Results 1 to 6 of 6

Thread: Windows 10 Running Very Slow

  1. #1
    Member
    Join Date
    Nov 2005
    Posts
    35

    Question Windows 10 Running Very Slow

    Trying to determine why my windows 10 PC is running so slow. I thought it best to rule out adware/malware issues first. I've already run a scan with updated malwarebytes antimalware tool. Windows crashes when I try to scan with awsMBR.

    Here's my FRST log:
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24.10.2018
    Ran by Joshua (administrator) on NORTHORPHQGX (04-11-2018 17:49:00)
    Running from C:\Stash2
    Loaded Profiles: Joshua (Available Profiles: Joshua & DefaultAppPool)
    Platform: Windows 10 Pro Version 1803 17134.376 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Edge)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe
    (Microsoft Corporation) C:\Windows\System32\mqsvc.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
    () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Valve Corporation) C:\Games\Steam\Steam.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Wondershare) C:\Program Files (x86)\Wondershare\dr.fone toolkit for Android\Addins\AndroidBackupRestore\BackupRemind.exe
    (Sony Computer Entertainment Inc.) C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
    (Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
    (Scarlet.Crush Productions) C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpTrayApp.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (ArcSoft Inc.) C:\Program Files (x86)\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe
    (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
    (Sony Computer Entertainment Inc.) C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
    (DivX, LLC) C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    (Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    () C:\Program Files (x86)\Anvsoft\Syncios\SynciosDeviceService.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
    () C:\Program Files (x86)\Anvsoft\Syncios\androidnotifier.exe
    (Valve Corporation) C:\Games\Steam\bin\cef\cef.win7\steamwebhelper.exe
    (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    (Valve Corporation) C:\Games\Steam\bin\cef\cef.win7\steamwebhelper.exe
    (Valve Corporation) C:\Games\Steam\bin\cef\cef.win7\steamwebhelper.exe
    () C:\Program Files (x86)\Anvsoft\Syncios\adb.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
    (Valve Corporation) C:\Games\Steam\bin\cef\cef.win7\steamwebhelper.exe
    (Valve Corporation) C:\Games\Steam\bin\cef\cef.win7\steamwebhelper.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Farbar) C:\Stash2\FRST64-112018.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
    HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2015-08-18] (Pixart Imaging Inc)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
    HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
    HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe [8947008 2014-12-18] ()
    HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-05-09] (Apple Inc.)
    HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
    HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-16] (Intel Corporation)
    HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-12-03] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-12-03] (Adobe Systems Inc.)
    HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448520 2015-06-24] (DivX, LLC)
    HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861640 2015-06-26] (DivX, LLC)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67896 2017-05-08] (Apple Inc.)
    HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
    HKLM-x32\...\Run: [Syncios device service] => C:\Program Files (x86)\Anvsoft\Syncios\SynciosDeviceService.exe [1910424 2017-06-06] ()
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
    HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
    HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
    HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3113768 2018-11-04] (Electronic Arts)
    HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\Run: [Steam] => C:\Games\Steam\steam.exe [3208992 2018-10-12] (Valve Corporation)
    HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
    HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\Policies\Explorer: [NoDrives] 33554432
    HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\Policies\Explorer: [NoViewOnDrive] 0
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\aa_patch.exe [2016-08-03] ()
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BackupRemind.lnk [2017-02-04]
    ShortcutTarget: BackupRemind.lnk -> C:\Program Files (x86)\Wondershare\dr.fone toolkit for Android\Addins\AndroidBackupRestore\BackupRemind.exe (Wondershare)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Content Manager Assistant for PlayStation(R).lnk [2016-08-29]
    ShortcutTarget: Content Manager Assistant for PlayStation(R).lnk -> C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe (Sony Computer Entertainment Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-10-09]
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScpToolkit Tray Notifications.lnk [2017-11-01]
    ShortcutTarget: ScpToolkit Tray Notifications.lnk -> C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpTrayApp.exe (Scarlet.Crush Productions)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TotalMedia Server.lnk [2014-09-03]
    ShortcutTarget: TotalMedia Server.lnk -> C:\Program Files (x86)\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe (ArcSoft Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
    Tcpip\..\Interfaces\{23fab50d-039c-46a1-93b9-a284bb6728cf}: [DhcpNameServer] 192.168.1.1 192.168.1.1

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-02-25] (Eyeo GmbH)
    BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-01-18] (Oracle Corporation)
    BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-18] (Oracle Corporation)
    BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
    BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-02-25] (Eyeo GmbH)
    BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)

    FireFox:
    ========
    FF DefaultProfile: 59uig06a.default
    FF ProfilePath: C:\Users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\59uig06a.default [2018-07-26]
    FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
    FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-03-08] [Legacy] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-10-09] [Legacy] [not signed]
    FF HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_31_0_0_122.dll [2018-11-04] ()
    FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_122.dll [2018-11-04] ()
    FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
    FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2015-06-29] (DivX, LLC)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-18] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-18] (Oracle Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
    FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2577772942-3954309557-1672937280-1000: SkypePlugin -> C:\Users\Joshua\AppData\Local\SkypePlugin\7.7.0.219\npGatewayNpapi.dll [2015-09-23] (Skype Technologies S.A.)
    FF Plugin HKU\S-1-5-21-2577772942-3954309557-1672937280-1000: SkypePlugin64 -> C:\Users\Joshua\AppData\Local\SkypePlugin\7.7.0.219\npGatewayNpapi-x64.dll [2015-09-23] (Skype Technologies S.A.)

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR StartupUrls: Default -> "hxxp://www.google.com/"
    CHR Profile: C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default [2018-11-04]
    CHR Extension: (Adblock Plus) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-11-04]
    CHR Extension: (Dark Theme v3) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\djlgdeklopcjagknhlchbdjekgpgenad [2016-09-21]
    CHR Extension: (ARC Welder) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\emfinbmielocnlhgmfkkmkngdoccbadn [2018-02-07]
    CHR Extension: (App Runtime for Chrome (Beta)) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfaihdlpglflfgpfjcifdjdjcckigekc [2016-11-01]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
    CHR Extension: (Chrome Media Router) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-11-04]
    CHR Extension: (CVS) - C:\Users\Joshua\Downloads\CVS pharmacy_v2.7.3_apkpure.com.apk_export_sPmlk [2016-06-20]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
    R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
    R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
    R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [333688 2018-06-13] (HP Inc.)
    S2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-22] (HP Inc.)
    R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [365040 2017-10-20] (Intel Corporation)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
    R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe [713568 2014-12-18] ()
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
    S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [32384 2016-10-03] (The OpenVPN Project)
    S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2268992 2018-11-04] (Electronic Arts)
    S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3129160 2018-11-04] (Electronic Arts)
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
    S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
    S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-07-14] (Microsoft Corporation)
    S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
    S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
    S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH) [File not signed]
    S3 updater; C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpUpdater.exe [464384 2016-01-10] (Nefarius Software Solutions) [File not signed]
    S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\NisSrv.exe [3917016 2018-11-03] (Microsoft Corporation)
    S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MsMpEng.exe [114208 2018-11-03] (Microsoft Corporation)
    S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.2.220\WsAppService.exe [441344 2017-01-05] (Wondershare) [File not signed]
    S2 WsDrvInst; C:\Program Files (x86)\Wondershare\dr.fone toolkit for Android\Library\DriverInstaller\DriverInstall.exe [124048 2017-01-05] (Wondershare)
    R2 NvContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000
    S3 NvContainerNetworkService; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000
    R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
    R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin"

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 ArcSec; C:\WINDOWS\System32\drivers\ArcSec.sys [312184 2010-09-21] () [File not signed]
    S3 ElcMouLFlt; C:\WINDOWS\System32\drivers\ElcMouLFlt.sys [28648 2015-12-10] (ELECOM)
    S3 ElcMouUFlt; C:\WINDOWS\System32\drivers\ElcMouUFlt.sys [27624 2015-12-10] (ELECOM)
    R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152688 2018-10-18] (Malwarebytes)
    R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198000 2018-11-04] (Malwarebytes)
    R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [119136 2018-11-04] (Malwarebytes)
    R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [63768 2018-11-04] (Malwarebytes)
    R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [260480 2018-11-04] (Malwarebytes)
    R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [111152 2018-11-04] (Malwarebytes)
    R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation)
    S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-08-17] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-08-17] (NVIDIA Corporation)
    R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-08-17] (NVIDIA Corporation)
    S3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [22600 2014-01-14] ()
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-11] (Realtek )
    S3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
    S3 sscdserd; C:\WINDOWS\system32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
    R1 StarPortLite; C:\WINDOWS\System32\drivers\StarPortLite.sys [114960 2009-01-28] (Rocket Division Software)
    S3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2015-08-18] ()
    S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46184 2018-11-03] (Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [328696 2018-11-03] (Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60408 2018-11-03] (Microsoft Corporation)
    R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
    S3 gzflt; \??\C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [X]
    U3 idsvc; no ImagePath
    S1 MpKsl34d21efb; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FF124CBD-A45E-4BCC-9BF7-3A0B550C8F88}\MpKsl34d21efb.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-11-04 17:27 - 2018-11-04 17:27 - 000063768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2018-11-04 17:26 - 2018-11-04 17:26 - 000260480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
    2018-11-04 17:26 - 2018-11-04 17:26 - 000198000 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
    2018-11-04 17:26 - 2018-11-04 17:26 - 000119136 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
    2018-11-04 17:26 - 2018-11-04 17:26 - 000111152 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
    2018-11-04 17:12 - 2018-11-04 17:12 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
    2018-11-04 17:09 - 2018-11-04 17:21 - 000168908 _____ C:\WINDOWS\ntbtlog.txt
    2018-11-04 14:06 - 2018-10-21 02:46 - 007519896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2018-11-04 14:06 - 2018-10-21 02:30 - 025855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2018-11-04 14:06 - 2018-10-21 02:19 - 006569536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2018-11-04 14:05 - 2018-10-21 08:00 - 021386368 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2018-11-04 14:05 - 2018-10-21 06:41 - 001540408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
    2018-11-04 14:05 - 2018-10-21 02:48 - 005602456 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
    2018-11-04 14:05 - 2018-10-21 02:46 - 009089544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2018-11-04 14:05 - 2018-10-21 02:46 - 007432136 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2018-11-04 14:05 - 2018-10-21 02:22 - 022714880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2018-11-04 14:05 - 2018-10-21 02:22 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
    2018-11-04 14:05 - 2018-10-21 02:17 - 007577088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2018-11-04 14:05 - 2018-10-21 02:11 - 022017024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2018-11-04 14:05 - 2018-10-21 02:04 - 019403776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2018-11-04 14:04 - 2018-10-21 07:46 - 013572096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
    2018-11-04 14:04 - 2018-10-21 07:46 - 004393472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
    2018-11-04 14:04 - 2018-10-21 07:45 - 012709888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2018-11-04 14:04 - 2018-10-21 07:41 - 003649024 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2018-11-04 14:04 - 2018-10-21 06:37 - 020381808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2018-11-04 14:04 - 2018-10-21 06:28 - 012501504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
    2018-11-04 14:04 - 2018-10-21 06:26 - 011902464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2018-11-04 14:04 - 2018-10-21 02:47 - 001221128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
    2018-11-04 14:04 - 2018-10-21 02:45 - 003283512 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
    2018-11-04 14:04 - 2018-10-21 02:28 - 016592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2018-11-04 14:04 - 2018-10-21 02:22 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
    2018-11-04 14:04 - 2018-10-21 02:22 - 004384768 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
    2018-11-04 14:04 - 2018-10-21 02:21 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
    2018-11-04 14:04 - 2018-10-21 02:20 - 003397120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2018-11-04 14:04 - 2018-10-21 02:19 - 006039560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
    2018-11-04 14:04 - 2018-10-21 02:18 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
    2018-11-04 14:04 - 2018-10-21 02:17 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
    2018-11-04 14:04 - 2018-10-21 02:09 - 013873664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2018-11-04 14:04 - 2018-10-21 02:07 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
    2018-11-04 14:04 - 2018-10-21 01:59 - 005777920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2018-11-04 14:03 - 2018-10-21 08:04 - 002267448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
    2018-11-04 14:03 - 2018-10-21 08:00 - 001639560 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
    2018-11-04 14:03 - 2018-10-21 08:00 - 001516120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
    2018-11-04 14:03 - 2018-10-21 08:00 - 000790416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
    2018-11-04 14:03 - 2018-10-21 07:59 - 000766480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
    2018-11-04 14:03 - 2018-10-21 07:43 - 000345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
    2018-11-04 14:03 - 2018-10-21 07:43 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
    2018-11-04 14:03 - 2018-10-21 07:42 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
    2018-11-04 14:03 - 2018-10-21 07:42 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
    2018-11-04 14:03 - 2018-10-21 07:41 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
    2018-11-04 14:03 - 2018-10-21 07:41 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
    2018-11-04 14:03 - 2018-10-21 06:38 - 001322376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
    2018-11-04 14:03 - 2018-10-21 06:38 - 000662312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
    2018-11-04 14:03 - 2018-10-21 06:38 - 000660480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
    2018-11-04 14:03 - 2018-10-21 06:37 - 001626656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
    2018-11-04 14:03 - 2018-10-21 06:23 - 002892288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
    2018-11-04 14:03 - 2018-10-21 06:23 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
    2018-11-04 14:03 - 2018-10-21 06:22 - 002405888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
    2018-11-04 14:03 - 2018-10-21 02:54 - 001035240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
    2018-11-04 14:03 - 2018-10-21 02:53 - 000272200 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
    2018-11-04 14:03 - 2018-10-21 02:53 - 000269128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
    2018-11-04 14:03 - 2018-10-21 02:47 - 001062712 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
    2018-11-04 14:03 - 2018-10-21 02:47 - 001029432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
    2018-11-04 14:03 - 2018-10-21 02:47 - 000566776 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
    2018-11-04 14:03 - 2018-10-21 02:47 - 000076304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
    2018-11-04 14:03 - 2018-10-21 02:46 - 002824712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2018-11-04 14:03 - 2018-10-21 02:46 - 000717112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
    2018-11-04 14:03 - 2018-10-21 02:46 - 000611640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
    2018-11-04 14:03 - 2018-10-21 02:46 - 000560136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
    2018-11-04 14:03 - 2018-10-21 02:46 - 000497864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
    2018-11-04 14:03 - 2018-10-21 02:46 - 000171024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
    2018-11-04 14:03 - 2018-10-21 02:45 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2018-11-04 14:03 - 2018-10-21 02:45 - 001946208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2018-11-04 14:03 - 2018-10-21 02:45 - 001456728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2018-11-04 14:03 - 2018-10-21 02:45 - 001257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2018-11-04 14:03 - 2018-10-21 02:45 - 001140472 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2018-11-04 14:03 - 2018-10-21 02:45 - 001098064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
    2018-11-04 14:03 - 2018-10-21 02:45 - 000982400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
    2018-11-04 14:03 - 2018-10-21 02:45 - 000793096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
    2018-11-04 14:03 - 2018-10-21 02:45 - 000607136 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
    2018-11-04 14:03 - 2018-10-21 02:45 - 000185120 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
    2018-11-04 14:03 - 2018-10-21 02:45 - 000175624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
    2018-11-04 14:03 - 2018-10-21 02:45 - 000139792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
    2018-11-04 14:03 - 2018-10-21 02:21 - 001589248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
    2018-11-04 14:03 - 2018-10-21 02:21 - 000123424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
    2018-11-04 14:03 - 2018-10-21 02:20 - 000424000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
    2018-11-04 14:03 - 2018-10-21 02:20 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
    2018-11-04 14:03 - 2018-10-21 02:19 - 002487088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
    2018-11-04 14:03 - 2018-10-21 02:19 - 001620776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2018-11-04 14:03 - 2018-10-21 02:19 - 001130768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
    2018-11-04 14:03 - 2018-10-21 02:19 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
    2018-11-04 14:03 - 2018-10-21 02:19 - 000505616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
    2018-11-04 14:03 - 2018-10-21 02:19 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ofdeploy.exe
    2018-11-04 14:03 - 2018-10-21 02:18 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
    2018-11-04 14:03 - 2018-10-21 02:18 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Activities.dll
    2018-11-04 14:03 - 2018-10-21 02:18 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
    2018-11-04 14:03 - 2018-10-21 02:18 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
    2018-11-04 14:03 - 2018-10-21 02:18 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
    2018-11-04 14:03 - 2018-10-21 02:17 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
    2018-11-04 14:03 - 2018-10-21 02:17 - 001668096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdprt.dll
    2018-11-04 14:03 - 2018-10-21 02:17 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
    2018-11-04 14:03 - 2018-10-21 02:17 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
    2018-11-04 14:03 - 2018-10-21 02:17 - 000473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
    2018-11-04 14:03 - 2018-10-21 02:17 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvrcp.dll
    2018-11-04 14:03 - 2018-10-21 02:17 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
    2018-11-04 14:03 - 2018-10-21 02:16 - 002584576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
    2018-11-04 14:03 - 2018-10-21 02:16 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
    2018-11-04 14:03 - 2018-10-21 02:16 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2018-11-04 14:03 - 2018-10-21 02:16 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
    2018-11-04 14:03 - 2018-10-21 02:16 - 000514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
    2018-11-04 14:03 - 2018-10-21 02:15 - 003212800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
    2018-11-04 14:03 - 2018-10-21 02:15 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2018-11-04 14:03 - 2018-10-21 02:15 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
    2018-11-04 14:03 - 2018-10-21 02:15 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
    2018-11-04 14:03 - 2018-10-21 02:15 - 000743936 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintRenderAPIHost.DLL
    2018-11-04 14:03 - 2018-10-21 02:14 - 002224640 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2018-11-04 14:03 - 2018-10-21 02:14 - 001919488 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
    2018-11-04 14:03 - 2018-10-21 02:14 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
    2018-11-04 14:03 - 2018-10-21 02:14 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2018-11-04 14:03 - 2018-10-21 02:14 - 001373696 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
    2018-11-04 14:03 - 2018-10-21 02:14 - 001034752 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
    2018-11-04 14:03 - 2018-10-21 02:14 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
    2018-11-04 14:03 - 2018-10-21 02:14 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
    2018-11-04 14:03 - 2018-10-21 02:14 - 000632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
    2018-11-04 14:03 - 2018-10-21 02:14 - 000453632 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
    2018-11-04 14:03 - 2018-10-21 02:14 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
    2018-11-04 14:03 - 2018-10-21 02:02 - 002966528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
    2018-11-04 14:03 - 2018-10-21 02:02 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
    2018-11-04 14:03 - 2018-10-21 02:01 - 001189376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
    2018-11-04 14:03 - 2018-10-21 02:00 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
    2018-11-04 14:03 - 2018-10-21 01:59 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
    2018-11-04 14:03 - 2018-10-21 01:58 - 001627648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2018-11-04 14:03 - 2018-10-21 01:58 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
    2018-11-04 14:03 - 2018-10-21 01:58 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
    2018-11-04 14:03 - 2018-10-21 01:57 - 002611200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
    2018-11-04 14:03 - 2018-10-21 01:57 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
    2018-11-04 14:03 - 2018-10-21 00:59 - 000806320 _____ C:\WINDOWS\SysWOW64\locale.nls
    2018-11-04 14:03 - 2018-10-21 00:59 - 000806320 _____ C:\WINDOWS\system32\locale.nls
    2018-11-04 14:02 - 2018-10-21 08:00 - 000396304 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
    2018-11-04 14:02 - 2018-10-21 07:59 - 000236728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
    2018-11-04 14:02 - 2018-10-21 07:46 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
    2018-11-04 14:02 - 2018-10-21 07:45 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
    2018-11-04 14:02 - 2018-10-21 07:44 - 000623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
    2018-11-04 14:02 - 2018-10-21 07:44 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\INETRES.dll
    2018-11-04 14:02 - 2018-10-21 07:43 - 000276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
    2018-11-04 14:02 - 2018-10-21 07:42 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
    2018-11-04 14:02 - 2018-10-21 07:42 - 000592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserLanguagesCpl.dll
    2018-11-04 14:02 - 2018-10-21 07:42 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
    2018-11-04 14:02 - 2018-10-21 07:41 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2018-11-04 14:02 - 2018-10-21 07:41 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinit.exe
    2018-11-04 14:02 - 2018-10-21 07:40 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe
    2018-11-04 14:02 - 2018-10-21 06:41 - 000023056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hvsicontainerservice.dll
    2018-11-04 14:02 - 2018-10-21 06:38 - 000221216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
    2018-11-04 14:02 - 2018-10-21 06:28 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\INETRES.dll
    2018-11-04 14:02 - 2018-10-21 06:24 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2018-11-04 14:02 - 2018-10-21 06:23 - 000523264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll
    2018-11-04 14:02 - 2018-10-21 06:22 - 000224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
    2018-11-04 14:02 - 2018-10-21 04:29 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
    2018-11-04 14:02 - 2018-10-21 03:44 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
    2018-11-04 14:02 - 2018-10-21 02:47 - 000368440 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
    2018-11-04 14:02 - 2018-10-21 02:47 - 000135208 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
    2018-11-04 14:02 - 2018-10-21 02:46 - 000709936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2018-11-04 14:02 - 2018-10-21 02:46 - 000413200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
    2018-11-04 14:02 - 2018-10-21 02:45 - 000885968 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
    2018-11-04 14:02 - 2018-10-21 02:45 - 000058088 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
    2018-11-04 14:02 - 2018-10-21 02:20 - 000295224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
    2018-11-04 14:02 - 2018-10-21 02:20 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
    2018-11-04 14:02 - 2018-10-21 02:20 - 000141312 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
    2018-11-04 14:02 - 2018-10-21 02:19 - 000567048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
    2018-11-04 14:02 - 2018-10-21 02:19 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
    2018-11-04 14:02 - 2018-10-21 02:19 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
    2018-11-04 14:02 - 2018-10-21 02:19 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
    2018-11-04 14:02 - 2018-10-21 02:19 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
    2018-11-04 14:02 - 2018-10-21 02:19 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
    2018-11-04 14:02 - 2018-10-21 02:19 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
    2018-11-04 14:02 - 2018-10-21 02:19 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
    2018-11-04 14:02 - 2018-10-21 02:19 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
    2018-11-04 14:02 - 2018-10-21 02:19 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvrcpAppSvc.dll
    2018-11-04 14:02 - 2018-10-21 02:19 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhf.sys
    2018-11-04 14:02 - 2018-10-21 02:19 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
    2018-11-04 14:02 - 2018-10-21 02:18 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
    2018-11-04 14:02 - 2018-10-21 02:18 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
    2018-11-04 14:02 - 2018-10-21 02:18 - 000395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvctpSvc.dll
    2018-11-04 14:02 - 2018-10-21 02:18 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll
    2018-11-04 14:02 - 2018-10-21 02:18 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2018-11-04 14:02 - 2018-10-21 02:18 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
    2018-11-04 14:02 - 2018-10-21 02:18 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
    2018-11-04 14:02 - 2018-10-21 02:16 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
    2018-11-04 14:02 - 2018-10-21 02:15 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
    2018-11-04 14:02 - 2018-10-21 02:14 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
    2018-11-04 14:02 - 2018-10-21 02:14 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
    2018-11-04 14:02 - 2018-10-21 02:14 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
    2018-11-04 14:02 - 2018-10-21 02:02 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
    2018-11-04 14:02 - 2018-10-21 02:01 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
    2018-11-04 14:02 - 2018-10-21 02:00 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
    2018-11-04 14:02 - 2018-10-21 02:00 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scecli.dll
    2018-11-04 14:02 - 2018-10-21 01:59 - 000602112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
    2018-11-04 14:02 - 2018-10-21 01:59 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
    2018-11-04 14:02 - 2018-10-21 01:58 - 001124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdprt.dll
    2018-11-04 14:02 - 2018-10-21 01:58 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
    2018-11-04 14:02 - 2018-10-21 01:56 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
    2018-11-04 14:02 - 2018-10-21 01:56 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
    2018-11-04 14:02 - 2018-10-21 00:59 - 000001314 _____ C:\WINDOWS\system32\tcbres.wim
    2018-11-04 12:55 - 2018-09-04 17:36 - 001476904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
    2018-11-04 12:32 - 2018-11-04 12:32 - 000000000 ____D C:\Users\Joshua\AppData\Local\mbamtray
    2018-11-04 12:32 - 2018-11-04 12:32 - 000000000 ____D C:\Users\Joshua\AppData\Local\mbam
    2018-11-04 12:25 - 2018-11-04 12:25 - 000001956 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2018-11-04 12:25 - 2018-11-04 12:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2018-11-04 12:24 - 2018-11-04 12:24 - 000000000 ____D C:\Program Files\Malwarebytes
    2018-11-04 12:24 - 2018-10-18 09:44 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
    2018-11-04 09:59 - 2018-10-02 15:13 - 000835152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2018-11-04 09:59 - 2018-10-02 15:13 - 000179792 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2018-11-03 22:46 - 2018-08-28 02:17 - 023862784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
    2018-11-03 22:45 - 2018-08-09 04:32 - 004527680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
    2018-11-03 22:45 - 2018-07-14 19:42 - 008624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
    2018-11-03 22:45 - 2018-07-14 19:42 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
    2018-11-03 22:45 - 2018-07-14 01:42 - 019525632 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
    2018-11-03 22:45 - 2018-07-13 23:22 - 006813744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
    2018-11-03 22:45 - 2018-07-13 23:17 - 006527056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
    2018-11-03 22:45 - 2018-07-13 22:56 - 004559872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
    2018-11-03 22:44 - 2018-09-20 04:23 - 006602240 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2018-11-03 22:44 - 2018-09-19 23:08 - 004191232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2018-11-03 22:44 - 2018-09-19 22:37 - 004615680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2018-11-03 22:44 - 2018-09-07 22:30 - 003601920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dll
    2018-11-03 22:44 - 2018-09-07 22:29 - 004771840 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
    2018-11-03 22:44 - 2018-09-07 22:27 - 003348992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
    2018-11-03 22:44 - 2018-09-07 22:25 - 003553792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
    2018-11-03 22:44 - 2018-09-07 22:24 - 001457664 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
    2018-11-03 22:44 - 2018-08-09 04:31 - 001617728 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
    2018-11-03 22:44 - 2018-08-09 04:16 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
    2018-11-03 22:44 - 2018-08-09 03:23 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
    2018-11-03 22:44 - 2018-08-08 23:23 - 003148288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
    2018-11-03 22:44 - 2018-08-08 23:10 - 002893824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
    2018-11-03 22:44 - 2018-08-03 03:20 - 004049408 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
    2018-11-03 22:44 - 2018-08-03 02:27 - 004050432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
    2018-11-03 22:44 - 2018-07-14 18:15 - 007987712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
    2018-11-03 22:44 - 2018-07-13 23:19 - 002535032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
    2018-11-03 22:44 - 2018-07-13 23:19 - 001946752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
    2018-11-03 22:44 - 2018-07-13 23:18 - 002563984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
    2018-11-03 22:44 - 2018-07-13 23:18 - 002371416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
    2018-11-03 22:44 - 2018-07-13 23:16 - 002331576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
    2018-11-03 22:44 - 2018-07-13 23:01 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
    2018-11-03 22:44 - 2018-07-13 22:59 - 005883392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
    2018-11-03 22:44 - 2018-07-13 22:57 - 007057920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
    2018-11-03 22:44 - 2018-07-13 22:57 - 004331008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
    2018-11-03 22:44 - 2018-07-13 22:56 - 002697216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Controls.dll
    2018-11-03 22:44 - 2018-07-13 22:51 - 003376640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
    2018-11-03 22:43 - 2018-09-20 23:09 - 004790160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2018-11-03 22:43 - 2018-09-20 23:09 - 002253696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2018-11-03 22:43 - 2018-09-20 23:08 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2018-11-03 22:43 - 2018-09-20 23:08 - 002765344 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2018-11-03 22:43 - 2018-09-20 22:39 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2018-11-03 22:43 - 2018-09-20 03:35 - 005669888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2018-11-03 22:43 - 2018-09-19 23:13 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2018-11-03 22:43 - 2018-09-19 22:42 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2018-11-03 22:43 - 2018-09-19 22:40 - 003090432 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
    2018-11-03 22:43 - 2018-09-08 03:07 - 002868536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
    2018-11-03 22:43 - 2018-09-08 03:07 - 001610552 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
    2018-11-03 22:43 - 2018-09-08 03:07 - 000792376 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
    2018-11-03 22:43 - 2018-09-08 03:07 - 000689464 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2018-11-03 22:43 - 2018-09-08 03:07 - 000612360 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
    2018-11-03 22:43 - 2018-09-08 02:40 - 001724928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
    2018-11-03 22:43 - 2018-09-08 02:39 - 002052096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
    2018-11-03 22:43 - 2018-09-08 02:39 - 001787904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
    2018-11-03 22:43 - 2018-09-08 02:38 - 001288192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
    2018-11-03 22:43 - 2018-09-08 02:38 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
    2018-11-03 22:43 - 2018-09-08 01:59 - 001530368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
    2018-11-03 22:43 - 2018-09-08 01:59 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
    2018-11-03 22:43 - 2018-09-08 01:58 - 001308672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
    2018-11-03 22:43 - 2018-09-07 23:08 - 000462880 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
    2018-11-03 22:43 - 2018-09-07 22:57 - 002571128 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2018-11-03 22:43 - 2018-09-07 22:57 - 001016984 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
    2018-11-03 22:43 - 2018-09-07 22:57 - 000930616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
    2018-11-03 22:43 - 2018-09-07 22:51 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
    2018-11-03 22:43 - 2018-09-07 22:44 - 001980984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2018-11-03 22:43 - 2018-09-07 22:44 - 000829752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
    2018-11-03 22:43 - 2018-09-07 22:43 - 001174448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
    2018-11-03 22:43 - 2018-09-07 22:26 - 002328064 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmsipc.dll
    2018-11-03 22:43 - 2018-09-07 22:25 - 002789376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
    2018-11-03 22:43 - 2018-09-07 22:24 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2018-11-03 22:43 - 2018-09-07 22:23 - 001655296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmsipc.dll
    2018-11-03 22:43 - 2018-08-28 01:48 - 001274368 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
    2018-11-03 22:43 - 2018-08-09 04:10 - 001557504 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
    2018-11-03 22:43 - 2018-08-09 03:21 - 001274368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
    2018-11-03 22:43 - 2018-08-08 23:22 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2018-11-03 22:43 - 2018-08-02 22:09 - 001932288 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeangle.dll
    2018-11-03 22:43 - 2018-08-02 22:09 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
    2018-11-03 22:43 - 2018-08-02 22:09 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
    2018-11-03 22:43 - 2018-08-02 22:06 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
    2018-11-03 22:43 - 2018-07-14 19:39 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
    2018-11-03 22:43 - 2018-07-13 23:22 - 001144664 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
    2018-11-03 22:43 - 2018-07-13 23:19 - 000981920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
    2018-11-03 22:43 - 2018-07-13 23:17 - 000743320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
    2018-11-03 22:43 - 2018-07-13 23:16 - 001143096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
    2018-11-03 22:43 - 2018-07-13 23:15 - 001559368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
    2018-11-03 22:43 - 2018-07-13 22:59 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
    2018-11-03 22:43 - 2018-07-13 22:56 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
    2018-11-03 22:43 - 2018-07-13 22:56 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
    2018-11-03 22:43 - 2018-07-13 22:54 - 001537024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
    2018-11-03 22:43 - 2018-07-13 22:53 - 000681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgrSvc.dll
    2018-11-03 22:43 - 2018-07-13 22:51 - 001304064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
    2018-11-03 22:43 - 2018-07-13 22:50 - 001773056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
    2018-11-03 22:43 - 2018-07-13 22:50 - 000949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
    2018-11-03 22:43 - 2018-07-13 22:50 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
    2018-11-03 22:42 - 2018-09-21 04:21 - 001786168 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
    2018-11-03 22:42 - 2018-09-21 04:21 - 001626936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
    2018-11-03 22:42 - 2018-09-21 04:21 - 001422648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
    2018-11-03 22:42 - 2018-09-20 23:13 - 000480568 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
    2018-11-03 22:42 - 2018-09-20 23:11 - 000753056 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
    2018-11-03 22:42 - 2018-09-20 23:09 - 001427968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
    2018-11-03 22:42 - 2018-09-20 23:08 - 001566720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
    2018-11-03 22:42 - 2018-09-20 22:57 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
    2018-11-03 22:42 - 2018-09-20 22:43 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
    2018-11-03 22:42 - 2018-09-20 22:37 - 001211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
    2018-11-03 22:42 - 2018-09-20 22:37 - 000604160 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
    2018-11-03 22:42 - 2018-09-20 22:36 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
    2018-11-03 22:42 - 2018-09-20 04:37 - 001634944 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
    2018-11-03 22:42 - 2018-09-20 04:17 - 001856000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
    2018-11-03 22:42 - 2018-09-20 03:46 - 001454440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
    2018-11-03 22:42 - 2018-09-19 23:29 - 001989232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
    2018-11-03 22:42 - 2018-09-19 23:29 - 001513032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
    2018-11-03 22:42 - 2018-09-19 23:09 - 002462888 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
    2018-11-03 22:42 - 2018-09-19 23:09 - 002421248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
    2018-11-03 22:42 - 2018-09-19 23:09 - 001767096 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
    2018-11-03 22:42 - 2018-09-19 22:42 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
    2018-11-03 22:42 - 2018-09-08 03:12 - 000452112 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
    2018-11-03 22:42 - 2018-09-08 03:07 - 000309560 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
    2018-11-03 22:42 - 2018-09-08 03:07 - 000144696 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
    2018-11-03 22:42 - 2018-09-08 03:02 - 000540984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
    2018-11-03 22:42 - 2018-09-08 02:40 - 000677888 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
    2018-11-03 22:42 - 2018-09-08 02:40 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
    2018-11-03 22:42 - 2018-09-08 02:40 - 000522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
    2018-11-03 22:42 - 2018-09-08 02:39 - 000615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
    2018-11-03 22:42 - 2018-09-08 02:38 - 001004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
    2018-11-03 22:42 - 2018-09-08 02:38 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
    2018-11-03 22:42 - 2018-09-08 02:00 - 000548864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
    2018-11-03 22:42 - 2018-09-08 01:59 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
    2018-11-03 22:42 - 2018-09-08 01:58 - 000775680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
    2018-11-03 22:42 - 2018-09-08 01:57 - 000625664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
    2018-11-03 22:42 - 2018-09-08 01:57 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
    2018-11-03 22:42 - 2018-09-07 22:59 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
    2018-11-03 22:42 - 2018-09-07 22:59 - 000361544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
    2018-11-03 22:42 - 2018-09-07 22:58 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
    2018-11-03 22:42 - 2018-09-07 22:57 - 000482384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
    2018-11-03 22:42 - 2018-09-07 22:57 - 000267576 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
    2018-11-03 22:42 - 2018-09-07 22:45 - 000286824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
    2018-11-03 22:42 - 2018-09-07 22:28 - 000481280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
    2018-11-03 22:42 - 2018-09-07 22:27 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
    2018-11-03 22:42 - 2018-09-07 22:27 - 000596992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
    2018-11-03 22:42 - 2018-09-07 22:26 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
    2018-11-03 22:42 - 2018-09-07 22:26 - 000784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
    2018-11-03 22:42 - 2018-09-07 22:26 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
    2018-11-03 22:42 - 2018-09-07 22:25 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
    2018-11-03 22:42 - 2018-09-07 22:24 - 000845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
    2018-11-03 22:42 - 2018-09-07 22:23 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll
    2018-11-03 22:42 - 2018-09-07 22:22 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
    2018-11-03 22:42 - 2018-08-31 02:24 - 000482304 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
    2018-11-03 22:42 - 2018-08-31 02:22 - 001661440 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
    2018-11-03 22:42 - 2018-08-31 01:36 - 001469952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
    2018-11-03 22:42 - 2018-08-30 22:43 - 000722880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
    2018-11-03 22:42 - 2018-08-30 22:42 - 000632296 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpx.dll
    2018-11-03 22:42 - 2018-08-30 22:28 - 000453104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpx.dll
    2018-11-03 22:42 - 2018-08-30 22:12 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
    2018-11-03 22:42 - 2018-08-28 01:45 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll
    2018-11-03 22:42 - 2018-08-13 21:14 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
    2018-11-03 22:42 - 2018-08-09 04:13 - 000517120 _____ (Microsoft Corporation) C:\WINDOWS\system32\certreq.exe
    2018-11-03 22:42 - 2018-08-09 04:12 - 002084864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2018-11-03 22:42 - 2018-08-09 04:10 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2018-11-03 22:42 - 2018-08-09 03:22 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2018-11-03 22:42 - 2018-08-09 03:22 - 000429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certreq.exe
    2018-11-03 22:42 - 2018-08-09 03:21 - 002016768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2018-11-03 22:42 - 2018-08-09 00:01 - 000777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
    2018-11-03 22:42 - 2018-08-08 23:55 - 000230304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
    2018-11-03 22:42 - 2018-08-08 23:54 - 000375704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
    2018-11-03 22:42 - 2018-08-08 23:54 - 000203568 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
    2018-11-03 22:42 - 2018-08-08 23:53 - 001026456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
    2018-11-03 22:42 - 2018-08-08 23:30 - 000183992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
    2018-11-03 22:42 - 2018-08-08 23:26 - 000990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
    2018-11-03 22:42 - 2018-08-08 23:26 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
    2018-11-03 22:42 - 2018-08-08 23:25 - 000797184 _____ (Microsoft Corporation) C:\WINDOWS\system32\certca.dll
    2018-11-03 22:42 - 2018-08-08 23:25 - 000460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
    2018-11-03 22:42 - 2018-08-08 23:25 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
    2018-11-03 22:42 - 2018-08-08 23:23 - 000916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
    2018-11-03 22:42 - 2018-08-08 23:12 - 000652288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certca.dll
    2018-11-03 22:42 - 2018-08-08 23:11 - 000350208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
    2018-11-03 22:42 - 2018-08-08 23:10 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
    2018-11-03 22:42 - 2018-08-08 23:09 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
    2018-11-03 22:42 - 2018-08-02 22:40 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
    2018-11-03 22:42 - 2018-08-02 22:39 - 000692240 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
    2018-11-03 22:42 - 2018-08-02 22:38 - 001285536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
    2018-11-03 22:42 - 2018-08-02 22:25 - 000539168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
    2018-11-03 22:42 - 2018-08-02 22:08 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2018-11-03 22:42 - 2018-08-02 22:08 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2018-11-03 22:42 - 2018-08-02 22:06 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
    2018-11-03 22:42 - 2018-08-02 22:05 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2018-11-03 22:42 - 2018-08-02 22:05 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2018-11-03 22:42 - 2018-07-13 23:23 - 000760888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
    2018-11-03 22:42 - 2018-07-13 23:22 - 000510392 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
    2018-11-03 22:42 - 2018-07-13 23:18 - 000443216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
    2018-11-03 22:42 - 2018-07-13 22:57 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
    2018-11-03 22:42 - 2018-07-13 22:57 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
    2018-11-03 22:42 - 2018-07-13 22:56 - 001703936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Controls.dll
    2018-11-03 22:42 - 2018-07-13 22:56 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
    2018-11-03 22:42 - 2018-07-13 22:56 - 000257536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
    2018-11-03 22:42 - 2018-07-13 22:55 - 000993792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
    2018-11-03 22:42 - 2018-07-13 22:55 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
    2018-11-03 22:42 - 2018-07-13 22:55 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
    2018-11-03 22:42 - 2018-07-13 22:55 - 000282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
    2018-11-03 22:42 - 2018-07-13 22:54 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
    2018-11-03 22:42 - 2018-07-13 22:54 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
    2018-11-03 22:42 - 2018-07-13 22:54 - 000603648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
    2018-11-03 22:42 - 2018-07-13 22:54 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
    2018-11-03 22:42 - 2018-07-13 22:54 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
    2018-11-03 22:42 - 2018-07-13 22:54 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
    2018-11-03 22:42 - 2018-07-13 22:54 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
    2018-11-03 22:42 - 2018-07-13 22:53 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
    2018-11-03 22:42 - 2018-07-13 22:53 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
    2018-11-03 22:42 - 2018-07-13 22:53 - 000566272 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
    2018-11-03 22:42 - 2018-07-13 22:53 - 000396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
    2018-11-03 22:42 - 2018-07-13 22:52 - 000972800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
    2018-11-03 22:42 - 2018-07-13 22:52 - 000790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
    2018-11-03 22:42 - 2018-07-13 22:52 - 000506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
    2018-11-03 22:42 - 2018-07-13 22:52 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
    2018-11-03 22:42 - 2018-07-13 22:50 - 001359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
    2018-11-03 22:42 - 2018-07-13 22:50 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
    2018-11-03 22:42 - 2018-07-13 22:50 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
    2018-11-03 22:42 - 2018-07-13 22:49 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
    2018-11-03 22:41 - 2018-09-21 04:23 - 000257848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVFileSystemMetadata.dll
    2018-11-03 22:41 - 2018-09-21 04:21 - 001038136 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
    2018-11-03 22:41 - 2018-09-21 04:21 - 000954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
    2018-11-03 22:41 - 2018-09-21 04:21 - 000830264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
    2018-11-03 22:41 - 2018-09-21 04:21 - 000825144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
    2018-11-03 22:41 - 2018-09-21 04:21 - 000749880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
    2018-11-03 22:41 - 2018-09-21 04:21 - 000670008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
    2018-11-03 22:41 - 2018-09-21 04:21 - 000652288 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
    2018-11-03 22:41 - 2018-09-21 04:21 - 000495416 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
    2018-11-03 22:41 - 2018-09-21 04:21 - 000399672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
    2018-11-03 22:41 - 2018-09-21 04:21 - 000231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
    2018-11-03 22:41 - 2018-09-21 04:21 - 000228152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamMap.dll
    2018-11-03 22:41 - 2018-09-21 04:21 - 000201528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamingUX.dll
    2018-11-03 22:41 - 2018-09-21 04:21 - 000180736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVDllSurrogate.exe
    2018-11-03 22:41 - 2018-09-21 04:21 - 000173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVNice.exe
    2018-11-03 22:41 - 2018-09-21 04:21 - 000034304 _____ C:\WINDOWS\system32\SyncAppvPublishingServer.exe
    2018-11-03 22:41 - 2018-09-21 04:01 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
    2018-11-03 22:41 - 2018-09-21 03:12 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
    2018-11-03 22:41 - 2018-09-20 23:14 - 000661056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
    2018-11-03 22:41 - 2018-09-20 23:09 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
    2018-11-03 22:41 - 2018-09-20 23:08 - 000261008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
    2018-11-03 22:41 - 2018-09-20 23:07 - 000604664 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
    2018-11-03 22:41 - 2018-09-20 22:56 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
    2018-11-03 22:41 - 2018-09-20 22:53 - 001006080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
    2018-11-03 22:41 - 2018-09-20 22:39 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
    2018-11-03 22:41 - 2018-09-20 22:36 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
    2018-11-03 22:41 - 2018-09-20 04:40 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
    2018-11-03 22:41 - 2018-09-20 04:17 - 002874368 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
    2018-11-03 22:41 - 2018-09-20 04:16 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpshell.dll
    2018-11-03 22:41 - 2018-09-20 03:29 - 002824704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
    2018-11-03 22:41 - 2018-09-20 03:29 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
    2018-11-03 22:41 - 2018-09-20 03:28 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpshell.dll
    2018-11-03 22:41 - 2018-09-19 23:29 - 000357056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
    2018-11-03 22:41 - 2018-09-19 23:28 - 000581792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
    2018-11-03 22:41 - 2018-09-19 23:11 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
    2018-11-03 22:41 - 2018-09-19 23:10 - 000500536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
    2018-11-03 22:41 - 2018-09-19 23:09 - 001540096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
    2018-11-03 22:41 - 2018-09-19 23:09 - 000713472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
    2018-11-03 22:41 - 2018-09-19 22:41 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
    2018-11-03 22:41 - 2018-09-19 22:41 - 000319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
    2018-11-03 22:41 - 2018-09-19 22:38 - 001724416 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
    2018-11-03 22:41 - 2018-09-19 22:38 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
    2018-11-03 22:41 - 2018-09-08 03:07 - 000069944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
    2018-11-03 22:41 - 2018-09-08 03:02 - 000645112 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
    2018-11-03 22:41 - 2018-09-08 02:57 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
    2018-11-03 22:41 - 2018-09-08 02:44 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdBth.dll
    2018-11-03 22:41 - 2018-09-08 02:42 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
    2018-11-03 22:41 - 2018-09-08 02:42 - 000169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.XamlHost.dll
    2018-11-03 22:41 - 2018-09-08 02:40 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl
    2018-11-03 22:41 - 2018-09-08 02:39 - 005505024 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
    2018-11-03 22:41 - 2018-09-08 02:38 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
    2018-11-03 22:41 - 2018-09-08 02:37 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
    2018-11-03 22:41 - 2018-09-08 02:16 - 000482080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
    2018-11-03 22:41 - 2018-09-08 02:13 - 000181288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
    2018-11-03 22:41 - 2018-09-08 02:03 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdBth.dll
    2018-11-03 22:41 - 2018-09-08 02:02 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
    2018-11-03 22:41 - 2018-09-08 01:59 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.XamlHost.dll
    2018-11-03 22:41 - 2018-09-08 01:57 - 005391360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
    2018-11-03 22:41 - 2018-09-08 01:57 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl
    2018-11-03 22:41 - 2018-09-08 01:56 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
    2018-11-03 22:41 - 2018-09-07 22:58 - 000744976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
    2018-11-03 22:41 - 2018-09-07 22:57 - 000368448 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
    2018-11-03 22:41 - 2018-09-07 22:43 - 000269104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
    2018-11-03 22:41 - 2018-09-07 22:31 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
    2018-11-03 22:41 - 2018-09-07 22:31 - 000272384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Proxy.dll
    2018-11-03 22:41 - 2018-09-07 22:30 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
    2018-11-03 22:41 - 2018-09-07 22:29 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
    2018-11-03 22:41 - 2018-09-07 22:29 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
    2018-11-03 22:41 - 2018-09-07 22:29 - 000183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
    2018-11-03 22:41 - 2018-09-07 22:29 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
    2018-11-03 22:41 - 2018-09-07 22:28 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
    2018-11-03 22:41 - 2018-09-07 22:27 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\winipcfile.dll
    2018-11-03 22:41 - 2018-09-07 22:26 - 000387584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
    2018-11-03 22:41 - 2018-09-07 22:26 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
    2018-11-03 22:41 - 2018-09-07 22:26 - 000359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winipcfile.dll
    2018-11-03 22:41 - 2018-09-07 22:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
    2018-11-03 22:41 - 2018-09-07 22:25 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winipcsecproc.dll
    2018-11-03 22:41 - 2018-09-07 22:24 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\das.dll
    2018-11-03 22:41 - 2018-09-07 22:23 - 000807936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winipcsecproc.dll
    2018-11-03 22:41 - 2018-09-07 22:23 - 000314368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Proximity.dll
    2018-11-03 22:41 - 2018-08-31 02:27 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
    2018-11-03 22:41 - 2018-08-31 02:27 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
    2018-11-03 22:41 - 2018-08-31 02:26 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
    2018-11-03 22:41 - 2018-08-31 02:25 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\spp.dll
    2018-11-03 22:41 - 2018-08-31 01:41 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
    2018-11-03 22:41 - 2018-08-31 01:41 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
    2018-11-03 22:41 - 2018-08-31 01:40 - 000216576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spp.dll
    2018-11-03 22:41 - 2018-08-30 22:42 - 000527328 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
    2018-11-03 22:41 - 2018-08-30 22:42 - 000155112 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
    2018-11-03 22:41 - 2018-08-30 22:28 - 000134936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
    2018-11-03 22:41 - 2018-08-30 22:15 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
    2018-11-03 22:41 - 2018-08-30 22:14 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
    2018-11-03 22:41 - 2018-08-30 22:13 - 000402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
    2018-11-03 22:41 - 2018-08-30 22:08 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
    2018-11-03 22:41 - 2018-08-28 01:49 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
    2018-11-03 22:41 - 2018-08-13 21:14 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
    2018-11-03 22:41 - 2018-08-09 04:31 - 000253544 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
    2018-11-03 22:41 - 2018-08-09 04:14 - 000466944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
    2018-11-03 22:41 - 2018-08-09 04:14 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollUI.dll
    2018-11-03 22:41 - 2018-08-09 04:12 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2018-11-03 22:41 - 2018-08-09 04:09 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
    2018-11-03 22:41 - 2018-08-09 04:09 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageInspector.exe
    2018-11-03 22:41 - 2018-08-09 03:24 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll
    2018-11-03 22:41 - 2018-08-09 03:23 - 000291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnrollUI.dll
    2018-11-03 22:41 - 2018-08-09 03:20 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
    2018-11-03 22:41 - 2018-08-08 23:53 - 000125600 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptxml.dll
    2018-11-03 22:41 - 2018-08-08 23:29 - 000099208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptxml.dll
    2018-11-03 22:41 - 2018-08-08 23:27 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll
    2018-11-03 22:41 - 2018-08-08 23:26 - 000572416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
    2018-11-03 22:41 - 2018-08-08 23:26 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsAuth.dll
    2018-11-03 22:41 - 2018-08-08 23:25 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
    2018-11-03 22:41 - 2018-08-08 23:22 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
    2018-11-03 22:41 - 2018-08-08 23:11 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TtlsAuth.dll
    2018-11-03 22:41 - 2018-08-08 23:11 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
    2018-11-03 22:41 - 2018-08-08 23:08 - 000195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
    2018-11-03 22:41 - 2018-08-03 03:24 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
    2018-11-03 22:41 - 2018-08-03 03:24 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
    2018-11-03 22:41 - 2018-08-03 02:33 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
    2018-11-03 22:41 - 2018-08-03 02:32 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
    2018-11-03 22:41 - 2018-08-03 02:30 - 000099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
    2018-11-03 22:41 - 2018-08-02 22:47 - 000128920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scmbus.sys
    2018-11-03 22:41 - 2018-08-02 22:41 - 000061736 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvhostsvc.dll
    2018-11-03 22:41 - 2018-08-02 22:40 - 000228136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ucx01000.sys
    2018-11-03 22:41 - 2018-08-02 22:40 - 000072800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
    2018-11-03 22:41 - 2018-08-02 22:39 - 000114080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
    2018-11-03 22:41 - 2018-08-02 22:39 - 000075160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpci.sys
    2018-11-03 22:41 - 2018-08-02 22:39 - 000031648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhv.sys
    2018-11-03 22:41 - 2018-08-02 22:38 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
    2018-11-03 22:41 - 2018-08-02 22:38 - 000115640 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
    2018-11-03 22:41 - 2018-08-02 22:27 - 000061032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
    2018-11-03 22:41 - 2018-08-02 22:15 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhvr.sys
    2018-11-03 22:41 - 2018-08-02 22:14 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSAssessment.dll
    2018-11-03 22:41 - 2018-08-02 22:12 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
    2018-11-03 22:41 - 2018-07-14 20:00 - 000183736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mavinject.exe
    2018-11-03 22:41 - 2018-07-14 19:58 - 000094112 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
    2018-11-03 22:41 - 2018-07-14 19:41 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll
    2018-11-03 22:41 - 2018-07-14 18:31 - 000148888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mavinject.exe
    2018-11-03 22:41 - 2018-07-13 23:21 - 000192920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
    2018-11-03 22:41 - 2018-07-13 23:19 - 000636944 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
    2018-11-03 22:41 - 2018-07-13 22:58 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
    2018-11-03 22:41 - 2018-07-13 22:56 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
    2018-11-03 22:41 - 2018-07-13 22:56 - 000118784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\raschap.dll
    2018-11-03 22:41 - 2018-07-13 22:55 - 000582144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
    2018-11-03 22:41 - 2018-07-13 22:55 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
    2018-11-03 22:41 - 2018-07-13 22:55 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
    2018-11-03 22:41 - 2018-07-13 22:55 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
    2018-11-03 22:41 - 2018-07-13 22:55 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll
    2018-11-03 22:41 - 2018-07-13 22:55 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
    2018-11-03 22:41 - 2018-07-13 22:55 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\EASPolicyManagerBrokerHost.exe
    2018-11-03 22:41 - 2018-07-13 22:54 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
    2018-11-03 22:41 - 2018-07-13 22:54 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
    2018-11-03 22:41 - 2018-07-13 22:54 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\PushToInstall.dll
    2018-11-03 22:41 - 2018-07-13 22:54 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\raschap.dll
    2018-11-03 22:41 - 2018-07-13 22:54 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\EasPolicyManagerBrokerPS.dll
    2018-11-03 22:41 - 2018-07-13 22:53 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
    2018-11-03 22:41 - 2018-07-13 22:53 - 000450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreCommonProxyStub.dll
    2018-11-03 22:41 - 2018-07-13 22:53 - 000220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
    2018-11-03 22:41 - 2018-07-13 22:52 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
    2018-11-03 22:41 - 2018-07-13 22:51 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
    2018-11-03 22:41 - 2018-07-13 22:50 - 000522752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
    2018-11-03 22:40 - 2018-09-20 22:57 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
    2018-11-03 22:40 - 2018-09-20 22:54 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
    2018-11-03 22:40 - 2018-09-19 23:11 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
    2018-11-03 22:40 - 2018-09-19 23:10 - 000355840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
    2018-11-03 22:40 - 2018-09-19 22:43 - 000052736 _____ C:\WINDOWS\system32\runexehelper.exe
    2018-11-03 22:40 - 2018-09-19 22:42 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
    2018-11-03 22:40 - 2018-09-19 22:40 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
    2018-11-03 22:40 - 2018-09-19 20:28 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
    2018-11-03 22:40 - 2018-09-08 02:43 - 000047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardBi.dll
    2018-11-03 22:40 - 2018-09-08 02:42 - 000188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
    2018-11-03 22:40 - 2018-09-08 02:42 - 000114176 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthci.dll
    2018-11-03 22:40 - 2018-09-08 02:41 - 000258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
    2018-11-03 22:40 - 2018-09-08 02:40 - 000402944 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
    2018-11-03 22:40 - 2018-09-08 01:58 - 000897536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
    2018-11-03 22:40 - 2018-09-07 22:32 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
    2018-11-03 22:40 - 2018-09-07 22:30 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
    2018-11-03 22:40 - 2018-09-07 22:30 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
    2018-11-03 22:40 - 2018-09-07 22:28 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Bluetooth.Proxy.dll
    2018-11-03 22:40 - 2018-09-07 22:27 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
    2018-11-03 22:40 - 2018-09-07 22:25 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Proximity.dll
    2018-11-03 22:40 - 2018-08-31 02:25 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
    2018-11-03 22:40 - 2018-08-30 22:17 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\netevent.dll
    2018-11-03 22:40 - 2018-08-30 22:12 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netevent.dll
    2018-11-03 22:40 - 2018-08-09 04:14 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll
    2018-11-03 22:40 - 2018-08-09 04:13 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsExt.dll
    2018-11-03 22:40 - 2018-08-09 04:09 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
    2018-11-03 22:40 - 2018-08-09 03:20 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
    2018-11-03 22:40 - 2018-08-08 23:27 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollCtrl.exe
    2018-11-03 22:40 - 2018-08-08 23:26 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsCfg.dll
    2018-11-03 22:40 - 2018-08-08 23:13 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnrollCtrl.exe
    2018-11-03 22:40 - 2018-08-08 23:11 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TtlsCfg.dll
    2018-11-03 22:40 - 2018-08-03 03:24 - 000046592 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
    2018-11-03 22:40 - 2018-08-03 03:21 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\csc.sys
    2018-11-03 22:40 - 2018-08-02 22:17 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmgid.sys
    2018-11-03 22:40 - 2018-08-02 22:16 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
    2018-11-03 22:40 - 2018-08-02 22:10 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
    2018-11-03 22:40 - 2018-07-13 22:58 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll
    2018-11-03 22:40 - 2018-07-13 22:58 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
    2018-11-03 22:40 - 2018-07-13 22:56 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgr.dll
    2018-11-03 22:40 - 2018-07-13 22:55 - 000205312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreCommonProxyStub.dll
    2018-11-03 22:40 - 2018-07-13 22:55 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
    2018-11-03 22:40 - 2018-07-13 22:55 - 000185856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
    2018-11-03 22:40 - 2018-07-13 22:55 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
    2018-11-03 20:18 - 2018-11-03 20:18 - 000001970 _____ C:\Users\Public\Desktop\MTGArenaLauncher.lnk
    2018-11-03 20:14 - 2018-11-03 20:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MTGArena

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-11-04 17:51 - 2014-08-25 17:06 - 000000000 ____D C:\Stash2
    2018-11-04 17:48 - 2017-08-17 09:11 - 000000000 ____D C:\FRST
    2018-11-04 17:43 - 2018-06-07 19:15 - 000004584 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
    2018-11-04 17:43 - 2017-08-28 12:26 - 000000000 ____D C:\ProgramData\NVIDIA
    2018-11-04 17:41 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
    2018-11-04 17:41 - 2018-04-11 18:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2018-11-04 17:40 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
    2018-11-04 17:40 - 2017-02-04 15:06 - 000000000 ____D C:\Users\Joshua\AppData\Roaming\Syncios
    2018-11-04 17:35 - 2018-06-07 18:41 - 000968400 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2018-11-04 17:33 - 2018-04-11 18:36 - 000000000 ____D C:\WINDOWS\INF
    2018-11-04 17:27 - 2017-08-28 12:26 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2018-11-04 17:27 - 2014-08-26 21:15 - 000000000 __SHD C:\Users\Joshua\IntelGraphicsProfiles
    2018-11-04 17:24 - 2018-06-07 19:15 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2018-11-04 17:24 - 2016-01-28 10:39 - 000000091 _____ C:\HaxLogs.txt
    2018-11-04 17:23 - 2018-04-11 16:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
    2018-11-04 16:57 - 2014-08-26 22:46 - 000000000 ____D C:\Users\Joshua\AppData\Roaming\Origin
    2018-11-04 16:56 - 2014-08-26 22:47 - 000000000 ____D C:\Program Files (x86)\Origin Games
    2018-11-04 16:56 - 2014-08-26 22:35 - 000000000 ____D C:\ProgramData\Origin
    2018-11-04 16:46 - 2014-08-26 22:38 - 000000000 ____D C:\Program Files (x86)\Origin
    2018-11-04 16:33 - 2018-01-13 06:39 - 000000000 ___RD C:\Users\Joshua\3D Objects
    2018-11-04 16:33 - 2016-02-13 08:22 - 000000000 __RHD C:\Users\Public\AccountPictures
    2018-11-04 16:25 - 2018-06-07 18:34 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2018-11-04 15:45 - 2018-06-07 18:34 - 009652392 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2018-11-04 15:38 - 2018-04-11 18:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
    2018-11-04 15:38 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\TextInput
    2018-11-04 15:37 - 2018-04-11 18:38 - 000000000 ___SD C:\WINDOWS\system32\F12
    2018-11-04 15:37 - 2018-04-11 18:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2018-11-04 15:37 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
    2018-11-04 15:37 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\bcastdvr
    2018-11-04 15:17 - 2018-06-07 18:46 - 000000000 ____D C:\Users\Joshua
    2018-11-04 14:38 - 2018-04-11 18:30 - 000000000 ____D C:\WINDOWS\CbsTemp
    2018-11-04 12:42 - 2014-12-09 09:36 - 000000000 ____D C:\Users\Joshua\AppData\Local\GameSpy
    2018-11-04 10:23 - 2018-06-07 19:21 - 000000000 ____D C:\Users\Joshua\AppData\Local\ApplicationHistory
    2018-11-04 10:00 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\AppReadiness
    2018-11-04 09:48 - 2018-04-11 18:38 - 000000000 ___SD C:\WINDOWS\system32\UNP
    2018-11-04 09:48 - 2018-04-11 18:38 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
    2018-11-04 09:48 - 2018-04-11 18:38 - 000000000 ___RD C:\WINDOWS\PrintDialog
    2018-11-04 09:48 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
    2018-11-04 09:48 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
    2018-11-04 09:48 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\oobe
    2018-11-04 09:48 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
    2018-11-04 09:48 - 2018-04-11 18:38 - 000000000 ____D C:\Program Files (x86)\Windows Defender
    2018-11-04 09:48 - 2018-04-11 16:04 - 000000000 ____D C:\WINDOWS\system32\Dism
    2018-11-04 09:47 - 2018-04-12 04:20 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
    2018-11-04 09:47 - 2018-04-11 18:38 - 000000000 ___RD C:\Program Files\Windows Defender
    2018-11-04 00:00 - 2014-12-14 13:29 - 000000000 ____D C:\WINDOWS\system32\MRT
    2018-11-03 23:51 - 2014-12-14 13:29 - 136745976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2018-11-03 22:43 - 2016-08-25 12:04 - 000002345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2018-11-03 22:43 - 2016-08-25 12:04 - 000002304 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2018-11-03 22:19 - 2018-04-11 18:38 - 000000000 ___HD C:\Program Files\WindowsApps
    2018-11-03 22:04 - 2014-08-27 10:06 - 000000000 ____D C:\Program Files (x86)\Trillian
    2018-11-03 20:19 - 2018-07-11 13:21 - 000000000 ____D C:\ProgramData\Packages
    2018-11-03 19:26 - 2018-06-07 19:15 - 000003374 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2577772942-3954309557-1672937280-1000
    2018-11-03 19:26 - 2018-06-07 18:46 - 000002416 _____ C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2018-11-03 19:26 - 2015-08-11 09:57 - 000000000 ___RD C:\Users\Joshua\OneDrive
    2018-11-03 19:08 - 2018-01-13 06:09 - 000000000 ____D C:\Users\Joshua\AppData\Local\Packages
    2018-11-03 18:28 - 2018-01-24 12:18 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
    2018-11-03 17:53 - 2018-06-07 19:26 - 000000000 ____D C:\Users\Joshua\AppData\Local\D3DSCache
    2018-11-03 17:48 - 2010-11-20 22:27 - 000559880 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

    ==================== Files in the root of some directories =======

    2015-06-10 13:18 - 2016-01-17 17:26 - 000000132 _____ () C:\Users\Joshua\AppData\Roaming\Adobe BMP Format CS6 Prefs
    2015-06-07 19:59 - 2015-06-07 20:00 - 000000132 _____ () C:\Users\Joshua\AppData\Roaming\Adobe GIF Format CS6 Prefs
    2016-06-01 13:29 - 2016-06-01 13:29 - 000000132 _____ () C:\Users\Joshua\AppData\Roaming\Adobe IllExport Filter CS6 Prefs
    2015-02-04 12:25 - 2017-10-20 10:16 - 000000132 _____ () C:\Users\Joshua\AppData\Roaming\Adobe PNG Format CS6 Prefs
    2012-05-03 06:12 - 2012-05-03 06:12 - 000000532 _____ () C:\Users\Joshua\AppData\Local\datos.txt
    2016-01-06 16:54 - 2016-01-06 16:54 - 000000120 _____ () C:\Users\Joshua\AppData\Local\dottmpfile.txt
    2014-12-09 09:36 - 2014-12-09 09:36 - 000000094 _____ () C:\Users\Joshua\AppData\Local\fusioncache.dat
    2014-02-05 15:08 - 2014-02-05 15:08 - 000193744 _____ () C:\Users\Joshua\AppData\Local\lateral1.bmp
    2010-11-12 04:10 - 2010-11-12 04:10 - 000193744 _____ () C:\Users\Joshua\AppData\Local\lateral2.bmp
    2014-02-05 15:10 - 2014-02-05 15:10 - 000195108 _____ () C:\Users\Joshua\AppData\Local\lateral3.bmp
    2014-02-05 16:50 - 2014-02-05 16:50 - 000043976 _____ () C:\Users\Joshua\AppData\Local\save_en.bmp
    2014-02-05 16:49 - 2014-02-05 16:49 - 000043976 _____ () C:\Users\Joshua\AppData\Local\save_es.bmp

    Some files in TEMP:
    ====================
    2018-07-16 14:34 - 2018-07-16 14:34 - 000009728 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\i2vsqlxt.dll
    2018-07-18 19:34 - 2018-07-18 19:34 - 001906040 _____ (Oracle Corporation) C:\Users\Joshua\AppData\Local\Temp\jre-8u181-windows-au.exe
    2018-07-19 13:59 - 2018-07-19 13:59 - 000011264 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\lzhgtnqt.dll
    2018-11-03 17:42 - 2018-11-03 17:42 - 000005120 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\o-6f_iiv.dll
    2018-07-15 09:23 - 2018-07-15 09:23 - 000008704 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\prpso2e4.dll
    2018-11-04 10:26 - 2018-11-04 10:26 - 000006656 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\_lldykoh.dll

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2018-06-07 18:33

    ==================== End of FRST.txt ============================

  2. #2
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,784

    Default

    Hi

    When Farbar Recovery Scan Tool was run it should had created Addition.txt

    Can you find this and copy and paste it in your next reply.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #3
    Member
    Join Date
    Nov 2005
    Posts
    35

    Default

    Quote Originally Posted by Juliet View Post
    Hi

    When Farbar Recovery Scan Tool was run it should had created Addition.txt

    Can you find this and copy and paste it in your next reply.
    Here's addition.txt :

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24.10.2018
    Ran by Joshua (04-11-2018 17:55:49)
    Running from C:\Stash2
    Windows 10 Pro Version 1803 17134.376 (X64) (2018-06-08 00:16:57)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2577772942-3954309557-1672937280-500 - Administrator - Disabled)
    ASPNET (S-1-5-21-2577772942-3954309557-1672937280-1004 - Limited - Enabled)
    DefaultAccount (S-1-5-21-2577772942-3954309557-1672937280-503 - Limited - Disabled)
    Guest (S-1-5-21-2577772942-3954309557-1672937280-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2577772942-3954309557-1672937280-1002 - Limited - Enabled)
    Joshua (S-1-5-21-2577772942-3954309557-1672937280-1000 - Administrator - Enabled) => C:\Users\Joshua
    WDAGUtilityAccount (S-1-5-21-2577772942-3954309557-1672937280-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
    AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKLM-x32\...\uTorrent) (Version: 3.2.3.28705 - BitTorrent Inc.)
    µTorrent (HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\uTorrent) (Version: 3.5.3.44396 - BitTorrent Inc.)
    5600 (HKLM-x32\...\{F2DC2589-C894-43DD-BA70-8FDCA7360584}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
    5600_Help (HKLM-x32\...\{7DCBC3D8-8954-491D-A1B9-8C61C563B004}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden
    5600Trb (HKLM-x32\...\{2605461E-AB2E-49F5-8A16-64B7F3595030}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden
    64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
    Ad-Aware Antivirus (HKLM\...\{A5C0392D-46A7-4CB3-800B-5794909453BD}_AdAwareUpdater) (Version: 11.5.202.7299 - Lavasoft)
    AdAwareInstaller (HKLM\...\{17DB0909-D123-43E1-B5F2-CC356E08B4AA}) (Version: 11.5.202.7299 - Lavasoft) Hidden
    AdAwareUpdater (HKLM\...\{A5C0392D-46A7-4CB3-800B-5794909453BD}) (Version: 11.5.202.7299 - Lavasoft) Hidden
    Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{77588F59-3C58-4675-8EEE-998E5BC33CF4}) (Version: 1.4 - Eyeo GmbH)
    Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.13 - Adobe Systems)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
    Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.122 - Adobe Systems Incorporated)
    Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.23) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)
    Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
    AIO_CDB_ProductContext (HKLM-x32\...\{E7112940-5F8E-4918-B9FE-251F2F8DC81F}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
    AIO_CDB_Software (HKLM-x32\...\{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
    AIO_Scan (HKLM-x32\...\{104066F4-5897-4067-85D3-4C88B67CCF75}) (Version: 130.0.421.000 - Hewlett-Packard) Hidden
    AirDroid 3.5.4.0 (HKLM-x32\...\AirDroid) (Version: 3.5.4.0 - Sand Studio)
    Alchemilla v1.1 (HKLM-x32\...\{F48B561D-9D56-4C5E-8822-AB78042BA342}}_is1) (Version: - White Noise)
    Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
    Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
    AntimalwareEngine (HKLM\...\{CC347FC6-C8D7-493A-B70E-1D89E22691A7}) (Version: 3.0.0.56 - Lavasoft) Hidden
    Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
    ArcSoft TotalMedia Theatre 5 (HKLM-x32\...\{9A2CE5D4-0A1E-42EB-9CE0-ABD5DD79E94E}) (Version: 5.0.1.80 - ArcSoft) Hidden
    ArcSoft TotalMedia Theatre 5 (HKLM-x32\...\InstallShield_{9A2CE5D4-0A1E-42EB-9CE0-ABD5DD79E94E}) (Version: 5.0.1.113 - ArcSoft)
    Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
    Battlefield™ 1 (HKLM-x32\...\{335B50BC-6130-4BAF-9A6A-F1561270587B}) (Version: 1.0.54.357 - Electronic Arts)
    Betternet for Windows (HKLM-x32\...\{2E77104D-96E1-4A9C-86F2-C7CF4C703740}) (Version: 3.7.4.0 - Betternet Technologies Inc.)
    BioShock (HKLM-x32\...\{E280923D-C5D9-4728-8C79-AC9A0DC75875}) (Version: 2.5.0000 - 2K Games)
    bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
    Blurb Book Creator CS6 v2.7.0.20d16 (HKLM-x32\...\Blurb Template Creator CS6_is1) (Version: - )
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Boot Animation Factory (HKLM-x32\...\{3EA00EEB-27DE-4507-AFF4-0C697A20C37B}) (Version: 1.4.1.0 - D01 MicroApps)
    Borderlands 2 - Game Of The Year Edition (HKLM-x32\...\Borderlands 2 - Game Of The Year Edition_is1) (Version: Borderlands 2 - Game Of The Year Edition - )
    Bruteforce Save Data (HKLM-x32\...\Bruteforce Save Data) (Version: - )
    BufferChm (HKLM-x32\...\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}) (Version: 130.0.331.000 - Hewlett-Packard) Hidden
    Bulletstorm (HKLM-x32\...\{45410935-3E72-472B-8C35-AB1000008200}) (Version: 1.0.0000.130 - EA) Hidden
    Bulletstorm (HKLM-x32\...\GFWL_{45410935-3E72-472B-8C35-AB1000008200}) (Version: 1.0.0000.130 - EA)
    CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.76.0.2015 - Georgy Berdyshev)
    CDisplayEx 1.10.29 (HKLM\...\CDisplayEx_is1) (Version: - Progdigy Software S.A.R.L.)
    Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine)
    Combined Community Codec Pack 2014-07-13 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.07.13.0 - CCCP Project)
    Combined Community Codec Pack 64bit 2015-10-18 (HKLM\...\Combined Community Codec Pack 64bit_is1) (Version: 2015.10.19.0 - CCCP Project)
    Content Manager Assistant for PlayStation(R) (HKLM-x32\...\{E5C1C342-5E78-4D91-85BE-40C716B09391}) (Version: 3.55.7671.0901 - Sony Computer Entertainment Inc.)
    Copy (HKLM-x32\...\{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}) (Version: 130.0.428.000 - Hewlett-Packard) Hidden
    CopyTrans Control Center Uninstall Only (HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\CopyTrans Suite) (Version: 4.013 - WindSolutions)
    Crusader No Remorse (HKLM-x32\...\{2AEA735F-B393-4D89-93EF-5849CB72B4A3}) (Version: 1.0.0.2 - Electronic Arts)
    Crysis(R) (HKLM-x32\...\{000E79B7-E725-4F01-870A-C12942B7F8E4}) (Version: 1.00.0000 - Electronic Arts)
    Data Lifeguard Diagnostic for Windows 1.29 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation)
    DC++ 0.851 (HKLM-x32\...\DC++) (Version: 0.851 - Jacek Sieka)
    DDS Viewer (HKLM-x32\...\{707333E0-C796-4E2D-B0DA-5A429706C361}_is1) (Version: - IdeaMK)
    Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 130.0.0.0 - Hewlett-Packard) Hidden
    DeviceDiscovery (HKLM-x32\...\{2FF8C687-DB7D-4adc-A5DC-57983EC25046}) (Version: 130.0.465.000 - Hewlett-Packard) Hidden
    DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.77 - DivX, LLC)
    DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
    Doom 3 (HKLM-x32\...\{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}) (Version: 1.00.0000 - Activision) Hidden
    Doom 3 (HKLM-x32\...\InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}) (Version: 1.00.0000 - Activision)
    dr.fone toolkit for Android (Version 8.1.0) (HKLM-x32\...\{7B08A1E1-3644-4237-B39D-762B5F5564D0}_is1) (Version: 8.1.0.47 - Wondershare Software Co.,Ltd.)
    Dragon UnPACKer 5 (HKLM-x32\...\DragonUnPACKer5_is1) (Version: 5.7.0 Beta - Alexandre Devilliers (aka Elbereth))
    DS4Tool (HKLM-x32\...\{498F10CC-41BC-42EB-8D1C-FAFCCD7DAAE3}) (Version: 1.4.40 - DSDCS)
    Exact Audio Copy 1.0beta6 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta6 - Andre Wiethoff)
    Eye Candy 4000 Demo (HKLM-x32\...\Eye Candy 4000) (Version: - )
    Fax (HKLM-x32\...\{440B915A-0C85-45DB-92AE-75AE14704A64}) (Version: 130.0.418.000 - Hewlett-Packard) Hidden
    FFmpeg v0.6.2 for Audacity (HKLM-x32\...\FFmpeg for Audacity_is1) (Version: - )
    Fritz 15 64-bit (HKLM\...\{E055F983-1A0C-4A1B-84BE-A0E5F03F279C}) (Version: 15.3.0.0 - ChessBase)
    Gone Home (HKLM-x32\...\GoneHome) (Version: - )
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.77 - Google Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
    Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
    GPBaseService2 (HKLM-x32\...\{63FF21C9-A810-464F-B60A-3111747B1A6D}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
    Horizon (HKLM-x32\...\{6b384f34-10c8-4c10-ba08-345168bda7e8}) (Version: 2.9.0 - Daring Development Inc.)
    Horizon (HKLM-x32\...\{6BCA2AC7-7BC2-4011-BE10-143BDFD43D6C}) (Version: 2.9.0 - Daring Development Inc.) Hidden
    HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
    HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
    HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
    HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
    HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
    HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
    HP Support Solutions Framework (HKLM-x32\...\{CE7447C2-EF12-4EF3-BE51-BFC3B049C0F6}) (Version: 12.9.24.3 - HP)
    HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
    HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 130.0.282.000 - Hewlett-Packard) Hidden
    HPPhotoSmartDiscLabelContent1 (HKLM-x32\...\{681B698F-C997-42C3-B184-B489C6CA24C9}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
    HPPhotosmartEssential (HKLM-x32\...\{D79113E7-274C-470B-BD46-01B10219DF6A}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
    HPProductAssistant (HKLM-x32\...\{C43326F5-F135-4551-8270-7F7ABA0462E1}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
    HPSSupply (HKLM-x32\...\{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
    HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
    ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4835 - Intel Corporation)
    Intel® Hardware Accelerated Execution Manager (HKLM\...\{ECCB31F5-435D-4F37-A98D-5854D3C62718}) (Version: 1.1.1 - Intel Corporation)
    iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
    Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
    Java SE Development Kit 8 Update 72 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180720}) (Version: 8.0.720.15 - Oracle Corporation)
    jetAudio Basic (HKLM-x32\...\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}) (Version: 8.1.0 - COWON)
    LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
    Magic The Gathering Online (HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\01641bea2c75c522) (Version: 3.4.95.1048 - Wizards of the Coast, LLC)
    MakeitOne - MP3AlbumMaker (HKLM-x32\...\{DD6FA976-3F0A-4C6C-A30F-6E75DFC39DE9}) (Version: 1.0.0 - MakeitOne)
    Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
    MarketResearch (HKLM-x32\...\{175F0111-2968-4935-8F70-33108C6A4DE3}) (Version: 130.0.374.000 - Hewlett-Packard) Hidden
    MCC Tool Chest PE (HKLM-x32\...\{822D45B5-B729-4511-8967-2714CE611B8D}) (Version: 0.00.0100 - MCCToolChest)
    MegaDownloader 1.1 (HKLM\...\{C12C2297-65A4-4E64-9AE1-29F0D947FDA0}}_is1) (Version: 1.1 - Andres_age)
    Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
    Microsoft Games for Windows - LIVE (HKLM-x32\...\{F97E3841-CA9D-4964-9D64-26066241D26F}) (Version: 3.3.24.0 - Microsoft Corporation)
    Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{8FB1B528-E260-451E-9B55-E9152F94B80B}) (Version: 3.2.3.0 - Microsoft Corporation)
    Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
    Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\OneDriveSetup.exe) (Version: 18.172.0826.0010 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
    Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
    Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
    MKVCleaver x64 (HKLM\...\{1256E11A-B91F-4869-9DC3-EBCC7466314C}) (Version: 6.0.7 - Ilia Bakhmoutski)
    MKVToolNix 7.9.0 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 7.9.0 - Moritz Bunkus)
    Modio (HKLM-x32\...\{3DA224A5-666B-4941-8998-2F19C6D126A5}_is1) (Version: - GameTuts)
    Mozilla Firefox 47.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.2 (x86 en-US)) (Version: 47.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.2.6148 - Mozilla)
    mp3Tag 5.9 (HKLM-x32\...\mp3Tag_is1) (Version: - ManiacTools.com)
    MPC-HC 1.7.10 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.10 - MPC-HC Team)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MTGArena (HKLM-x32\...\{E399DBC3-3531-46B4-ADE2-D031F9C81811}) (Version: 0.1.893.0 - Wizards of the Coast)
    My MP4Box GUI 0.6.0.6 (HKLM\...\{3FBE3061-F2BC-4D3A-B4A9-8FB15C503F87}_is1) (Version: 0.6.0.6 - Matt Bodin)
    Network64 (HKLM\...\{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}) (Version: 130.0.572.000 - Hewlett-Packard) Hidden
    Network64 (HKLM\...\{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}) (Version: 140.0.221.000 - Hewlett-Packard) Hidden
    NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
    NVIDIA GeForce Experience 3.9.0.61 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.9.0.61 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
    OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
    Open 3D Model Viewer (HKLM-x32\...\{EBDFEC36-5277-454F-875B-F0AA2CDC3C92}) (Version: 1.10.0000 - Alexander Gessler)
    Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
    OpenVPN 2.3.12-I602 (HKLM-x32\...\OpenVPN) (Version: 2.3.12-I602 - )
    Origin (HKLM-x32\...\Origin) (Version: 10.5.29.14153 - Electronic Arts, Inc.)
    Outlast (HKLM-x32\...\GOGPACKOUTLAST_is1) (Version: 2.0.0.3 - GOG.com)
    PAK Explorer (HKLM-x32\...\{1FEA83F9-7B47-47FF-8297-08E0D07C26F4}) (Version: 1.3.0.0 - The Battlezone 2 Community Project)
    PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
    PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
    PeerGuardian 2.0 (HKLM\...\PeerGuardian_is1) (Version: 2.1.0.2 - Methlabs Productions)
    ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
    PlayChess (HKLM-x32\...\PlayChess) (Version: - ChessBase GmbH)
    PodTrans 4.9.0 (HKLM-x32\...\{A5B89AC2-2FE2-4AFD-8CB4-2613E0BB85FF}}_is1) (Version: 4.9.0 - iMobie Inc.)
    Pokémon Trading Card Game Online (HKLM-x32\...\{4564E5ED-FA24-4D00-9192-BB4E92F8F2F0}) (Version: 2.44.2 - The Pokémon Company International)
    Qcma (HKLM\...\Qcma) (Version: 0.3.12 - codestation)
    Quake 4(TM) (HKLM-x32\...\{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}) (Version: 1.0 - Activision) Hidden
    Quake 4(TM) (HKLM-x32\...\InstallShield_{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}) (Version: 1.0 - Activision)
    RAD Video Tools (HKLM-x32\...\RADVideo) (Version: - )
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.82.317.2014 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
    Revo Uninstaller 2.0.3 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.3 - VS Revo Group, Ltd.)
    Scan (HKLM-x32\...\{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
    ScpToolkit (HKLM\...\{AC052048-9828-45E3-872B-04CE30A3B58B}) (Version: 1.6.238.16010 - Nefarius Software Solutions)
    Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
    Skype Web Plugin (HKLM-x32\...\{0F7D4832-16AE-4857-A6FA-2B141D75A59B}) (Version: 7.7.0.219 - Skype Technologies S.A.)
    SlimDX Runtime .NET 4.0 x64 (January 2012) (HKLM\...\{A2199A06-89C4-4187-AA4A-3A9676FB799D}) (Version: 2.0.13.43 - SlimDX Group)
    SlimDX Runtime .NET 4.0 x86 (January 2012) (HKLM-x32\...\{7EBD0E43-6AC0-4CA8-9990-00E50069AD29}) (Version: 2.0.13.43 - SlimDX Group)
    SmartWebPrinting (HKLM-x32\...\{DC635845-46D3-404B-BCB1-FC4A91091AFA}) (Version: 130.0.457.000 - Hewlett-Packard) Hidden
    SolutionCenter (HKLM-x32\...\{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}) (Version: 130.0.373.000 - Hewlett-Packard) Hidden
    Status (HKLM-x32\...\{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}) (Version: 130.0.469.000 - Hewlett-Packard) Hidden
    Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
    Steam Controller Database Client (HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\143ba96d0d39f1c2) (Version: 1.0.0.10 - Flaming Zonkey)
    Steins;Gate version 1.0 (HKLM\...\{2A05A52B-BDD8-4FD5-A65A-687CB10D98DF}_is1) (Version: 1.0 - JAST USA)
    Syncios 6.2.2 (HKLM-x32\...\Syncios) (Version: 6.2.2 - Anvsoft)
    Syndicate (HKLM-x32\...\{64CFBAAB-46F7-4628-8D9B-E656A8C11CDB}) (Version: 2.0.0.3 - Electronic Arts)
    System Shock - Enhanced Edition (HKLM-x32\...\1439995156_is1) (Version: 2.1.0.4 - GOG.com)
    TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
    Titanfall™ (HKLM-x32\...\{347EE0C3-0690-48F6-A231-53853C2A80D6}) (Version: 1.0.8.10 - Electronic Arts)
    Toolbox (HKLM-x32\...\{6BBA26E9-AB03-4FE7-831A-3535584CA002}) (Version: 130.0.648.000 - Hewlett-Packard) Hidden
    TrayApp (HKLM-x32\...\{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}) (Version: 130.0.422.000 - Hewlett-Packard) Hidden
    Tunngle beta (HKLM-x32\...\Tunngle beta_is1) (Version: - Tunngle.net GmbH)
    UHS Reader (Version 6.10) (HKLM-x32\...\UHS Reader (Version 6.10)) (Version: 6.10 - Universal Hint System)
    UltraUXThemePatcher (HKLM-x32\...\UltraUXThemePatcher) (Version: 2.3.0.0 - Manuel Hoefs (Zottel))
    UnloadSupport (HKLM-x32\...\{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}) (Version: 11.0.0 - Hewlett-Packard) Hidden
    Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{1F3E59DD-7DCE-4103-9528-57DA43134312}) (Version: 2.9.0.0 - Microsoft Corporation)
    VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
    Vegas Pro 13.0 (64-bit) (HKLM\...\{3814DB30-091D-11E4-BDE0-F04DA23A5C58}) (Version: 13.0.373 - Sony)
    Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
    Warframe (HKLM-x32\...\{B1B30BC2-0725-456D-9DBA-70374977AC91}) (Version: 1.0.0 - Digital Extremes)
    WebReg (HKLM-x32\...\{43CDF946-F5D9-4292-B006-BA0D92013021}) (Version: 130.0.132.017 - Hewlett-Packard) Hidden
    Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
    Windows Driver Package - libusb-win32 PS Vita Type B (02/23/2013 1.2.6.0) (HKLM\...\E88FB411ED92EFDB9BF3A5F94548DA4956C0D97B) (Version: 02/23/2013 1.2.6.0 - libusb-win32)
    WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
    Wolfenstein (HKLM-x32\...\{F9B37992-968C-4264-8449-489032FC28DE}) (Version: 1.0 - Activision) Hidden
    Wolfenstein (HKLM-x32\...\InstallShield_{F9B37992-968C-4264-8449-489032FC28DE}) (Version: 1.2 - Activision)
    Wolfenstein(TM) 1.2 Patch (HKLM-x32\...\{91C514E8-C92E-48E4-BDEE-DE3407837194}) (Version: 1.2 - Activision) Hidden
    Wolfenstein(TM) 1.2 Patch (HKLM-x32\...\InstallShield_{91C514E8-C92E-48E4-BDEE-DE3407837194}) (Version: - ) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000_Classes\CLSID\{031d25bb-102f-47dc-8ec1-62fc4e909d99}\InprocServer32 -> C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000_Classes\CLSID\{81CD4B70-A8AB-48FC-826C-8F76A1A06829}\InprocServer32 -> C:\Users\Joshua\AppData\Local\SkypePlugin\7.7.0.219\GatewayActiveX-x64.dll (Skype Technologies S.A.)
    CustomCLSID: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Joshua\AppData\Local\SkypePlugin\7.7.0.219\EdgeCalling.exe (Skype Technologies S.A.)
    CustomCLSID: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000_Classes\CLSID\{D779CCB8-300C-4160-B101-D6A5FD73294E}\localserver32 -> C:\Users\Joshua\AppData\Local\SkypePlugin\7.7.0.219\GatewayVersion-x64.exe (Skype Technologies S.A.)
    ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat Elements\ContextMenu64.dll [2014-12-03] (Adobe Systems Inc.)
    ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-06-10] (Alexander Roshal)
    ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-06-10] (Alexander Roshal)
    ContextMenuHandlers2: [AdAwareContextMenu] -> {5B64240D-5B36-4B9F-A75F-4925B6A53D5B} => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareShellExtension.dll [2014-12-18] ()
    ContextMenuHandlers3: [AdAwareContextMenu] -> {5B64240D-5B36-4B9F-A75F-4925B6A53D5B} => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareShellExtension.dll [2014-12-18] ()
    ContextMenuHandlers3: [jetAudio] -> {8D1636FD-CA49-4B4E-90E4-0A20E03A15E8} => C:\Program Files\JetAudio\JetFlExt64.dll [2013-05-09] (JetAudio)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
    ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-10-20] (Intel Corporation)
    ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\WINDOWS\system32\igfxOSP.dll [2017-10-20] (Intel Corporation)
    ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation)
    ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat Elements\ContextMenu64.dll [2014-12-03] (Adobe Systems Inc.)
    ContextMenuHandlers6: [jetAudio] -> {8D1636FD-CA49-4B4E-90E4-0A20E03A15E8} => C:\Program Files\JetAudio\JetFlExt64.dll [2013-05-09] (JetAudio)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
    ContextMenuHandlers6-x32: [SxContextMenump3Tag] -> {3B13F43E-2872-47AD-A427-880C29694E31} => C:\Program Files (x86)\mp3Tag 5\tag_menu.dll [2006-10-26] ()
    ContextMenuHandlers6-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-06-10] (Alexander Roshal)
    ContextMenuHandlers6-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-06-10] (Alexander Roshal)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0995A23F-D1B2-47FC-AB15-344BA9CBF343} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-06-28] (HP Inc.)
    Task: {0D360E8E-6046-45C5-8F47-9145F3C85E1F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
    Task: {17B173E6-676F-4EB1-B919-5648BC234E3C} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {264B1E25-E50F-4544-BC07-5C6E89E45E79} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {26FBBC35-5256-4B23-9CDA-90459325B269} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-25] (Google Inc.)
    Task: {36BD7178-9994-4E5D-B371-E7E0057E2DCE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {3A0C3033-9AA2-4B9E-AF09-90AB97457C78} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_122_Plugin.exe [2018-11-04] (Adobe Systems Incorporated)
    Task: {3AC22BCD-759C-4C45-BA4C-2DBAC7248174} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-08-17] (NVIDIA Corporation)
    Task: {3CA87BC9-5E63-4716-ADCE-B978F8D9B5EF} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-08-17] (NVIDIA Corporation)
    Task: {45D7BB0C-A84A-482D-B34A-EDEAEDAABF6A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
    Task: {4A87F1A6-AE69-4970-8A2B-F0D7246FE1FD} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {4E8B0F13-0618-42A2-9AF6-1B848B85CFBE} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {5595B560-A176-49C9-BDF8-78691BB61730} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {56EF2B35-C125-4253-99BA-25101EB09F6C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
    Task: {571F6466-2412-4520-95B9-95EB4BC70AFB} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-08-17] (NVIDIA Corporation)
    Task: {5959C4A6-9896-444C-BEB7-78A3E60A7581} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-11-04] (Adobe Systems Incorporated)
    Task: {5A8E121E-1847-43B3-97CA-B03A4CB8E55F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {622B4934-5AE1-46C7-B046-990A589234A5} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-08-17] (NVIDIA Corporation)
    Task: {62C8B779-6B73-4C3A-B7DA-F3B2E0346C5D} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
    Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
    Task: {65C62967-BBF7-44DF-842E-C521C3C44428} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
    Task: {7017931C-85E3-40CE-AF64-B568FC895DE9} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {70DBA690-47DE-4C35-BFC1-A4D5FC2C3CB2} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-08-17] (NVIDIA Corporation)
    Task: {7229D835-58AF-4E16-AEA7-A53EA83B69F8} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {7668DEFE-2398-4424-A1A3-92440F57B5E4} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {77AA25E0-99DD-4B65-BCF2-DA7AFB0DD178} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-08-17] (NVIDIA Corporation)
    Task: {7862FE7C-F295-452C-916F-08BEE1B09891} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
    Task: {79E71FB0-AAD3-492B-8363-05A2863B313F} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
    Task: {7CFC2E8C-1FEA-4BCD-B909-F31B112B5F03} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {80401C9B-535F-4851-B562-6FDC9F071A05} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {8756F5CE-3706-4DE2-A52D-E98626FCAAEB} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {8C591E69-B841-44DE-AEF2-A61B43B7EA08} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-18] ()
    Task: {8D7176A7-F17E-476F-82B3-A633C64E263D} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
    Task: {8E2FBA80-51BF-45D4-BA19-BFB0F8C997C0} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {9863C25C-A9C5-4074-BABA-1435CB40951A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {9FA4A95B-3887-477A-84B2-8AC2BC007B02} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {A074D99D-C9EA-43E5-BC2A-C93B90577B60} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {A7D940C8-B79B-4B89-ABEA-0863945B69F7} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {A9F2A59A-D7E1-43D0-ACFD-34DBB35DFC47} - System32\Tasks\updater => C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpUpdater.exe [2016-01-10] (Nefarius Software Solutions)
    Task: {AE77AB85-BBF2-4A54-84C0-F87C1FBF9C98} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-25] (Google Inc.)
    Task: {B1181095-66B1-45F8-9D78-1A11BBB515D1} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
    Task: {B87E3492-23BF-4C1D-8E5E-1886C1527808} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-08-17] (NVIDIA Corporation)
    Task: {B8C1BC5F-512A-447F-8BB1-740322B92EAC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {BDBF02AF-A6FF-4741-94EB-FA7C487191AD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2018-11-03] (Microsoft Corporation)
    Task: {BEEE4AA2-D939-4F85-B529-11268A2FBB70} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {C237F615-88E5-4BE4-9281-FA90A02C31D5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
    Task: {C5A90ACF-CB42-4AF8-91F1-DC87E3446AD1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
    Task: {C87A525F-3E66-4B7D-A322-54D7BFD5BD79} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-08-17] (NVIDIA Corporation)
    Task: {CA4A3E9E-8FEB-49B9-BC89-6A62FB99BEF2} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {CD1E3F34-F917-4479-BC73-37DF7752942B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {CDA67D8E-99C9-4F50-B20C-9FE9FC7F5377} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {D3D3285B-F8CF-4217-B41D-AE185A5397B2} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {D5FAFE51-606F-4666-8564-9DBF031A835F} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {D62FA339-802C-4B4E-A92F-16B939E6E63F} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {D7B6F6DF-B2BB-4299-8162-26CE0503C501} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {DB464760-3BAD-4DEF-9001-067776B64287} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {DE9FBC71-DAD3-430C-B263-6904320D0793} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
    Task: {E6C08200-18E3-4DDB-87F4-908A495F7FC7} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
    Task: {E803A1EF-134A-48C8-849F-DE48BEC83079} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
    Task: {F0A26EE4-3713-440F-8F80-247AAC82095D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-06-27] (HP Inc.)
    Task: {F8C9F5BA-719B-4569-965D-F7A275A01FAB} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
    Task: {F8F22E92-0E1C-4084-A677-CF290CC63ED3} - System32\Tasks\{3E17A046-E3D2-453D-BD4D-C1E9EC13C355} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Joshua\AppData\Local\TNT2\2.0.0.1949\TNT2User.exe -c /UNINSTALL PARTNER=11083
    Task: {FD9C48E4-20FB-457F-9570-5FE7E6AA696C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {FEA660D4-2526-4FF2-A43D-B742360CBDBD} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ShortcutWithArgument: C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warframe\Warframe.lnk -> C:\Users\Joshua\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe (Digital Extremes) -> "hxxp://safesurfs.net/?ssid=1472142773&a=1003203&src=sh&uuid=7680328b-58a8-4eba-aabf-3b4449f6b7e2"
    ShortcutWithArgument: C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://safesurfs.net/?ssid=1472142773&a=1003203&src=sh&uuid=7680328b-58a8-4eba-aabf-3b4449f6b7e2"

    ==================== Loaded Modules (Whitelisted) ==============

    2017-05-08 23:44 - 2017-05-08 23:44 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2017-05-08 23:44 - 2017-05-08 23:44 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-12-18 14:09 - 2014-12-18 14:09 - 000713568 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe
    2014-12-18 15:22 - 2014-12-18 15:22 - 000107352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_thread-vc100-mt-1_57.dll
    2014-12-18 15:22 - 2014-12-18 15:22 - 000024408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_system-vc100-mt-1_57.dll
    2014-12-18 15:22 - 2014-12-18 15:22 - 000055648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_date_time-vc100-mt-1_57.dll
    2014-12-18 15:22 - 2014-12-18 15:22 - 000125792 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_filesystem-vc100-mt-1_57.dll
    2014-12-18 15:22 - 2014-12-18 15:22 - 000033624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_chrono-vc100-mt-1_57.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 012716368 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareServiceKernel.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 003396400 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\RCF.dll
    2014-12-18 15:22 - 2014-12-18 15:22 - 000786264 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_regex-vc100-mt-1_57.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 000736584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareActivation.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 000474968 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareApplicationUpdater.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 000812360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareGamingMode.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 000099136 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareReset.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 000119616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTime.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 000957784 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareDefinitionsUpdater.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 000867688 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareDefinitionsUpdaterScheduler.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 001107272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareIgnoreList.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 000248648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareQuarantine.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 001009496 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiMalwareEngine.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 000212824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiRootkitEngine.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 001171280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScannerHistory.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 001295680 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScanner.dll
    2014-12-18 15:22 - 2014-12-18 15:22 - 000035160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_timer-vc100-mt-1_57.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 000975704 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScannerScheduler.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 001091416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareRealTimeProtection.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 000229200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareIncompatibles.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 000894280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiSpam.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 000849232 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiPhishing.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 003096912 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareParentalControl.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 002953040 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareWebProtection.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 001251664 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareEmailProtection.dll
    2014-12-18 15:22 - 2014-12-18 15:22 - 000053600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_iostreams-vc100-mt-1_57.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 001289048 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareNetworkProtection.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 000968000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwarePromo.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 000360776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareFeedback.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 002785112 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareThreatWorkAlliance.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 001228608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwarePinCode.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 000968000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareNotice.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 000957256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAvcEngine.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 001177960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareRealTimeProtectionHistory.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 000152896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\SecurityCenter.dll
    2018-11-04 12:24 - 2018-10-18 09:44 - 002821952 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
    2018-11-04 12:25 - 2018-10-18 09:44 - 002695360 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
    2016-10-28 23:01 - 2017-08-17 23:36 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
    2018-04-11 18:34 - 2018-04-11 18:34 - 000491744 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
    2018-04-11 18:34 - 2018-04-11 18:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
    2018-04-11 18:34 - 2018-04-11 18:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
    2018-11-04 14:03 - 2018-10-21 02:15 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2014-12-18 14:21 - 2014-12-18 14:21 - 008947008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe
    2014-12-18 15:22 - 2014-12-18 15:22 - 000500056 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_locale-vc100-mt-1_57.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 002130752 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\HtmlFramework.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 000066872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\DllStorage.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 000869712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTrayDefaultSkin.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 000811328 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\Localization.dll
    2017-05-09 02:05 - 2017-05-09 02:05 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll
    2017-05-09 02:05 - 2017-05-09 02:05 - 001354040 _____ () C:\Program Files\iTunes\libxml2.dll
    2017-06-06 01:45 - 2017-06-06 01:45 - 001910424 _____ () C:\Program Files (x86)\Anvsoft\Syncios\SynciosDeviceService.exe
    2018-06-12 17:56 - 2018-06-08 04:31 - 003912608 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
    2018-06-12 17:56 - 2018-06-08 04:31 - 002506680 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll
    2016-09-01 19:59 - 2016-09-01 19:59 - 000017024 _____ () C:\Program Files (x86)\Anvsoft\Syncios\androidnotifier.exe
    2016-06-21 19:39 - 2016-06-21 19:39 - 001419776 _____ () C:\Program Files (x86)\Anvsoft\Syncios\adb.exe
    2018-11-03 22:42 - 2018-10-23 16:24 - 005020504 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.77\libglesv2.dll
    2018-11-03 22:42 - 2018-10-23 16:24 - 000116056 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.77\libegl.dll
    2014-08-26 21:08 - 2013-09-16 11:17 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2014-08-26 10:50 - 2018-10-09 23:17 - 000878880 _____ () C:\Games\Steam\SDL2.dll
    2014-08-26 10:50 - 2018-10-12 20:59 - 002647840 _____ () C:\Games\Steam\video.dll
    2015-01-20 09:25 - 2016-08-31 20:02 - 004969248 _____ () C:\Games\Steam\v8.dll
    2018-01-08 12:26 - 2017-12-19 20:43 - 000351520 _____ () C:\Games\Steam\libavresample-3.dll
    2018-01-08 12:26 - 2017-12-19 20:43 - 000695584 _____ () C:\Games\Steam\libavformat-57.dll
    2018-01-08 12:26 - 2017-12-19 20:43 - 000847136 _____ () C:\Games\Steam\libavutil-55.dll
    2018-01-08 12:26 - 2017-12-19 20:43 - 005137696 _____ () C:\Games\Steam\libavcodec-57.dll
    2018-01-08 12:26 - 2017-12-19 20:43 - 000783648 _____ () C:\Games\Steam\libswscale-4.dll
    2015-01-20 09:25 - 2016-08-31 20:02 - 001563936 _____ () C:\Games\Steam\icui18n.dll
    2015-01-20 09:25 - 2016-08-31 20:02 - 001195296 _____ () C:\Games\Steam\icuuc.dll
    2014-08-26 10:50 - 2018-10-12 20:59 - 001023776 _____ () C:\Games\Steam\bin\chromehtml.DLL
    2016-03-08 23:16 - 2016-07-04 17:17 - 000266560 _____ () C:\Games\Steam\openvr_api.dll
    2016-10-28 23:01 - 2017-08-17 23:36 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
    2016-01-15 14:38 - 2014-09-11 18:09 - 001498112 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
    2016-01-15 14:38 - 2014-05-19 17:19 - 000137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
    2017-07-26 19:57 - 2017-07-26 19:57 - 000074240 _____ () C:\Program Files (x86)\Anvsoft\Syncios\generalFunc_pdt.dll
    2017-08-27 20:10 - 2017-08-27 20:10 - 000595456 _____ () C:\Program Files (x86)\Anvsoft\Syncios\DuiLib.dll
    2017-08-14 02:04 - 2017-08-14 02:04 - 000592896 _____ () C:\Program Files (x86)\Anvsoft\Syncios\libsscan.dll
    2017-08-31 03:56 - 2017-08-31 03:56 - 001247744 _____ () C:\Program Files (x86)\Anvsoft\Syncios\androidSyncCore_pdm.dll
    2017-08-30 21:29 - 2017-08-30 21:29 - 000177664 _____ () C:\Program Files (x86)\Anvsoft\Syncios\driverMgr4Transfer_pdm.dll
    2016-08-01 03:01 - 2016-08-01 03:01 - 000571392 _____ () C:\Program Files (x86)\Anvsoft\Syncios\sqlite3.dll
    2016-08-01 03:01 - 2016-08-01 03:01 - 001970688 _____ () C:\Program Files (x86)\Anvsoft\Syncios\libplist.dll
    2017-07-26 19:57 - 2017-07-26 19:57 - 001042432 _____ () C:\Program Files (x86)\Anvsoft\Syncios\libandroidrecovery.dll
    2016-09-01 19:59 - 2016-09-01 19:59 - 001278080 _____ () C:\Program Files (x86)\Anvsoft\Syncios\libandroidnotifier.dll
    2017-05-08 23:45 - 2017-05-08 23:45 - 000080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2017-05-08 23:45 - 2017-05-08 23:45 - 001041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2016-06-21 19:39 - 2016-06-21 19:39 - 000671744 _____ () C:\Program Files (x86)\Anvsoft\Syncios\hashAB.dll
    2017-05-08 23:44 - 2017-05-08 23:44 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
    2017-06-15 13:37 - 2018-10-09 23:17 - 000878880 _____ () C:\Games\Steam\bin\cef\cef.win7\SDL2.dll
    2017-01-16 20:21 - 2018-09-22 19:00 - 088009504 _____ () C:\Games\Steam\bin\cef\cef.win7\libcef.dll
    2017-01-16 20:21 - 2018-09-22 19:00 - 004083488 _____ () C:\Games\Steam\bin\cef\cef.win7\libglesv2.dll
    2017-01-16 20:21 - 2018-09-22 19:00 - 000097056 _____ () C:\Games\Steam\bin\cef\cef.win7\libegl.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Users\Joshua\Cookies:xGuTvRI3t5Vb0P9SHzd9 [1960]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\clonewarsadventures.com -> clonewarsadventures.com
    IE trusted site: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\freerealms.com -> freerealms.com
    IE trusted site: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\soe.com -> soe.com
    IE trusted site: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\sony.com -> sony.com
    IE restricted site: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\123simsen.com -> www.123simsen.com

    There are 7937 more sites.


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:34 - 2017-08-17 11:53 - 000454630 _____ C:\WINDOWS\system32\Drivers\etc\hosts

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123moviedownload.com
    127.0.0.1 www.123moviedownload.com

    There are 15602 more lines.


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Joshua\appdata\local\microsoft\windows\themes\pacific r\desktopbackground\pacific_rim_3.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    If an entry is included in the fixlist, it will be removed.


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{7A14E657-83B7-413D-B5AA-8B11D04F586A}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe
    FirewallRules: [{74B82E8D-1F92-4C78-94D4-87C9BB1B9BFB}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe
    FirewallRules: [{C4A4D613-AB1F-42C7-93E5-9F9FD188A955}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe
    FirewallRules: [{DC57ACCA-1C96-40B8-AB66-AED0511460AB}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe
    FirewallRules: [{481AD292-ADBD-4AEC-BCE0-BB3AF44AAE5C}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{A0E435F2-26BE-4A19-B6FD-2E4AFE38AF30}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{A271D21C-64EC-4BB2-BC80-734A34790E33}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{C2A108D0-F0B4-4AC2-AF2A-844429C2DDB8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{6C2FCECB-04E1-4E89-8A65-1FD9C3513947}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{02A7DD62-F321-4AE6-A90A-DEC167A75182}] => (Allow) C:\Program Files (x86)\Anvsoft\Syncios\pdt_syncios.exe
    FirewallRules: [{4009AFEC-C87F-4E5E-868C-42ED671AE9C0}] => (Allow) C:\Program Files (x86)\Anvsoft\Syncios\pdt_syncios.exe
    FirewallRules: [{7A017758-6EE4-42CF-8095-A36C0A0410E2}] => (Allow) C:\Games\Steam\SteamApps\common\Prey\Binaries\Danielle\x64\Release\Prey.exe
    FirewallRules: [{BEA98A6F-0C81-45FC-B25E-9AA9F0782E30}] => (Allow) C:\Games\Steam\SteamApps\common\Prey\Binaries\Danielle\x64\Release\Prey.exe
    FirewallRules: [{AEB7F9A9-A5ED-4B6C-A838-578F07B6EE40}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{C76739D6-1A27-43D3-9D92-F041F455BBCD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{47300F81-5379-4BB6-9443-3505E0B41951}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    FirewallRules: [{29F5F800-2894-4171-BC69-694F70B1F1C5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    FirewallRules: [{CF7DFCD7-DF85-48B6-B645-EE720E997B0C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    FirewallRules: [{EB8EE6E7-F808-4D60-B1F5-941D8228D999}] => (Allow) C:\Program Files (x86)\Anvsoft\Syncios\pdt_syncios.exe
    FirewallRules: [{3C748391-8571-4496-847C-CB2F1C073A3A}] => (Allow) C:\Games\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{3BFD324C-5C40-48BD-A2FC-9CF6E59234C1}] => (Allow) C:\Games\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{91773F69-AD48-419C-A2E3-1B1C90A63ACE}] => (Allow) C:\Games\Steam\SteamApps\common\Tribes\Binaries\Win32\TribesAscend.exe
    FirewallRules: [{B2BD3D99-2E5E-49CA-85B8-C809A278EC61}] => (Allow) C:\Games\Steam\SteamApps\common\Tribes\Binaries\Win32\TribesAscend.exe
    FirewallRules: [{A07C6944-4770-4CFF-9E85-BDE897FA5D98}] => (Allow) C:\Games\Steam\SteamApps\common\WWE2K16\WWE2K16.exe
    FirewallRules: [{B8492FBC-8389-426A-9DF4-06653F7DE12A}] => (Allow) C:\Games\Steam\SteamApps\common\WWE2K16\WWE2K16.exe
    FirewallRules: [{EDB4401E-1576-4C34-983F-71F87262B798}] => (Allow) C:\Games\Steam\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2016.exe
    FirewallRules: [{8F5037F5-BC04-4058-8A6C-D9DE7B1C2168}] => (Allow) C:\Games\Steam\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2016.exe
    FirewallRules: [{82B258F9-89B1-4AC7-8438-FCDBC231B25D}] => (Allow) C:\Games\Steam\SteamApps\common\Five Nights at Freddy's\FiveNightsatFreddys.exe
    FirewallRules: [{D9146AC5-77FF-4C4E-AD48-14FF4A1AD197}] => (Allow) C:\Games\Steam\SteamApps\common\Five Nights at Freddy's\FiveNightsatFreddys.exe
    FirewallRules: [UDP Query User{9CC2E108-A338-48FA-B0DE-1E0075DCD150}C:\program files (x86)\trillian\plugins\skypekit.exe] => (Allow) C:\program files (x86)\trillian\plugins\skypekit.exe
    FirewallRules: [TCP Query User{352141CA-3BE0-4EEC-AF5E-AB00495C1952}C:\program files (x86)\trillian\plugins\skypekit.exe] => (Allow) C:\program files (x86)\trillian\plugins\skypekit.exe
    FirewallRules: [UDP Query User{DE660241-CFEE-456D-AA71-DCD6F93CC577}C:\games\steam\steamapps\common\dear esther\dearesther.exe] => (Allow) C:\games\steam\steamapps\common\dear esther\dearesther.exe
    FirewallRules: [TCP Query User{F29F9B56-E271-4C4E-AABE-239D7380F0CA}C:\games\steam\steamapps\common\dear esther\dearesther.exe] => (Allow) C:\games\steam\steamapps\common\dear esther\dearesther.exe
    FirewallRules: [UDP Query User{BD9CEC96-035C-4145-AEAB-51D8AF687152}C:\users\joshua\appdata\local\skypeplugin\7.7.0.219\pluginhost.exe] => (Allow) C:\users\joshua\appdata\local\skypeplugin\7.7.0.219\pluginhost.exe
    FirewallRules: [TCP Query User{6A88E54E-EAA9-414E-B566-A73A4CB94DC7}C:\users\joshua\appdata\local\skypeplugin\7.7.0.219\pluginhost.exe] => (Allow) C:\users\joshua\appdata\local\skypeplugin\7.7.0.219\pluginhost.exe
    FirewallRules: [UDP Query User{F9565792-9B06-4205-BDF4-AE843B34E148}C:\program files (x86)\trillian\plugins\skypekit.exe] => (Allow) C:\program files (x86)\trillian\plugins\skypekit.exe
    FirewallRules: [TCP Query User{A0DF5329-C387-42AD-82CF-F0F33BB49DA6}C:\program files (x86)\trillian\plugins\skypekit.exe] => (Allow) C:\program files (x86)\trillian\plugins\skypekit.exe
    FirewallRules: [{64DC0E1B-1BD2-41BA-BBD2-DCC5ED6D895D}] => (Allow) C:\Games\Steam\SteamApps\common\Half-Life 2 Deathmatch\hl2.exe
    FirewallRules: [{9D827F73-286B-4D76-80A6-E0CE0BF311CB}] => (Allow) C:\Games\Steam\SteamApps\common\Half-Life 2 Deathmatch\hl2.exe
    FirewallRules: [{433800B6-FA9D-4EF8-A49C-79A38C69B129}] => (Allow) C:\Program Files (x86)\uTorrent323\uTorrent.exe
    FirewallRules: [{8B078030-E8E3-4B2A-8442-0448EAD63905}] => (Allow) C:\Program Files (x86)\uTorrent323\uTorrent.exe
    FirewallRules: [{F4DEAF3A-566C-482B-BB2C-19BEA9B63F27}] => (Allow) C:\Games\Steam\Steam.exe
    FirewallRules: [{D469D511-45B6-43AF-830B-DB80B88B5E40}] => (Allow) C:\Games\Steam\Steam.exe
    FirewallRules: [{0E194090-07C4-4B72-872F-D731FDDD8AFF}] => (Allow) C:\Games\Steam\bin\steamwebhelper.exe
    FirewallRules: [{3CBC54C3-A1A8-49EA-B91A-80EBF5AB12DF}] => (Allow) C:\Games\Steam\bin\steamwebhelper.exe
    FirewallRules: [{E2E5A8DC-63A7-4D7D-BDE5-C62DC2B30A4B}] => (Allow) C:\Games\Steam\SteamApps\common\Tribes\Binaries\Win32\HirezBridge.exe
    FirewallRules: [{054C371D-35FB-4EA0-93B0-BBCBEDB3984D}] => (Allow) C:\Games\Steam\SteamApps\common\Tribes\Binaries\Win32\HirezBridge.exe
    FirewallRules: [{0426EF05-FF38-4ECB-93FA-DCD5F2D9F8F5}] => (Allow) C:\Games\Steam\steamapps\common\Warframe\Warframe.exe
    FirewallRules: [{154D4BF9-B314-487A-B86B-D3C00DB3AD68}] => (Allow) C:\Games\Steam\steamapps\common\Warframe\Warframe.x64.exe
    FirewallRules: [{73A47C39-0866-4083-BAC1-0AEEF0E643DC}] => (Allow) C:\Games\Steam\steamapps\common\Warframe\Warframe.exe
    FirewallRules: [{134BF144-5471-4A5F-BE49-16F90142F797}] => (Allow) C:\Games\Steam\steamapps\common\Warframe\Warframe.x64.exe
    FirewallRules: [{EA6B7408-655F-4C4F-BE60-C67A282EF7D7}] => (Allow) C:\Games\Steam\steamapps\common\Warframe\Warframe.exe
    FirewallRules: [{B34B7A1C-266D-4598-89EF-49D9E84B8071}] => (Allow) C:\Games\Steam\steamapps\common\Warframe\Warframe.x64.exe
    FirewallRules: [{51F57CFC-717C-4A42-A768-03CB80736555}] => (Allow) C:\Games\Steam\steamapps\common\Warframe\Tools\Launcher.exe
    FirewallRules: [{505C2284-15C4-4056-B280-A829369C3FB0}] => (Allow) C:\Games\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
    FirewallRules: [{0E3CA8A5-D983-479D-B1E6-CC2A9BF4C6CF}] => (Allow) C:\Games\Steam\SteamApps\common\RAGE\Rage.exe
    FirewallRules: [{EC96983C-A2F7-4E01-9509-5835458D1C1A}] => (Allow) C:\Games\Steam\SteamApps\common\RAGE\Rage.exe
    FirewallRules: [{1ACF2540-181B-4B03-87E3-53AFBD36826F}] => (Allow) C:\Games\Steam\SteamApps\common\RAGE\Rage64.exe
    FirewallRules: [{BC94288B-4352-4D2C-8DCC-3AD1BF4D41D2}] => (Allow) C:\Games\Steam\SteamApps\common\RAGE\Rage64.exe
    FirewallRules: [{BE7D8A34-5F6C-4A13-B880-664A5113E14B}] => (Allow) C:\Users\Joshua\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{394B5990-B1E7-48FD-B085-EDB12B87393C}] => (Allow) C:\Users\Joshua\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{546E1EC7-E7D5-48B4-8B80-588BE7A14332}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
    FirewallRules: [{8BD1904D-207D-4877-903E-D1932730036E}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
    FirewallRules: [{ECBAAD69-69BE-4434-B874-498E96FF5B70}] => (Allow) LPort=7935
    FirewallRules: [{FDEC8FB5-5D9A-468D-8F50-BD0CA5FC82B4}] => (Allow) C:\Games\Steam\SteamApps\common\HauntedMemories\HM.exe
    FirewallRules: [{582F3C60-B435-478E-8A1D-FC53C36F7981}] => (Allow) C:\Games\Steam\SteamApps\common\HauntedMemories\HM.exe
    FirewallRules: [{892FBDA3-5C39-4FE2-ABA4-DF209364192E}] => (Allow) C:\Games\Steam\SteamApps\common\Team Fortress 2\hl2.exe
    FirewallRules: [{5893D8DC-1354-49A0-AED4-87C23B85852E}] => (Allow) C:\Games\Steam\SteamApps\common\Team Fortress 2\hl2.exe
    FirewallRules: [{463655E2-12AC-477A-BA2C-E7756AF08EA4}] => (Allow) C:\Games\Steam\SteamApps\common\half-life 2\hl2.exe
    FirewallRules: [{9539F185-0A84-45BD-8DD3-30D9E8CF6D36}] => (Allow) C:\Games\Steam\SteamApps\common\half-life 2\hl2.exe
    FirewallRules: [{75CFA0A6-DE9E-44B3-9FD1-87ECB0E2B77B}] => (Allow) C:\Games\Steam\SteamApps\common\Wolfenstein.The.New.Order\WolfNewOrder_x64.exe
    FirewallRules: [{C433F5BB-5D1C-4EE0-B759-86AB45A17999}] => (Allow) C:\Games\Steam\SteamApps\common\Wolfenstein.The.New.Order\WolfNewOrder_x64.exe
    FirewallRules: [{C68CA6C9-0531-418B-BE17-B940DA7A8AB3}] => (Allow) C:\Games\Steam\SteamApps\common\Portal\hl2.exe
    FirewallRules: [{A534E423-0A1B-4BA5-8864-ECA74928DED2}] => (Allow) C:\Games\Steam\SteamApps\common\Portal\hl2.exe
    FirewallRules: [{0CFA355C-9BFA-4496-98EA-A10EF210FFD0}] => (Allow) C:\Games\Steam\SteamApps\common\Source SDK Base\hl2.exe
    FirewallRules: [{11E05778-6AF1-4928-ABB9-976B7975CFE9}] => (Allow) C:\Games\Steam\SteamApps\common\Source SDK Base\hl2.exe
    FirewallRules: [{90ADFD68-491F-4665-9BAE-7E69990D01B7}] => (Allow) C:\Games\Steam\SteamApps\common\Half-Life\hl.exe
    FirewallRules: [{865800D8-52A7-420C-B4C8-2EF9A1F3BEBC}] => (Allow) C:\Games\Steam\SteamApps\common\Half-Life\hl.exe
    FirewallRules: [{FC71E80D-E08E-4624-AFC0-9DFDAA10920B}] => (Allow) C:\Games\Activision\Wolfenstein\MP\Wolf2MP.exe
    FirewallRules: [{DFF33EC5-53BA-4380-8392-77D64BE074A9}] => (Allow) C:\Games\Activision\Wolfenstein\MP\Wolf2MP.exe
    FirewallRules: [{ABE41976-A585-42AB-8370-27CAAACFA97E}] => (Allow) C:\Games\Activision\Wolfenstein\MP\Wolf2MPLite.exe
    FirewallRules: [{E1A56B63-3BFC-4929-A92A-00D4DFE0F4B0}] => (Allow) C:\Games\Activision\Wolfenstein\MP\Wolf2MPLite.exe
    FirewallRules: [{82C0E512-F7EF-4CAE-87AF-8C91762D328D}] => (Allow) C:\Games\Steam\SteamApps\common\Source SDK Base 2007\hl2.exe
    FirewallRules: [{F973D4F5-2711-4800-A072-65A51B684897}] => (Allow) C:\Games\Steam\SteamApps\common\Source SDK Base 2007\hl2.exe
    FirewallRules: [TCP Query User{E6B9DA75-1B03-4DBE-AB40-2224C8ECDACD}C:\games\steam\steamapps\common\magic 2015 demo\dotp_d15.exe] => (Allow) C:\games\steam\steamapps\common\magic 2015 demo\dotp_d15.exe
    FirewallRules: [UDP Query User{8DDEAB12-F37E-4D51-959C-F2D9EE82B6A1}C:\games\steam\steamapps\common\magic 2015 demo\dotp_d15.exe] => (Allow) C:\games\steam\steamapps\common\magic 2015 demo\dotp_d15.exe
    FirewallRules: [{6833779D-A122-4654-8350-7BFA570E99DD}] => (Allow) C:\Games\Steam\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win32\MarvelHeroes2015.exe
    FirewallRules: [{0004F174-B4CE-43C0-904B-52285314F89F}] => (Allow) C:\Games\Steam\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win32\MarvelHeroes2015.exe
    FirewallRules: [{ED48FA61-1FBA-4AF1-8226-0F85E44CE432}] => (Allow) C:\Users\Joshua\AppData\Local\Warframe\Downloaded\Public\Warframe.exe
    FirewallRules: [{B87B2B47-070B-4E88-8F02-EA76962863E3}] => (Allow) C:\Users\Joshua\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
    FirewallRules: [{483F2ACB-FB82-4625-A430-421BE74C4C50}] => (Allow) C:\Users\Joshua\AppData\Local\Warframe\Downloaded\Public\Warframe.exe
    FirewallRules: [{5290CB1B-1B1F-49BB-AC27-B36489650484}] => (Allow) C:\Users\Joshua\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
    FirewallRules: [{69386B41-BFAE-4FA3-B742-CBD10E77BEC9}] => (Allow) C:\Users\Joshua\AppData\Local\Warframe\Downloaded\Public\Warframe.exe
    FirewallRules: [{3E8F65E4-2C14-4D43-A1A3-2ED0B275F06D}] => (Allow) C:\Users\Joshua\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
    FirewallRules: [{B15031A5-9201-4652-8D7B-93A55EC180FD}] => (Allow) C:\Users\Joshua\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe
    FirewallRules: [{565FDF83-47BB-4018-AD42-B8DF8CF77743}] => (Allow) C:\Users\Joshua\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe
    FirewallRules: [TCP Query User{7208572E-C162-4BC9-B5B1-A0E8A10C3BA0}C:\games\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe] => (Block) C:\games\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe
    FirewallRules: [UDP Query User{DF731C6D-B2D2-4FCF-B2A0-1FA8F5AB6C3C}C:\games\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe] => (Block) C:\games\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe
    FirewallRules: [{6309EC98-D543-452F-9170-928BB874D7CE}] => (Allow) C:\Games\Steam\SteamApps\common\Warframe\Tools\Launcher.exe
    FirewallRules: [{FCF4324E-C142-4EA1-BE34-FC30AC22A0F9}] => (Allow) C:\Games\Steam\SteamApps\common\Warframe\Tools\Launcher.exe
    FirewallRules: [TCP Query User{ACDDEB70-0EEA-47AD-86D3-8FAD1BB0EC22}C:\program files (x86)\dsdcs\ds4tool\ds4tool.exe] => (Allow) C:\program files (x86)\dsdcs\ds4tool\ds4tool.exe
    FirewallRules: [UDP Query User{7629B5F6-B6FF-4346-991E-E72B2F179056}C:\program files (x86)\dsdcs\ds4tool\ds4tool.exe] => (Allow) C:\program files (x86)\dsdcs\ds4tool\ds4tool.exe
    FirewallRules: [{CD515F26-A766-4C54-9447-AFE8540F6154}] => (Allow) C:\Program Files (x86)\2K Games\Borderlands 2 - Game Of The Year Edition\Binaries\Win32\borderlands2.exe
    FirewallRules: [TCP Query User{1CD83E76-8C09-4D4E-87FE-B91FBC729DCE}C:\program files (x86)\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe] => (Allow) C:\program files (x86)\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe
    FirewallRules: [UDP Query User{DA7B9AEB-72CE-4FC0-BCD8-B0F3D91A8E5F}C:\program files (x86)\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe] => (Allow) C:\program files (x86)\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe
    FirewallRules: [TCP Query User{664897DD-CA5A-427B-A5DF-921A76A469C2}C:\program files (x86)\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe] => (Allow) C:\program files (x86)\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe
    FirewallRules: [UDP Query User{FDD535BF-8DE7-4464-9AA8-C0E65A8BCAF9}C:\program files (x86)\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe] => (Allow) C:\program files (x86)\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe
    FirewallRules: [{FE0C3A5B-F85A-41F4-8317-DD98E97CBB3A}] => (Allow) C:\Program Files (x86)\2K Games\Borderlands 2 - Game Of The Year Edition\Binaries\Win32\borderlands2.exe
    FirewallRules: [TCP Query User{3F805E78-B455-4F01-B7DC-F148A7B77ED3}C:\program files (x86)\2k games\borderlands 2 - game of the year edition\binaries\win64\borderlands2.exe] => (Allow) C:\program files (x86)\2k games\borderlands 2 - game of the year edition\binaries\win64\borderlands2.exe
    FirewallRules: [UDP Query User{72907FAC-FDEE-427E-8975-A9FD0E870154}C:\program files (x86)\2k games\borderlands 2 - game of the year edition\binaries\win64\borderlands2.exe] => (Allow) C:\program files (x86)\2k games\borderlands 2 - game of the year edition\binaries\win64\borderlands2.exe
    FirewallRules: [{13962D92-2882-4267-A1E2-13E90B12B483}] => (Allow) C:\Games\2K Games\Borderlands 2 - Game Of The Year Edition\Binaries\Win32\borderlands2.exe
    FirewallRules: [{5D737135-79E6-4AD8-A1E3-1E7D26509BBF}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
    FirewallRules: [{5696E011-DCCF-4AAF-BC4A-609A1B13469C}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
    FirewallRules: [{308A521D-3F32-4FB0-8CB0-84DCBD03E7BF}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
    FirewallRules: [{81EFC44D-EE38-4553-B6CA-C509694F2061}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
    FirewallRules: [{85C605B3-F955-49E5-817B-509BBAC0690F}] => (Allow) C:\Games\2K Games\Borderlands 2 - Game Of The Year Edition\Binaries\Win32\borderlands2.exe
    FirewallRules: [{587E82E2-F8A4-4A71-BFD7-D5A4AC32C302}] => (Allow) C:\Games\Steam\SteamApps\common\FEAR2\FEAR2.exe
    FirewallRules: [{E117F0E8-D8D8-4A19-8A74-DB17DC37D240}] => (Allow) C:\Games\Steam\SteamApps\common\FEAR2\FEAR2.exe
    FirewallRules: [{23BBDBCE-3AAC-4224-A53C-D8F829C6E4F6}] => (Allow) C:\Games\Steam\SteamApps\common\SolForge\SolForge.exe
    FirewallRules: [{483C2F3F-3EDF-42B4-B17E-CC8A3F0F2890}] => (Allow) C:\Games\Steam\SteamApps\common\SolForge\SolForge.exe
    FirewallRules: [{C1621212-8093-4AA4-8412-07E8D3E74510}] => (Allow) C:\Games\Steam\SteamApps\common\InfinityWars\Infinity Wars TCG.exe
    FirewallRules: [{D96DFFDB-DE34-4E9C-ACA8-ED98F11F9058}] => (Allow) C:\Games\Steam\SteamApps\common\InfinityWars\Infinity Wars TCG.exe
    FirewallRules: [TCP Query User{A162965A-98E1-4304-A493-8F9C6B372AFE}C:\gog games\outlast\binaries\win64\olgame.exe] => (Allow) C:\gog games\outlast\binaries\win64\olgame.exe
    FirewallRules: [UDP Query User{63EFCB0F-6B11-472C-A03F-F7445997DDDC}C:\gog games\outlast\binaries\win64\olgame.exe] => (Allow) C:\gog games\outlast\binaries\win64\olgame.exe
    FirewallRules: [{1F5D0EBF-99CB-4090-A8F4-7D4732E95C7F}] => (Allow) C:\Games\Steam\SteamApps\common\portal 2\portal2.exe
    FirewallRules: [{A4A6B03E-0E8D-4E31-9FB4-99083F28E884}] => (Allow) C:\Games\Steam\SteamApps\common\portal 2\portal2.exe
    FirewallRules: [{8211312A-0B89-44B1-935D-BFEA2765A558}] => (Allow) C:\Games\Steam\SteamApps\common\The Apogee Throwback Pack\ThrowbackPackLauncher.exe
    FirewallRules: [{4B8D968D-DEE8-4551-88C5-A77EFDEBD051}] => (Allow) C:\Games\Steam\SteamApps\common\The Apogee Throwback Pack\ThrowbackPackLauncher.exe
    FirewallRules: [{7F954BCA-DAA1-4510-8735-5A2287E7DF46}] => (Allow) C:\Games\Steam\SteamApps\common\Rise of the Triad\LDKDedicatedServer.exe
    FirewallRules: [{E760597B-97AD-4678-AE2D-CDD08E88D319}] => (Allow) C:\Games\Steam\SteamApps\common\Rise of the Triad\LDKDedicatedServer.exe
    FirewallRules: [{230CA78C-9B28-4CBD-8C79-45F59CA934ED}] => (Allow) C:\Games\Steam\SteamApps\common\Elsword\ESSTEAM.exe
    FirewallRules: [{CFF1F133-B75B-4454-A04E-98ADFFD108C2}] => (Allow) C:\Games\Steam\SteamApps\common\Elsword\ESSTEAM.exe
    FirewallRules: [{F22E077E-3690-4007-8D57-7663634D977D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    FirewallRules: [{01AA6173-F090-4FC2-9C43-DDA1F3A184B5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
    FirewallRules: [{02191D71-FA7A-4D1E-80F4-F5C1ED4862B1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
    FirewallRules: [{F411A2CE-0A9C-4E34-949E-799B4E9F1961}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
    FirewallRules: [{16946307-3BCC-4145-9FA8-6804FBCD5B82}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
    FirewallRules: [{0A6E34CF-FB8C-43FE-A883-CAA8F72A01D6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
    FirewallRules: [{9373D688-DF00-4FA8-B2B3-B123D4178BDD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
    FirewallRules: [{FFC223BC-5504-4960-BC0E-C0FFC2A24CB0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
    FirewallRules: [{B3AD2E55-CBCD-4813-B9AE-455CC23BF308}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
    FirewallRules: [{47A7731B-F283-4BC4-BABD-2456FC37DEDA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
    FirewallRules: [{83961A59-872B-4982-9300-12F673D495C8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
    FirewallRules: [{5E6C9F65-2633-474E-885A-7E888ACBAFC3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
    FirewallRules: [{C4DAC3A6-98FF-4340-A014-97AAE8F4E8C6}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
    FirewallRules: [{25CC5A7A-1897-4C80-B0FD-8F0B09ACDF9B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
    FirewallRules: [{EF138326-1224-4570-ACE0-ED8D74F43E28}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
    FirewallRules: [{8DD0437F-888E-48EA-9403-012C50DF4E18}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
    FirewallRules: [{A130D804-0065-4D42-9A5B-8CC1AF9D3EE5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
    FirewallRules: [{53AEE634-5677-45CF-B711-B8071E0FD646}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
    FirewallRules: [{0768733C-E6CC-4DF3-BC7A-4310547D413B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
    FirewallRules: [{F369170F-5C7F-4022-893D-7F3FA68667C4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    FirewallRules: [{ACFBA37E-5BF8-4775-99F2-D6A15F677EC0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
    FirewallRules: [{BF2C60BF-57EB-4C0F-BC59-709D582A0DE5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
    FirewallRules: [{3FCF9B6A-EFF5-4DAF-B110-49DF6C9270FC}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
    FirewallRules: [{C5E8E32D-94AA-4DE1-A931-1AEEA20A22C5}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
    FirewallRules: [{E36FC237-D301-4B1C-8E39-1981479F3DC7}] => (Allow) C:\Games\Steam\SteamApps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe
    FirewallRules: [{5E458DC1-B0B9-4003-A087-A50A3CC594C4}] => (Allow) C:\Games\Steam\SteamApps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe
    FirewallRules: [TCP Query User{F079F970-3CA4-43E2-A586-B980081DFD26}C:\games\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) C:\games\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
    FirewallRules: [UDP Query User{7B90C674-7CD7-43D8-98A4-308B0FA227F0}C:\games\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) C:\games\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
    FirewallRules: [{09B977C4-B53D-40BA-8514-3EE1DBC1B764}] => (Allow) C:\Program Files (x86)\Origin Games\Titanfall\Titanfall.exe
    FirewallRules: [{72666BED-A43C-42EC-819D-9031EAEB3002}] => (Allow) C:\Program Files (x86)\Origin Games\Titanfall\Titanfall.exe
    FirewallRules: [{1AE70695-EFC7-48DC-8DDB-D6378BEE4653}] => (Allow) C:\Games\Steam\SteamApps\common\PlanetSide 2\LaunchPad.exe
    FirewallRules: [{7DBA97AB-68B3-463C-8FA9-5BCAD397FB06}] => (Allow) C:\Games\Steam\SteamApps\common\PlanetSide 2\LaunchPad.exe
    FirewallRules: [{6B1CB885-2334-4A27-8AA3-6DC48021B125}] => (Allow) C:\Program Files (x86)\Origin Games\Crusader No Remorse\data\Game\DOSBox\DOSBox.exe
    FirewallRules: [{B96145B6-704E-4E7C-A80A-EFE913CA8E10}] => (Allow) C:\Program Files (x86)\Origin Games\Crusader No Remorse\data\Game\DOSBox\DOSBox.exe
    FirewallRules: [{5132D459-9577-4093-BBA8-BB45D93DE2F9}] => (Allow) C:\Games\Steam\SteamApps\common\Shadow Warrior\sw.exe
    FirewallRules: [{32E3DA83-E717-4994-80E5-218FFBAF02FF}] => (Allow) C:\Games\Steam\SteamApps\common\Shadow Warrior\sw.exe
    FirewallRules: [{55903C66-4715-462E-B999-BC592D328176}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe
    FirewallRules: [{3B680845-DD6C-4B28-B7AA-278CE4EE731A}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe
    FirewallRules: [{4D80EADD-5153-4CF9-B5CF-6BC716FB1E58}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe
    FirewallRules: [{72947B39-C9C4-4244-928A-AAD8CB9B9332}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe
    FirewallRules: [{310752C1-B9A0-42CE-9B50-E110182540BA}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\Crysis.exe
    FirewallRules: [{39958D66-1AE3-4228-BCB4-E114A8A496F6}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\Crysis.exe
    FirewallRules: [{3D50693F-787C-4411-93AF-BCF5E0568B2A}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\CrysisDedicatedServer.exe
    FirewallRules: [{6CA1FEDB-E202-4E08-B4E3-64807E1F66D4}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\CrysisDedicatedServer.exe
    FirewallRules: [{1A8ACE6D-EB79-4EAF-A39E-56FF70305FAB}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
    FirewallRules: [{FDBB50B0-340C-4EF6-8D5A-2E2433B76F76}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
    FirewallRules: [{E11A8739-911E-4967-B1B0-4AC0B024B64C}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
    FirewallRules: [{01CEF471-CEBD-4A45-9522-8C145848848F}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
    FirewallRules: [{2BD021E7-C9B4-477D-8294-6A5134138B87}] => (Allow) C:\Games\Steam\SteamApps\common\Red Faction\RedFaction.exe
    FirewallRules: [{A6586F04-9B46-4742-871B-682869A8A68E}] => (Allow) C:\Games\Steam\SteamApps\common\Red Faction\RedFaction.exe
    FirewallRules: [{13A52DA1-19EF-4274-A71A-CC6369EB3C6F}] => (Allow) C:\Games\Steam\SteamApps\common\Red Faction II\Red Faction II.exe
    FirewallRules: [{853C159F-87B3-4A54-9E52-05E479FAC552}] => (Allow) C:\Games\Steam\SteamApps\common\Red Faction II\Red Faction II.exe
    FirewallRules: [{DDF4312D-CE17-46E8-BFA3-A3AD9B692C82}] => (Allow) C:\Games\Steam\SteamApps\common\Red Faction Guerrilla\rfg_launcher.exe
    FirewallRules: [{56312774-B31C-4C5C-8F64-EA12385DA536}] => (Allow) C:\Games\Steam\SteamApps\common\Red Faction Guerrilla\rfg_launcher.exe
    FirewallRules: [{E7128849-1334-4762-8D9A-D609517C7AB6}] => (Allow) C:\Games\Steam\SteamApps\common\red faction armageddon\rf4_launcher.exe
    FirewallRules: [{94E55EED-E6F7-4514-B72F-486506A05655}] => (Allow) C:\Games\Steam\SteamApps\common\red faction armageddon\rf4_launcher.exe
    FirewallRules: [{D0FA6A38-4DFB-4B46-9A0B-7DF69A48463A}] => (Allow) C:\Games\Steam\SteamApps\common\Red Faction Guerrilla\rfg.exe
    FirewallRules: [{C444DEFE-2156-4C65-8580-B3B9C12E16F3}] => (Allow) C:\Games\Steam\SteamApps\common\Red Faction Guerrilla\rfg.exe
    FirewallRules: [{A2A375BB-66C1-4849-AEE3-BDDF272A3B7E}] => (Allow) C:\Users\Joshua\AppData\Local\Temp\nsz84C9.tmp\CnetInstaller-10013740.exe
    FirewallRules: [{9611382D-14AB-4AC4-891A-C76A74CE05CE}] => (Allow) C:\Users\Joshua\AppData\Local\Temp\nsz84C9.tmp\CnetInstaller-10013740.exe
    FirewallRules: [{B5CE9458-5473-44F7-A180-1637DEC46E41}] => (Allow) C:\Games\Steam\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2015.exe
    FirewallRules: [{AE635F00-DCEA-46D9-9935-2F306CD41923}] => (Allow) C:\Games\Steam\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2015.exe
    FirewallRules: [{BA72B8A5-72E1-41BB-8696-38BE99CDA30B}] => (Allow) C:\Program Files (x86)\Origin Games\Syndicate (1993)\data\Game\DOSBox\LAUNCHER.exe
    FirewallRules: [{B6BC5475-00FA-48C1-B808-32DF95453778}] => (Allow) C:\Program Files (x86)\Origin Games\Syndicate (1993)\data\Game\DOSBox\LAUNCHER.exe
    FirewallRules: [{F607A723-4E6C-47F9-A7F1-C5FD328E192C}] => (Allow) C:\Games\EA\Bulletstorm\Binaries\Win32\ShippingPC-StormGame.exe
    FirewallRules: [{84F7BA59-DD03-44B1-B5DC-7DE09D26A6B2}] => (Allow) C:\Games\EA\Bulletstorm\Binaries\Win32\ShippingPC-StormGame.exe
    FirewallRules: [{2FDC1E44-0537-4937-A32A-5740DC0FEDD7}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
    FirewallRules: [{D66077F0-ED1A-4D28-B3DF-C0FD4A978C7F}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
    FirewallRules: [TCP Query User{95AD7887-BF17-4C4A-B8A7-AEE0C226E9B2}C:\program files\megadownloader\megadownloader.exe] => (Allow) C:\program files\megadownloader\megadownloader.exe
    FirewallRules: [UDP Query User{5833D958-C2FE-4FD0-A888-74768D0E0392}C:\program files\megadownloader\megadownloader.exe] => (Allow) C:\program files\megadownloader\megadownloader.exe
    FirewallRules: [{F0FCEFD7-2048-4EC5-8E97-EEAEE8DB4C66}] => (Allow) C:\Games\Steam\SteamApps\common\WWE 2K15\WWE2K15Launcher.exe
    FirewallRules: [{B814EEB0-9A4D-441B-801B-F95A83EBC9E1}] => (Allow) C:\Games\Steam\SteamApps\common\WWE 2K15\WWE2K15Launcher.exe
    FirewallRules: [TCP Query User{E3935758-0C11-4D1A-B79F-52E537F368A0}C:\program files (x86)\sony\content manager assistant\cma.exe] => (Allow) C:\program files (x86)\sony\content manager assistant\cma.exe
    FirewallRules: [UDP Query User{27671957-32C0-4B84-8016-2DFEAE74CB51}C:\program files (x86)\sony\content manager assistant\cma.exe] => (Allow) C:\program files (x86)\sony\content manager assistant\cma.exe
    FirewallRules: [TCP Query User{AC40B739-AE84-47C3-AD3C-9FD1EC12CA80}C:\program files (x86)\sony\content manager assistant\cma.exe] => (Allow) C:\program files (x86)\sony\content manager assistant\cma.exe
    FirewallRules: [UDP Query User{E1F36797-AF53-4F4F-82F1-C8CC0C87FAE7}C:\program files (x86)\sony\content manager assistant\cma.exe] => (Allow) C:\program files (x86)\sony\content manager assistant\cma.exe
    FirewallRules: [{E0978921-9A04-418B-BBB7-7FC141EEE277}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{4E8A5632-1951-4AA6-823C-8F9DF5925E01}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [TCP Query User{BCF4C2C4-0596-49B1-82A8-E1868FAE5942}C:\program files\dc++\dcplusplus.exe] => (Allow) C:\program files\dc++\dcplusplus.exe
    FirewallRules: [UDP Query User{C6E84D48-C66D-4C2C-9704-2C822C51D82B}C:\program files\dc++\dcplusplus.exe] => (Allow) C:\program files\dc++\dcplusplus.exe
    FirewallRules: [TCP Query User{A9F4C5B9-55AC-4D88-B219-8289A49D6380}C:\program files\dc++\dcplusplus.exe] => (Block) C:\program files\dc++\dcplusplus.exe
    FirewallRules: [UDP Query User{9DDDDB01-9C17-4FAC-8D9B-06BCE6F76980}C:\program files\dc++\dcplusplus.exe] => (Block) C:\program files\dc++\dcplusplus.exe
    FirewallRules: [{69D10CFF-1BDF-48F3-AB91-D9EE2D455C53}] => (Allow) C:\Games\Steam\SteamApps\common\Rise of the Triad\Binaries\ROTTLauncher.exe
    FirewallRules: [{60C35863-D47A-485A-AB3E-844D96FFC3BC}] => (Allow) C:\Games\Steam\SteamApps\common\Rise of the Triad\Binaries\ROTTLauncher.exe
    FirewallRules: [TCP Query User{1DE654E4-3193-461C-B1B5-19ED0A695287}C:\games\steam\steamapps\common\rise of the triad\binaries\win64\rott.exe] => (Allow) C:\games\steam\steamapps\common\rise of the triad\binaries\win64\rott.exe
    FirewallRules: [UDP Query User{6B853072-7D02-4627-9A04-0CBFAE77493F}C:\games\steam\steamapps\common\rise of the triad\binaries\win64\rott.exe] => (Allow) C:\games\steam\steamapps\common\rise of the triad\binaries\win64\rott.exe
    FirewallRules: [{E9EFFB84-AA67-4D20-8C94-AE04D3AD1698}] => (Allow) C:\Games\Steam\SteamApps\common\DOOM Open Beta\DOOMx64.exe
    FirewallRules: [{9FD2FC5A-A53C-43E4-8429-67628E8B01EA}] => (Allow) C:\Games\Steam\SteamApps\common\DOOM Open Beta\DOOMx64.exe
    FirewallRules: [{B8953BD6-D9F8-4776-9CDD-8796CC61FABA}] => (Allow) C:\Games\Steam\SteamApps\common\Cry of Fear\CoFLaunchApp.exe
    FirewallRules: [{2249B1B3-E480-40A2-86C5-E33B0ADD0F21}] => (Allow) C:\Games\Steam\SteamApps\common\Cry of Fear\CoFLaunchApp.exe
    FirewallRules: [{C76C29D2-67D5-4833-A57B-E44F2AE3188E}] => (Allow) C:\Games\Steam\SteamApps\common\DOOM\DOOMx64.exe
    FirewallRules: [{FDD1A2EF-E603-4C39-BD6B-6DE2F5C03F97}] => (Allow) C:\Games\Steam\SteamApps\common\DOOM\DOOMx64.exe
    FirewallRules: [{EED8D0CA-58F8-4206-B34D-177439F5F155}] => (Allow) C:\Games\Steam\SteamApps\common\The Witcher Enhanced Edition\System\witcher.exe
    FirewallRules: [{CE423476-1DC5-4838-835F-1699CBA7A359}] => (Allow) C:\Games\Steam\SteamApps\common\The Witcher Enhanced Edition\System\witcher.exe
    FirewallRules: [{65730845-4232-4F95-A03F-BA1A4E11F27F}] => (Allow) C:\Games\Steam\SteamApps\common\The Witcher Enhanced Edition\System\djinni!.exe
    FirewallRules: [{C569D265-D355-4B7E-868D-1F252A5D1902}] => (Allow) C:\Games\Steam\SteamApps\common\The Witcher Enhanced Edition\System\djinni!.exe
    FirewallRules: [{2B10D477-D237-4121-A031-1C7526C1633D}] => (Allow) C:\Games\Steam\SteamApps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
    FirewallRules: [{E2944F37-EA6D-423F-98BC-1442B97BB3EC}] => (Allow) C:\Games\Steam\SteamApps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
    FirewallRules: [{D9B01A1D-C940-4B7F-8624-124867FD4043}] => (Allow) C:\Games\Steam\SteamApps\common\Layers of Fear\Layers Of Fear.exe
    FirewallRules: [{0AA4E155-FFBF-449E-B99D-03AE8825898F}] => (Allow) C:\Games\Steam\SteamApps\common\Layers of Fear\Layers Of Fear.exe
    FirewallRules: [{EB1E9795-5F61-4C83-AE77-297E38DF3262}] => (Allow) C:\Games\Steam\SteamApps\common\Anna\Anna.exe
    FirewallRules: [{CEB5F8C9-F6B7-4848-AD00-A1CB26E24037}] => (Allow) C:\Games\Steam\SteamApps\common\Anna\Anna.exe
    FirewallRules: [{8EBED308-B65B-403B-AA6A-0539F745464C}] => (Allow) C:\Games\Steam\SteamApps\common\KillingFloor\System\KillingFloor.exe
    FirewallRules: [{0214F5BE-0B71-44E8-BEAB-5AD5F709B6C5}] => (Allow) C:\Games\Steam\SteamApps\common\KillingFloor\System\KillingFloor.exe
    FirewallRules: [{6DD8B30E-F192-466A-8F0F-EF89DA45A599}] => (Allow) C:\Games\Steam\SteamApps\common\Outlast\OutlastLauncher.exe
    FirewallRules: [{29045E3A-2653-4C2B-8D98-3E6B0F26CFEF}] => (Allow) C:\Games\Steam\SteamApps\common\Outlast\OutlastLauncher.exe
    FirewallRules: [{73E40B41-0EC3-4104-B3B4-948A5EDC13A5}] => (Allow) C:\Games\Steam\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroesOmega.exe
    FirewallRules: [{B99ADFA6-AFCA-4FAD-9DE9-B30F80A15A9B}] => (Allow) C:\Games\Steam\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroesOmega.exe
    FirewallRules: [{DB7EC026-50AB-43A7-AE3B-7AF99E53EC7F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    FirewallRules: [{8538F674-A9A0-4B2E-ABE7-D148A904941A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    FirewallRules: [{5735D1B1-44DD-4805-9DF7-17F6873AC4A8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    FirewallRules: [{0B376C23-37CC-4F37-9A2C-58A322F29C5B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{47917B35-BCC3-41A7-9F38-4CC3709F5643}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{432C8941-68EF-401C-92B2-4533378EC576}] => (Allow) C:\Program Files (x86)\Anvsoft\Syncios\pdt_syncios.exe
    FirewallRules: [TCP Query User{DD1949E0-7234-4511-8761-816A02C03C89}C:\program files (x86)\java\jre1.8.0_144\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_144\bin\javaw.exe
    FirewallRules: [UDP Query User{AC98907A-5B15-4492-9CBE-759B6547F176}C:\program files (x86)\java\jre1.8.0_144\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_144\bin\javaw.exe
    FirewallRules: [TCP Query User{5AEBB4E9-9C13-4FE1-B7D0-4CAE35CAF504}C:\games\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\games\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
    FirewallRules: [UDP Query User{EA8CF2D0-8C2C-451B-8382-2029063A8E23}C:\games\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\games\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
    FirewallRules: [{91D8A036-D596-4597-B1A3-656F29D507D0}] => (Allow) C:\Games\Steam\SteamApps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
    FirewallRules: [{EECC69FE-9D1C-4899-8B52-73BF5BF0B219}] => (Allow) C:\Games\Steam\SteamApps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
    FirewallRules: [TCP Query User{00D80793-E1EA-4CED-A744-37DECB7EB762}C:\games\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\games\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
    FirewallRules: [UDP Query User{6DBFD242-F531-4290-9C08-17EE8B2C8804}C:\games\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\games\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
    FirewallRules: [{FAFAE0B4-7942-4DF9-8045-329AB7E4E1F6}] => (Allow) C:\Games\Steam\SteamApps\common\Shadow Warrior\dx11\launcher.exe
    FirewallRules: [{5029C568-114E-4D54-BC83-F908B7D79267}] => (Allow) C:\Games\Steam\SteamApps\common\Shadow Warrior\dx11\launcher.exe
    FirewallRules: [{D587ABC0-41C1-4ED7-B12C-333C3DD985B6}] => (Allow) C:\Games\Steam\SteamApps\common\EvolveGame\Bin64_SteamRetail\Evolve.exe
    FirewallRules: [{75B66F1B-9E65-4C40-8660-11F94E17D24D}] => (Allow) C:\Games\Steam\SteamApps\common\EvolveGame\Bin64_SteamRetail\Evolve.exe
    FirewallRules: [{63185CF4-0AE2-4A25-9C23-47945C813D07}] => (Allow) C:\Games\Steam\SteamApps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win32\UDK.exe
    FirewallRules: [{BA3AAC02-0095-4CF7-85C5-CCE56FBA2DAA}] => (Allow) C:\Games\Steam\SteamApps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win32\UDK.exe
    FirewallRules: [{D77BEE7E-8DB6-46AA-A320-F8A12DD3F69B}] => (Allow) C:\Games\Steam\SteamApps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win64\UDK.exe
    FirewallRules: [{792A1CAA-9D76-48E4-9932-A09424C8CCE6}] => (Allow) C:\Games\Steam\SteamApps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win64\UDK.exe
    FirewallRules: [{C5B82757-74F9-4134-88A1-003A9591E594}] => (Allow) C:\Games\Steam\SteamApps\common\Magic 2015\DotP_D15.exe
    FirewallRules: [{60279249-A971-43BD-9A75-6255B9340569}] => (Allow) C:\Games\Steam\SteamApps\common\Magic 2015\DotP_D15.exe
    FirewallRules: [TCP Query User{8A283330-6D46-4F36-8647-0BF3D7345FFC}C:\games\wizards of the coast\mtga\mtga.exe] => (Allow) C:\games\wizards of the coast\mtga\mtga.exe
    FirewallRules: [UDP Query User{7B879429-2171-4CAD-BED1-139A6B957D5E}C:\games\wizards of the coast\mtga\mtga.exe] => (Allow) C:\games\wizards of the coast\mtga\mtga.exe
    FirewallRules: [{9CDD4535-CA0A-47BA-95BC-0CD615CEC577}] => (Allow) C:\Games\Steam\SteamApps\common\The Talos Principle\Bin\Talos.exe
    FirewallRules: [{C9E07A97-570D-44A5-BC5D-79C1AE618589}] => (Allow) C:\Games\Steam\SteamApps\common\The Talos Principle\Bin\Talos.exe
    FirewallRules: [{A86AC848-BE7B-464A-8149-3CEAC3D35080}] => (Allow) C:\Games\Steam\SteamApps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
    FirewallRules: [{87186E8B-5ED9-43D4-AF19-89078CE7E66D}] => (Allow) C:\Games\Steam\SteamApps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
    FirewallRules: [{209B0020-2456-4FD9-85F4-48226B523CBF}] => (Allow) C:\Games\Steam\SteamApps\common\The Talos Principle\Bin\x64\Talos.exe
    FirewallRules: [{BD53F3B4-7E2C-4C63-932D-E2EB29B1D889}] => (Allow) C:\Games\Steam\SteamApps\common\The Talos Principle\Bin\x64\Talos.exe
    FirewallRules: [{9A7F6D4B-36C4-464D-904C-A3AA25D1943E}] => (Allow) C:\Games\Steam\SteamApps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe
    FirewallRules: [{224FC366-8F59-4579-B9DA-F6A100502241}] => (Allow) C:\Games\Steam\SteamApps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe
    FirewallRules: [{40D214AB-BF57-4460-BB54-635C11E0586A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Restore Points =========================

    30-06-2018 19:15:02 Installed MTGArena
    06-07-2018 16:23:34 Installed MTGArena
    10-07-2018 21:10:17 Windows Update
    14-07-2018 20:00:14 Installed MTGArena
    18-07-2018 14:24:24 Installed MTGArena
    03-11-2018 19:50:23 Installed MTGArena

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (11/04/2018 05:39:42 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Origin.exe, version: 10.5.29.14153, time stamp: 0x5bbcfa1e
    Faulting module name: libcurl.dll_unloaded, version: 7.59.0.0, time stamp: 0x5ab4389f
    Exception code: 0xc0000005
    Fault offset: 0x000350a4
    Faulting process id: 0x560
    Faulting application start time: 0x01d4748ea826106f
    Faulting application path: C:\Program Files (x86)\Origin\Origin.exe
    Faulting module path: libcurl.dll
    Report Id: 313aad2a-2983-49d5-9347-b229fecde589
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (11/04/2018 05:32:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program SearchUI.exe version 10.0.17134.376 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

    Process ID: 2684

    Start Time: 01d4748db06f8343

    Termination Time: 4294967295

    Application Path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe

    Report Id: d7caf387-2a25-4c03-8a41-3abeded3c5da

    Faulting package full name: Microsoft.Windows.Cortana_1.10.7.17134_neutral_neutral_cw5n1h2txyewy

    Faulting package-relative application ID: CortanaUI

    Error: (11/04/2018 05:17:02 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: SystemSettings.exe, version: 10.0.17134.112, time stamp: 0x2a3c4e62
    Faulting module name: ntdll.dll, version: 10.0.17134.376, time stamp: 0x60d78cf9
    Exception code: 0xc000000d
    Fault offset: 0x0000000000108b60
    Faulting process id: 0x110c
    Faulting application start time: 0x01d4748c0083cea6
    Faulting application path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
    Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
    Report Id: 504d6a7b-8250-420d-8f7d-8f5c8f424c4f
    Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy
    Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel

    Error: (11/04/2018 05:16:21 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: malwarebytes_assistant.exe, version: 3.1.0.1644, time stamp: 0x5bc8b30d
    Faulting module name: malwarebytes_assistant.exe, version: 3.1.0.1644, time stamp: 0x5bc8b30d
    Exception code: 0xc0000005
    Fault offset: 0x00058341
    Faulting process id: 0x103c
    Faulting application start time: 0x01d4748bf63e0244
    Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\malwarebytes_assistant.exe
    Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\malwarebytes_assistant.exe
    Report Id: 9babef70-f9c0-4f4d-b3be-d4296de7bef0
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (11/04/2018 04:45:12 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: malwarebytes_assistant.exe, version: 3.1.0.1644, time stamp: 0x5bc8b30d
    Faulting module name: Qt5Core.dll, version: 5.11.1.0, time stamp: 0x5b9bc256
    Exception code: 0xc0000005
    Fault offset: 0x001b91fe
    Faulting process id: 0x1e6c
    Faulting application start time: 0x01d4748791ebc6bd
    Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\malwarebytes_assistant.exe
    Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
    Report Id: de77e489-0791-431a-8670-c155159f7078
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (11/04/2018 04:45:12 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: malwarebytes_assistant.exe, version: 3.1.0.1644, time stamp: 0x5bc8b30d
    Faulting module name: Qt5Core.dll, version: 5.11.1.0, time stamp: 0x5b9bc256
    Exception code: 0xc0000005
    Fault offset: 0x001b91fe
    Faulting process id: 0x23a4
    Faulting application start time: 0x01d47487974e41f2
    Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\malwarebytes_assistant.exe
    Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
    Report Id: 04951ed1-8d12-4f4d-a26e-4cb30a9d7e0e
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (11/04/2018 04:40:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program SystemSettings.exe version 10.0.17134.112 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

    Process ID: d60

    Start Time: 01d47486bdd6233f

    Termination Time: 4294967295

    Application Path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe

    Report Id: 3890151b-f4bf-49f8-b1d4-67bf66b53f16

    Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy

    Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel

    Error: (11/04/2018 04:38:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program SystemSettings.exe version 10.0.17134.112 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

    Process ID: 2b68

    Start Time: 01d474869143e509

    Termination Time: 4294967295

    Application Path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe

    Report Id: 56975d81-7b75-470c-84e6-bc65ceaf0eff

    Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy

    Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel


    System errors:
    =============
    Error: (11/04/2018 05:44:23 PM) (Source: DCOM) (EventID: 10016) (User: NORTHORPHQGX)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NORTHORPHQGX\Joshua SID (S-1-5-21-2577772942-3954309557-1672937280-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (11/04/2018 05:42:33 PM) (Source: DCOM) (EventID: 10016) (User: NORTHORPHQGX)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NORTHORPHQGX\Joshua SID (S-1-5-21-2577772942-3954309557-1672937280-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (11/04/2018 05:42:29 PM) (Source: DCOM) (EventID: 10016) (User: NORTHORPHQGX)
    Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {5DC4F9AD-3A2B-4DF4-AC39-3FF5A19FCF4C}
    and APPID
    {CE79BC8B-2980-4CA9-9570-6E0BF5B93BF2}
    to the user NORTHORPHQGX\Joshua SID (S-1-5-21-2577772942-3954309557-1672937280-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (11/04/2018 05:40:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
    Windows.SecurityCenter.WscBrokerManager
    and APPID
    Unavailable
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (11/04/2018 05:38:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Software Protection service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (11/04/2018 05:38:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.

    Error: (11/04/2018 05:37:21 PM) (Source: DCOM) (EventID: 10010) (User: NORTHORPHQGX)
    Description: The server {5DC4F9AD-3A2B-4DF4-AC39-3FF5A19FCF4C} did not register with DCOM within the required timeout.

    Error: (11/04/2018 05:36:18 PM) (Source: DCOM) (EventID: 10010) (User: NORTHORPHQGX)
    Description: The server {5DC4F9AD-3A2B-4DF4-AC39-3FF5A19FCF4C} did not register with DCOM within the required timeout.


    Windows Defender:
    ===================================
    Date: 2018-11-04 17:21:49.634
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.279.1183.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.15400.4
    Error code: 0x8007043c
    Error description: This service cannot be started in Safe Mode

    Date: 2018-11-04 17:11:08.056
    Description:
    Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
    Feature: On Access
    Error Code: 0x8007043c
    Error description: This service cannot be started in Safe Mode
    Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

    Date: 2018-11-03 23:00:14.473
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.279.1121.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.15400.4
    Error code: 0x80240016
    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

    Date: 2018-11-03 18:19:23.798
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.273.488.0
    Update Source: Microsoft Malware Protection Center
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.15100.1
    Error code: 0x80072ee7
    Error description: The server name or address could not be resolved

    Date: 2018-11-03 18:19:23.796
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.273.488.0
    Update Source: Microsoft Malware Protection Center
    Signature Type: AntiSpyware
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.15100.1
    Error code: 0x80072ee7
    Error description: The server name or address could not be resolved

    CodeIntegrity:
    ===================================

    Date: 2018-11-04 16:37:56.753
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2018-11-04 16:37:56.736
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2018-11-04 13:01:13.591
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2018-11-04 13:01:06.361
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2018-11-04 13:01:01.343
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2018-11-04 13:01:00.876
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2018-11-04 12:41:14.916
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2018-11-04 12:39:54.242
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-4690 CPU @ 3.50GHz
    Percentage of memory in use: 42%
    Total physical RAM: 8062.91 MB
    Available physical RAM: 4629.89 MB
    Total Virtual: 16254.91 MB
    Available Virtual: 12801.41 MB

    ==================== Drives ================================

    Drive c: (HQGX1) (Fixed) (Total:1862.06 GB) (Free:373.98 GB) NTFS

    \\?\Volume{1227c44c-2da4-11e4-9955-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
    \\?\Volume{23134ab5-0000-0000-0000-808ad1010000}\ () (Fixed) (Total:0.85 GB) (Free:0.46 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 23134AB5)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=1862.1 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=872 MB) - (Type=27)

    ==================== End of Addition.txt ============================

  4. #4
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,784

    Default

    I see you have peer-to-peer (P2P) file sharing software installed on your computer (uTorrent). I advise you avoid P2P file sharing programmes; they are a security risk which can make your computer susceptible to malware. File sharing networks are thoroughly infected and infested with malware - worms, backdoor Trojans, IRCBots, and rootkits propagate via P2P file sharing networks, gaming, and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware. The best way to reduce the risk of infection is to avoid these types of web sites and not use P2P applications. Please read the following articles for more information.


    ~~~~~~~~~~~~~

    Start Farbar Recovery Scan Tool with Administrator privileges
    (Right click on the FRST icon and select Run as administrator)

    highlight on the text below and select Copy.
    beginning with Start:: and finishing with End::

    Start::
    CloseProcesses:
    CreateRestorePoint:
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-01-18] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-18] (Oracle Corporation)
    F Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-18] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-18] (Oracle Corporation)
    2018-07-16 14:34 - 2018-07-16 14:34 - 000009728 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\i2vsqlxt.dll
    2018-07-18 19:34 - 2018-07-18 19:34 - 001906040 _____ (Oracle Corporation) C:\Users\Joshua\AppData\Local\Temp\jre-8u181-windows-au.exe
    2018-07-19 13:59 - 2018-07-19 13:59 - 000011264 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\lzhgtnqt.dll
    2018-11-03 17:42 - 2018-11-03 17:42 - 000005120 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\o-6f_iiv.dll
    2018-07-15 09:23 - 2018-07-15 09:23 - 000008704 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\prpso2e4.dll
    2018-11-04 10:26 - 2018-11-04 10:26 - 000006656 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\_lldykoh.dll
    ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    Task: {36BD7178-9994-4E5D-B371-E7E0057E2DCE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {5595B560-A176-49C9-BDF8-78691BB61730} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {5A8E121E-1847-43B3-97CA-B03A4CB8E55F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {7668DEFE-2398-4424-A1A3-92440F57B5E4} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {80401C9B-535F-4851-B562-6FDC9F071A05} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {8756F5CE-3706-4DE2-A52D-E98626FCAAEB} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {B8C1BC5F-512A-447F-8BB1-740322B92EAC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {CD1E3F34-F917-4479-BC73-37DF7752942B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {D3D3285B-F8CF-4217-B41D-AE185A5397B2} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {DB464760-3BAD-4DEF-9001-067776B64287} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {FD9C48E4-20FB-457F-9570-5FE7E6AA696C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {FEA660D4-2526-4FF2-A43D-B742360CBDBD} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {F8F22E92-0E1C-4084-A677-CF290CC63ED3} - System32\Tasks\{3E17A046-E3D2-453D-BD4D-C1E9EC13C355} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Joshua\AppData\Local\TNT2\2.0.0.1949\TNT2User.exe -c /UNINSTALL PARTNER=11083
    ShortcutWithArgument: C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warframe\Warframe.lnk -> C:\Users\Joshua\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe (Digital Extremes) -> "hxxp://safesurfs.net/?ssid=1472142773&a=1003203&src=sh&uuid=7680328b-58a8-4eba-aabf-3b4449f6b7e2"
    ShortcutWithArgument: C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://safesurfs.net/?ssid=1472142773&a=1003203&src=sh&uuid=7680328b-58a8-4eba-aabf-3b4449f6b7e2"
    AlternateDataStreams: C:\Users\Joshua\Cookies:xGuTvRI3t5Vb0P9SHzd9 [1960]
    C:\Windows\Temp\*.*
    Emptytemp:
    Hosts:
    End::

    Start FRST (FRST64) with Administrator privileges
    Press the Fix button. FRST will process the lines copied above from the clipboard.
    When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

    Please copy and paste its contents in your next reply.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    AdwCleaner - Fix Mode
    • Download AdwCleaner and move it to your Desktop
    • Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
    • Accept the EULA (I accept), then click on Scan
    • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean & Repair button. This will kill all the active processes
    • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
    • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply



    ~~~~
    RogueKiller
    • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
    • Once done, move the executable file to your Desktop, right-click on it and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
    • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
    • Wait for the scan to complete
    • On completion, the results will be displayed
    • Check every single entry (threat found), and click on the Remove Selected button
    • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
    • This will open the report in Notepad. Copy/paste its content in your next reply


    ~~

    created by Aura


    Your next reply(ies) should therefore contain:
    • Copy/pasted Fixlog.txt
    • Copy/pasted AdwCleaner clean log
    • Copy/pasted RogueKiller clean log
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  5. #5
    Member
    Join Date
    Nov 2005
    Posts
    35

    Default

    I did discover the main culprit: CPU fan/heatsync was not clamped in properly causing overheat. Mobo shutdown failsafe saved the day. I'll need to get a new cpu fan as the current one has broken clamp in one corner. I've secured it well enough to function in the mean time.

    Might as well finish cleaning malware anyway:

    In no particular order....

    Roguekiller:
    RogueKiller Anti-Malware V13.0.7.0 (x64) [Nov 5 2018] (Free) by Adlice Software
    mail : https://adlice.com/contact/?utm_camp...utm_medium=btn
    Website : https://adlice.com/download/roguekil...utm_medium=btn
    Operating System : Windows 10 (10.0.17134) 64 bits
    Started in : Normal mode
    User : Joshua [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Mode : Standard Scan, Delete -- Date : 2018/11/05 16:12:10 (Duration : 01:07:16)

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    [Suspicious.Path (Potentially Malicious)] MpKsl34d21efb -- %programdata%\Microsoft\Windows -> Stopped
    [Suspicious.Path (Potentially Malicious)] HKEY_CLASSES_ROOT\CLSID\{81CD4B70-A8AB-48FC-826C-8F76A1A06829} -- [%localappdata%\SkypePlugin\7.7.0.219\GatewayActiveX-x64.dll] -> Deleted
    [Suspicious.Path (Potentially Malicious)] HKEY_CLASSES_ROOT\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2} -- [%localappdata%\SkypePlugin\7.7.0.219\EdgeCalling.exe] -> Deleted
    [Suspicious.Path (Potentially Malicious)] HKEY_CLASSES_ROOT\CLSID\{D779CCB8-300C-4160-B101-D6A5FD73294E} -- [%localappdata%\SkypePlugin\7.7.0.219\GatewayVersion-x64.exe] -> Deleted
    [PUP.Gen1 (Potentially Malicious)] HKEY_USERS\S-1-5-21-2577772942-3954309557-1672937280-1000\Software\AppDataLow\Software\adawarebp -- -> Deleted
    [PUP.Gen1 (Potentially Malicious)] HKEY_USERS\S-1-5-21-2577772942-3954309557-1672937280-1000\Software\AppDataLow\Software\adawarebp -- -> Deleted
    [Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MpKsl34d21efb -- [%programdata%\Microsoft\Windows] -> Deleted
    [Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{BD9CEC96-035C-4145-AEAB-51D8AF687152}C:\users\joshua\appdata\local\skypeplugin\7.7.0.219\pluginhost.exe -- [%localappdata%\skypeplugin\7.7.0.219\pluginhost.exe] -> Deleted
    [Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{6A88E54E-EAA9-414E-B566-A73A4CB94DC7}C:\users\joshua\appdata\local\skypeplugin\7.7.0.219\pluginhost.exe -- [%localappdata%\skypeplugin\7.7.0.219\pluginhost.exe] -> Deleted
    [Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{A2A375BB-66C1-4849-AEE3-BDDF272A3B7E} -- [%localappdata%\Temp\nsz84C9.tmp\CnetInstaller-10013740.exe] -> Deleted
    [Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{9611382D-14AB-4AC4-891A-C76A74CE05CE} -- [%localappdata%\Temp\nsz84C9.tmp\CnetInstaller-10013740.exe] -> Deleted
    [PUM.StartMenu (Potentially Malicious)] HKEY_USERS\S-1-5-21-2577772942-3954309557-1672937280-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyGames -- -> Replaced (1)
    [PUM.StartMenu (Potentially Malicious)] HKEY_USERS\S-1-5-21-2577772942-3954309557-1672937280-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyGames -- -> Replaced (1)

    Two logs for AdwCleaner:
    # -------------------------------
    # Malwarebytes AdwCleaner 7.2.4.0
    # -------------------------------
    # Build: 09-25-2018
    # Database: 2018-11-05.1 (Cloud)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Clean
    # -------------------------------
    # Start: 11-05-2018
    # Duration: 00:00:11
    # OS: Windows 10 Pro
    # Cleaned: 22
    # Failed: 1


    ***** [ Services ] *****

    Deleted Updater

    ***** [ Folders ] *****

    Deleted C:\Users\Joshua\AppData\Local\Installer\INSTALL_443
    Deleted C:\Users\Joshua\AppData\Local\Installer\INSTALL_28316

    ***** [ Files ] *****

    No malicious files cleaned.

    ***** [ DLL ] *****

    No malicious DLLs cleaned.

    ***** [ WMI ] *****

    No malicious WMI cleaned.

    ***** [ Shortcuts ] *****

    Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Syndicate\Syndicate.lnk

    ***** [ Tasks ] *****

    No malicious tasks cleaned.

    ***** [ Registry ] *****

    Deleted HKCU\Software\AppDataLow\Software\adawarebp
    Deleted HKLM\Software\Classes\yt.YToolbarBand
    Deleted HKLM\Software\Classes\yt.YTHelper
    Deleted HKLM\Software\Classes\yt.Clickstream
    Deleted HKLM\Software\Classes\yt.CacheLoader
    Deleted HKLM\Software\Classes\Yahoo.PopupBlockerPlugin
    Deleted HKLM\Software\Classes\Yahoo.AntiSpyPlugin
    Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\st.chatango.com
    Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\chatango.com
    Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\st.chatango.com
    Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\chatango.com
    Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\thebrighttag.com
    Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\s.thebrighttag.com
    Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\thebrighttag.com
    Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\s.thebrighttag.com
    Deleted HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2577772942-3954309557-1672937280-1000\Software\TNT2

    ***** [ Chromium (and derivatives) ] *****

    Deleted AmazingTab

    ***** [ Chromium URLs ] *****

    Deleted Ask
    Not Deleted AOL

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries cleaned.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs cleaned.


    *************************

    [+] Delete Tracing Keys
    [+] Reset Winsock

    *************************

    AdwCleaner[S00].txt - [4013 octets] - [05/11/2018 13:50:10]

    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

    # -------------------------------
    # Malwarebytes AdwCleaner 7.2.4.0
    # -------------------------------
    # Build: 09-25-2018
    # Database: 2018-11-05.1 (Cloud)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Scan
    # -------------------------------
    # Start: 11-05-2018
    # Duration: 00:00:31
    # OS: Windows 10 Pro
    # Scanned: 32052
    # Detected: 23


    ***** [ Services ] *****

    PUP.Optional.Legacy Updater

    ***** [ Folders ] *****

    PUP.Adware.Heuristic C:\Users\Joshua\AppData\Local\Installer\INSTALL_443
    PUP.Adware.Heuristic C:\Users\Joshua\AppData\Local\Installer\INSTALL_28316

    ***** [ Files ] *****

    No malicious files found.

    ***** [ DLL ] *****

    No malicious DLLs found.

    ***** [ WMI ] *****

    No malicious WMI found.

    ***** [ Shortcuts ] *****

    PUP.Optional.Legacy C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Syndicate\Syndicate.lnk

    ***** [ Tasks ] *****

    No malicious tasks found.

    ***** [ Registry ] *****

    PUP.Optional.Legacy HKCU\Software\AppDataLow\Software\adawarebp
    PUP.Optional.Legacy HKLM\Software\Classes\yt.YToolbarBand
    PUP.Optional.Legacy HKLM\Software\Classes\yt.YTHelper
    PUP.Optional.Legacy HKLM\Software\Classes\yt.Clickstream
    PUP.Optional.Legacy HKLM\Software\Classes\yt.CacheLoader
    PUP.Optional.Legacy HKLM\Software\Classes\Yahoo.PopupBlockerPlugin
    PUP.Optional.Legacy HKLM\Software\Classes\Yahoo.AntiSpyPlugin
    PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\st.chatango.com
    PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\chatango.com
    PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\st.chatango.com
    PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\chatango.com
    PUP.Optional.TheBrightTag HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\thebrighttag.com
    PUP.Optional.TheBrightTag HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\s.thebrighttag.com
    PUP.Optional.TheBrightTag HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\thebrighttag.com
    PUP.Optional.TheBrightTag HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\s.thebrighttag.com
    PUP.Optional.TidyNetwork HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2577772942-3954309557-1672937280-1000\Software\TNT2

    ***** [ Chromium (and derivatives) ] *****

    PUP.Optional.AmazingTab AmazingTab

    ***** [ Chromium URLs ] *****

    PUP.Optional.Legacy Ask
    PUP.Optional.Legacy AOL

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries found.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs found.



    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

    And here's the fixlog:

    Fix result of Farbar Recovery Scan Tool (x64) Version: 24.10.2018
    Ran by Joshua (05-11-2018 13:25:02) Run:1
    Running from C:\Stash2
    Loaded Profiles: Joshua (Available Profiles: Joshua & DefaultAppPool)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CloseProcesses:
    CreateRestorePoint:
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-01-18] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-18] (Oracle Corporation)
    F Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-18] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-18] (Oracle Corporation)
    2018-07-16 14:34 - 2018-07-16 14:34 - 000009728 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\i2vsqlxt.dll
    2018-07-18 19:34 - 2018-07-18 19:34 - 001906040 _____ (Oracle Corporation) C:\Users\Joshua\AppData\Local\Temp\jre-8u181-windows-au.exe
    2018-07-19 13:59 - 2018-07-19 13:59 - 000011264 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\lzhgtnqt.dll
    2018-11-03 17:42 - 2018-11-03 17:42 - 000005120 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\o-6f_iiv.dll
    2018-07-15 09:23 - 2018-07-15 09:23 - 000008704 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\prpso2e4.dll
    2018-11-04 10:26 - 2018-11-04 10:26 - 000006656 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\_lldykoh.dll
    ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    Task: {36BD7178-9994-4E5D-B371-E7E0057E2DCE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {5595B560-A176-49C9-BDF8-78691BB61730} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {5A8E121E-1847-43B3-97CA-B03A4CB8E55F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {7668DEFE-2398-4424-A1A3-92440F57B5E4} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {80401C9B-535F-4851-B562-6FDC9F071A05} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {8756F5CE-3706-4DE2-A52D-E98626FCAAEB} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {B8C1BC5F-512A-447F-8BB1-740322B92EAC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {CD1E3F34-F917-4479-BC73-37DF7752942B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {D3D3285B-F8CF-4217-B41D-AE185A5397B2} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {DB464760-3BAD-4DEF-9001-067776B64287} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {FD9C48E4-20FB-457F-9570-5FE7E6AA696C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {FEA660D4-2526-4FF2-A43D-B742360CBDBD} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {F8F22E92-0E1C-4084-A677-CF290CC63ED3} - System32\Tasks\{3E17A046-E3D2-453D-BD4D-C1E9EC13C355} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Joshua\AppData\Local\TNT2\2.0.0.1949\TNT2User.exe -c /UNINSTALL PARTNER=11083
    ShortcutWithArgument: C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warframe\Warframe.lnk -> C:\Users\Joshua\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe (Digital Extremes) -> "hxxp://safesurfs.net/?ssid=1472142773&a=1003203&src=sh&uuid=7680328b-58a8-4eba-aabf-3b4449f6b7e2"
    ShortcutWithArgument: C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://safesurfs.net/?ssid=1472142773&a=1003203&src=sh&uuid=7680328b-58a8-4eba-aabf-3b4449f6b7e2"
    AlternateDataStreams: C:\Users\Joshua\Cookies:xGuTvRI3t5Vb0P9SHzd9 [1960]
    C:\Windows\Temp\*.*
    Emptytemp:
    Hosts:

    *****************

    Processes closed successfully.
    Restore point was successfully created.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => removed successfully
    HKLM\Software\Wow6432Node\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => removed successfully
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => removed successfully
    HKLM\Software\Wow6432Node\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => removed successfully
    F Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-18] (Oracle Corporation) => Error: No automatic fix found for this entry.
    HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.161.2 => removed successfully
    C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll => moved successfully
    C:\Users\Joshua\AppData\Local\Temp\i2vsqlxt.dll => moved successfully
    C:\Users\Joshua\AppData\Local\Temp\jre-8u181-windows-au.exe => moved successfully
    C:\Users\Joshua\AppData\Local\Temp\lzhgtnqt.dll => moved successfully
    C:\Users\Joshua\AppData\Local\Temp\o-6f_iiv.dll => moved successfully
    C:\Users\Joshua\AppData\Local\Temp\prpso2e4.dll => moved successfully
    C:\Users\Joshua\AppData\Local\Temp\_lldykoh.dll => moved successfully
    HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets => removed successfully
    HKLM\Software\Classes\CLSID\{6B9228DA-9C15-419e-856C-19E768A13BDC} => not found
    HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
    HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{36BD7178-9994-4E5D-B371-E7E0057E2DCE}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36BD7178-9994-4E5D-B371-E7E0057E2DCE}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5595B560-A176-49C9-BDF8-78691BB61730}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5595B560-A176-49C9-BDF8-78691BB61730}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5A8E121E-1847-43B3-97CA-B03A4CB8E55F}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A8E121E-1847-43B3-97CA-B03A4CB8E55F}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7668DEFE-2398-4424-A1A3-92440F57B5E4}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7668DEFE-2398-4424-A1A3-92440F57B5E4}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{80401C9B-535F-4851-B562-6FDC9F071A05}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80401C9B-535F-4851-B562-6FDC9F071A05}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8756F5CE-3706-4DE2-A52D-E98626FCAAEB}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8756F5CE-3706-4DE2-A52D-E98626FCAAEB}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B8C1BC5F-512A-447F-8BB1-740322B92EAC}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8C1BC5F-512A-447F-8BB1-740322B92EAC}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CD1E3F34-F917-4479-BC73-37DF7752942B}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD1E3F34-F917-4479-BC73-37DF7752942B}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D3D3285B-F8CF-4217-B41D-AE185A5397B2}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3D3285B-F8CF-4217-B41D-AE185A5397B2}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DB464760-3BAD-4DEF-9001-067776B64287}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB464760-3BAD-4DEF-9001-067776B64287}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FD9C48E4-20FB-457F-9570-5FE7E6AA696C}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD9C48E4-20FB-457F-9570-5FE7E6AA696C}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FEA660D4-2526-4FF2-A43D-B742360CBDBD}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FEA660D4-2526-4FF2-A43D-B742360CBDBD}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F8F22E92-0E1C-4084-A677-CF290CC63ED3}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8F22E92-0E1C-4084-A677-CF290CC63ED3}" => removed successfully
    C:\WINDOWS\System32\Tasks\{3E17A046-E3D2-453D-BD4D-C1E9EC13C355} => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3E17A046-E3D2-453D-BD4D-C1E9EC13C355}" => removed successfully
    C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warframe\Warframe.lnk => Shortcut argument removed successfully
    C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk => Shortcut argument removed successfully
    C:\Users\Joshua\Cookies => ":xGuTvRI3t5Vb0P9SHzd9" ADS removed successfully

    =========== "C:\Windows\Temp\*.*" ==========

    C:\Windows\Temp\hpqddsvc.log => moved successfully
    C:\Windows\Temp\HPSLPSVC0000.log => moved successfully
    C:\Windows\Temp\HPSLPSVC0001.log => moved successfully
    C:\Windows\Temp\HPSLPSVC0002.log => moved successfully
    C:\Windows\Temp\HPSLPSVC0003.log => moved successfully
    C:\Windows\Temp\HPSLPSVC0019.log => moved successfully
    C:\Windows\Temp\MpCmdRun.log => moved successfully
    C:\Windows\Temp\MpSigStub.log => moved successfully
    C:\Windows\Temp\wbxtra_11042018_185813.wbt => moved successfully
    C:\Windows\Temp\wbxtra_11052018_113825.wbt => moved successfully
    C:\Windows\Temp\wbxtra_11052018_114732.wbt => moved successfully
    C:\Windows\Temp\wbxtra_11052018_120110.wbt => moved successfully
    C:\Windows\Temp\wbxtra_11052018_125343.wbt => moved successfully

    ========= End -> "C:\Windows\Temp\*.*" ========

    C:\Windows\System32\Drivers\etc\hosts => moved successfully
    Hosts restored successfully.

    =========== EmptyTemp: ==========

    BITS transfer queue => 10510336 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 95478124 B
    Java, Flash, Steam htmlcache => 50467849 B
    Windows/system/drivers => 20480 B
    Edge => 13526225 B
    Chrome => 423666421 B
    Firefox => 253362415 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 0 B
    Users => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 0 B
    systemprofile32 => 0 B
    LocalService => 19050 B
    LocalService => 0 B
    NetworkService => 160998 B
    NetworkService => 0 B
    Joshua => 664048042 B
    DefaultAppPool => 0 B

    RecycleBin => 0 B
    EmptyTemp: => 1.4 GB temporary data Removed.

    ================================


    The system needed a reboot.

    ==== End of Fixlog 13:31:01 ====

  6. #6
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,784

    Default

    I did discover the main culprit: CPU fan/heatsync was not clamped in properly causing overheat. Mobo shutdown failsafe saved the day. I'll need to get a new cpu fan as the current one has broken clamp in one corner. I've secured it well enough to function in the mean time.
    My goodness.

    That took out a ton of junk didn't it.

    ~~~~~~~~~~~~~~~~~~~~~~~
    If you think it safe to run this next online scanner and it not over heat, I'll leave it up to you.

    Emsisoft Emergency Kit - Fix Mode
    Follow the instructions below to run a scan using the Emsisoft Emergency Kit.
    • Download the Emsisoft Emergency Kit and execute it. From there, click on the Install button to extract the program in the EEK folder;
    • Once the extraction is complete, the EEK folder will open. Right-click on start emergency kit scanner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
    • EEK will suggest that you run an online update before using the program. Click on Yes to launch it.
    • After the update, click on Malware Scan under 2. Scan and accept to let EEK detect PUPs (click on Yes).
    • Once the scan is complete, make sure that every item in the list is checked, and click on the Quarantine selected button;
    • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
    • After the restart, open EEK again (in the C:\EEK folder);
    • This time, click on Logs;
    • From there, go under the Quarantine Log tab, and click on the Export button;
    • Save the log on your desktop, then open it, and copy/paste its content in your next reply;
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •