR.exe
    2018-10-25 12:14 - 2018-10-25 12:17 - 000000000 ____D C:\FRST
    2018-10-25 12:12 - 2018-10-25 12:14 - 002414592 _____ (Farbar) C:\Users\Chuck\Desktop\FRST64.exe
    2018-10-25 11:16 - 2018-10-25 11:16 - 000000000 ___HD C:\OneDriveTemp
    2018-10-24 17:26 - 2018-10-24 17:27 - 000000524 _____ C:\WINDOWS\SysWOW64\Partizan.RRI
    2018-10-24 17:23 - 2018-10-25 11:14 - 000000000 ____D C:\ProgramData\RegRun
    2018-10-24 17:18 - 2018-10-25 11:15 - 000000000 ____D C:\Users\Public\Documents\RegRunInfo
    2018-10-24 17:18 - 2018-10-24 17:27 - 000000000 ____D C:\Users\Chuck\Documents\RegRun2
    2018-10-24 17:18 - 2018-10-23 23:07 - 000454851 ____R C:\WINDOWS\system32\Drivers\etc\hosts.old
    2018-10-24 16:49 - 2018-10-24 16:49 - 000000000 ___HD C:\$SysReset
    2018-10-23 23:07 - 2018-10-23 22:37 - 000453362 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20181023-230751.backup
    2018-10-23 23:04 - 2018-10-23 23:04 - 000001513 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    2018-10-23 23:04 - 2018-10-23 23:04 - 000001501 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    2018-10-23 23:04 - 2018-10-23 23:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    2018-10-23 23:04 - 2018-02-06 19:04 - 000032168 _____ (Safer-Networking Ltd.) C:\WINDOWS\system32\sdnclean64.exe
    2018-10-23 22:49 - 2018-10-23 22:50 - 080022264 _____ (Malwarebytes ) C:\Users\Chuck\Downloads\mb3-setup-54035.54035-3.6.1.2711-1.0.463-1.0.6913.exe
    2018-10-23 21:18 - 2018-01-30 23:16 - 000036600 _____ (Riverbed Technology, Inc.) C:\WINDOWS\system32\Drivers\npf.sys
    2018-10-23 19:40 - 2018-10-23 19:40 - 000505517 _____ C:\Users\Chuck\AppData\Local\census.cache
    2018-10-23 19:40 - 2018-10-23 19:40 - 000000000 _____ C:\Users\Chuck\AppData\Local\ars.cache
    2018-10-23 16:59 - 2018-10-23 17:10 - 000126075 _____ C:\Users\Chuck\Desktop\insane.txt
    2018-10-23 13:12 - 2018-10-23 16:25 - 000000010 _____ C:\Users\Chuck\AppData\Local\sponge.last.runtime.cache
    2018-10-23 12:59 - 2018-10-23 12:59 - 000002426 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2018-10-23 12:59 - 2018-10-23 12:59 - 000002385 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2018-10-23 12:56 - 2018-10-23 12:56 - 055454464 _____ (Safer-Networking Ltd. ) C:\Users\Chuck\Downloads\SpybotSD2.exe
    2018-10-19 18:46 - 2018-10-19 18:46 - 000000965 _____ C:\Users\Chuck\Desktop\Uplay.lnk
    2018-10-19 11:53 - 2018-09-04 18:36 - 001476904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
    2018-10-19 11:27 - 2018-10-19 11:43 - 000000000 ____D C:\Users\Chuck\AppData\Local\UltraStorage
    2018-10-14 19:06 - 2012-05-22 16:40 - 000002997 _____ C:\Users\Chuck\Desktop\HL_LN_MailTrash.package
    2018-10-12 15:17 - 2018-10-18 01:48 - 000000000 ____D C:\Users\Chuck\AppData\Local\CrashDumps
    2018-10-11 13:50 - 2015-09-06 14:16 - 000068760 _____ (Google, inc) C:\WINDOWS\AdbWinUsbApi.dll
    2018-10-11 13:50 - 2015-09-06 14:15 - 000104088 _____ (Google, inc) C:\WINDOWS\AdbWinApi.dll
    2018-10-11 13:50 - 2015-09-06 14:09 - 001017496 _____ C:\WINDOWS\adb.exe
    2018-10-11 13:50 - 2012-06-20 11:51 - 000020232 _____ (HandSet Incorporated) C:\WINDOWS\system32\Drivers\massfilter_hs.sys
    2018-10-09 16:56 - 2018-09-21 05:21 - 001786168 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
    2018-10-09 16:56 - 2018-09-21 05:18 - 021386888 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2018-10-09 16:56 - 2018-09-21 04:22 - 020381784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2018-10-09 16:56 - 2018-09-21 00:12 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
    2018-10-09 16:56 - 2018-09-21 00:09 - 004790160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2018-10-09 16:56 - 2018-09-21 00:09 - 002253696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2018-10-09 16:56 - 2018-09-21 00:08 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2018-10-09 16:56 - 2018-09-21 00:08 - 002765344 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2018-10-09 16:56 - 2018-09-20 23:58 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
    2018-10-09 16:56 - 2018-09-20 23:43 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
    2018-10-09 16:56 - 2018-09-20 23:41 - 003396096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2018-10-09 16:56 - 2018-09-20 23:40 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
    2018-10-09 16:56 - 2018-09-20 23:39 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2018-10-09 16:56 - 2018-09-20 23:38 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
    2018-10-09 16:56 - 2018-09-20 23:37 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2018-10-09 16:56 - 2018-09-20 23:37 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2018-10-09 16:56 - 2018-09-20 23:37 - 001211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
    2018-10-09 16:56 - 2018-09-20 23:37 - 000604160 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
    2018-10-09 16:56 - 2018-09-20 23:36 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
    2018-10-09 16:56 - 2018-09-20 23:36 - 001034240 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
    2018-10-09 16:56 - 2018-09-20 05:23 - 006602240 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2018-10-09 16:56 - 2018-09-20 05:18 - 003649024 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2018-10-09 16:56 - 2018-09-20 05:17 - 001856000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
    2018-10-09 16:56 - 2018-09-20 05:17 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
    2018-10-09 16:56 - 2018-09-20 04:46 - 001454440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
    2018-10-09 16:56 - 2018-09-20 04:35 - 005669888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2018-10-09 16:56 - 2018-09-20 04:29 - 002891776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
    2018-10-09 16:56 - 2018-09-20 00:29 - 006569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2018-10-09 16:56 - 2018-09-20 00:29 - 006039368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
    2018-10-09 16:56 - 2018-09-20 00:29 - 001989232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
    2018-10-09 16:56 - 2018-09-20 00:21 - 022013440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2018-10-09 16:56 - 2018-09-20 00:17 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
    2018-10-09 16:56 - 2018-09-20 00:15 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2018-10-09 16:56 - 2018-09-20 00:13 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2018-10-09 16:56 - 2018-09-20 00:11 - 005777920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2018-10-09 16:56 - 2018-09-20 00:10 - 001221128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
    2018-10-09 16:56 - 2018-09-20 00:10 - 001029432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
    2018-10-09 16:56 - 2018-09-20 00:09 - 009089848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2018-10-09 16:56 - 2018-09-20 00:09 - 007520096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2018-10-09 16:56 - 2018-09-20 00:09 - 007432136 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2018-10-09 16:56 - 2018-09-20 00:09 - 002825232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2018-10-09 16:56 - 2018-09-20 00:09 - 002462888 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
    2018-10-09 16:56 - 2018-09-20 00:09 - 002421248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
    2018-10-09 16:56 - 2018-09-20 00:08 - 004191232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2018-10-09 16:56 - 2018-09-20 00:08 - 001627648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2018-10-09 16:56 - 2018-09-19 23:53 - 025851392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2018-10-09 16:56 - 2018-09-19 23:46 - 022715392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2018-10-09 16:56 - 2018-09-19 23:44 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
    2018-10-09 16:56 - 2018-09-19 23:44 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
    2018-10-09 16:56 - 2018-09-19 23:42 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2018-10-09 16:56 - 2018-09-19 23:41 - 007577088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2018-10-09 16:56 - 2018-09-19 23:40 - 003090432 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
    2018-10-09 16:56 - 2018-09-19 23:40 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
    2018-10-09 16:56 - 2018-09-19 23:37 - 004615680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2018-10-09 16:56 - 2018-09-19 23:37 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2018-10-09 16:56 - 2018-09-19 23:36 - 001375232 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
    2018-10-09 16:56 - 2018-09-08 04:12 - 000452112 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
    2018-10-09 16:56 - 2018-09-08 04:07 - 002868536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
    2018-10-09 16:56 - 2018-09-08 04:07 - 001610552 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
    2018-10-09 16:56 - 2018-09-08 04:07 - 000792376 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
    2018-10-09 16:56 - 2018-09-08 04:07 - 000689464 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2018-10-09 16:56 - 2018-09-08 04:07 - 000612360 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
    2018-10-09 16:56 - 2018-09-08 04:03 - 002267136 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
    2018-10-09 16:56 - 2018-09-08 04:02 - 000540984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
    2018-10-09 16:56 - 2018-09-08 03:58 - 001520744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
    2018-10-09 16:56 - 2018-09-08 03:40 - 001724928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
    2018-10-09 16:56 - 2018-09-08 03:40 - 000677888 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
    2018-10-09 16:56 - 2018-09-08 03:40 - 000522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
    2018-10-09 16:56 - 2018-09-08 03:39 - 002052096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
    2018-10-09 16:56 - 2018-09-08 03:39 - 001787904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
    2018-10-09 16:56 - 2018-09-08 03:38 - 001288192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
    2018-10-09 16:56 - 2018-09-08 03:38 - 001004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
    2018-10-09 16:56 - 2018-09-08 03:38 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
    2018-10-09 16:56 - 2018-09-08 03:38 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
    2018-10-09 16:56 - 2018-09-08 03:17 - 001540104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
    2018-10-09 16:56 - 2018-09-08 03:14 - 001328056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
    2018-10-09 16:56 - 2018-09-08 02:59 - 001530368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
    2018-10-09 16:56 - 2018-09-08 02:59 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
    2018-10-09 16:56 - 2018-09-08 02:58 - 001308672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
    2018-10-09 16:56 - 2018-09-08 02:58 - 000775680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
    2018-10-09 16:56 - 2018-09-08 02:57 - 000625664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
    2018-10-09 16:56 - 2018-09-08 00:08 - 000462880 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
    2018-10-09 16:56 - 2018-09-07 23:59 - 000361544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
    2018-10-09 16:56 - 2018-09-07 23:57 - 002571128 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2018-10-09 16:56 - 2018-09-07 23:57 - 001016984 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
    2018-10-09 16:56 - 2018-09-07 23:57 - 000930616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
    2018-10-09 16:56 - 2018-09-07 23:51 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
    2018-10-09 16:56 - 2018-09-07 23:44 - 001980984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2018-10-09 16:56 - 2018-09-07 23:44 - 000829752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
    2018-10-09 16:56 - 2018-09-07 23:43 - 001174448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
    2018-10-09 16:56 - 2018-09-07 23:30 - 003601920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dll
    2018-10-09 16:56 - 2018-09-07 23:29 - 004771840 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
    2018-10-09 16:56 - 2018-09-07 23:28 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
    2018-10-09 16:56 - 2018-09-07 23:28 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
    2018-10-09 16:56 - 2018-09-07 23:27 - 003348992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
    2018-10-09 16:56 - 2018-09-07 23:27 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
    2018-10-09 16:56 - 2018-09-07 23:27 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
    2018-10-09 16:56 - 2018-09-07 23:26 - 002328064 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmsipc.dll
    2018-10-09 16:56 - 2018-09-07 23:26 - 000784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
    2018-10-09 16:56 - 2018-09-07 23:25 - 003553792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
    2018-10-09 16:56 - 2018-09-07 23:25 - 002789376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
    2018-10-09 16:56 - 2018-09-07 23:25 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
    2018-10-09 16:56 - 2018-09-07 23:24 - 001457664 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
    2018-10-09 16:56 - 2018-09-07 23:24 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2018-10-09 16:56 - 2018-09-07 23:24 - 000845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
    2018-10-09 16:56 - 2018-09-07 23:23 - 001655296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmsipc.dll
    2018-10-09 16:56 - 2018-09-07 23:23 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll
    2018-10-09 16:56 - 2018-09-07 23:22 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
    2018-10-09 16:55 - 2018-09-21 05:23 - 000257848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVFileSystemMetadata.dll
    2018-10-09 16:55 - 2018-09-21 05:21 - 001626936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
    2018-10-09 16:55 - 2018-09-21 05:21 - 001422648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
    2018-10-09 16:55 - 2018-09-21 05:21 - 001038136 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
    2018-10-09 16:55 - 2018-09-21 05:21 - 000954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
    2018-10-09 16:55 - 2018-09-21 05:21 - 000830264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
    2018-10-09 16:55 - 2018-09-21 05:21 - 000825144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
    2018-10-09 16:55 - 2018-09-21 05:21 - 000749880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
    2018-10-09 16:55 - 2018-09-21 05:21 - 000670008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
    2018-10-09 16:55 - 2018-09-21 05:21 - 000652288 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
    2018-10-09 16:55 - 2018-09-21 05:21 - 000495416 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
    2018-10-09 16:55 - 2018-09-21 05:21 - 000399672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
    2018-10-09 16:55 - 2018-09-21 05:21 - 000231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
    2018-10-09 16:55 - 2018-09-21 05:21 - 000228152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamMap.dll
    2018-10-09 16:55 - 2018-09-21 05:21 - 000201528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamingUX.dll
    2018-10-09 16:55 - 2018-09-21 05:21 - 000180736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVDllSurrogate.exe
    2018-10-09 16:55 - 2018-09-21 05:21 - 000173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVNice.exe
    2018-10-09 16:55 - 2018-09-21 05:21 - 000034304 _____ C:\WINDOWS\system32\SyncAppvPublishingServer.exe
    2018-10-09 16:55 - 2018-09-21 05:01 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
    2018-10-09 16:55 - 2018-09-21 04:12 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
    2018-10-09 16:55 - 2018-09-21 00:14 - 000661056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
    2018-10-09 16:55 - 2018-09-21 00:13 - 000480568 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
    2018-10-09 16:55 - 2018-09-21 00:11 - 000753056 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
    2018-10-09 16:55 - 2018-09-21 00:09 - 001427968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
    2018-10-09 16:55 - 2018-09-21 00:09 - 001062920 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
    2018-10-09 16:55 - 2018-09-21 00:09 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
    2018-10-09 16:55 - 2018-09-21 00:08 - 001566720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
    2018-10-09 16:55 - 2018-09-21 00:08 - 001456720 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2018-10-09 16:55 - 2018-09-21 00:08 - 001257864 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2018-10-09 16:55 - 2018-09-21 00:08 - 001140672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2018-10-09 16:55 - 2018-09-21 00:08 - 000982600 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
    2018-10-09 16:55 - 2018-09-21 00:08 - 000709936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2018-10-09 16:55 - 2018-09-21 00:08 - 000261008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
    2018-10-09 16:55 - 2018-09-21 00:08 - 000170808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
    2018-10-09 16:55 - 2018-09-21 00:07 - 000604664 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
    2018-10-09 16:55 - 2018-09-20 23:57 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
    2018-10-09 16:55 - 2018-09-20 23:57 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
    2018-10-09 16:55 - 2018-09-20 23:56 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
    2018-10-09 16:55 - 2018-09-20 23:54 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
    2018-10-09 16:55 - 2018-09-20 23:53 - 001006080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
    2018-10-09 16:55 - 2018-09-20 23:42 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
    2018-10-09 16:55 - 2018-09-20 23:39 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
    2018-10-09 16:55 - 2018-09-20 23:39 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2018-10-09 16:55 - 2018-09-20 23:39 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
    2018-10-09 16:55 - 2018-09-20 23:38 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
    2018-10-09 16:55 - 2018-09-20 23:36 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
    2018-10-09 16:55 - 2018-09-20 23:36 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
    2018-10-09 16:55 - 2018-09-20 23:36 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
    2018-10-09 16:55 - 2018-09-20 05:40 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
    2018-10-09 16:55 - 2018-09-20 05:37 - 001634944 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
    2018-10-09 16:55 - 2018-09-20 05:19 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
    2018-10-09 16:55 - 2018-09-20 05:18 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2018-10-09 16:55 - 2018-09-20 05:18 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinit.exe
    2018-10-09 16:55 - 2018-09-20 05:17 - 002874368 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
    2018-10-09 16:55 - 2018-09-20 05:17 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe
    2018-10-09 16:55 - 2018-09-20 04:30 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2018-10-09 16:55 - 2018-09-20 04:29 - 002824704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
    2018-10-09 16:55 - 2018-09-20 04:29 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
    2018-10-09 16:55 - 2018-09-20 02:43 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
    2018-10-09 16:55 - 2018-09-20 01:52 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
    2018-10-09 16:55 - 2018-09-20 00:29 - 001513032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
    2018-10-09 16:55 - 2018-09-20 00:29 - 000357056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
    2018-10-09 16:55 - 2018-09-20 00:28 - 001129544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
    2018-10-09 16:55 - 2018-09-20 00:28 - 000581792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
    2018-10-09 16:55 - 2018-09-20 00:28 - 000567256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
    2018-10-09 16:55 - 2018-09-20 00:12 - 000272200 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
    2018-10-09 16:55 - 2018-09-20 00:12 - 000269128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
    2018-10-09 16:55 - 2018-09-20 00:11 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
    2018-10-09 16:55 - 2018-09-20 00:11 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
    2018-10-09 16:55 - 2018-09-20 00:11 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
    2018-10-09 16:55 - 2018-09-20 00:11 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
    2018-10-09 16:55 - 2018-09-20 00:10 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2018-10-09 16:55 - 2018-09-20 00:10 - 000566800 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
    2018-10-09 16:55 - 2018-09-20 00:10 - 000500536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
    2018-10-09 16:55 - 2018-09-20 00:10 - 000355840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
    2018-10-09 16:55 - 2018-09-20 00:10 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
    2018-10-09 16:55 - 2018-09-20 00:10 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
    2018-10-09 16:55 - 2018-09-20 00:09 - 001767096 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
    2018-10-09 16:55 - 2018-09-20 00:09 - 001540096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
    2018-10-09 16:55 - 2018-09-20 00:09 - 001097744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
    2018-10-09 16:55 - 2018-09-20 00:09 - 000885952 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
    2018-10-09 16:55 - 2018-09-20 00:09 - 000793088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
    2018-10-09 16:55 - 2018-09-20 00:09 - 000713472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
    2018-10-09 16:55 - 2018-09-20 00:09 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
    2018-10-09 16:55 - 2018-09-19 23:43 - 000052736 _____ C:\WINDOWS\system32\runexehelper.exe
    2018-10-09 16:55 - 2018-09-19 23:42 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
    2018-10-09 16:55 - 2018-09-19 23:42 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
    2018-10-09 16:55 - 2018-09-19 23:41 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
    2018-10-09 16:55 - 2018-09-19 23:41 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
    2018-10-09 16:55 - 2018-09-19 23:41 - 000319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
    2018-10-09 16:55 - 2018-09-19 23:41 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2018-10-09 16:55 - 2018-09-19 23:40 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
    2018-10-09 16:55 - 2018-09-19 23:38 - 001724416 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
    2018-10-09 16:55 - 2018-09-19 23:38 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
    2018-10-09 16:55 - 2018-09-19 22:21 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
    2018-10-09 16:55 - 2018-09-19 21:28 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
    2018-10-09 16:55 - 2018-09-08 04:07 - 000309560 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
    2018-10-09 16:55 - 2018-09-08 04:07 - 000144696 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
    2018-10-09 16:55 - 2018-09-08 04:07 - 000069944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
    2018-10-09 16:55 - 2018-09-08 04:02 - 000645112 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
    2018-10-09 16:55 - 2018-09-08 03:58 - 001639352 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
    2018-10-09 16:55 - 2018-09-08 03:57 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
    2018-10-09 16:55 - 2018-09-08 03:44 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdBth.dll
    2018-10-09 16:55 - 2018-09-08 03:43 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\INETRES.dll
    2018-10-09 16:55 - 2018-09-08 03:43 - 000047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardBi.dll
    2018-10-09 16:55 - 2018-09-08 03:42 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
    2018-10-09 16:55 - 2018-09-08 03:42 - 000188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
    2018-10-09 16:55 - 2018-09-08 03:42 - 000169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.XamlHost.dll
    2018-10-09 16:55 - 2018-09-08 03:42 - 000114176 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthci.dll
    2018-10-09 16:55 - 2018-09-08 03:41 - 000258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
    2018-10-09 16:55 - 2018-09-08 03:40 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
    2018-10-09 16:55 - 2018-09-08 03:40 - 000402944 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
    2018-10-09 16:55 - 2018-09-08 03:40 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl
    2018-10-09 16:55 - 2018-09-08 03:39 - 005505024 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
    2018-10-09 16:55 - 2018-09-08 03:39 - 000615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
    2018-10-09 16:55 - 2018-09-08 03:38 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
    2018-10-09 16:55 - 2018-09-08 03:37 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
    2018-10-09 16:55 - 2018-09-08 03:16 - 000482080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
    2018-10-09 16:55 - 2018-09-08 03:13 - 001626656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
    2018-10-09 16:55 - 2018-09-08 03:13 - 000181288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
    2018-10-09 16:55 - 2018-09-08 03:03 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\INETRES.dll
    2018-10-09 16:55 - 2018-09-08 03:03 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdBth.dll
    2018-10-09 16:55 - 2018-09-08 03:02 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
    2018-10-09 16:55 - 2018-09-08 03:00 - 000548864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
    2018-10-09 16:55 - 2018-09-08 02:59 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
    2018-10-09 16:55 - 2018-09-08 02:59 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.XamlHost.dll
    2018-10-09 16:55 - 2018-09-08 02:58 - 000897536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
    2018-10-09 16:55 - 2018-09-08 02:57 - 005391360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
    2018-10-09 16:55 - 2018-09-08 02:57 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
    2018-10-09 16:55 - 2018-09-08 02:57 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl
    2018-10-09 16:55 - 2018-09-08 02:56 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
    2018-10-09 16:55 - 2018-09-07 23:59 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
    2018-10-09 16:55 - 2018-09-07 23:58 - 000744976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
    2018-10-09 16:55 - 2018-09-07 23:58 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
    2018-10-09 16:55 - 2018-09-07 23:58 - 000368440 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
    2018-10-09 16:55 - 2018-09-07 23:57 - 000482384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
    2018-10-09 16:55 - 2018-09-07 23:57 - 000368448 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
    2018-10-09 16:55 - 2018-09-07 23:57 - 000267576 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
    2018-10-09 16:55 - 2018-09-07 23:45 - 000295416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
    2018-10-09 16:55 - 2018-09-07 23:45 - 000286824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
    2018-10-09 16:55 - 2018-09-07 23:43 - 000269104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
    2018-10-09 16:55 - 2018-09-07 23:32 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
    2018-10-09 16:55 - 2018-09-07 23:31 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
    2018-10-09 16:55 - 2018-09-07 23:31 - 000272384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Proxy.dll
    2018-10-09 16:55 - 2018-09-07 23:30 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
    2018-10-09 16:55 - 2018-09-07 23:30 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
    2018-10-09 16:55 - 2018-09-07 23:30 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
    2018-10-09 16:55 - 2018-09-07 23:30 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
    2018-10-09 16:55 - 2018-09-07 23:29 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
    2018-10-09 16:55 - 2018-09-07 23:29 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
    2018-10-09 16:55 - 2018-09-07 23:29 - 000183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
    2018-10-09 16:55 - 2018-09-07 23:29 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
    2018-10-09 16:55 - 2018-09-07 23:28 - 000481280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
    2018-10-09 16:55 - 2018-09-07 23:28 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
    2018-10-09 16:55 - 2018-09-07 23:28 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Bluetooth.Proxy.dll
    2018-10-09 16:55 - 2018-09-07 23:27 - 000596992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
    2018-10-09 16:55 - 2018-09-07 23:27 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\winipcfile.dll
    2018-10-09 16:55 - 2018-09-07 23:27 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
    2018-10-09 16:55 - 2018-09-07 23:26 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
    2018-10-09 16:55 - 2018-09-07 23:26 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
    2018-10-09 16:55 - 2018-09-07 23:26 - 000387584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
    2018-10-09 16:55 - 2018-09-07 23:26 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
    2018-10-09 16:55 - 2018-09-07 23:26 - 000359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winipcfile.dll
    2018-10-09 16:55 - 2018-09-07 23:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
    2018-10-09 16:55 - 2018-09-07 23:25 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winipcsecproc.dll
    2018-10-09 16:55 - 2018-09-07 23:25 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
    2018-10-09 16:55 - 2018-09-07 23:25 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Proximity.dll
    2018-10-09 16:55 - 2018-09-07 23:24 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\das.dll
    2018-10-09 16:55 - 2018-09-07 23:23 - 000807936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winipcsecproc.dll
    2018-10-09 16:55 - 2018-09-07 23:23 - 000314368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Proximity.dll
    2018-10-06 18:59 - 2018-10-24 21:04 - 000003124 _____ C:\WINDOWS\System32\Tasks\MSIAfterburner
    2018-10-01 22:00 - 2018-10-01 22:00 - 000000000 ____D C:\Users\Chuck\AppData\Local\Adobe
    2018-09-30 12:10 - 2018-09-30 12:10 - 000060916 _____ C:\Users\Chuck\Desktop\6e227a41f55da4d9d5919bd9eca69f79.jpeg
    2018-09-29 22:46 - 2018-09-29 22:46 - 007971011 _____ C:\Users\Chuck\Desktop\murray track 2 manual.pdf
    2018-09-29 01:14 - 2018-09-29 01:14 - 000125308 _____ C:\Users\Chuck\Desktop\asd.txt

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-10-25 12:29 - 2018-07-31 17:02 - 000000000 ____D C:\WINDOWS\Minidump
    2018-10-25 12:29 - 2018-07-13 15:06 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2018-10-25 12:29 - 2018-07-13 14:58 - 000000000 ____D C:\Users\Chuck
    2018-10-25 12:29 - 2018-07-13 14:56 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2018-10-25 12:29 - 2018-04-11 19:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2018-10-25 12:29 - 2016-03-01 01:40 - 000000000 ____D C:\Program Files (x86)\TeamViewer
    2018-10-25 12:29 - 2015-10-09 00:53 - 000000145 _____ C:\HaxLogs.txt
    2018-10-25 12:29 - 2015-09-15 18:06 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2018-10-25 12:29 - 2014-08-10 17:32 - 000000000 ___RD C:\Users\Chuck\OneDrive
    2018-10-25 12:16 - 2017-05-20 17:35 - 000000000 ____D C:\Users\Chuck\AppData\LocalLow\Mozilla
    2018-10-24 17:41 - 2018-07-15 12:38 - 000000000 ____D C:\Users\Chuck\AppData\Local\D3DSCache
    2018-10-24 17:15 - 2018-07-13 15:08 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2018-10-24 17:15 - 2018-04-11 19:36 - 000000000 ____D C:\WINDOWS\INF
    2018-10-24 17:11 - 2018-06-06 21:40 - 000000000 ____D C:\Users\Chuck\AppData\Roaming\EliteKeyboards
    2018-10-24 17:09 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\AppReadiness
    2018-10-24 17:08 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
    2018-10-24 17:08 - 2018-04-11 17:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
    2018-10-24 17:08 - 2017-08-13 13:06 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
    2018-10-24 17:06 - 2016-01-03 19:08 - 000000000 ____D C:\Users\Chuck\AppData\Local\MindGems
    2018-10-24 17:03 - 2015-02-23 21:35 - 000000000 ____D C:\WINDOWS\system32\appmgmt
    2018-10-24 15:09 - 2018-07-13 15:06 - 000004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D9040790-EFB8-4757-B11B-96FE706DAA00}
    2018-10-23 23:12 - 2016-08-01 23:11 - 000000000 ____D C:\Users\Chuck\AppData\Local\ElevatedDiagnostics
    2018-10-23 23:04 - 2015-09-15 18:06 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2018-10-23 21:55 - 2018-04-11 19:30 - 000000000 ____D C:\WINDOWS\CbsTemp
    2018-10-23 17:45 - 2014-08-07 18:16 - 000000000 ____D C:\Users\Chuck\AppData\Roaming\Origin
    2018-10-23 17:45 - 2014-08-07 18:15 - 000000000 ____D C:\ProgramData\Origin
    2018-10-23 17:41 - 2014-08-07 18:58 - 000000000 ____D C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
    2018-10-23 16:40 - 2018-04-11 19:38 - 000000000 ___HD C:\Program Files\WindowsApps
    2018-10-23 13:17 - 2017-03-08 20:04 - 000000000 ____D C:\Program Files (x86)\Origin Games
    2018-10-23 12:59 - 2014-08-07 19:47 - 000000000 ____D C:\Program Files (x86)\Google
    2018-10-23 12:44 - 2018-04-27 18:03 - 000000000 ____D C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
    2018-10-23 12:31 - 2017-03-02 19:18 - 000000000 ____D C:\Users\Chuck\AppData\Roaming\FileAdvisor
    2018-10-22 20:03 - 2018-03-07 22:36 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
    2018-10-22 15:15 - 2015-12-13 13:17 - 000000000 ____D C:\Users\Chuck\AppData\Local\Corsair
    2018-10-22 15:15 - 2015-04-16 18:50 - 000000000 ____D C:\Program Files (x86)\Corsair
    2018-10-22 15:15 - 2014-08-08 23:40 - 000000000 ____D C:\Users\Chuck\AppData\Roaming\Corsair
    2018-10-22 15:14 - 2014-08-25 19:34 - 000000000 ____D C:\Program Files\Futuremark
    2018-10-22 15:14 - 2014-08-07 19:06 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2018-10-22 15:13 - 2018-08-04 16:36 - 000000000 ____D C:\ProgramData\NVIDIA
    2018-10-22 15:13 - 2018-08-04 16:35 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
    2018-10-22 15:13 - 2018-08-04 16:35 - 000000000 ____D C:\Program Files\NVIDIA Corporation
    2018-10-22 15:13 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\Help
    2018-10-22 15:13 - 2016-04-24 23:39 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2018-10-22 15:13 - 2016-03-30 23:28 - 000000000 ____D C:\Program Files (x86)\VulkanRT
    2018-10-22 15:08 - 2014-08-07 19:51 - 000000000 ____D C:\Program Files (x86)\Diablo III
    2018-10-22 01:08 - 2014-08-22 15:46 - 000000000 ____D C:\Users\Chuck\AppData\Local\Ubisoft Game Launcher
    2018-10-21 22:11 - 2018-06-25 00:14 - 000000000 ____D C:\CMS2000
    2018-10-19 18:55 - 2014-08-22 15:46 - 000000000 ____D C:\Users\Chuck\Documents\Assassin's Creed Revelations
    2018-10-19 11:44 - 2018-04-27 18:05 - 000000000 ____D C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
    2018-10-19 11:44 - 2017-11-10 12:27 - 000000000 ____D C:\Program Files\Send To Toys
    2018-10-19 11:43 - 2018-07-13 14:58 - 000000000 ____D C:\Users\VTUDKZXOX9
    2018-10-19 11:43 - 2017-04-18 21:27 - 000000000 ____D C:\Users\Chuck\AppData\Roaming\discord
    2018-10-19 11:43 - 2017-01-24 01:58 - 000000000 ____D C:\Users\Chuck\AppData\Local\ConnectedDevicesPlatform
    2018-10-19 11:43 - 2017-01-02 03:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Instagiffer
    2018-10-19 11:43 - 2015-10-07 22:29 - 000000000 ____D C:\Users\Chuck\AppData\Roaming\OBS
    2018-10-19 11:43 - 2015-10-07 22:29 - 000000000 ____D C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
    2018-10-19 11:43 - 2015-10-07 22:29 - 000000000 ____D C:\Program Files\OBS
    2018-10-19 11:43 - 2015-10-07 22:29 - 000000000 ____D C:\Program Files (x86)\OBS
    2018-10-19 11:43 - 2014-08-23 12:35 - 000000000 ____D C:\Users\Chuck\AppData\Roaming\vlc
    2018-10-19 11:36 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\InfusedApps
    2018-10-19 11:35 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\registration
    2018-10-16 17:10 - 2014-08-07 18:15 - 000559880 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
    2018-10-15 16:48 - 2018-07-11 13:03 - 000000000 ____D C:\ProgramData\Packages
    2018-10-12 15:21 - 2018-07-13 15:06 - 000003360 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4180532363-1903722274-3440195036-1001
    2018-10-12 15:21 - 2018-07-13 14:58 - 000002411 _____ C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2018-10-11 20:58 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\NDF
    2018-10-11 13:50 - 2014-08-07 19:37 - 000000000 ____D C:\Users\Chuck\.android
    2018-10-11 09:30 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
    2018-10-10 14:52 - 2018-01-24 19:37 - 000001089 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
    2018-10-10 14:26 - 2018-07-13 14:56 - 000279968 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2018-10-10 14:26 - 2016-11-20 14:54 - 000000000 __RHD C:\Users\Public\AccountPictures
    2018-10-10 14:26 - 2015-09-19 22:41 - 000000000 ___RD C:\Users\Chuck\3D Objects
    2018-10-09 22:52 - 2018-04-11 19:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2018-10-09 22:52 - 2018-04-11 19:38 - 000000000 ___RD C:\Program Files\Windows Defender
    2018-10-09 22:52 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\TextInput
    2018-10-09 22:52 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
    2018-10-09 22:52 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\bcastdvr
    2018-10-09 22:52 - 2018-04-11 19:38 - 000000000 ____D C:\Program Files (x86)\Windows Defender
    2018-10-09 17:00 - 2014-08-07 18:14 - 000000000 ____D C:\WINDOWS\system32\MRT
    2018-10-09 16:58 - 2014-08-07 18:14 - 136745976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2018-10-09 16:17 - 2015-02-16 01:40 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner
    2018-10-02 16:13 - 2018-04-11 19:41 - 000835152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2018-10-02 16:13 - 2018-04-11 19:41 - 000179792 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2018-10-01 22:00 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
    2018-10-01 22:00 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\Macromed

    ==================== Files in the root of some directories =======

    2014-08-08 23:40 - 2015-02-03 18:26 - 000000021 _____ () C:\Users\Chuck\AppData\Roaming\config_data.dat
    2018-10-23 19:40 - 2018-10-23 19:40 - 000000000 _____ () C:\Users\Chuck\AppData\Local\ars.cache
    2018-10-23 19:40 - 2018-10-23 19:40 - 000505517 _____ () C:\Users\Chuck\AppData\Local\census.cache
    2018-10-23 13:07 - 2018-10-23 13:07 - 000000036 _____ () C:\Users\Chuck\AppData\Local\housecall.guid.cache
    2018-08-26 21:19 - 2018-08-26 21:19 - 000005186 _____ () C:\Users\Chuck\AppData\Local\recently-used.xbel
    2014-08-23 19:32 - 2014-08-23 19:32 - 000007605 _____ () C:\Users\Chuck\AppData\Local\Resmon.ResmonCfg
    2018-10-23 13:12 - 2018-10-23 16:25 - 000000010 _____ () C:\Users\Chuck\AppData\Local\sponge.last.runtime.cache

    Some files in TEMP:
    ====================
    2018-10-22 15:12 - 2018-03-23 19:05 - 000374152 _____ (NVIDIA Corporation) C:\Users\Chuck\AppData\Local\Temp\nvStInst.exe
    2018-10-21 16:43 - 2018-10-21 16:43 - 057158752 _____ (Acresso Software Inc.) C:\Users\Chuck\AppData\Local\Temp\ubi2C59.tmp.exe

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2018-07-13 14:56

    ==================== End of FRST.txt ============================

  2. #2
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Hi

    When Farbar Recovery Scan Tool was first run it should had also created a txt Addition.txt

    Can you post this for me.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #3
    Junior Member
    Join Date
    Oct 2018
    Posts
    13

    Default

    Quote Originally Posted by Juliet View Post
    Hi

    When Farbar Recovery Scan Tool was first run it should had also created a txt Addition.txt

    Can you post this for me.
    Ahh Sorry. I knew i forgot something! haha

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24.10.2018
    Ran by Chuck (25-10-2018 12:31:03)
    Running from C:\Users\Chuck\Desktop
    Windows 10 Pro Version 1803 17134.345 (X64) (2018-07-13 19:06:13)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-4180532363-1903722274-3440195036-500 - Administrator - Disabled)
    cdragonm (S-1-5-21-4180532363-1903722274-3440195036-1006 - Limited - Enabled)
    Chrome (S-1-5-21-4180532363-1903722274-3440195036-1011 - Administrator - Enabled)
    Chuck (S-1-5-21-4180532363-1903722274-3440195036-1001 - Administrator - Enabled) => C:\Users\Chuck
    DefaultAccount (S-1-5-21-4180532363-1903722274-3440195036-503 - Limited - Disabled)
    Guest (S-1-5-21-4180532363-1903722274-3440195036-501 - Limited - Enabled)
    HomeGroupUser$ (S-1-5-21-4180532363-1903722274-3440195036-1014 - Limited - Enabled)
    VTUDKZXOX9 (S-1-5-21-4180532363-1903722274-3440195036-1016 - Limited - Enabled) => C:\Users\VTUDKZXOX9
    WDAGUtilityAccount (S-1-5-21-4180532363-1903722274-3440195036-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Enabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    A3Launcher version 0.1.4.4 (HKLM-x32\...\{1E29A86E-9AE2-4CD8-74C8-6B170ED3C4D2}_is1) (Version: 0.1.4.4 - Maca134)
    ACP Application (HKLM\...\{F6191048-C738-9336-04C8-968455D82C31}) (Version: 2016.0718.1650.38 - Advanced Micro Devices, Inc.) Hidden
    Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
    Adobe Flash Player 31 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 31.0.0.108 - Adobe Systems Incorporated)
    Amazon Cloud Drive (HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\Amazon Cloud Drive) (Version: 2.4.2.25 - Amazon Digital Services, LLC.)
    AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 18.7.1 - Advanced Micro Devices, Inc.)
    Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
    Apple Application Support (32-bit) (HKLM-x32\...\{D811A40A-9791-497C-B9DC-2D89C8E95EA1}) (Version: 6.1 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{8B47B514-F5D2-4E0D-B951-6E250618A7CD}) (Version: 6.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{31A0B634-BCF4-4D3F-8336-87FEACFEE142}) (Version: 11.0.1.2 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
    Assassin's Creed(R) III v1.03 (HKLM-x32\...\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}) (Version: 1.03 - Ubisoft)
    ASTRA32 - Advanced System Information Tool 3.50 (HKLM-x32\...\ASTRA32_is1) (Version: 3.50 - Sysinfo Lab)
    Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
    BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - )
    Bethesda.net Launcher (HKLM-x32\...\{3448917E-E4FE-4E30-9502-9FD52EABB6F5}_is1) (Version: 1.0 - Bethesda Softworks)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Branding64 (HKLM\...\{EE2AFCE4-0238-4DE0-A140-1647021627C1}) (Version: 1.00.0001 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization BR (HKLM\...\{118C2119-84B6-E32C-63E2-B56DBCF41CE5}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization BR (HKLM\...\{3E245378-BF77-6946-C6F6-096DBE5EAB82}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization BR (HKLM\...\{A16E186C-58C4-3BDC-5CCE-714EFEF5F27F}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization BR (HKLM\...\{E7AA1A02-575C-14C6-FBEF-4BE6D46A5B74}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization CHS (HKLM\...\{45907537-804A-514F-5280-5F4F12A6DCBC}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization CHS (HKLM\...\{5A083A57-10D6-D4E5-292C-F274870E73A4}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization CHS (HKLM\...\{E42911E5-48F8-8557-ED20-D72AD1907D25}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization CHS (HKLM\...\{EB6C44F1-0F78-FE10-BC63-90BA50AB0CE9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization CHT (HKLM\...\{962364E4-08BB-347D-32E7-2B789F37BF8A}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization CHT (HKLM\...\{B26D75B8-FAB7-6F8B-767F-BAF975383D91}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization CHT (HKLM\...\{B4C30EF4-B2C5-1395-B534-7B63BCB6E8E4}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization CHT (HKLM\...\{DF0D7C1C-72B6-9FFB-DF66-B3720237BB80}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization CS (HKLM\...\{238F6F6F-2544-86CF-3AB6-2CDADAB58CF0}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization CS (HKLM\...\{36EDC500-E4C0-371C-9865-08450415C1E9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization CS (HKLM\...\{62098A5F-E03B-31A3-5F9C-51A7F7D25744}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization CS (HKLM\...\{A0407E39-2AA4-60B3-885F-3C5347B6909E}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization DA (HKLM\...\{0989D0EA-AFF3-5F9A-3D25-20EE133E409B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization DA (HKLM\...\{1757AD9B-0E3C-05F9-FE43-4343BED7DA85}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization DA (HKLM\...\{4C2FB7FD-89FD-BA5C-585A-3811F326AD34}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization DA (HKLM\...\{EC688BD0-240D-AE40-55F3-234E54919AE6}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization DE (HKLM\...\{66B06F29-EE4F-9130-D96A-754826093FEA}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization DE (HKLM\...\{A8689A0F-5928-7300-B82B-C5E85131B7BA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization DE (HKLM\...\{D74218A3-C503-57EF-AC9F-2220082E7ADE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization DE (HKLM\...\{E27224E3-7913-DA1E-5B08-9BEEC8FEE3D1}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization EL (HKLM\...\{76AAF56B-93D8-161D-809A-EC05F3B913DA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization EL (HKLM\...\{821D0A0E-F246-BE40-0D68-93883C14C410}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization EL (HKLM\...\{95A52FC1-C728-841D-1BFC-CC793B77B0A4}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization EL (HKLM\...\{DA433FCF-90A1-19A5-65A7-FDF82DE4826D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization ES (HKLM\...\{063CED74-F5F0-870E-DC9C-2D78FDEDA3EE}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization ES (HKLM\...\{88BD74C4-23AB-4554-915C-6E1F0C81F6CD}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization ES (HKLM\...\{949F125B-A6CC-5A5E-EEE7-4AC50305C1FA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization ES (HKLM\...\{A22CDEBA-6DB5-12CD-F6CE-6238C2D78363}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization FI (HKLM\...\{13BB60AA-88F7-4B1F-2DEC-D81EEDE8B3AA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization FI (HKLM\...\{20D46801-147B-30AD-7C5A-AC4560A79096}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization FI (HKLM\...\{A48E2AB0-0866-7783-9657-E1709EB18D02}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization FI (HKLM\...\{C0BFC67D-E447-02C8-6046-C078DFE9EC97}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization FR (HKLM\...\{22C39711-2747-D264-319A-1550BEEAAEC6}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization FR (HKLM\...\{37AA6227-FF2C-95AC-87C0-45DCC0BB87DA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization FR (HKLM\...\{94C72EBE-2908-F0AC-62DA-D61951830F8F}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization FR (HKLM\...\{E61CEF9A-BAC3-EAEE-F735-E257D2354DF2}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization HU (HKLM\...\{1DBACFDB-5E43-7882-36BD-53526D34BD22}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization HU (HKLM\...\{5B987681-3652-492B-6A11-E02AC0FE5959}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization HU (HKLM\...\{DA0326BB-657D-AAFC-752C-363E8FA33755}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization HU (HKLM\...\{EB328356-1DF0-1CCE-3607-6361DD329219}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization IT (HKLM\...\{86BFE5B4-1FCE-3C02-6373-92B1AE6431E8}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization IT (HKLM\...\{87E6EC29-AEC5-28CB-F773-93EB6C1B8A2B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization IT (HKLM\...\{A91FC4BF-C1EC-ADCA-79D1-F4F0671F1D60}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization IT (HKLM\...\{B873A1FB-5EA0-EE5F-A861-1E38880AD08E}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization JA (HKLM\...\{0742432E-42D9-2240-4CA1-8595CCCBAA77}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization JA (HKLM\...\{CA55697D-BD74-3ED8-6B21-D7EDAD3B7D02}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization JA (HKLM\...\{EC9DF9FF-9D75-4CDD-1D58-A2E887B0A42E}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization JA (HKLM\...\{ED75A775-03A7-F214-868D-497748707968}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization KO (HKLM\...\{07BFBD5C-2F63-6828-1B61-B41A44113F3B}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization KO (HKLM\...\{7ABACA7E-6E59-0EF9-8FA3-6B32E5F58127}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization KO (HKLM\...\{CFC860C8-4F51-E08C-A74C-2E444ED06160}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization KO (HKLM\...\{EAEAA839-44F4-22DF-D1CC-88C3B2A3D4B1}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization NL (HKLM\...\{3E196AAF-F81C-B384-E2AB-28EE2398FE5F}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization NL (HKLM\...\{9338D693-38B7-1ED4-9B42-BFA1D5600CCB}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization NL (HKLM\...\{A3973655-E448-4A1B-477C-988A79D132D9}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization NL (HKLM\...\{E6038D3E-5D87-8DF7-6D05-BE7532C3E73E}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization NO (HKLM\...\{6DC92550-D065-4B36-C4D3-D8D7A702A7A7}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization NO (HKLM\...\{C971C145-258D-6650-7088-13DDB161327A}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization NO (HKLM\...\{DAEFFE0C-CD05-1355-6AFC-7B3D4106A820}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization NO (HKLM\...\{DFAD9DAC-4768-C8BB-4E0E-5239605A9BEA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization PL (HKLM\...\{B2A83706-3F14-1532-20CD-B4EE715A8945}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization PL (HKLM\...\{E392A425-53A7-DF90-96A0-E287A75DD3B2}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization PL (HKLM\...\{EBA09DAF-14B4-7BE7-676E-6E2FB21EDBDD}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization PL (HKLM\...\{FFBFBD1F-B160-A119-7C43-8584FA2E5665}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization RU (HKLM\...\{44ED2CDA-4197-E9E9-B328-26E1FB749116}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization RU (HKLM\...\{4D1D5407-9B69-6422-629C-8518A26004A4}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization RU (HKLM\...\{9AA4DD93-94BF-22EA-C9D2-7084F304A31B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization RU (HKLM\...\{D6F47BB4-700A-F612-0671-5F69EA311BB7}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization SV (HKLM\...\{01FD9A26-3F61-9236-B360-BE5D043D82C0}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization SV (HKLM\...\{3450566C-4561-0EE8-B1AB-D5C79CCE8D2C}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization SV (HKLM\...\{379D900B-A785-6DB0-012E-434356A365B3}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization SV (HKLM\...\{A8379BAB-59A9-C0A3-8BCC-4852EA403692}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization TH (HKLM\...\{24DF617A-CD23-6E6A-126B-23630D2781CE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization TH (HKLM\...\{366C4FB5-CF6E-258B-418D-E6D29549A278}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization TH (HKLM\...\{64D4CCC3-63DF-252D-D29D-03491670225D}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization TH (HKLM\...\{FCE8438C-3272-D63F-479F-670F082B294B}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization TR (HKLM\...\{25D1751E-7CA2-5F6D-0125-0A16E47AF9FE}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization TR (HKLM\...\{83DDDFD8-AD42-72F9-E4F1-5456FDB304C9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization TR (HKLM\...\{8DF90937-B869-9F76-5D45-5A8BDA0A33B6}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization TR (HKLM\...\{B10089DE-934F-6E0F-683A-B788F89348DF}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
    CMS2000 version 1.0 (HKLM-x32\...\CMS2000_is1) (Version: 1.0 - )
    Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
    CPUID CPU-Z 1.75 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) <==== ATTENTION
    CPUID HWMonitor Pro 1.25 (HKLM\...\CPUID HWMonitorPro_is1) (Version: - )
    Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
    Dead Space™ 2 (HKLM-x32\...\{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}) (Version: 1.0.941.0 - Electronic Arts)
    Discord (HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\Discord) (Version: 0.0.301 - Discord Inc.)
    Fallout Shelter (HKLM-x32\...\Fallout Shelter) (Version: - Bethesda Softworks)
    FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version: - Image-Line)
    FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line)
    Foscam Web Components Test 2.0.0.99 (HKLM-x32\...\{7E8ADAF8-7E63-4E11-88BF-9E0E7513D7A5}_is1) (Version: 2.0.0.99 - FOSCAM)
    Futuremark SystemInfo (HKLM-x32\...\{4DB65855-2E10-47A2-AC3B-F8F826840125}) (Version: 4.46.595.0 - Futuremark)
    GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
    Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.67 - Google Inc.)
    Google Drive (HKLM-x32\...\{A8DC81F2-D365-4248-892A-FA3B5951F731}) (Version: 2.34.9392.7803 - Google, Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
    Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
    Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
    HP ENVY 5530 series Basic Device Software (HKLM\...\{CE838BCA-A2CA-4E8E-88C3-C2D4ECA150D1}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
    HP ENVY 5530 series Help (HKLM-x32\...\{97EAE055-1BE8-4775-8101-453E9715EC3F}) (Version: 30.0.0 - Hewlett Packard)
    HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
    Intel® Hardware Accelerated Execution Manager (HKLM\...\{ECCB31F5-435D-4F37-A98D-5854D3C62718}) (Version: 1.1.1 - Intel Corporation)
    iTunes (HKLM\...\{F2517A28-8CB8-4206-B86C-5EDD4EA26682}) (Version: 12.7.1.14 - Apple Inc.)
    Java 7 Update 79 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417079FF}) (Version: 7.0.790 - Oracle)
    Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
    Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
    Java SE Development Kit 7 Update 79 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170790}) (Version: 1.7.0.790 - Oracle)
    Logitech Gaming Software 8.81 (HKLM\...\Logitech Gaming Software) (Version: 8.81.15 - Logitech Inc.)
    LOOT version 0.11.0 (HKLM-x32\...\{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.11.0 - LOOT Team)
    Mass Effect™ 2 (HKLM-x32\...\{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}) (Version: 1.2.1604.0 - Electronic Arts)
    Microsoft Flight Simulator SimConnect Client v10.0.62607.0 (HKLM-x32\...\{33D89314-361A-4495-A1E1-0ACBCE08F78D}) (Version: 10.0.62607.0 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\OneDriveSetup.exe) (Version: 18.172.0826.0010 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
    Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
    Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
    Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
    Mozilla Thunderbird 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
    Mozilla Thunderbird 52.9.1 (x86 en-US) (HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\Mozilla Thunderbird 52.9.1 (x86 en-US)) (Version: 52.9.1 - Mozilla)
    MSI Afterburner 4.3.0 (HKLM-x32\...\Afterburner) (Version: 4.3.0 - MSI Co., LTD)
    MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
    Mumble 1.2.7 (HKLM-x32\...\{CF8BBFA2-5502-4904-A9E9-8D5CAA8DF785}) (Version: 1.2.7 - Thorvald Natvig)
    MyFreeCodec (HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\MyFreeCodec) (Version: - )
    Need for Speed(TM) Hot Pursuit (HKLM-x32\...\{83A606F5-BF6F-42ED-9F33-B9F74297CDED}) (Version: 1.0.0.0 - Electronic Arts)
    Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.65.2 - Black Tree Gaming)
    Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.3 - Notepad++ Team)
    NVIDIA HD Audio Driver 1.3.36.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.36.6 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
    OBDwiz (HKLM-x32\...\{2AAF92BA-E688-43F7-9A6D-96A01FF606D4}) (Version: 2.16.4 - OCTech, LLC)
    Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
    OpenAL (HKLM-x32\...\OpenAL) (Version: - )
    OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
    Origin (HKLM-x32\...\Origin) (Version: 10.5.29.14153 - Electronic Arts, Inc.)
    OSFMount v1.5 (HKLM\...\OSFMount_is1) (Version: 1.5.1015 - Passmark Software)
    Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games)
    Plants vs. Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
    Private Internet Access v80 (HKLM-x32\...\{148169C2-5558-4C3E-B38A-7B1813A264CA}_is1) (Version: 80 - London Trust Media, Inc.)
    PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
    Raptr (HKLM-x32\...\Raptr) (Version: 5.2.10-r123135-release - Raptr, Inc)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7572 - Realtek Semiconductor Corp.)
    Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.3.8 - Rockstar Games)
    Samsung Kies (HKLM-x32\...\{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15075.2 - Samsung Electronics Co., Ltd.) Hidden
    Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15075.2 - Samsung Electronics Co., Ltd.)
    Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
    Seagate Dashboard (HKLM-x32\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.1.1402.0 - Seagate)
    Send To Toys v2.71 (HKLM\...\Send To Toys_is1) (Version: - Gabriele Ponti)
    SimCity 2000 Special Edition (HKLM-x32\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts)
    SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.98.0213 - Electronic Arts)
    SketchUp 2014 (HKLM-x32\...\{F246092E-FA0B-47C8-9D3E-CF8C210293C8}) (Version: 14.1.1282 - Trimble Navigation Limited)
    Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
    Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
    Splashtop Personal (HKLM-x32\...\{E7CF0F14-8C1D-41F3-85ED-579C108262C7}) (Version: 2.6.4.0 - Splashtop Inc.)
    Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.)
    Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 3.2.6.0 - Splashtop Inc.)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
    Star Citizen Launcher (HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\Star Citizen Launcher) (Version: 00.01.00.00 - Cloud Imperium Games)
    Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
    TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
    TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.2.26558 - TeamViewer)
    The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.69.43.024017 - Electronic Arts Inc.)
    The Sims™ 3 70s, 80s, & 90s Stuff (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}_The Sims 3 70s 80s & 90s Stuff) (Version: 1.0.0.0 - Electronic Arts Inc.)
    The Sims™ 3 Ambitions (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
    The Sims™ 3 Create a World Tool - Beta (HKLM-x32\...\{65761BAE-11E8-48FE-B30F-1F01011AB906}) (Version: 1.22.9 - Electronic Arts)
    The Sims™ 3 Diesel Stuff (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}_The Sims 3 Diesel Stuff) (Version: 1.0.0.0 - Electronic Arts Inc.)
    The Sims™ 3 Fast Lane Stuff (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}_The Sims 3 Fast Lane Stuff) (Version: 1.0.0.0 - Electronic Arts Inc.)
    The Sims™ 3 Generations (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
    The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
    The Sims™ 3 Into the Future (HKLM-x32\...\{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}) (Version: 21.0.150 - Electronic Arts)
    The Sims™ 3 Island Paradise (HKLM-x32\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts)
    The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
    The Sims™ 3 Master Suite Stuff (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}_The Sims 3 Master Suite Stuff) (Version: 1.0.0.0 - Electronic Arts Inc.)
    The Sims™ 3 Outdoor Living Stuff (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}_The Sims 3 Outdoor Living Stuff) (Version: 1.0.0.0 - Electronic Arts Inc.)
    The Sims™ 3 Pets (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
    The Sims™ 3 Seasons (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
    The Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
    The Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
    The Sims™ 3 Town Life Stuff (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}_The Sims 3 Town Life Stuff) (Version: 1.0.0.0 - Electronic Arts Inc.)
    The Sims™ 3 University Life (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
    The Sims™ 3 World Adventures (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
    Theme Hospital (HKLM-x32\...\{5118A4C2-C8A4-4CE5-AC37-F3E51C25402F}) (Version: 3.0.0.5 - Electronic Arts)
    Trove North America (HKLM-x32\...\Glyph Trove North America) (Version: - Trion Worlds, Inc.)
    TroveTools .NET (HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\0ad522f4516a2a4e) (Version: 1.2.0.5 - Dazo)
    Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
    Unity Web Player (HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\UnityWebPlayer) (Version: 5.2.0f3 - Unity Technologies ApS)
    Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS)
    Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{8CFAB044-7D2E-4655-B86D-99932E988980}) (Version: 2.45.0.0 - Microsoft Corporation)
    Uplay (HKLM-x32\...\Uplay) (Version: 32.1 - Ubisoft)
    VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
    Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
    Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0) (Version: 1.0.17.0 - LunarG, Inc.)
    Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
    Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
    Vulkan Run Time Libraries 1.0.51.0 (HKLM\...\VulkanRT1.0.51.0) (Version: 1.0.51.0 - LunarG, Inc.)
    Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
    WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)
    Win32DiskImager version 1.0.0 (HKLM-x32\...\{3DFFA293-DF2C-4B23-92E5-3433BDC310E1}}_is1) (Version: 1.0.0 - ImageWriter Developers)
    Winamp (HKLM-x32\...\Winamp) (Version: 5.623 - Nullsoft, Inc)
    Winamp Detector Plug-in (HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
    Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
    Windows Migration Assistant (HKLM-x32\...\{94C6D9B4-884B-4FD7-B89D-849ADD76057D}) (Version: 2.0.5.0 - Apple Inc.)
    Wing Commander III (HKLM-x32\...\{F96B9930-E22A-44D6-81B5-6C8E92C21B4B}) (Version: 2.0.0.2 - Electronic Arts)
    WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google)
    ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-08-28] ()
    ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google)
    ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
    ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
    ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2014-06-10] (Alexander Roshal)
    ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2014-06-10] (Alexander Roshal)
    ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google)
    ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-07-11] (Advanced Micro Devices, Inc.)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => -> No File
    ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => -> No File
    ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
    ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
    ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2014-06-10] (Alexander Roshal)
    ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2014-06-10] (Alexander Roshal)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {1F20BCE3-86FC-429F-86A8-7720C825555D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {1FBF9A2B-44D9-4A96-8FE4-75B6841946F3} - \CCleanerSkipUAC -> No File <==== ATTENTION
    Task: {23015562-5B1A-4E4F-ABCD-5A43D073C742} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-22] (Microsoft Corporation)
    Task: {242B16B9-C21E-4365-84A2-265C8AD98E34} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-22] (Microsoft Corporation)
    Task: {26A5F1C4-ADAB-445D-B243-BFF64AD1CA03} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {3348B140-EF69-44A5-844C-201B3D2C57FE} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {34816B2A-5E2E-4FAE-966D-767224A108FC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2018-04-20] (Safer-Networking Ltd.)
    Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
    Task: {3875A0C8-729A-4FFE-AE65-756AAE3E971F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2018-04-20] (Safer-Networking Ltd.)
    Task: {4AFD0069-725D-47C6-9E33-26612FF31612} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2018-07-11] (Advanced Micro Devices, Inc.)
    Task: {63610CD7-16E3-431C-A290-5AC66E5B70F3} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
    Task: {6D733F13-29DC-4DB7-902B-2958C60D1A92} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe
    Task: {7C57D682-87F0-4DED-BB4E-DE202085721C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2018-10-09] (Microsoft Corporation)
    Task: {7D9B7AF0-A80F-4FBE-8FC2-C77EE9D7D2CC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {8BFB9C1D-1B83-4A42-A583-D00A2ACB0E77} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
    Task: {9BA01F53-566E-4EF4-BD47-3A6FCEA8C927} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
    Task: {9DEE82AB-509D-4657-B24E-E0EAE262B113} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {A5F2DC0C-E94F-4098-BFC7-BA812FA7AF68} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2016-10-24] ()
    Task: {AE89AD3F-AA5D-4CED-8D8A-1070C3843FF6} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2015-06-08] (Seagate Technology LLC)
    Task: {AFD580E8-96C6-449B-B19B-884C7A033239} - System32\Tasks\{1EF2C581-B9DB-4018-9D32-916C517E750E} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.8.64.102/en/abandoninstall?page=tsBing
    Task: {B535E689-044B-4B1F-BC73-968DB16E3DC1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {B5D8B1A5-4956-4C45-811C-4F1FE209CEAF} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {B872B500-2291-40CA-AFB4-A21E4235ED2B} - System32\Tasks\StartPoint Updater => C:\Users\Chuck\AppData\Local\StartPoint\startpoint\1.3.18.7\startup.exe <==== ATTENTION
    Task: {C36575E9-7361-40F8-9548-270A9935A64C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-22] (Microsoft Corporation)
    Task: {D9BF6923-B521-4D5D-B87A-A36CC7A004AE} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {D9FBE760-8F58-428D-A782-D24EF042FC80} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {DA88A7B9-6A8F-4052-A385-F042D66AD013} - System32\Tasks\{28CD1A87-F9EC-4E74-B18E-9782CA38749B} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\PeerGuardian2\pg2.exe" -d C:\Users\Chuck\Desktop
    Task: {DDBA78EC-BCFE-48E6-B4A4-07F4501322B2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-22] (Microsoft Corporation)
    Task: {E1E6F005-7BAC-464A-9C3C-14938BBB8E0E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2018-04-20] (Safer-Networking Ltd.)
    Task: {E2983D0C-699D-48D2-A79C-53AAA59B9945} - System32\Tasks\StartPoint => C:\Users\Chuck\AppData\Local\StartPoint\startpoint\1.3.18.7\startpoint.exe <==== ATTENTION
    Task: {E3CB0C76-F081-440C-99F6-C37324D818E2} - System32\Tasks\Private Internet Access Startup => C:/Program Files/pia_manager/pia_manager.exe [2018-05-22] ()
    Task: {E80C0B61-0806-4726-918B-B5F750F56581} - \WPD\SqmUpload_S-1-5-21-4180532363-1903722274-3440195036-1007 -> No File <==== ATTENTION
    Task: {EAB09DC3-AD0C-477D-8620-F1B786326164} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe [2018-07-11] (Advanced Micro Devices, Inc.)
    Task: {EB84D48F-2FD4-4C23-A5DF-F02834A59E8F} - \WPD\SqmUpload_S-1-5-21-4180532363-1903722274-3440195036-1001 -> No File <==== ATTENTION
    Task: {F3E251B6-E4E1-4C5A-A3EB-2EB6F4B1B6DD} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {FD0254E7-DA38-4D78-A883-5092F2F34FFA} - System32\Tasks\Start Corsair Link => C:\Program Files (x86)\Corsair\Corsair Link\CorsairLINK.exe

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    Shortcut: C:\Users\Chuck\Documents\Electronic Arts\The Sims 3\Custom Music\02.Battery.mp3 - Shortcut.lnk -> E:\All Access Music\02.Battery.mp3 ()
    Shortcut: C:\Users\Chuck\Documents\Electronic Arts\The Sims 3\Custom Music\13.Battle Theme.mp3 - Shortcut.lnk -> E:\All Access Music\13.Battle Theme.mp3 ()

    ShortcutWithArgument: C:\Users\Chuck\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"

    ==================== Loaded Modules (Whitelisted) ==============

    2018-04-11 19:34 - 2018-04-11 19:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
    2016-10-24 06:03 - 2016-10-24 06:03 - 000589512 _____ () C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
    2018-04-11 19:34 - 2018-04-11 19:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
    2018-04-11 19:34 - 2018-04-11 19:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
    2017-10-19 00:51 - 2017-10-19 00:51 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2017-10-19 00:51 - 2017-10-19 00:51 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-10-01 23:10 - 2014-10-01 23:10 - 000076152 _____ () C:\Windows\system32\PnkBstrA.exe
    2018-10-09 16:56 - 2018-09-19 23:38 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2018-07-13 18:51 - 2018-07-13 18:51 - 001308672 _____ () c:\windows\system32\FaceProcessor.dll
    2018-07-13 18:51 - 2018-07-13 18:51 - 000542888 _____ () c:\windows\system32\FaceProcessorCore.dll
    2018-04-11 19:34 - 2018-04-11 19:34 - 001348664 _____ () c:\windows\system32\FaceTrackerInternal.dll
    2018-10-01 16:48 - 2018-10-01 16:48 - 002959872 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.1808.2473.0_x64__8wekyb3d8bbwe\People.BackgroundTasks.dll
    2018-10-01 16:48 - 2018-10-01 16:48 - 000119808 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.1808.2473.0_x64__8wekyb3d8bbwe\PeopleUtilRT.dll
    2018-10-01 16:48 - 2018-10-01 16:48 - 009026560 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.1808.2473.0_x64__8wekyb3d8bbwe\Microsoft.People.NativeComponents.dll
    2018-04-05 15:12 - 2018-04-05 15:12 - 004734464 _____ () C:\Program Files\WindowsApps\Microsoft.Wallet_2.2.18065.0_x64__8wekyb3d8bbwe\Microsoft.Wallet.dll
    2018-10-23 16:40 - 2018-10-23 16:40 - 000183808 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
    2018-10-23 16:40 - 2018-10-23 16:40 - 000019456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll
    2018-10-09 17:20 - 2018-10-09 17:20 - 004389888 _____ () C:\Program Files\WindowsApps\Microsoft.OneConnect_5.1809.2571.0_x64__8wekyb3d8bbwe\OneConnect.dll
    2018-10-05 18:30 - 2018-10-05 18:30 - 000066048 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11809.1001.8.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
    2018-10-05 18:30 - 2018-10-05 18:30 - 000194048 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11809.1001.8.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
    2018-07-13 18:51 - 2018-07-13 18:51 - 002060288 _____ () C:\Windows\System32\speech_onecore\engines\tts\MSTTSEngine_OneCore.dll
    2018-10-23 16:40 - 2018-10-23 16:40 - 035118592 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\Video.UI.exe
    2018-10-23 16:40 - 2018-10-23 16:40 - 000290816 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\SharedUI.dll
    2018-10-23 16:40 - 2018-10-23 16:40 - 005987328 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\EntCommon.dll
    2018-03-26 16:20 - 2018-03-26 16:21 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
    2018-10-23 16:40 - 2018-10-23 16:40 - 009064448 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\EntPlat.dll
    2018-10-04 15:11 - 2018-10-04 15:12 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
    2018-10-23 16:40 - 2018-10-23 16:40 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
    2018-10-23 16:40 - 2018-10-23 16:40 - 010978304 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\LibWrapper.dll
    2018-10-23 16:40 - 2018-10-23 16:40 - 002810368 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\skypert.dll
    2018-10-23 16:40 - 2018-10-23 16:40 - 000685056 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
    2018-08-14 17:21 - 2018-08-14 17:21 - 034701824 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_44.44.7002.0_x64__8wekyb3d8bbwe\XboxApp.dll
    2018-03-07 22:47 - 2018-03-07 22:52 - 000258560 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_44.44.7002.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
    2015-03-06 20:07 - 2015-03-06 20:07 - 000908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
    2016-02-17 19:01 - 2016-02-17 19:01 - 001095448 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
    2015-03-06 20:07 - 2015-03-06 20:07 - 000060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
    2016-02-17 19:01 - 2016-02-17 19:01 - 000240408 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
    2016-10-10 12:46 - 2016-10-10 12:46 - 000071680 _____ () C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
    2016-10-10 12:46 - 2016-10-10 12:46 - 000228864 _____ () C:\Program Files (x86)\MSI Afterburner\RTCore.dll
    2016-10-10 12:46 - 2016-10-10 12:46 - 000056832 _____ () C:\Program Files (x86)\MSI Afterburner\RTFC.dll
    2016-10-10 12:46 - 2016-10-10 12:46 - 000357888 _____ () C:\Program Files (x86)\MSI Afterburner\RTUI.dll
    2016-10-10 12:46 - 2016-10-10 12:46 - 000526848 _____ () C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
    2018-05-03 13:18 - 2018-04-30 23:01 - 001891672 _____ () C:\Users\Chuck\AppData\Local\Discord\app-0.0.301\ffmpeg.dll
    2018-05-03 13:18 - 2018-04-30 23:01 - 001937752 _____ () C:\Users\Chuck\AppData\Local\Discord\app-0.0.301\libglesv2.dll
    2018-05-03 13:18 - 2018-04-30 23:01 - 000095576 _____ () C:\Users\Chuck\AppData\Local\Discord\app-0.0.301\libegl.dll
    2018-05-03 13:19 - 2018-08-30 10:13 - 011321176 _____ () \\?\C:\Users\Chuck\AppData\Roaming\discord\0.0.301\modules\discord_voice\discord_voice.node
    2018-05-03 13:19 - 2018-09-13 12:29 - 001615704 _____ () \\?\C:\Users\Chuck\AppData\Roaming\discord\0.0.301\modules\discord_utils\discord_utils.node
    2018-05-03 13:19 - 2018-05-03 13:19 - 001910104 _____ () \\?\C:\Users\Chuck\AppData\Roaming\discord\0.0.301\modules\discord_spellcheck\node_modules\cld\build\Release\cld.node
    2018-05-03 13:19 - 2018-05-03 13:19 - 000422744 _____ () \\?\C:\Users\Chuck\AppData\Roaming\discord\0.0.301\modules\discord_spellcheck\node_modules\spellchecker\build\Release\spellchecker.node
    2018-05-03 13:19 - 2018-05-03 13:19 - 000145240 _____ () \\?\C:\Users\Chuck\AppData\Roaming\discord\0.0.301\modules\discord_spellcheck\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node
    2018-05-03 13:19 - 2018-05-03 13:19 - 000512856 _____ () \\?\C:\Users\Chuck\AppData\Roaming\discord\0.0.301\modules\discord_erlpack\discord_erlpack.node
    2018-05-03 13:19 - 2018-10-17 10:41 - 001629016 _____ () \\?\C:\Users\Chuck\AppData\Roaming\discord\0.0.301\modules\discord_game_utils\discord_game_utils.node
    2018-10-01 15:36 - 2018-10-10 14:26 - 009621848 _____ () \\?\C:\Users\Chuck\AppData\Roaming\discord\0.0.301\modules\discord_cloudsync\discord_cloudsync.node
    2018-05-03 13:19 - 2018-10-17 10:41 - 001705816 _____ () \\?\C:\Users\Chuck\AppData\Roaming\discord\0.0.301\modules\discord_overlay2\discord_overlay2.node
    2018-05-03 13:19 - 2018-05-03 13:19 - 002722648 _____ () \\?\C:\Users\Chuck\AppData\Roaming\discord\0.0.301\modules\discord_rpc\discord_rpc.node
    2018-08-11 10:42 - 2018-10-23 12:30 - 001253720 _____ () \\?\C:\Users\Chuck\AppData\Roaming\discord\0.0.301\modules\discord_modules\discord_modules.node
    2018-08-11 10:42 - 2018-10-18 19:18 - 024993624 _____ () \\?\C:\Users\Chuck\AppData\Roaming\discord\0.0.301\modules\discord_dispatch\discord_dispatch.node
    2018-05-03 13:19 - 2018-05-03 13:19 - 002760536 _____ () \\?\C:\Users\Chuck\AppData\Roaming\discord\0.0.301\modules\discord_contact_import\discord_contact_import.node
    2018-05-03 13:19 - 2018-05-03 13:19 - 001249112 _____ () \\?\C:\Users\Chuck\AppData\Roaming\discord\0.0.301\modules\discord_vigilante\discord_vigilante.node
    2018-07-11 13:51 - 2018-07-11 13:51 - 000007680 _____ () C:\Program Files (x86)\AMD\Performance Profile Client\AUEPLauncher.exe
    2018-07-11 13:51 - 2018-07-11 13:51 - 000082432 _____ () C:\Program Files (x86)\AMD\Performance Profile Client\AUEPMaster.exe
    2018-07-11 13:51 - 2018-07-11 13:51 - 000062976 _____ () C:\Program Files (x86)\AMD\Performance Profile Client\AUEPDU.exe

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    There are 7940 more sites.

    IE restricted site: HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\123simsen.com -> www.123simsen.com

    There are 7942 more sites.


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2018-10-23 22:37 - 2018-10-23 23:07 - 000454851 ____R C:\WINDOWS\system32\Drivers\etc\hosts

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123moviedownload.com
    127.0.0.1 www.123moviedownload.com

    There are 15610 more lines.


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Chuck\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\IMG_2026.JPG
    DNS Servers: 192.168.0.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    If an entry is included in the fixlist, it will be removed.

    HKLM\...\StartupApproved\StartupFolder: => "ImageBrowser EX Agent.lnk"
    HKLM\...\StartupApproved\Run: => "iTunesHelper"
    HKLM\...\StartupApproved\Run: => "XboxStat"
    HKLM\...\StartupApproved\Run32: => "HP Software Update"
    HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
    HKLM\...\StartupApproved\Run32: => "Raptr"
    HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
    HKLM\...\StartupApproved\Run32: => "Corsair Utility Engine"
    HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
    HKLM\...\StartupApproved\Run32: => "PlaysTV"
    HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\StartupApproved\StartupFolder: => "EOS Utility.lnk"
    HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_9001C7D091CC23E7588EE40C1DFED158"
    HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\StartupApproved\Run: => "GoogleDriveSync"
    HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\StartupApproved\Run: => "HydraVisionDesktopManager"
    HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\StartupApproved\Run: => "HP ENVY 5530 series (NET)"
    HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\StartupApproved\Run: => "Skype"
    HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
    HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\StartupApproved\Run: => "Octoshape Streaming Services"
    HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\StartupApproved\Run: => "PCShowServer"
    HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\StartupApproved\Run: => "Spybot-S&D Cleaning"
    HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\StartupApproved\Run: => "GoD-G910-ColorProfileSwitcher"
    HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\StartupApproved\Run: => "KiesPDLR.exe"
    HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\...\StartupApproved\Run: => "WallpaperEngine"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{62D1D5DA-89EB-4BAC-8D01-E22BB6E6C683}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\rust\Rust.exe
    FirewallRules: [{7C32241A-339D-4384-99D8-A7498D9C8194}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\rust\Rust.exe
    FirewallRules: [UDP Query User{7868E7C8-8DD7-474E-B46F-2A7CF210B702}C:\cms2000\cms2000.exe] => (Allow) C:\cms2000\cms2000.exe
    FirewallRules: [TCP Query User{18D2A1E5-2601-4A01-ABED-9ACD96402E2B}C:\cms2000\cms2000.exe] => (Allow) C:\cms2000\cms2000.exe
    FirewallRules: [{60EA7B9C-04F4-4F58-9862-959CD74EEA7F}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
    FirewallRules: [{F8E11C3E-408A-40C5-AD89-A160D31C2DC7}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
    FirewallRules: [{8C603115-23EB-4249-8218-1C8B3B9AAB49}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Prison Architect\Prison Architect64.exe
    FirewallRules: [{45B56E38-8BD5-4865-844F-BCBD343FA14D}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Prison Architect\Prison Architect64.exe
    FirewallRules: [UDP Query User{26B1ACC8-8DCE-4D37-BB2B-1EDB25B81201}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe
    FirewallRules: [TCP Query User{3CD26E90-5900-4A03-B2EB-27CB8F9FDBC7}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe
    FirewallRules: [{36D3E7DB-E3CA-4C4E-9F68-5C028E757242}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroesOmega.exe
    FirewallRules: [{9E5D8E37-28A2-4ECE-90D9-0F8B9B4CF0F1}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroesOmega.exe
    FirewallRules: [{A8222B9A-2599-488E-AA9E-598E09BFF952}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
    FirewallRules: [{63F00BE4-FAB8-4AAD-BF85-391F5BAC21A0}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
    FirewallRules: [{5B1CF29C-C35E-4825-910E-C25843994A3E}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
    FirewallRules: [{D208CCA8-F16C-4869-84AD-D8D21E5EC486}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
    FirewallRules: [{D8B44E43-42F5-4CA4-ACBC-9EDA9A12CBFF}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Trove\GlyphClient.exe
    FirewallRules: [{CCFADD8A-7A72-4C13-AB14-91991BB40268}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Trove\GlyphClient.exe
    FirewallRules: [{31514A0C-A378-4D7D-829B-46F08743E041}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Fallout Shelter\FalloutShelter.exe
    FirewallRules: [{727AAF78-E4CB-4930-812E-0528948F2A70}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Fallout Shelter\FalloutShelter.exe
    FirewallRules: [{C9B07C6D-2386-456E-8B44-6959AB43D04A}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\WOG\disasm.exe
    FirewallRules: [{D1E1AEDB-D0BD-48A5-80DD-B41D14F5116B}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\WOG\disasm.exe
    FirewallRules: [{CF3A24D7-AE9F-4FEA-9CE3-A22386C7283B}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\wallpaper_engine\launcher.exe
    FirewallRules: [{A13B6777-6CC2-4B3E-9642-55EB3748F6B8}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\wallpaper_engine\launcher.exe
    FirewallRules: [{BD9A136B-B1F3-4C62-89CB-2EF3A0DDF6CE}] => (Allow) D:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe
    FirewallRules: [{D02E6CF0-1681-41CF-B092-FA0D77968A40}] => (Allow) D:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe
    FirewallRules: [{03B736B5-BB7C-447E-8D83-BF555728BD2C}] => (Allow) D:\Program Files (x86)\Origin Games\Mass Effect 2\Binaries\MassEffect2.exe
    FirewallRules: [{36E805CE-DDC7-462F-ABE3-5E95E8B210DF}] => (Allow) D:\Program Files (x86)\Origin Games\Mass Effect 2\Binaries\MassEffect2.exe
    FirewallRules: [{EA4227CA-9D44-48CB-9F19-DC69B9692800}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Heroes & Generals\hngsteamlauncher.exe
    FirewallRules: [{A076B6C8-6680-4AEC-B2E6-7CE19DB934B7}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Heroes & Generals\hngsteamlauncher.exe
    FirewallRules: [{051DAD22-7229-40C6-8F74-E1C9E0D3E5AF}] => (Allow) D:\Program Files (x86)\Origin Games\Theme Hospital\data\Game\DOSBox\EALaunchHelper.exe
    FirewallRules: [{9D9E82BD-5C2A-469B-AF59-1951F82CA3C4}] => (Allow) D:\Program Files (x86)\Origin Games\Theme Hospital\data\Game\DOSBox\EALaunchHelper.exe
    FirewallRules: [{4F99C55C-8B4A-4CFE-8FE5-431242B8D306}] => (Allow) LPort=8888
    FirewallRules: [UDP Query User{1984F13C-86D2-4A6E-8A05-3E68E5DDF3DC}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
    FirewallRules: [TCP Query User{B0445D29-54F4-4A3A-B028-2C1522635F33}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
    FirewallRules: [{CBED3DB5-20F2-4ECF-9D2A-CD418C6D166B}] => (Allow) LPort=8888
    FirewallRules: [{C9A17E19-DDF2-421D-A729-AD77E44069F4}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\PlagueInc\PlagueIncEvolved.exe
    FirewallRules: [{B6C73401-E236-4B3D-B8EB-48C7E58AC836}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\PlagueInc\PlagueIncEvolved.exe
    FirewallRules: [UDP Query User{C5F5BDA4-5E1B-456E-BF40-A43824808175}D:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) D:\program files\rockstar games\grand theft auto v\gta5.exe
    FirewallRules: [TCP Query User{AC81D507-D003-4A7A-8846-83094503C764}D:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) D:\program files\rockstar games\grand theft auto v\gta5.exe
    FirewallRules: [UDP Query User{0E06E4EA-C40C-451F-B529-4819F68028EF}D:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe] => (Block) D:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe
    FirewallRules: [TCP Query User{57AF21D1-24E4-4133-8029-3A1147FB02BA}D:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe] => (Block) D:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe
    FirewallRules: [UDP Query User{1C96CCDC-403D-4E8C-959E-C181480E71AE}C:\program files (x86)\diablo iii public test\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii public test\diablo iii.exe
    FirewallRules: [TCP Query User{C2523839-B025-4D88-AB17-2CDA9878E27E}C:\program files (x86)\diablo iii public test\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii public test\diablo iii.exe
    FirewallRules: [UDP Query User{7B31A629-596A-4F41-AD4C-AF88EF7A5464}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_31\bin\javaw.exe
    FirewallRules: [TCP Query User{10336B83-0974-4CC2-BAED-D78473F0F376}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_31\bin\javaw.exe
    FirewallRules: [{D783D0D5-64DB-483E-98C9-58735F52F049}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Miscreated\Miscreated.exe
    FirewallRules: [{14E0B170-D844-4D7B-AE99-EE15673FF062}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Miscreated\Miscreated.exe
    FirewallRules: [UDP Query User{EF91BC2B-D8B2-4656-A18F-9880031F75E8}D:\program files (x86)\steam\steamapps\common\life is feudal your own\server\cm_yo_server.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\life is feudal your own\server\cm_yo_server.exe
    FirewallRules: [TCP Query User{45D48D09-B8CE-417D-ABE4-C3F8A6463B02}D:\program files (x86)\steam\steamapps\common\life is feudal your own\server\cm_yo_server.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\life is feudal your own\server\cm_yo_server.exe
    FirewallRules: [{9C677E9C-9BC6-44F6-BB55-E0D0142365F9}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\SimCity 4 Deluxe\Apps\SimCity 4.exe
    FirewallRules: [{943F71FD-ADBB-4B76-BD4B-0BB52595241E}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\SimCity 4 Deluxe\Apps\SimCity 4.exe
    FirewallRules: [{C1486EE5-DDAE-43E2-AD9C-7B8AA6C5AE6F}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Life is Feudal Your Own\yo_cm_client.exe
    FirewallRules: [{2D06D2D2-DA52-40E3-A040-F380FF313855}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Life is Feudal Your Own\yo_cm_client.exe
    FirewallRules: [{4D5558E0-4997-4AF7-A95B-0D7B54EC863A}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
    FirewallRules: [{4EAFAB89-717D-4D25-9CAE-F6D61956CC92}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
    FirewallRules: [{67C52708-ABDB-449B-82A7-EEE836C93A57}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
    FirewallRules: [{EE99486D-EBED-4774-8961-A93CFA37533D}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
    FirewallRules: [{FC016E15-2ADD-4C08-A01B-E2136F5630F2}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\FSX\fsx.exe
    FirewallRules: [{09E86756-2FFB-4FAD-80E9-867E90E26F16}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\FSX\fsx.exe
    FirewallRules: [{83630C42-CDBB-4932-9770-A29CB8961637}] => (Allow) D:\Program Files (x86)\Origin Games\SimCity 2000 SE\Game\Game\DOSBox\DOSBox.exe
    FirewallRules: [{E8A4BD10-0540-4F36-AC18-E808FB86ED29}] => (Allow) D:\Program Files (x86)\Origin Games\SimCity 2000 SE\Game\Game\DOSBox\DOSBox.exe
    FirewallRules: [{9CB07561-9B92-4C17-A4A0-18EE1B980BE2}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ_BE.exe
    FirewallRules: [{48773769-2135-4281-A832-C1F065226A6D}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ_BE.exe
    FirewallRules: [{350112F0-387E-46E6-9599-33A05295F78A}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
    FirewallRules: [{DAF24764-EA28-43F6-9BFE-61B981EBBD83}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
    FirewallRules: [{315C94A6-25D2-46C1-B9D0-33AA44B308B8}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
    FirewallRules: [{9A5FD1CD-FF55-43BF-897A-636E75490AD4}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
    FirewallRules: [{55901A0E-095B-413B-A00A-AB07BA0FE271}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Batman Arkham Origins\Online\Binaries\Win32\BatmanOriginsOnline.exe
    FirewallRules: [{42DF26BD-5C89-413A-AF7F-75E79A95E1A0}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Batman Arkham Origins\Online\Binaries\Win32\BatmanOriginsOnline.exe
    FirewallRules: [{9CED4785-DFF0-4809-BE12-1E94980BA707}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Batman Arkham Origins\SinglePlayer\Binaries\Win32\BatmanOrigins.exe
    FirewallRules: [{08AB4070-D604-4B74-9EBC-AA6A67C637BB}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Batman Arkham Origins\SinglePlayer\Binaries\Win32\BatmanOrigins.exe
    FirewallRules: [{3F76E01B-B748-4751-A658-4740A945D744}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto San Andreas\gta-sa.exe
    FirewallRules: [{A6BB6744-9962-47FE-A5C2-72F95F603207}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto San Andreas\gta-sa.exe
    FirewallRules: [{02DABD3D-1E3C-49AA-A0E4-45163BA3FC4B}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Miscreated\Bin64\Miscreated.exe
    FirewallRules: [{5917E38F-6579-4A7E-9023-B3BAD14E7DCD}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Miscreated\Bin64\Miscreated.exe
    FirewallRules: [UDP Query User{06B8EA62-F4B8-406F-A4B2-7CFD6219A744}D:\program files (x86)\dayzlauncher\dayzlauncher.exe] => (Allow) D:\program files (x86)\dayzlauncher\dayzlauncher.exe
    FirewallRules: [TCP Query User{29751EB7-D23F-4A8F-96AE-94ADC5609369}D:\program files (x86)\dayzlauncher\dayzlauncher.exe] => (Allow) D:\program files (x86)\dayzlauncher\dayzlauncher.exe
    FirewallRules: [UDP Query User{9026D26E-5089-4BEE-811D-03E05511B9D8}D:\users\chuck\documents\starcitizen\citizenclient\bin64\starcitizen.exe] => (Allow) D:\users\chuck\documents\starcitizen\citizenclient\bin64\starcitizen.exe
    FirewallRules: [TCP Query User{93D45488-CC55-4843-BFEA-338D2B7EB0A6}D:\users\chuck\documents\starcitizen\citizenclient\bin64\starcitizen.exe] => (Allow) D:\users\chuck\documents\starcitizen\citizenclient\bin64\starcitizen.exe
    FirewallRules: [{A3D34F29-A2FF-458A-8FF0-5AF268DA6D4F}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
    FirewallRules: [{4D0933D6-D209-4DD9-BEA3-98E876FEAF1A}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
    FirewallRules: [{07CA0F98-66D7-46C8-9382-14267B80BD71}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
    FirewallRules: [{22D80FA2-F630-4152-A337-729625D0E6F9}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
    FirewallRules: [{02DCA2FE-1A00-4D4A-A42C-1616D1864C66}] => (Allow) D:\Program Files (x86)\Origin Games\Bejeweled 3\Bejeweled3.exe
    FirewallRules: [{5E4C4AD1-FF5E-4C25-9998-C6CC09A21AEA}] => (Allow) D:\Program Files (x86)\Origin Games\Bejeweled 3\Bejeweled3.exe
    FirewallRules: [{D2313727-21CC-4FBC-A278-C5BF2C8163EE}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider\TombRaider.exe
    FirewallRules: [{AE1E55C4-58F0-4388-AF61-DC4EEE0686CC}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider\TombRaider.exe
    FirewallRules: [{325CD53C-4527-4D21-9836-7FE9D491E11E}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\ArmaTactics\ArmaTactics.exe
    FirewallRules: [{33CBCE1D-920C-4BEC-A559-73A764C7DFB1}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\ArmaTactics\ArmaTactics.exe
    FirewallRules: [{2CF610A7-DA1F-461C-8BFF-0181DDE7DB08}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Game Dev Tycoon\nw.exe
    FirewallRules: [{D594A129-DC20-4FB1-B580-6D3826B21081}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Game Dev Tycoon\nw.exe
    FirewallRules: [{A4418DBD-FC0B-49BF-B5FF-0026B234A3F9}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\7 Days To Die\7DaysToDie_EAC.exe
    FirewallRules: [{4FDB2C75-7E48-4333-AC5B-0A68B2187540}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\7 Days To Die\7DaysToDie_EAC.exe
    FirewallRules: [UDP Query User{697B2AEB-952E-4E45-8AA2-F43ED33B1714}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
    FirewallRules: [TCP Query User{9402E211-54A3-449C-954E-9E5CB951A22D}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
    FirewallRules: [UDP Query User{39790539-520F-468E-9380-0CC48038AA29}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [TCP Query User{CAE4E5ED-1542-4EF9-A902-F66DD0086C65}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [{062DE237-CF8A-42E1-B78F-ED1AADF855C1}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\arma 2 operation arrowhead\Expansion\beta\Arma2OA.exe
    FirewallRules: [{D74A7BDC-8493-4BEE-B84D-240FB50773AA}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\arma 2 operation arrowhead\Expansion\beta\Arma2OA.exe
    FirewallRules: [{02BF0E43-DB6A-44BB-B5CC-1192479C36EA}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\farcry3_d3d11.exe
    FirewallRules: [{9DDFBA43-43D5-4ECC-9DDF-8BAC3396D623}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\farcry3_d3d11.exe
    FirewallRules: [{75F3548A-877A-46EC-8A1C-34900DEBE808}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\farcry3.exe
    FirewallRules: [{1FB25ECC-ABF7-4855-9246-078DB493578D}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\farcry3.exe
    FirewallRules: [{F385432D-BC1C-4D43-B3F2-C2263A1ACCE6}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
    FirewallRules: [{AE4BEB5C-FD49-493F-B4FD-2AC9E13E03E2}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
    FirewallRules: [{BF6182C4-E691-4810-B32F-7DA797C5F29A}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Assassin's Creed IV Black Flag\AC4BFSP.exe
    FirewallRules: [{94514730-AF25-4207-B879-D1BD51FD1F47}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Assassin's Creed IV Black Flag\AC4BFSP.exe
    FirewallRules: [{0D10C69D-0746-46F4-BEF8-A53DA4AED7C8}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{7DD32D6C-3A8E-413D-B374-632C4FF3D217}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{90D8998B-7D5A-4338-A276-48E9C0B8662B}] => (Allow) C:\Program Files\HP\HP ENVY 5530 series\Bin\HPNetworkCommunicatorCom.exe
    FirewallRules: [{BDA041B6-292F-457B-892B-D3BEEC4C589F}] => (Allow) LPort=5357
    FirewallRules: [{1AE032E8-7F20-4F49-BD45-6000C2CAAF23}] => (Allow) C:\Program Files\HP\HP ENVY 5530 series\Bin\DeviceSetup.exe
    FirewallRules: [{A8C5101B-E8E0-4E84-80B2-97C99D00E673}] => (Allow) D:\Program Files (x86)\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe
    FirewallRules: [{891B30CA-607D-47C9-A7FC-3894189B7D2E}] => (Allow) D:\Program Files (x86)\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe
    FirewallRules: [{CF608D47-DE77-4D04-9609-65060B1BEE0A}] => (Allow) D:\Program Files (x86)\Origin Games\Need for Speed Hot Pursuit\Launcher.exe
    FirewallRules: [{7FF78E4F-B8C5-4099-A3D0-779A789736F3}] => (Allow) D:\Program Files (x86)\Origin Games\Need for Speed Hot Pursuit\Launcher.exe
    FirewallRules: [UDP Query User{60149D1D-AB29-4550-B566-A614DB083E58}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [TCP Query User{3BAA2B51-3DF8-4DD8-8A79-C37D90FFF674}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [{116A6727-8FF9-484C-BD05-0B8B18543C1D}] => (Allow) D:\Program Files (x86)\Origin Games\Peggle Deluxe\Peggle.exe
    FirewallRules: [{6D01B0CB-878A-44C1-A30E-0818746CA532}] => (Allow) D:\Program Files (x86)\Origin Games\Peggle Deluxe\Peggle.exe
    FirewallRules: [UDP Query User{FA01AEE9-8D23-42FB-8029-73B2EA23335F}C:\program files (x86)\ps3 media server\jre64\bin\javaw.exe] => (Allow) C:\program files (x86)\ps3 media server\jre64\bin\javaw.exe
    FirewallRules: [TCP Query User{22905A12-1BBA-4725-B5D9-22C9E7B48260}C:\program files (x86)\ps3 media server\jre64\bin\javaw.exe] => (Allow) C:\program files (x86)\ps3 media server\jre64\bin\javaw.exe
    FirewallRules: [{C53A7B78-240D-4DC6-ACEE-680281AA43D9}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\State of Decay\StateOfDecay.exe
    FirewallRules: [{03A60BAF-F073-4E03-97A9-C9D61FF24358}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\State of Decay\StateOfDecay.exe
    FirewallRules: [{2971E36D-F010-406D-8150-3CA5DE6C757F}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\red faction armageddon\rf4_launcher.exe
    FirewallRules: [{D0B690E3-ABDB-4C78-AD2B-2411A7F76B6F}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\red faction armageddon\rf4_launcher.exe
    FirewallRules: [{C3BDE659-620B-4251-8B50-D5CD9FFFDA0C}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Metro 2033\metro2033.exe
    FirewallRules: [{DC36A209-3EDA-43EA-8C13-284A8692CB01}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Metro 2033\metro2033.exe
    FirewallRules: [{18998332-A6BB-4904-9C1E-957A076E1575}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\bin\SniperEliteV2.exe
    FirewallRules: [{00D1E0B9-3FE0-4CF0-9A37-D1884F00BCB3}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\bin\SniperEliteV2.exe
    FirewallRules: [{C52FBCA3-B085-4F36-B022-6B1058E570F9}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\RailWorks\RailWorks.exe
    FirewallRules: [{0F75C9A4-F8B0-43CD-B98D-4E60A5075FD7}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\RailWorks\RailWorks.exe
    FirewallRules: [{AA861787-5CA3-46EC-9C3C-6AB59D36E174}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
    FirewallRules: [{2E9C59EC-C91B-4261-947A-B8C46C3DED57}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
    FirewallRules: [{1F983F8B-0F2F-46DC-92C2-1C2D8AC4A807}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\7 Days To Die\7DaysToDie.exe
    FirewallRules: [{B8A83DBA-0B04-4F8E-9EB1-558FE50C8434}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\7 Days To Die\7DaysToDie.exe
    FirewallRules: [{6B80204F-6265-4C38-A983-0D5E2B2AAB9C}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Game Dev Tycoon\GameDevTycoon.exe
    FirewallRules: [{FF3BAE12-117A-435F-BC1E-AC5C66902274}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Game Dev Tycoon\GameDevTycoon.exe
    FirewallRules: [{094CBC99-B464-4D83-93A3-1F4292643B8A}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Prison Architect\Prison Architect.exe
    FirewallRules: [{4CE3F5C5-2418-4D45-89D5-5389EDA2BD61}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Prison Architect\Prison Architect.exe
    FirewallRules: [{BEFBECF2-6BA1-43BA-9184-A6DB2C712D9F}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Company of Heroes Relaunch\RelicCOH.exe
    FirewallRules: [{25C65C9D-DF4B-4C30-918B-96FD4C4147D8}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Company of Heroes Relaunch\RelicCOH.exe
    FirewallRules: [{125D962E-7AB6-4EDD-9794-131E8EB556A3}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ.exe
    FirewallRules: [{C5D45F7A-55E9-40D0-A911-2E91B37DEB39}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ.exe
    FirewallRules: [{D753A31B-FDC3-44F5-BF2C-BCFCCCF21421}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
    FirewallRules: [{CCC67F3A-3C3E-42BA-9060-36FD44A15C7F}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
    FirewallRules: [{E4F8E98A-F603-432C-AE47-C67DFE2EC178}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
    FirewallRules: [{6D2AE3C5-12E1-4B54-935D-BF6A014EFA7F}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
    FirewallRules: [{8A8BE60E-F39E-4428-90D0-95E7BBEBEBDF}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\arma 2 operation arrowhead\ArmA2OA.exe
    FirewallRules: [{519CC4D3-93C6-4B7A-9179-AA0BD065C856}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\arma 2 operation arrowhead\ArmA2OA.exe
    FirewallRules: [{4A0A4B5F-AEB3-4386-8545-DF2FA2BE907C}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\arma 2 operation arrowhead\ArmA2OA_BE.exe
    FirewallRules: [{56783ECF-0008-4D7D-9C1D-9982C6288CE2}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\arma 2 operation arrowhead\ArmA2OA_BE.exe
    FirewallRules: [{A00F50F2-CF73-43FE-B61F-7A79E61B4BAB}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Borderlands\Binaries\Borderlands.exe
    FirewallRules: [{C923BF60-0319-4CE9-8AD9-001745F3793F}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Borderlands\Binaries\Borderlands.exe
    FirewallRules: [{C6648712-D19B-4DF5-9D94-1CF37221DD51}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
    FirewallRules: [{6686FAF9-CE2D-4A0D-9D9F-42F94BED8E85}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
    FirewallRules: [{66DB41BC-180C-4B28-A992-6AF210BE5420}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
    FirewallRules: [{D5D56C06-24D1-4A3D-A48F-1B6AAAF7352A}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
    FirewallRules: [{3B5EA2E5-5DD2-401F-868C-0398CF51E323}] => (Allow) D:\Program Files (x86)\Origin Games\Wing Commander III\Game\Game\DOSBox\DOSBox.exe
    FirewallRules: [{6E321AA7-E2A3-4398-961C-EDBBDA62970E}] => (Allow) D:\Program Files (x86)\Origin Games\Wing Commander III\Game\Game\DOSBox\DOSBox.exe
    FirewallRules: [{3941ED32-1675-4455-A872-6333AA5D70EF}] => (Allow) D:\Program Files\Ventrilo\Ventrilo.exe
    FirewallRules: [{5BA51D18-3B08-450C-8E02-3BFEE33A583B}] => (Allow) D:\Program Files\Ventrilo\Ventrilo.exe
    FirewallRules: [{EF0EC83C-49D2-450D-BF6C-0E3BAD43E631}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{BC4F6168-F2B8-4A94-9775-E3EE02266CCF}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{3CB410BE-E874-4041-B619-FA46AE0B22AE}] => (Allow) D:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe
    FirewallRules: [{190373F8-3F53-486E-B9E7-B85CED49BEA0}] => (Allow) D:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe
    FirewallRules: [{26F48EE6-DF4D-4874-95E0-8958D9897DFD}] => (Allow) C:\Program Files (x86)\Canon\EOS Utility\EOSUPNPSV.exe
    FirewallRules: [{1A47526F-DA83-4304-91FD-E9D6179C7872}] => (Allow) C:\Program Files (x86)\Canon\EOS Utility\EOSUPNPSV.exe
    FirewallRules: [{7BCF6567-3B94-4BBB-A34D-6253DDB02459}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Robocraft\Robocraft.exe
    FirewallRules: [{247EC89C-8292-4640-8330-3BBA8A81B622}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Robocraft\Robocraft.exe
    FirewallRules: [TCP Query User{67FF7F31-A4C0-4894-91B7-B09228C1FE7B}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
    FirewallRules: [UDP Query User{0B497CA8-408D-4F47-A806-58BEBB23FCA0}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
    FirewallRules: [TCP Query User{43EFA249-C6D2-4638-8E5F-301C71E7ADEC}C:\program files\java\jdk1.7.0_79\bin\java.exe] => (Allow) C:\program files\java\jdk1.7.0_79\bin\java.exe
    FirewallRules: [UDP Query User{7B25FB60-5662-4A41-AA5A-980ECB81006E}C:\program files\java\jdk1.7.0_79\bin\java.exe] => (Allow) C:\program files\java\jdk1.7.0_79\bin\java.exe
    FirewallRules: [TCP Query User{11425680-F098-4CC9-BABA-F65955D47D32}D:\program files (x86)\steam\steamapps\common\siryouarebeinghunted\x64\multiplayer\sir.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\siryouarebeinghunted\x64\multiplayer\sir.exe
    FirewallRules: [UDP Query User{35DAEFE3-05A8-4B71-A255-99937CF8415B}D:\program files (x86)\steam\steamapps\common\siryouarebeinghunted\x64\multiplayer\sir.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\siryouarebeinghunted\x64\multiplayer\sir.exe
    FirewallRules: [{3EB40E2F-680C-4D42-A501-DDC1A015D88E}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Super Street Fighter IV - Arcade Edition\SSFIV.exe
    FirewallRules: [{61716F15-F1C0-4431-9A1E-67D8E0873815}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Super Street Fighter IV - Arcade Edition\SSFIV.exe
    FirewallRules: [TCP Query User{2F07E946-E2C6-46FA-9A8E-CF87E799162E}D:\program files (x86)\steam\steamapps\common\fallout 4\fallout4.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\fallout 4\fallout4.exe
    FirewallRules: [UDP Query User{D48E03DC-4D1D-4C3E-B161-D5D559F3CD77}D:\program files (x86)\steam\steamapps\common\fallout 4\fallout4.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\fallout 4\fallout4.exe
    FirewallRules: [{6BF732EE-5CFE-4972-94D3-06F4244A5B35}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Arma 2\arma2.exe
    FirewallRules: [{A34D60C5-7CEC-4CE9-9242-F705042EB0A1}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Arma 2\arma2.exe
    FirewallRules: [{45012A1E-E30D-419B-BD0E-9F25048212E9}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Portal\hl2.exe
    FirewallRules: [{B4C20EA1-7DFC-4D2F-94E5-9C1E8D50D3DA}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Portal\hl2.exe
    FirewallRules: [{F4FE2675-8B05-46CD-8161-D966FA4E6DA5}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Besiege\Besiege.exe
    FirewallRules: [{3A47844F-0321-44B0-8907-7B17BF86A4BB}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Besiege\Besiege.exe
    FirewallRules: [TCP Query User{B2D8293A-DFCB-4869-9DC8-F29C654766C7}D:\program files (x86)\steam\steamapps\common\beamng.drive\bin64\beamng.drive.x64.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\beamng.drive\bin64\beamng.drive.x64.exe
    FirewallRules: [UDP Query User{757EBEBC-2EF1-44C8-9A68-BC30DA8D65CC}D:\program files (x86)\steam\steamapps\common\beamng.drive\bin64\beamng.drive.x64.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\beamng.drive\bin64\beamng.drive.x64.exe
    FirewallRules: [{7FC53B15-DBD4-4C6E-8584-969255E10AEB}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Arma 3\arma3launcher.exe
    FirewallRules: [{AE95A6CE-FF2C-4D81-8A6F-79C52CFB4BAB}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Arma 3\arma3launcher.exe
    FirewallRules: [TCP Query User{38973BD1-DB25-462F-99BE-F373836FA0C8}C:\program files (x86)\a3launcher\a3launcher.exe] => (Allow) C:\program files (x86)\a3launcher\a3launcher.exe
    FirewallRules: [UDP Query User{22F5E4D0-E5C0-4208-B4F7-83CA32A6E3B4}C:\program files (x86)\a3launcher\a3launcher.exe] => (Allow) C:\program files (x86)\a3launcher\a3launcher.exe
    FirewallRules: [TCP Query User{973B6395-9FC1-449B-9963-6EAEDC2F7AE3}D:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe
    FirewallRules: [UDP Query User{3CD94820-C89A-4EE1-B8BA-0C7561153BF7}D:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe
    FirewallRules: [{73D51B00-224F-4E9C-AE73-888A0A617241}] => (Block) D:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe
    FirewallRules: [{FD96CDB1-83A2-4C10-A751-DF0D90590FE6}] => (Block) D:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe
    FirewallRules: [TCP Query User{F04B1C22-934B-4A5B-9BC9-B1849FDF7DD8}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
    FirewallRules: [UDP Query User{6FF95DD4-182A-4195-917A-7888E29896A3}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
    FirewallRules: [TCP Query User{0A41175A-F97F-4ABE-8250-E1A997489B3A}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
    FirewallRules: [UDP Query User{49CC993B-18ED-456B-92D2-1BE41001CD34}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
    FirewallRules: [{D27E2C7B-209D-4292-A2E4-96D40FCD1C1E}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Starships\Starships64.exe
    FirewallRules: [{C4AED4B6-1D06-4CFD-AA68-6349EFE5D69C}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Starships\Starships64.exe
    FirewallRules: [{9D5D0DD6-BDFF-4448-9C7B-7C9F4F84F4E1}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2016.exe
    FirewallRules: [{F4E47123-60BF-46D5-99B9-C274B2DBD277}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2016.exe
    FirewallRules: [TCP Query User{261F992D-0FEC-42AF-AE1B-3247265C007B}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
    FirewallRules: [UDP Query User{EEB1F861-2267-49FF-A29D-CE70B581D9BC}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
    FirewallRules: [{1B9E97A3-8ED9-41C3-B074-5D7B035A6CD4}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Prison Architect\Prison Architect Safe Mode.exe
    FirewallRules: [{A1CFC2A9-6AD1-40A7-8A8A-546F2D5D6E99}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Prison Architect\Prison Architect Safe Mode.exe
    FirewallRules: [{431D2DD9-4D55-473C-920F-51C802163A42}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
    FirewallRules: [{2256614C-9664-49F6-A399-395383461B87}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
    FirewallRules: [{27B28BC1-9111-4B92-B801-FA007855F538}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\FINAL FANTASY VII\FF7_Launcher.exe
    FirewallRules: [{ADC03E9A-9724-4A80-8116-A935755C6430}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\FINAL FANTASY VII\FF7_Launcher.exe
    FirewallRules: [{F0256AFA-3F50-4B9F-B6B2-BAB3D92658CA}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\SirYouAreBeingHunted\launcher\sir.exe
    FirewallRules: [{EFE3B230-48B9-42CA-9BE4-0AB15D86F602}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\SirYouAreBeingHunted\launcher\sir.exe
    FirewallRules: [TCP Query User{33E036BD-C128-44D5-A460-6FE7F29F2B9C}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
    FirewallRules: [UDP Query User{CEB8D552-F822-46C8-BD28-DDBF44E875CA}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
    FirewallRules: [TCP Query User{DF239200-F3D4-4888-8441-A8A1B8E4D4E6}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_31\bin\javaw.exe
    FirewallRules: [UDP Query User{F7138611-139F-4EDA-AB5B-D16518CCFCD9}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_31\bin\javaw.exe
    FirewallRules: [{7025B53D-2E53-408B-AC56-63AB30F2833B}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
    FirewallRules: [{0E5AE7D3-1064-41EC-A9D4-A202258DA61A}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
    FirewallRules: [{9825DF64-68BC-48CF-8471-879A63BF2793}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
    FirewallRules: [{CA9B85A8-BE2E-48AF-BB4E-4AC726BD2617}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
    FirewallRules: [{55B310B4-9881-44D0-B6A6-B23283F7F4AA}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\7 Days To Die\7dLauncher.exe
    FirewallRules: [{E45FC94A-9FBD-411A-80F1-476D339DC688}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\7 Days To Die\7dLauncher.exe
    FirewallRules: [{292B2C54-70AF-483D-B9A7-81BF0C1DFEB6}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\ARMA Cold War Assault\ColdWarAssault.exe
    FirewallRules: [{3FF53525-D9D5-4997-925D-571EB5220CA6}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\ARMA Cold War Assault\ColdWarAssault.exe
    FirewallRules: [{A3850071-62DA-4042-BD37-8E6F60175B68}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\ARMA Cold War Assault\ColdWarAssaultPreferences.exe
    FirewallRules: [{B90EB835-F728-4883-928B-A17F5007BF61}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\ARMA Cold War Assault\ColdWarAssaultPreferences.exe
    FirewallRules: [{72A337A5-1D6C-4B11-904E-CFF277E37AC9}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Subnautica\Subnautica.exe
    FirewallRules: [{73713B54-529A-4113-90F2-43603AE3AF57}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Subnautica\Subnautica.exe
    FirewallRules: [{11E08264-8DE8-430C-9660-F3F190F312D8}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\InjusticeGodsAmongUs_UltimateEdition\DiscContentPCG\Injustice.exe
    FirewallRules: [{C446B827-C0BF-4378-BCC2-F86A0CB2D4EE}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\InjusticeGodsAmongUs_UltimateEdition\DiscContentPCG\Injustice.exe
    FirewallRules: [{EA592B2B-BCC8-4E4B-88EC-85F9A9FD8B8D}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\InjusticeGodsAmongUs_UltimateEdition\DiscContentPCG\InjusticeLauncher.exe
    FirewallRules: [{125067EF-2B3D-4E39-ADD4-B63CCF4C1448}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\InjusticeGodsAmongUs_UltimateEdition\DiscContentPCG\InjusticeLauncher.exe
    FirewallRules: [{8F883755-8E66-4BB9-9588-85416CA155C7}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
    FirewallRules: [{F52B4BA5-93E0-4908-A595-3E659DCD5B08}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
    FirewallRules: [TCP Query User{D79BC556-E282-4EC4-95DC-1B39A815842B}C:\users\chuck\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\chuck\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
    FirewallRules: [UDP Query User{1ED75261-85B4-4F29-9BBA-70B97026532D}C:\users\chuck\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\chuck\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
    FirewallRules: [{7D1CB1DE-D422-40AC-B655-ABA268C2B30B}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
    FirewallRules: [{E6F782E7-0BE9-4881-BE2B-62F7B243E59F}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
    FirewallRules: [TCP Query User{1BE8DF9C-FC70-44FC-B033-DD4DC37CA5D8}D:\program files (x86)\steam\steamapps\common\fallout 4\fallout4.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\fallout 4\fallout4.exe
    FirewallRules: [UDP Query User{3A5F421E-0234-4C6F-9361-C19794E15110}D:\program files (x86)\steam\steamapps\common\fallout 4\fallout4.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\fallout 4\fallout4.exe
    FirewallRules: [{D4FD116D-C8B6-4BE8-9532-B26DAF07C439}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{78043A71-8708-4BDD-9D5B-09EE3039FC56}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{F05D9999-D56E-4ED0-B4D4-970356DF7A77}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{B5F44319-D272-47A9-9209-A68D28C038C2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{E5A717C4-E197-4475-A682-109C6C49D976}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
    FirewallRules: [{B90C8B36-F3E4-4ED9-84FC-902D0556BCC7}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
    FirewallRules: [{996D9711-B1E0-48A5-A5F7-03493F4E0159}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
    FirewallRules: [{845F7C72-48BF-4E3E-A4FE-543C36488FBC}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
    FirewallRules: [{BC12F71F-65F5-43A3-BEF2-F0C70FC018E4}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
    FirewallRules: [{792FC0EF-E3B8-4176-B9D3-652C021DC6D1}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
    FirewallRules: [{1F6D4BB9-8C64-45ED-9E88-482A2C448655}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Windows Migration Assistant\MigrationAssistant.exe
    FirewallRules: [{B449569D-414F-46B4-BC3D-C1F8D08861C8}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Windows Migration Assistant\MigrationAssistant.exe
    FirewallRules: [{2CFA8DEC-E05F-4156-85E0-3D1BD9CDE14F}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Skyrim Special Edition\SkyrimSELauncher.exe
    FirewallRules: [{6D4902E0-55A1-465F-8D76-E403574D26BB}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Skyrim Special Edition\SkyrimSELauncher.exe
    FirewallRules: [{57712D15-4861-4DCF-AA2B-EA9145AAB08A}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Deus Ex Mankind Divided\retail\DXMD.exe
    FirewallRules: [{577E7114-154E-423B-BDC2-15F888F3EFDE}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Deus Ex Mankind Divided\retail\DXMD.exe
    FirewallRules: [{2B6A2C4E-72B7-4EFC-8662-5E08EDA2F8FE}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Skyrim\CreationKit.exe
    FirewallRules: [{BF1DDB27-B8BE-4726-B4C5-5D2F967F0071}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Skyrim\CreationKit.exe
    FirewallRules: [{505E82E4-1439-4116-B1D5-1903BC364FD9}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe
    FirewallRules: [{81CC83F9-61EC-4F50-A2EF-9D9D65B48B50}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe
    FirewallRules: [{A7224047-19B7-482B-9D8D-D14DAF70E6F0}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto IV Episodes from Liberty City\EFLC\LaunchEFLC.exe
    FirewallRules: [{774C7091-7E9C-42E5-B245-5ABB1D37AFCA}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto IV Episodes from Liberty City\EFLC\LaunchEFLC.exe
    FirewallRules: [{3CEC9AB9-0838-4C30-AE0B-57D80EAFA665}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{BBBC10B5-F2F5-43E6-B650-72D5C4CC9ACC}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{7E09DA22-0FA3-483D-AE18-B6FA57496C35}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
    FirewallRules: [{2B2E8652-2CBC-4960-9359-02368FB1826D}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe
    FirewallRules: [TCP Query User{57FBC5FE-9477-4BFA-BA7F-EDF2A65DBDEC}D:\program files (x86)\steam\steamapps\common\dayz\dayz_x64.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\dayz\dayz_x64.exe
    FirewallRules: [UDP Query User{4535FE84-6738-4C07-8D33-55EE38763E67}D:\program files (x86)\steam\steamapps\common\dayz\dayz_x64.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\dayz\dayz_x64.exe
    FirewallRules: [{12E77D8B-B867-4F23-B4CF-9925258C6BBB}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Squad\squad_launcher.exe
    FirewallRules: [{4E6522BC-428B-4715-BFB7-5E30F929D9E0}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Squad\squad_launcher.exe
    FirewallRules: [TCP Query User{E4DD2ECB-542C-41E0-8220-2A5AEA18F9BB}D:\program files (x86)\steam\steamapps\common\squad\squad\binaries\win64\squad.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\squad\squad\binaries\win64\squad.exe
    FirewallRules: [UDP Query User{E212C57C-6001-4CEC-9108-D6F48B853AEE}D:\program files (x86)\steam\steamapps\common\squad\squad\binaries\win64\squad.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\squad\squad\binaries\win64\squad.exe
    FirewallRules: [TCP Query User{847F05B1-5E53-4A8B-808D-649CFC115DE6}D:\program files\cloud imperium games\patcher\cigpatcher.exe] => (Allow) D:\program files\cloud imperium games\patcher\cigpatcher.exe
    FirewallRules: [UDP Query User{2B97C08B-78E6-4C19-AE2F-5C6EBC9017D4}D:\program files\cloud imperium games\patcher\cigpatcher.exe] => (Allow) D:\program files\cloud imperium games\patcher\cigpatcher.exe
    FirewallRules: [TCP Query User{34D341EC-50BF-473D-9994-54C84C9A7623}D:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe] => (Allow) D:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe
    FirewallRules: [UDP Query User{D27DCE8B-2BAB-4A8D-BC03-556EFC4373C9}D:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe] => (Allow) D:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe
    FirewallRules: [{A139A3A5-E298-47A3-AD55-E48B016A9F38}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Ultimate Epic Battle Simulator\UEBS.exe
    FirewallRules: [{460B0CC3-7AE8-44FB-85A2-E40C553BCA32}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Ultimate Epic Battle Simulator\UEBS.exe
    FirewallRules: [{5268A0C0-14E0-4195-908A-F0A1887C40CA}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Fallout 4\Fallout4Launcher.exe
    FirewallRules: [{63C2517B-9996-4ED3-92AC-478F8F172646}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Fallout 4\Fallout4Launcher.exe
    FirewallRules: [{81FF77B6-C3F8-4627-971D-8CF410A95B3C}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Mafia III\launcher.exe
    FirewallRules: [{356081B3-53E9-4ED1-8B6C-44E87C9D73DB}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Mafia III\launcher.exe
    FirewallRules: [{BBDAC0E8-DEC4-4DD7-AC94-DAFD6A3E57DD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{919AFE8C-861C-4D2B-98FD-D6F24B12A007}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{08D4D95B-420B-4AFF-8B47-1032CCFB1C44}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{EFF09521-36B7-4E58-85D3-307B5AA171AD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{FC490018-804E-4030-AF13-56D4E2105DCA}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{5E6333A4-B664-4FF2-A9D3-C110A8B5A1B8}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\theHunterPrimal\launcher\launcher.exe
    FirewallRules: [{C8612844-46AB-44AD-B9DD-BCF31835EF4B}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\theHunterPrimal\launcher\launcher.exe
    FirewallRules: [{F1C6D003-CF6C-4CDC-A1B4-09FB28CD186C}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\King's Quest\Binaries\Win\KingsQuest.exe
    FirewallRules: [{7CE33702-22D6-4C48-9323-DCDF0EDADAA1}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\King's Quest\Binaries\Win\KingsQuest.exe
    FirewallRules: [{3D4470DD-250F-4E4B-AAB2-8D7D602D7A7B}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\House Flipper\HouseFlipper.exe
    FirewallRules: [{34BAB8BE-F969-45E2-957F-78C790E0943D}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\House Flipper\HouseFlipper.exe
    FirewallRules: [{B56D1FA9-D364-4120-981B-ECF7ADCD55F9}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
    FirewallRules: [{CB0FB86D-4D43-4C4E-9D34-9D1ED9B60BAC}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
    FirewallRules: [{292556CD-39D0-4C15-94C8-93DC5E1101DB}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
    FirewallRules: [{58734264-EA58-4CC4-9090-0CB421F91D89}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
    FirewallRules: [TCP Query User{F6130784-27DD-4F77-B65E-FE151431DA6A}D:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe
    FirewallRules: [UDP Query User{D959751B-6DC7-41C7-BCD6-873989F6FB62}D:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe
    FirewallRules: [{A628862C-CC7A-4975-93D0-D6B0440D5292}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Factorio\bin\x64\factorio.exe
    FirewallRules: [{38FCEFA7-308C-486B-B152-A1AF589297CA}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Factorio\bin\x64\factorio.exe
    FirewallRules: [{9559FE6E-D4FF-4EE3-971B-DEBD2E7093F2}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    FirewallRules: [{B0A5FC6D-FC17-4AF9-AA70-DD394620CB7D}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    FirewallRules: [TCP Query User{9A6BF76E-77FF-4B40-9282-4B61981E21B9}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
    FirewallRules: [UDP Query User{BF5B881D-1548-4F05-828B-95685C00EDC0}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
    FirewallRules: [{0D34AB40-E490-42E1-957F-46EFA84B9FFB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{7272982E-233C-40A2-8569-CAA193D35F99}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{9CADA842-E5DF-4738-9B58-83E69681CC45}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{57E7B1D4-B4CD-4331-A098-20A5670B1605}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{4E7ED6BD-F401-4C8F-A970-B55E6C83D3EE}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\RailWorks\RailWorks64.exe
    FirewallRules: [{4956D241-AA8E-4A2A-ABCC-8F796DCF896D}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\RailWorks\RailWorks64.exe
    FirewallRules: [{41F2AF64-4E40-4CA9-A86D-62FE46AA879E}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
    FirewallRules: [{C2243A30-D9B1-4F7F-9798-7C58102D0937}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
    FirewallRules: [{01AB9036-C45F-425C-A0F5-82529B0A8D7D}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed III\AC3SP.exe
    FirewallRules: [{D3F5E9D9-1F34-4543-BE35-DA44CA211EA7}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed III\AC3SP.exe
    FirewallRules: [{73AFE879-5200-46E1-A393-2EB6144FA2C7}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed III\AC3MP.exe
    FirewallRules: [{9FAC5375-3EAE-4633-9AE8-41ABE784150D}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed III\AC3MP.exe
    FirewallRules: [{760EF367-D8BC-4FFF-8E2D-3E3B4637AA07}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed III\AssassinsCreed3.exe
    FirewallRules: [{855541A0-06B5-49A9-B14B-9590E7C3F64A}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed III\AssassinsCreed3.exe
    FirewallRules: [{358ACF5E-5D74-4F69-8345-9EC985CCDD01}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{92149023-79E8-4323-ACD0-771542076AD3}] => (Allow) C:\Users\Chuck\AppData\Local\Temp\HouseCall\tmase\nmap\nmap.exe
    FirewallRules: [{1928B473-44A4-4E8D-85D5-1EFE40D7CF43}] => (Allow) C:\Users\Chuck\AppData\Local\Temp\HouseCall\tmase\nmap\bonjour.exe
    FirewallRules: [{4EDE81C2-50B8-4F4A-A25E-16DE5D33E2CF}] => (Allow) C:\Users\Chuck\AppData\Local\Temp\HouseCall\tmase\nmap\nmap.exe
    FirewallRules: [{116C8756-77F8-4A53-9214-8B0DB7E24BD5}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
    FirewallRules: [{327468BB-1953-4E37-8139-9B9B33DB01B1}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
    FirewallRules: [{2CBC9BED-3ED8-4CDF-B3E9-A733E46DB6E3}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Restore Points =========================

    23-10-2018 12:42:41 Removed Chrome Remote Desktop Host
    24-10-2018 17:03:38 Removed Windows 7 USB/DVD Download Tool

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (10/25/2018 12:29:28 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
    Description: Event-ID 0

    Error: (10/25/2018 12:19:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program FRST64.exe version 24.10.2018.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

    Process ID: 3488

    Start Time: 01d46c7e25a3b02c

    Termination Time: 4294967295

    Application Path: C:\Users\Chuck\Downloads\FRST64.exe

    Report Id: 4d9722ca-771d-4b2b-99ad-3b53d05eda02

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (10/25/2018 11:14:48 AM) (Source: amdacpusrsvc) (EventID: 0) (User: )
    Description: Event-ID 0

    Error: (10/24/2018 09:04:31 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
    Description: Event-ID 0

    Error: (10/24/2018 05:11:18 PM) (Source: Perflib) (EventID: 1023) (User: )
    Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

    Error: (10/24/2018 05:11:17 PM) (Source: Perflib) (EventID: 1008) (User: )
    Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

    Error: (10/24/2018 05:09:11 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
    Description: Event-ID 0

    Error: (10/23/2018 10:49:51 PM) (Source: SecurityCenter) (EventID: 16) (User: )
    Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF.


    System errors:
    =============
    Error: (10/25/2018 12:29:27 PM) (Source: IntelHaxm) (EventID: 10) (User: )
    Description: HAXM can't work on system with VT disabled

    Error: (10/25/2018 12:29:25 PM) (Source: BugCheck) (EventID: 1001) (User: )
    Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0xffffc10126bf3010, 0x00000000000000ff, 0x0000000000000000, 0xfffff80cf6a195ae). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 0f6c3ab8-853a-4760-87f4-6abcc5b84b3d.

    Error: (10/25/2018 12:29:19 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 12:26:15 PM on ‎10/‎25/‎2018 was unexpected.

    Error: (10/25/2018 11:16:04 AM) (Source: DCOM) (EventID: 10016) (User: Dragon)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user Dragon\Chuck SID (S-1-5-21-4180532363-1903722274-3440195036-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (10/24/2018 09:04:26 PM) (Source: DCOM) (EventID: 10010) (User: Dragon)
    Description: The server {D7FD466D-F6CF-4C8E-86DD-12E9B0FDAE48} did not register with DCOM within the required timeout.

    Error: (10/24/2018 09:04:26 PM) (Source: DCOM) (EventID: 10010) (User: Dragon)
    Description: The server {D7FD466D-F6CF-4C8E-86DD-12E9B0FDAE48} did not register with DCOM within the required timeout.

    Error: (10/24/2018 09:04:26 PM) (Source: DCOM) (EventID: 10010) (User: Dragon)
    Description: The server {D7FD466D-F6CF-4C8E-86DD-12E9B0FDAE48} did not register with DCOM within the required timeout.

    Error: (10/24/2018 09:04:26 PM) (Source: DCOM) (EventID: 10010) (User: Dragon)
    Description: The server {D7FD466D-F6CF-4C8E-86DD-12E9B0FDAE48} did not register with DCOM within the required timeout.


    Windows Defender:
    ===================================
    Date: 2018-10-23 14:16:26.589
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {DBCEA5CD-7FD6-442C-BE96-EAA787A965A7}
    Scan Type: Antimalware
    Scan Parameters: Full Scan

    Date: 2018-10-23 12:37:55.464
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {030E213D-2440-482D-B0FB-85AD58D5BDF7}
    Scan Type: Antimalware
    Scan Parameters: Full Scan

    Date: 2018-10-22 23:05:34.324
    Description:
    Windows Defender Antivirus has detected a suspicious behavior.
    Name: Informational:Behavior/ModifiedKernel
    ID: 4243965719
    Severity: Low
    Category: Suspicious Behavior
    Path Found: process:_0
    Detection Origin: Unknown
    Detection Type: Suspicious
    Detection Source: Real-Time Protection
    Status: Executing
    Process Name: Unknown
    Signature ID: 717259538435
    Signature Version: AV: 1.279.319.0, AS: 1.279.319.0
    Engine Version: 1.1.15400.4
    Fidelity Label: Medium
    Target File Name: c:\windows\\system32\drivers\vrtaucbl.sys

    Date: 2018-10-21 13:30:41.532
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {71EED63B-73D2-473B-9BCD-4698B2F3420E}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2018-10-21 13:30:06.461
    Description:
    Windows Defender Antivirus has detected a suspicious behavior.
    Name: Informational:Behavior/ModifiedKernel
    ID: 775295020
    Severity: Low
    Category: Suspicious Behavior
    Path Found: process:_0
    Detection Origin: Unknown
    Detection Type: Suspicious
    Detection Source: Real-Time Protection
    Status: Executing
    Process Name: Unknown
    Signature ID: 717259538435
    Signature Version: AV: 1.279.192.0, AS: 1.279.192.0
    Engine Version: 1.1.15400.4
    Fidelity Label: Medium
    Target File Name: c:\windows\\system32\drivers\vrtaucbl.sys

    CodeIntegrity:
    ===================================

    Date: 2018-08-12 14:50:47.586
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.

    Date: 2018-08-12 14:50:47.581
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.

    Date: 2018-08-12 14:50:47.516
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.

    Date: 2018-08-12 14:50:47.508
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.

    Date: 2018-08-12 14:50:47.500
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsreg.dll because the set of per-page image hashes could not be found on the system.

    Date: 2018-08-12 14:50:47.496
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsreg.dll because the set of per-page image hashes could not be found on the system.

    Date: 2018-08-12 14:50:47.266
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

    Date: 2018-08-12 14:50:47.249
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
    Percentage of memory in use: 17%
    Total physical RAM: 24557.38 MB
    Available physical RAM: 20311.52 MB
    Total Virtual: 28141.38 MB
    Available Virtual: 23098.42 MB

    ==================== Drives ================================

    Drive c: (SSD-RAID0) (Fixed) (Total:222.4 GB) (Free:57.07 GB) NTFS
    Drive d: (Double 750s) (Fixed) (Total:1397.27 GB) (Free:221.19 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive e: (Seagate Backup Plus Drive) (Fixed) (Total:7452.03 GB) (Free:5930.9 GB) NTFS

    \\?\Volume{a88527e1-1ea8-11e4-8250-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.08 GB) NTFS
    \\?\Volume{2e24967b-0000-0000-0000-40af37000000}\ () (Fixed) (Total:0.84 GB) (Free:0.45 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: 2E24967B)
    Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=222.4 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=856 MB) - (Type=27)

    ========================================================
    Disk: 1 (MBR Code: Windows 7/8/10) (Size: 1397.3 GB) (Disk ID: 6E697373)
    Partition 1: (Active) - (Size=1397.3 GB) - (Type=07 NTFS)
    Attempted reading MBR returned 0 bytes.
    Could not read MBR for disk 2.

    ==================== End of Addition.txt ============================

  4. #4
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    The below items need to be uninstalled or deleted from your programs list in the control panel.

    CPUID CPU-Z 1.75 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) <==== ATTENTION
    Java 7 Update 79 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417079FF}) (Version: 7.0.790 - Oracle)
    Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
    Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)

    we can install the most current version of Java later.

    ****************************************

    Start Farbar Recovery Scan Tool with Administrator privileges
    (Right click on the FRST icon and select Run as administrator)

    highlight on the text below and select Copy.
    beginning with Start:: and finishing with End::
    Start::
    CloseProcesses:
    CreateRestorePoint:
    GroupPolicyUsers\S-1-5-21-4180532363-1903722274-3440195036-1006\User: Restriction <==== ATTENTION
    GroupPolicyUsers\S-1-5-21-4180532363-1903722274-3440195036-1001\User: Restriction <==== ATTENTION
    SearchScopes: HKU\S-1-5-21-4180532363-1903722274-3440195036-1001 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={3A5DD0DC-8EA8-4D4F-91A3-CDA0237EC081}&mid=36224f07768747cca0fb252442305beb-1274ee933e1210bc95767ed0807ffc3bbea0032b&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516piz&pr=fr&d=2016-07-03 17:03:31&v=4.3.2.18&pid=wtu&sg=&sap=dsp&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4180532363-1903722274-3440195036-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={3A5DD0DC-8EA8-4D4F-91A3-CDA0237EC081}&mid=36224f07768747cca0fb252442305beb-1274ee933e1210bc95767ed0807ffc3bbea0032b&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516piz&pr=fr&d=2016-07-03 17:03:31&v=4.3.2.18&pid=wtu&sg=&sap=dsp&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4180532363-1903722274-3440195036-1001 -> {B1DE1E7D-F861-4858-A236-004162AD9495} URL = hxxp://search.strtpoint.com/results.html?v=insMac&t=1411&ap=578080078&q={searchTerms}&r=452
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-10] (Oracle Corporation)
    BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-10] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-16] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-16] (Oracle Corporation)
    FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-10] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-10] (Oracle Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-16] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-16] (Oracle Corporation)
    2018-10-22 15:12 - 2018-03-23 19:05 - 000374152 _____ (NVIDIA Corporation) C:\Users\Chuck\AppData\Local\Temp\nvStInst.exe
    2018-10-21 16:43 - 2018-10-21 16:43 - 057158752 _____ (Acresso Software Inc.) C:\Users\Chuck\AppData\Local\Temp\ubi2C59.tmp.exe
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => -> No File
    ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => -> No File
    Task: {1F20BCE3-86FC-429F-86A8-7720C825555D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {1FBF9A2B-44D9-4A96-8FE4-75B6841946F3} - \CCleanerSkipUAC -> No File <==== ATTENTION
    Task: {26A5F1C4-ADAB-445D-B243-BFF64AD1CA03} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {3348B140-EF69-44A5-844C-201B3D2C57FE} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {63610CD7-16E3-431C-A290-5AC66E5B70F3} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {7D9B7AF0-A80F-4FBE-8FC2-C77EE9D7D2CC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {9DEE82AB-509D-4657-B24E-E0EAE262B113} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {B535E689-044B-4B1F-BC73-968DB16E3DC1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {B5D8B1A5-4956-4C45-811C-4F1FE209CEAF} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {B872B500-2291-40CA-AFB4-A21E4235ED2B} - System32\Tasks\StartPoint Updater => C:\Users\Chuck\AppData\Local\StartPoint\startpoint\1.3.18.7\startup.exe <==== ATTENTION
    Task: {D9BF6923-B521-4D5D-B87A-A36CC7A004AE} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {D9FBE760-8F58-428D-A782-D24EF042FC80} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTIONTask: {E2983D0C-699D-48D2-A79C-53AAA59B9945} - System32\Tasks\StartPoint => C:\Users\Chuck\AppData\Local\StartPoint\startpoint\1.3.18.7\startpoint.exe <==== ATTENTION
    Task: {E80C0B61-0806-4726-918B-B5F750F56581} - \WPD\SqmUpload_S-1-5-21-4180532363-1903722274-3440195036-1007 -> No File <==== ATTENTION
    Task: {EB84D48F-2FD4-4C23-A5DF-F02834A59E8F} - \WPD\SqmUpload_S-1-5-21-4180532363-1903722274-3440195036-1001 -> No File <==== ATTENTION
    Task: {F3E251B6-E4E1-4C5A-A3EB-2EB6F4B1B6DD} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    ShortcutWithArgument: C:\Users\Chuck\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
    C:\Windows\Temp\*.*
    Emptytemp:
    End::
    Start FRST (FRST64) with Administrator privileges
    Press the Fix button. FRST will process the lines copied above from the clipboard.
    When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

    Please copy and paste its contents in your next reply.

    ~~~~~~~~~~~~~~~~`

    AdwCleaner - Fix Mode
    • Download AdwCleaner and move it to your Desktop
    • Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
    • Accept the EULA (I accept), then click on Scan
    • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean & Repair button. This will kill all the active processes
    • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
    • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


    RogueKiller
    • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
    • Once done, move the executable file to your Desktop, right-click on it and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
    • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
    • Wait for the scan to complete
    • On completion, the results will be displayed
    • Check every single entry (threat found), and click on the Remove Selected button
    • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
    • This will open the report in Notepad. Copy/paste its content in your next reply

    ** created by Aura


    Your next reply(ies) should therefore contain:
    • Copy/pasted Fixlog.txt
    • Copy/pasted AdwCleaner clean log
    • Copy/pasted RogueKiller clean log
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  5. #5
    Junior Member
    Join Date
    Oct 2018
    Posts
    13

    Default

    Hope i got this all right lol



    Fix result of Farbar Recovery Scan Tool (x64) Version: 24.10.2018
    Ran by Chuck (25-10-2018 23:30:40) Run:1
    Running from C:\Users\Chuck\Desktop
    Loaded Profiles: Chuck (Available Profiles: Chuck & VTUDKZXOX9)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CloseProcesses:
    CreateRestorePoint:
    GroupPolicyUsers\S-1-5-21-4180532363-1903722274-3440195036-1006\User: Restriction <==== ATTENTION
    GroupPolicyUsers\S-1-5-21-4180532363-1903722274-3440195036-1001\User: Restriction <==== ATTENTION
    SearchScopes: HKU\S-1-5-21-4180532363-1903722274-3440195036-1001 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={3A5DD0DC-8EA8-4D4F-91A3-CDA0237EC081}&mid=36224f07768747cca0fb252442305beb-1274ee933e1210bc95767ed0807ffc3bbea0032b&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516piz&pr=fr&d=2016-07-03 17:03:31&v=4.3.2.18&pid=wtu&sg=&sap=dsp&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4180532363-1903722274-3440195036-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={3A5DD0DC-8EA8-4D4F-91A3-CDA0237EC081}&mid=36224f07768747cca0fb252442305beb-1274ee933e1210bc95767ed0807ffc3bbea0032b&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516piz&pr=fr&d=2016-07-03 17:03:31&v=4.3.2.18&pid=wtu&sg=&sap=dsp&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4180532363-1903722274-3440195036-1001 -> {B1DE1E7D-F861-4858-A236-004162AD9495} URL = hxxp://search.strtpoint.com/results.html?v=insMac&t=1411&ap=578080078&q={searchTerms}&r=452
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-10] (Oracle Corporation)
    BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-10] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-16] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-16] (Oracle Corporation)
    FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-10] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-10] (Oracle Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-16] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-16] (Oracle Corporation)
    2018-10-22 15:12 - 2018-03-23 19:05 - 000374152 _____ (NVIDIA Corporation) C:\Users\Chuck\AppData\Local\Temp\nvStInst.exe
    2018-10-21 16:43 - 2018-10-21 16:43 - 057158752 _____ (Acresso Software Inc.) C:\Users\Chuck\AppData\Local\Temp\ubi2C59.tmp.exe
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => -> No File
    ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => -> No File
    Task: {1F20BCE3-86FC-429F-86A8-7720C825555D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {1FBF9A2B-44D9-4A96-8FE4-75B6841946F3} - \CCleanerSkipUAC -> No File <==== ATTENTION
    Task: {26A5F1C4-ADAB-445D-B243-BFF64AD1CA03} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {3348B140-EF69-44A5-844C-201B3D2C57FE} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {63610CD7-16E3-431C-A290-5AC66E5B70F3} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {7D9B7AF0-A80F-4FBE-8FC2-C77EE9D7D2CC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {9DEE82AB-509D-4657-B24E-E0EAE262B113} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {B535E689-044B-4B1F-BC73-968DB16E3DC1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {B5D8B1A5-4956-4C45-811C-4F1FE209CEAF} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {B872B500-2291-40CA-AFB4-A21E4235ED2B} - System32\Tasks\StartPoint Updater => C:\Users\Chuck\AppData\Local\StartPoint\startpoint\1.3.18.7\startup.exe <==== ATTENTION
    Task: {D9BF6923-B521-4D5D-B87A-A36CC7A004AE} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {D9FBE760-8F58-428D-A782-D24EF042FC80} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTIONTask: {E2983D0C-699D-48D2-A79C-53AAA59B9945} - System32\Tasks\StartPoint => C:\Users\Chuck\AppData\Local\StartPoint\startpoint\1.3.18.7\startpoint.exe <==== ATTENTION
    Task: {E80C0B61-0806-4726-918B-B5F750F56581} - \WPD\SqmUpload_S-1-5-21-4180532363-1903722274-3440195036-1007 -> No File <==== ATTENTION
    Task: {EB84D48F-2FD4-4C23-A5DF-F02834A59E8F} - \WPD\SqmUpload_S-1-5-21-4180532363-1903722274-3440195036-1001 -> No File <==== ATTENTION
    Task: {F3E251B6-E4E1-4C5A-A3EB-2EB6F4B1B6DD} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    ShortcutWithArgument: C:\Users\Chuck\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
    C:\Windows\Temp\*.*
    Emptytemp:

    *****************

    Processes closed successfully.
    Restore point was successfully created.
    C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-4180532363-1903722274-3440195036-1006\User => moved successfully
    C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
    C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-4180532363-1903722274-3440195036-1001\User => moved successfully
    "HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
    HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => removed successfully
    HKLM\Software\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => not found
    HKU\S-1-5-21-4180532363-1903722274-3440195036-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B1DE1E7D-F861-4858-A236-004162AD9495} => removed successfully
    HKLM\Software\Classes\CLSID\{B1DE1E7D-F861-4858-A236-004162AD9495} => not found
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => removed successfully
    HKLM\Software\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => removed successfully
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => removed successfully
    HKLM\Software\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => not found
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => removed successfully
    HKLM\Software\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => removed successfully
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => removed successfully
    HKLM\Software\Wow6432Node\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => removed successfully
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => removed successfully
    HKLM\Software\Wow6432Node\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => removed successfully
    HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.31.2 => removed successfully
    C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll => moved successfully
    HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2 => removed successfully
    C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll => moved successfully
    HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.45.2 => removed successfully
    C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll => moved successfully
    HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.45.2 => removed successfully
    C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll => moved successfully
    C:\Users\Chuck\AppData\Local\Temp\nvStInst.exe => moved successfully
    C:\Users\Chuck\AppData\Local\Temp\ubi2C59.tmp.exe => moved successfully
    HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
    HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
    HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxDTCM => removed successfully
    HKLM\Software\Classes\CLSID\{9B5F5829-A529-4B12-814A-E81BCB8D93FC} => not found
    HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxOSP => removed successfully
    HKLM\Software\Classes\CLSID\{FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => not found
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1F20BCE3-86FC-429F-86A8-7720C825555D}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F20BCE3-86FC-429F-86A8-7720C825555D}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1FBF9A2B-44D9-4A96-8FE4-75B6841946F3}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1FBF9A2B-44D9-4A96-8FE4-75B6841946F3}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC" => not found
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{26A5F1C4-ADAB-445D-B243-BFF64AD1CA03}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{26A5F1C4-ADAB-445D-B243-BFF64AD1CA03}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3348B140-EF69-44A5-844C-201B3D2C57FE}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3348B140-EF69-44A5-844C-201B3D2C57FE}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{63610CD7-16E3-431C-A290-5AC66E5B70F3}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63610CD7-16E3-431C-A290-5AC66E5B70F3}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7D9B7AF0-A80F-4FBE-8FC2-C77EE9D7D2CC}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D9B7AF0-A80F-4FBE-8FC2-C77EE9D7D2CC}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9DEE82AB-509D-4657-B24E-E0EAE262B113}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9DEE82AB-509D-4657-B24E-E0EAE262B113}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B535E689-044B-4B1F-BC73-968DB16E3DC1}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B535E689-044B-4B1F-BC73-968DB16E3DC1}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B5D8B1A5-4956-4C45-811C-4F1FE209CEAF}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5D8B1A5-4956-4C45-811C-4F1FE209CEAF}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B872B500-2291-40CA-AFB4-A21E4235ED2B}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B872B500-2291-40CA-AFB4-A21E4235ED2B}" => removed successfully
    C:\WINDOWS\System32\Tasks\StartPoint Updater => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\StartPoint Updater" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D9BF6923-B521-4D5D-B87A-A36CC7A004AE}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D9BF6923-B521-4D5D-B87A-A36CC7A004AE}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D9FBE760-8F58-428D-A782-D24EF042FC80}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D9FBE760-8F58-428D-A782-D24EF042FC80}" => removed successfully
    "C:\WINDOWS\\Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTIONTask: {E2983D0C-699D-48D2-A79C-53AAA59B9945} - System32\Tasks\StartPoint" => not found
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\TreeTask: {D9FBE760-8F58-428D-A782-D24EF042FC80} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION\StartPoint" => not found
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E80C0B61-0806-4726-918B-B5F750F56581}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E80C0B61-0806-4726-918B-B5F750F56581}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-4180532363-1903722274-3440195036-1007" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EB84D48F-2FD4-4C23-A5DF-F02834A59E8F}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB84D48F-2FD4-4C23-A5DF-F02834A59E8F}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-4180532363-1903722274-3440195036-1001" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3E251B6-E4E1-4C5A-A3EB-2EB6F4B1B6DD}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3E251B6-E4E1-4C5A-A3EB-2EB6F4B1B6DD}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
    C:\Users\Chuck\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk => Shortcut argument removed successfully

    =========== "C:\Windows\Temp\*.*" ==========

    C:\Windows\Temp\HandsetInstallInfo.log => moved successfully
    C:\Windows\Temp\MpCmdRun.log => moved successfully
    C:\Windows\Temp\MpSigStub.log => moved successfully
    C:\Windows\Temp\sa.9WZDNCRFJ9WM_0__.Public.InstallAgent.dat => moved successfully
    C:\Windows\Temp\TS_884A.tmp => moved successfully

    ========= End -> "C:\Windows\Temp\*.*" ========


    =========== EmptyTemp: ==========

    BITS transfer queue => 9199616 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 308668795 B
    Java, Flash, Steam htmlcache => 216757732 B
    Windows/system/drivers => 5480 B
    Edge => 1707640 B
    Chrome => 628026414 B
    Firefox => 0 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 6656 B
    Users => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 0 B
    systemprofile32 => 0 B
    LocalService => 12996 B
    LocalService => 0 B
    NetworkService => 217232 B
    NetworkService => 974 B
    Chuck => 719859574 B
    VTUDKZXOX9 => 13124 B

    RecycleBin => 0 B
    EmptyTemp: => 1.8 GB temporary data Removed.

    ================================


    The system needed a reboot.

    ==== End of Fixlog 23:32:56 ====



    # -------------------------------
    # Malwarebytes AdwCleaner 7.2.4.0
    # -------------------------------
    # Build: 09-25-2018
    # Database: 2018-10-23.1 (Cloud)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Clean
    # -------------------------------
    # Start: 10-25-2018
    # Duration: 00:00:02
    # OS: Windows 10 Pro
    # Cleaned: 28
    # Failed: 0


    ***** [ Services ] *****

    No malicious services cleaned.

    ***** [ Folders ] *****

    Deleted C:\ProgramData\AVG_UPDATE_0816TB
    Deleted C:\Users\Chuck\Documents\TotalAV
    Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
    Deleted C:\Program Files (x86)\myfree codec
    Deleted C:\Users\Chuck\AppData\Roaming\AdvertismentImages
    Deleted C:\Users\Chuck\AppData\Local\StartPoint

    ***** [ Files ] *****

    Deleted C:\Users\Chuck\Downloads\SpyHunter-Installer.exe

    ***** [ DLL ] *****

    No malicious DLLs cleaned.

    ***** [ WMI ] *****

    No malicious WMI cleaned.

    ***** [ Shortcuts ] *****

    No malicious shortcuts cleaned.

    ***** [ Tasks ] *****

    Deleted C:\Windows\System32\Tasks\startpoint

    ***** [ Registry ] *****

    Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\driversupport.com
    Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\download.driversupport.com
    Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\driversupport.com
    Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\download.driversupport.com
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
    Deleted HKLM\Software\AVG Secure Search
    Deleted HKCU\Software\Myfree Codec
    Deleted HKLM\Software\Wow6432Node\Myfree Codec
    Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
    Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E2983D0C-699D-48D2-A79C-53AAA59B9945}
    Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E2983D0C-699D-48D2-A79C-53AAA59B9945}
    Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\startpoint
    Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\thebrighttag.com
    Deleted HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant
    Deleted HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant

    ***** [ Chromium (and derivatives) ] *****

    Deleted AVG Web TuneUp
    Deleted FromDocToPDF

    ***** [ Chromium URLs ] *****

    Deleted Ask
    Deleted https://homepage-web.com/?s=toshibaupd&m=start
    Deleted AOL

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries cleaned.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs cleaned.


    *************************

    [+] Delete Tracing Keys
    [+] Reset Winsock

    *************************

    AdwCleaner[S00].txt - [4014 octets] - [25/10/2018 23:39:14]

    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########


    RogueKiller V12.13.6.0 (x64) [Oct 22 2018] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : https://forum.adlice.com
    Website : http://www.adlice.com/download/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 10 (10.0.17134) 64 bits version
    Started in : Normal mode
    User : Chuck [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Mode : Delete -- Date : 10/25/2018 23:45:25 (Duration : 00:40:52)

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 5 ¤¤¤
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {92149023-79E8-4323-ACD0-771542076AD3} : v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|App=C:\Users\Chuck\AppData\Local\Temp\HouseCall\tmase\nmap\nmap.exe|Name=nmap4trend|Desc=nmap4trend|EmbedCtxt=nmap4trend|Edge=TRUE|Defer=App| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1928B473-44A4-4E8D-85D5-1EFE40D7CF43} : v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|App=C:\Users\Chuck\AppData\Local\Temp\HouseCall\tmase\nmap\bonjour.exe|Name=bonjour4trend|Desc=bonjour4trend|EmbedCtxt=bonjour4trend|Edge=TRUE|Defer=App| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4EDE81C2-50B8-4F4A-A25E-16DE5D33E2CF} : v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|App=C:\Users\Chuck\AppData\Local\Temp\HouseCall\tmase\nmap\nmap.exe|Name=nmap4trend|Desc=nmap4trend|EmbedCtxt=nmap4trend|Edge=TRUE|Defer=App| [x] -> Not selected
    [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected
    [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected

    ¤¤¤ Tasks : 1 ¤¤¤
    [Hj.Shortcut] \{1EF2C581-B9DB-4018-9D32-916C517E750E} -- "c:\program files (x86)\google\chrome\application\chrome.exe" (http://ui.skype.com/ui/0/7.8.64.102/...ll?page=tsBing) -> Deleted

    ¤¤¤ Files : 25 ¤¤¤
    [PUP.uTorrentAds][File] C:\Users\Chuck\AppData\Roaming\uTorrent\updates\3.4.5_41073\utorrentie.exe -> Deleted
    [PUP.uTorrentAds][File] C:\Users\Chuck\AppData\Roaming\uTorrent\updates\3.4.5_41162\utorrentie.exe -> Deleted
    [PUP.uTorrentAds][File] C:\Users\Chuck\AppData\Roaming\uTorrent\updates\3.4.5_41202\utorrentie.exe -> Deleted
    [PUP.uTorrentAds][File] C:\Users\Chuck\AppData\Roaming\uTorrent\updates\3.4.5_41865\utorrentie.exe -> Deleted
    [PUP.uTorrentAds][File] C:\Users\Chuck\AppData\Roaming\uTorrent\updates\3.4.6_42094\utorrentie.exe -> Deleted
    [PUP.uTorrentAds][File] C:\Users\Chuck\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe -> Deleted
    [PUP.uTorrentAds][File] C:\Users\Chuck\AppData\Roaming\uTorrent\updates\3.4.8_42576\utorrentie.exe -> Deleted
    [PUP.uTorrentAds][File] C:\Users\Chuck\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe -> Deleted
    [PUP.uTorrentAds][File] C:\Users\Chuck\AppData\Roaming\uTorrent\updates\3.4.9_42923\utorrentie.exe -> Deleted
    [PUP.uTorrentAds][File] C:\Users\Chuck\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe -> Deleted
    [PUP.uTorrentAds][File] C:\Users\Chuck\AppData\Roaming\uTorrent\updates\3.4.9_43085\utorrentie.exe -> Deleted
    [PUP.uTorrentAds][File] C:\Users\Chuck\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe -> Deleted
    [PUP.uTorrentAds][File] C:\Users\Chuck\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe -> Deleted
    [PUP.uTorrentAds][File] C:\Users\Chuck\AppData\Roaming\uTorrent\updates\3.5.0_43580\utorrentie.exe -> Deleted
    [PUP.uTorrentAds][File] C:\Users\Chuck\AppData\Roaming\uTorrent\updates\3.5.0_43804\utorrentie.exe -> Deleted
    [PUP.uTorrentAds][File] C:\Users\Chuck\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe -> Deleted
    [PUP.uTorrentAds][File] C:\Users\Chuck\AppData\Roaming\uTorrent\updates\3.5.0_44090\utorrentie.exe -> Deleted
    [PUP.uTorrentAds][File] C:\Users\Chuck\AppData\Roaming\uTorrent\updates\3.5.0_44294\utorrentie.exe -> Deleted
    [PUP.uTorrentAds][File] C:\Users\Chuck\AppData\Roaming\uTorrent\updates\3.5.1_44332\utorrentie.exe -> Deleted
    [PUP.uTorrentAds][File] C:\Users\Chuck\AppData\Roaming\uTorrent\updates\3.5.3_44358\utorrentie.exe -> Deleted
    [PUP.uTorrentAds][File] C:\Users\Chuck\AppData\Roaming\uTorrent\updates\3.5.3_44396\utorrentie.exe -> Deleted
    [PUP.uTorrentAds][File] C:\Users\Chuck\AppData\Roaming\uTorrent\updates\3.5.3_44494\utorrentie.exe -> Deleted
    [PUP.uTorrentAds][File] C:\Users\Chuck\AppData\Roaming\uTorrent\updates\3.5.4_44520\utorrentie.exe -> Deleted
    [PUP.uTorrentAds][File] C:\Users\Chuck\AppData\Roaming\uTorrent\updates\3.5.4_44632\utorrentie.exe -> Deleted
    [PUP.AutoIt.Gen][File] C:\Users\Chuck\Desktop\AutoClicker.exe -> Deleted

    ¤¤¤ WMI : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

    ¤¤¤ Web browsers : 2 ¤¤¤
    [PUM.HomePage][Chrome:Config] Profile 1 [SecurePrefs] : homepage [http://192.168.1.1/] -> Not selected
    [PUM.SearchPage][Chrome:Config] Profile 1 [SecurePrefs] : default_search_provider_data.template_url_data.keyword [http://www.google.com__] -> Not selected

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: Intel Raid 0 Volume +++++
    --- User ---
    [MBR] a7dfa2b8098950cc4b128c949de6073d
    [BSP] c8e9a80aaafed0d115bff0475d30f461 : Windows Vista/7/8|VT.Unknown MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 227732 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 467116032 | Size: 856 MB
    User = LL1 ... OK
    Error reading LL2 MBR! NOT VALID!

    +++++ PhysicalDrive1: Intel Raid 0 Volume +++++
    --- User ---
    [MBR] 85cd56db8613aaff127661b076f28fcb
    [BSP] cf217890c859cc1db567fd6ec7d9a10f : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1430802 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    Error reading LL2 MBR! NOT VALID!

    +++++ PhysicalDrive2: Seagate Backup+ Desk SCSI Disk Device +++++
    Error reading User MBR! ([57] The parameter is incorrect. )
    Error reading LL1 MBR! ([45d] The request could not be performed because of an I/O device error. )
    Error reading LL2 MBR! ([1] Incorrect function. )

    +++++ PhysicalDrive3: HP ENVY 5530 series USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

  6. #6
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Let's check for remnants

    Please download the Malwarebytes Anti-Malware setup file to your Desktop.

    OR from this location Here
    ~~
    • Open mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme.
    • Windows Vista, Windows 7 , 8, 8.1 and 10 : Right click and select "Run as Administrator"
    • After the installation IS complete let it update if it asks.
    • Under SETTINGS.....APPLICATIONS leave everything at default
    • Under SETTINGS.....PROTECTION make sure AUTOMATIC QUARANTINE is on.
    • Then go to the Dashboard and click on SCAN NOW
    • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
      Upon completion of the scan (or after the reboot), click the Reports tab.
      Double-click the Scan Log.
      At the bottom click Export and choose Text file.

      Save the file to your desktop and include its content in your next reply.

      You can access the logs by going in the "Reports" tab, clicking on the latest "Scan" entry (the one with detections), then clicking on the "Export" button in the bottom-left corner and select "Copy to clipboard". After that, all you have to do is paste it here
    • Then click on POST
    • Exit Malwarebytes

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

    Emsisoft Emergency Kit - Fix Mode
    Follow the instructions below to run a scan using the Emsisoft Emergency Kit.
    • Download the Emsisoft Emergency Kit and execute it. From there, click on the Install button to extract the program in the EEK folder;
    • Once the extraction is complete, the EEK folder will open. Right-click on start emergency kit scanner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
    • EEK will suggest that you run an online update before using the program. Click on Yes to launch it.
    • After the update, click on Malware Scan under 2. Scan and accept to let EEK detect PUPs (click on Yes).
    • Once the scan is complete, make sure that every item in the list is checked, and click on the Quarantine selected button;
    • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
    • After the restart, open EEK again (in the C:\EEK folder);
    • This time, click on Logs;
    • From there, go under the Quarantine Log tab, and click on the Export button;
    • Save the log on your desktop, then open it, and copy/paste its content in your next reply;

    Please post these 2 logs when finished.

    Also, tell me how the computer is now.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •