Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Slow running Windows 10 - trojan

  1. #1
    Junior Member
    Join Date
    Dec 2018
    Posts
    6

    Default Slow running Windows 10 - trojan

    Hi - I am new to Spybot as I believe I have a trojan which I am unable to remove.

    My laptop has been running very slow - I ran performance test and the CPU has come back as busy due to 93% usage by taskhostw.exe. I have ran the test several times and it always comes back the same.

    I have googled this and apparently this is a trojan which uses your CPU to mine for cyrpto currency. I have followed a number of guides (bleepingcomputer) to remove the issue without success, so I am hoping someone on here will be able to help.

    I have ran the Farbar recovery scan tool and posted the two logs below. I also tried running aswMBR a couple of time but it keeps crashing my laptop and restarting to unable to complete it.

    Any help would be much appreciated.

    Thanks

    Dave

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29.11.2018 01
    Ran by di_bl (administrator) on LAPTOP-PPARAPRV (01-12-2018 09:32:39)
    Running from C:\Users\di_bl\Desktop
    Loaded Profiles: di_bl & emmab (Available Profiles: di_bl & emmab)
    Platform: Windows 10 Home Version 1803 17134.441 (X64) Language: English (United Kingdom)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
    (AMD) C:\Windows\System32\DriverStore\FileRepository\u0335076.inf_amd64_f8c797ab08b9d461\B334840\atiesrxx.exe
    (AMD) C:\Windows\System32\DriverStore\FileRepository\u0335076.inf_amd64_f8c797ab08b9d461\B334840\atieclxx.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    (Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
    (Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
    (Synaptics Incorporated) C:\Windows\System32\SynTPHelper.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
    () C:\Program Files\Google\Drive\googledrivesync.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
    (Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    () C:\Program Files\Google\Drive\googledrivesync.exe
    (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
    (WildTangent, Inc.) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
    (HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
    (Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
    (Auslo˜gics) C:\Program Files (x86)\Auslogics\Registry Cleaner\RegistryCleaner.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\cleanmgr.exe
    (Microsoft Corporation) C:\Users\di_bl\AppData\Local\Temp\360CEDD2-B87B-4D1A-829A-6F74BB80DA85\DismHost.exe
    (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17134.400_none_eb2ff40c1d41442d\TiWorker.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
    (Microsoft Corporation) C:\Users\di_bl\AppData\Local\Microsoft\OneDrive\18.192.0920.0015\FileCoAuth.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (AVAST Software) C:\Users\di_bl\Downloads\avast_free_antivirus_setup_online.exe
    (AVAST Software) C:\Windows\Temp\asw.a2135f2cd9fa8909\avast_free_antivirus_setup_online.exe
    (AVAST Software) C:\Users\di_bl\AppData\Local\Temp\_av_iup.tm~a08020\Instup.exe
    (AVAST Software) C:\Users\di_bl\AppData\Local\Temp\_av_iup.tm~a08020\New_12080934\instup.exe
    (AVAST Software) C:\Users\di_bl\AppData\Local\Temp\_av_iup.tm~a08020\New_12080934\sbr.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8911872 2016-10-14] (Realtek Semiconductor)
    HKLM\...\Run: [DeliveryAndStatusCheck] => C:\Program Files\HP\HP ePrint\HP.DeliveryAndStatus.Desktop.App.exe [301832 2015-11-10] (HP)
    HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [290064 2018-11-23] (AVG Technologies CZ, s.r.o.)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [301880 2018-08-23] (Apple Inc.)
    HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [654088 2015-02-17] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-06] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795336 2016-01-29] (CyberLink Corp.)
    HKLM-x32\...\RunOnce: [AvRepair] => C:\Program Files\AVAST Software\Avast\setup\instup.exe [1562376 2018-11-15] (AVAST Software)
    HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
    HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
    HKU\S-1-5-21-439163156-588376408-1409899048-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-10-01] (Apple Inc.)
    HKU\S-1-5-21-439163156-588376408-1409899048-1002\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2018-10-01] (Apple Inc.)
    HKU\S-1-5-21-439163156-588376408-1409899048-1002\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2018-10-01] (Apple Inc.)
    HKU\S-1-5-21-439163156-588376408-1409899048-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2018-10-01] (Apple Inc.)
    HKU\S-1-5-21-439163156-588376408-1409899048-1002\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3046264 2017-04-20] (Electronic Arts)
    HKU\S-1-5-21-439163156-588376408-1409899048-1002\...\Run: [Spotify Web Helper] => C:\Users\di_bl\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1562224 2017-06-26] (Spotify Ltd)
    HKU\S-1-5-21-439163156-588376408-1409899048-1002\...\Run: [Spotify] => C:\Users\di_bl\AppData\Roaming\Spotify\Spotify.exe [7047792 2017-06-26] (Spotify Ltd)
    HKU\S-1-5-21-439163156-588376408-1409899048-1002\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [46459080 2018-10-04] ()
    HKU\S-1-5-21-439163156-588376408-1409899048-1002\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19554936 2018-11-28] (Piriform Software Ltd)
    HKU\S-1-5-21-439163156-588376408-1409899048-1003\...\RunOnce: [Uninstall 18.091.0506.0007\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\emmab\AppData\Local\Microsoft\OneDrive\18.091.0506.0007\amd64"
    HKU\S-1-5-21-439163156-588376408-1409899048-1003\...\RunOnce: [Uninstall 18.091.0506.0007] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\emmab\AppData\Local\Microsoft\OneDrive\18.091.0506.0007"
    HKU\S-1-5-21-439163156-588376408-1409899048-1003\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1426264 2018-11-16] (Google Inc.)
    Startup: C:\Users\di_bl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2018-11-23]
    ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
    Tcpip\..\Interfaces\{24d8dfa6-e726-40fd-807a-3b54deba9fe7}: [DhcpNameServer] 172.20.10.1
    Tcpip\..\Interfaces\{286455a0-e0d9-4838-a9d0-7b92820a4890}: [DhcpNameServer] 194.168.4.100 194.168.8.100

    Internet Explorer:
    ==================
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
    HKU\S-1-5-21-439163156-588376408-1409899048-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
    HKU\S-1-5-21-439163156-588376408-1409899048-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
    SearchScopes: HKLM-x32 -> {7FFBE50A-2580-4284-B196-E51CA483A8C0} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKU\S-1-5-21-439163156-588376408-1409899048-1002 -> {7FFBE50A-2580-4284-B196-E51CA483A8C0} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKU\S-1-5-21-439163156-588376408-1409899048-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-10-25] (Microsoft Corporation)
    BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-11-02] (Microsoft Corporation)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-11] (Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-11] (Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-11] (Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-11] (Microsoft Corporation)

    FireFox:
    ========
    FF ProfilePath: C:\Users\di_bl\AppData\Roaming\Mozilla\Firefox\Profiles\k8uelwc0.default-1482520400909 [2018-12-01]
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_31_0_0_153.dll [2018-11-22] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_153.dll [2018-11-22] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.)
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-09-13] (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-09-13] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-10-12] ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-10] (Adobe Systems Inc.)

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.co.uk/
    CHR Profile: C:\Users\di_bl\AppData\Local\Google\Chrome\User Data\Default [2018-12-01]
    CHR Extension: (Slides) - C:\Users\di_bl\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
    CHR Extension: (Docs) - C:\Users\di_bl\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
    CHR Extension: (Google Drive) - C:\Users\di_bl\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-02]
    CHR Extension: (YouTube) - C:\Users\di_bl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-02]
    CHR Extension: (Elevate for Strava) - C:\Users\di_bl\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhiaggccakkgdfcadnklkbljcgicpckn [2018-11-23]
    CHR Extension: (Sheets) - C:\Users\di_bl\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
    CHR Extension: (Google Docs Offline) - C:\Users\di_bl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-16]
    CHR Extension: (Save to Google Drive) - C:\Users\di_bl\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2017-09-15]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\di_bl\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-09-14]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\di_bl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
    CHR Extension: (Gmail) - C:\Users\di_bl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-02]
    CHR Extension: (Chrome Media Router) - C:\Users\di_bl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-11-02]
    CHR HKU\S-1-5-21-439163156-588376408-1409899048-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S2 AdaptiveSleepService; c:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2015-08-06] () [File not signed]
    R2 AMD External Events Utility; C:\WINDOWS\System32\DriverStore\FileRepository\u0335076.inf_amd64_f8c797ab08b9d461\B334840\atiesrxx.exe [508000 2018-11-30] (AMD)
    R2 AMD FUEL Service; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-06] (Advanced Micro Devices, Inc.) [File not signed]
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-08-23] (Apple Inc.)
    S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [8188768 2018-12-01] (AVAST Software)
    S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [324000 2018-12-01] (AVAST Software)
    R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [324048 2018-11-23] (AVG Technologies CZ, s.r.o.)
    R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [8237160 2018-11-23] (AVG Technologies CZ, s.r.o.)
    S3 AvgWscReporter; C:\Program Files (x86)\AVG\Antivirus\wsc_proxy.exe [110048 2018-11-23] (AVG Technologies CZ, s.r.o.)
    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9669920 2018-11-02] (Microsoft Corporation)
    R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-10-12] (WildTangent)
    R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1194512 2018-06-06] (Garmin Ltd. or its subsidiaries)
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [333688 2018-06-13] (HP Inc.)
    R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-22] (HP Inc.)
    R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [608520 2015-02-17] (Hewlett-Packard Development Company, L.P.)
    S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
    S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2146704 2017-04-20] (Electronic Arts)
    S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3115928 2017-04-20] (Electronic Arts)
    R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [326656 2016-10-14] (Realtek Semiconductor)
    S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
    R2 SynTPEnhService; C:\WINDOWS\System32\SynTPEnhService.exe [398376 2018-11-30] (Synaptics Incorporated)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-11] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107136 2018-09-21] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 AmdAS4; C:\WINDOWS\System32\drivers\AmdAS4.sys [26888 2018-11-30] (Advanced Micro Devices, INC.)
    S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [95080 2017-06-12] (Advanced Micro Devices, Inc. )
    R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\u0335076.inf_amd64_f8c797ab08b9d461\B334840\atikmdag.sys [47503976 2018-11-30] (Advanced Micro Devices, Inc.)
    R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\u0335076.inf_amd64_f8c797ab08b9d461\B334840\atikmpag.sys [589920 2018-11-30] (Advanced Micro Devices, Inc.)
    R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [102384 2018-11-30] (Advanced Micro Devices, Inc.)
    R0 amdpsp; C:\WINDOWS\System32\drivers\amdpsp.sys [137688 2018-11-30] (Advanced Micro Devices, Inc. )
    S3 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [201240 2018-12-01] (AVAST Software)
    S3 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [230344 2018-12-01] (AVAST Software)
    S3 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [201768 2018-12-01] (AVAST Software)
    S3 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [346592 2018-12-01] (AVAST Software)
    S3 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [59496 2018-12-01] (AVAST Software)
    S0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15360 2018-12-01] (AVAST Software)
    S1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [185072 2018-12-01] (AVAST Software)
    S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46384 2018-12-01] (AVAST Software)
    S1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42288 2018-12-01] (AVAST Software)
    S2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [163208 2018-12-01] (AVAST Software)
    S3 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111800 2018-12-01] (AVAST Software)
    S0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [87432 2018-12-01] (AVAST Software)
    S3 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1028680 2018-12-01] (AVAST Software)
    S1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [469272 2018-12-01] (AVAST Software)
    S3 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [208472 2018-12-01] (AVAST Software)
    S3 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [380464 2018-12-01] (AVAST Software)
    R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [107400 2018-11-30] (Advanced Micro Devices)
    R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [201504 2018-11-23] (AVG Technologies CZ, s.r.o.)
    R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdrivera.sys [231104 2018-11-23] (AVG Technologies CZ, s.r.o.)
    R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsha.sys [202528 2018-11-23] (AVG Technologies CZ, s.r.o.)
    R0 avgblog; C:\WINDOWS\System32\drivers\avgbloga.sys [346840 2018-11-23] (AVG Technologies CZ, s.r.o.)
    R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniva.sys [59744 2018-11-23] (AVG Technologies CZ, s.r.o.)
    R0 avgElam; C:\WINDOWS\System32\drivers\avgElam.sys [15344 2018-08-24] (AVG Technologies CZ, s.r.o.)
    S3 avgHwid; C:\WINDOWS\System32\drivers\avgHwid.sys [46648 2018-11-23] (AVG Technologies CZ, s.r.o.)
    R1 avgKbd; C:\WINDOWS\System32\drivers\avgKbd.sys [42552 2018-11-23] (AVG Technologies CZ, s.r.o.)
    R2 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [163496 2018-11-23] (AVG Technologies CZ, s.r.o.)
    R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [112040 2018-11-23] (AVG Technologies CZ, s.r.o.)
    R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [87680 2018-11-23] (AVG Technologies CZ, s.r.o.)
    R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [1028920 2018-11-23] (AVG Technologies CZ, s.r.o.)
    R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [469520 2018-11-23] (AVG Technologies CZ, s.r.o.)
    R2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [208712 2018-11-23] (AVG Technologies CZ, s.r.o.)
    R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [380704 2018-11-23] (AVG Technologies CZ, s.r.o.)
    R3 clwvd6; C:\WINDOWS\system32\DRIVERS\clwvd6.sys [41400 2015-08-31] (CyberLink Corporation)
    R3 HpqKbFiltr; C:\WINDOWS\System32\drivers\HpqKbFiltr64.sys [37112 2018-11-30] (Hewlett-Packard Company)
    R1 MeDlpFlt; C:\WINDOWS\System32\DRIVERS\MeDlpFlt.sys [138520 2018-10-25] (Check Point Software Technologies Ltd.)
    R3 mevdbus; C:\WINDOWS\System32\drivers\mevdbus.sys [29424 2018-10-25] (Check Point Software Technologies Ltd.)
    S3 mevdfunction; C:\WINDOWS\System32\drivers\mevdfunction.sys [39328 2018-10-25] (Check Point Software Technologies Ltd.)
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1131024 2018-11-30] (Realtek )
    S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [411712 2015-05-21] (Realsil Semiconductor Corporation)
    R3 SmbDrv; C:\WINDOWS\system32\DRIVERS\Smb_driver_AMDASF.sys [53848 2017-08-18] (Synaptics Incorporated)
    S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [33960 2015-07-13] (Synaptics Incorporated)
    R0 stormmc; C:\WINDOWS\System32\drivers\stormmc.sys [45416 2018-11-30] (Advanced Micro Devices)
    S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-11] (Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-11] (Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-11] (Microsoft Corporation)
    R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [35360 2018-11-30] (HP)
    R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2018-11-30] (Zemana Ltd.)
    U3 aswbdisk; no ImagePath
    S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-12-01 09:32 - 2018-12-01 09:34 - 000025773 _____ C:\Users\di_bl\Desktop\FRST.txt
    2018-12-01 09:32 - 2018-12-01 09:32 - 000000000 ____D C:\FRST
    2018-12-01 09:31 - 2018-12-01 09:30 - 002417152 _____ (Farbar) C:\Users\di_bl\Desktop\FRST64.exe
    2018-12-01 09:30 - 2018-12-01 09:30 - 002417152 _____ (Farbar) C:\Users\di_bl\Downloads\FRST64.exe
    2018-12-01 09:18 - 2018-12-01 09:17 - 001028680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
    2018-12-01 09:18 - 2018-12-01 09:17 - 000469272 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
    2018-12-01 09:18 - 2018-12-01 09:17 - 000380464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
    2018-12-01 09:18 - 2018-12-01 09:17 - 000346592 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys
    2018-12-01 09:18 - 2018-12-01 09:17 - 000230344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
    2018-12-01 09:18 - 2018-12-01 09:17 - 000208472 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
    2018-12-01 09:18 - 2018-12-01 09:17 - 000201768 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys
    2018-12-01 09:18 - 2018-12-01 09:17 - 000201240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
    2018-12-01 09:18 - 2018-12-01 09:17 - 000185072 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
    2018-12-01 09:18 - 2018-12-01 09:17 - 000163208 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
    2018-12-01 09:18 - 2018-12-01 09:17 - 000111800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
    2018-12-01 09:18 - 2018-12-01 09:17 - 000087432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
    2018-12-01 09:18 - 2018-12-01 09:17 - 000059496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys
    2018-12-01 09:18 - 2018-12-01 09:17 - 000046384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
    2018-12-01 09:18 - 2018-12-01 09:17 - 000042288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
    2018-12-01 09:18 - 2018-12-01 09:17 - 000015360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
    2018-12-01 09:17 - 2018-12-01 09:17 - 000378584 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
    2018-12-01 09:17 - 2018-12-01 09:17 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
    2018-12-01 09:13 - 2018-12-01 09:17 - 000000000 ____D C:\ProgramData\AVAST Software
    2018-12-01 09:11 - 2018-12-01 09:11 - 000185488 _____ (AVAST Software) C:\Users\di_bl\Downloads\avast_free_antivirus_setup_online.exe
    2018-12-01 07:51 - 2018-12-01 07:52 - 018177128 _____ (Piriform Software Ltd) C:\Users\di_bl\Downloads\ccsetup550.exe
    2018-11-30 22:18 - 2018-11-30 22:18 - 006021864 _____ (EnigmaSoft Limited) C:\Users\di_bl\Downloads\SpyHunter-Installer.exe
    2018-11-30 22:09 - 2018-11-30 22:09 - 000000000 ____D C:\ProgramData\Emsisoft
    2018-11-30 22:05 - 2018-11-30 22:26 - 000000000 ____D C:\EEK
    2018-11-30 22:02 - 2018-11-30 22:03 - 357146888 _____ C:\Users\di_bl\Downloads\EmsisoftEmergencyKit.exe
    2018-11-30 20:54 - 2018-11-30 20:54 - 000055232 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
    2018-11-30 20:49 - 2018-11-30 20:49 - 004002104 _____ (Secunia) C:\Users\di_bl\Downloads\PSISetup.exe
    2018-11-30 20:49 - 2018-11-30 20:49 - 000000000 ____D C:\Program Files (x86)\Secunia
    2018-11-30 20:42 - 2018-11-30 21:42 - 000000000 ____D C:\ProgramData\HitmanPro
    2018-11-30 20:40 - 2018-11-30 20:48 - 011576808 _____ (SurfRight B.V.) C:\Users\di_bl\Downloads\HitmanPro_x64.exe
    2018-11-30 20:36 - 2018-12-01 09:34 - 000059481 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
    2018-11-30 20:36 - 2018-12-01 07:38 - 000072967 _____ C:\WINDOWS\ZAM.krnl.trace
    2018-11-30 20:36 - 2018-11-30 20:36 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
    2018-11-30 20:35 - 2018-12-01 07:42 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
    2018-11-30 20:35 - 2018-11-30 20:35 - 000000000 ____D C:\Users\di_bl\AppData\Local\Zemana
    2018-11-30 20:33 - 2018-11-30 20:34 - 006625600 _____ (Zemana Ltd. ) C:\Users\di_bl\Downloads\Zemana.AntiMalware.Setup.exe
    2018-11-30 20:25 - 2018-11-30 20:27 - 000000000 ____D C:\AdwCleaner
    2018-11-30 19:55 - 2018-11-30 19:55 - 000988112 _____ (Bleeping Computer, LLC) C:\Users\di_bl\Downloads\rkill64-6352.exe
    2018-11-30 19:39 - 2018-11-30 19:39 - 007592144 _____ (Malwarebytes) C:\Users\di_bl\Downloads\AdwCleaner.exe
    2018-11-30 19:37 - 2018-11-30 19:37 - 000988112 _____ (Bleeping Computer, LLC) C:\Users\di_bl\Downloads\rkill64.exe
    2018-11-30 19:36 - 2018-11-30 19:36 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\di_bl\Downloads\rkill.exe
    2018-11-30 18:41 - 2018-11-30 19:51 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
    2018-11-30 16:56 - 2018-11-30 16:56 - 000000000 ____D C:\Users\di_bl\AppData\Local\mbam
    2018-11-30 16:55 - 2018-11-30 16:55 - 000000000 ____D C:\Users\di_bl\AppData\Local\mbamtray
    2018-11-30 16:53 - 2018-11-30 16:58 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
    2018-11-30 16:53 - 2018-11-30 16:53 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2018-11-30 16:53 - 2018-11-30 16:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2018-11-30 16:51 - 2018-11-30 16:52 - 080022264 _____ (Malwarebytes ) C:\Users\di_bl\Downloads\mb3-setup-35891.35891-3.6.1.2711-1.0.463-1.0.6913.exe
    2018-11-30 16:23 - 2018-11-30 16:23 - 000000000 ____D C:\Users\di_bl\AppData\LocalLow\AMD
    2018-11-30 16:23 - 2018-11-30 13:04 - 000102384 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\amdkmpfd.sys
    2018-11-30 16:22 - 2018-11-30 16:22 - 000000000 ____D C:\WINDOWS\system32\AMD
    2018-11-30 16:17 - 2018-11-30 16:17 - 000570992 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Rapidfire64.dll
    2018-11-30 16:17 - 2018-11-30 16:17 - 000154384 _____ C:\WINDOWS\system32\samu_krnl_ci.sbin
    2018-11-30 16:17 - 2018-11-30 16:17 - 000046192 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\RapidFireServer64.dll
    2018-11-30 16:17 - 2018-11-30 16:17 - 000043120 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\RapidFireServer.dll
    2018-11-30 16:16 - 2018-11-30 16:17 - 000481904 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\Rapidfire.dll
    2018-11-30 16:16 - 2018-11-30 16:16 - 000492136 _____ C:\WINDOWS\system32\dgtrayicon.exe
    2018-11-30 16:16 - 2018-11-30 16:16 - 000476768 _____ C:\WINDOWS\system32\GameManager64.dll
    2018-11-30 16:16 - 2018-11-30 16:16 - 000413792 _____ C:\WINDOWS\system32\EEURestart.exe
    2018-11-30 16:16 - 2018-11-30 16:16 - 000381544 _____ C:\WINDOWS\SysWOW64\GameManager32.dll
    2018-11-30 16:16 - 2018-11-30 16:16 - 000184424 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll
    2018-11-30 16:16 - 2018-11-30 16:16 - 000162912 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll
    2018-11-30 16:16 - 2018-11-30 16:16 - 000153192 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll
    2018-11-30 16:16 - 2018-11-30 16:16 - 000138344 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll
    2018-11-30 16:16 - 2018-11-30 16:16 - 000124464 _____ C:\WINDOWS\system32\kapp_ci.sbin
    2018-11-30 16:16 - 2018-11-30 16:16 - 000119760 _____ C:\WINDOWS\system32\kapp_si.sbin
    2018-11-30 16:16 - 2018-11-30 16:16 - 000090216 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mcl64.dll
    2018-11-30 16:16 - 2018-11-30 16:16 - 000074856 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mcl32.dll
    2018-11-30 16:16 - 2018-11-30 16:16 - 000019392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll
    2018-11-30 16:16 - 2018-11-30 16:16 - 000019392 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll
    2018-11-30 16:15 - 2018-11-30 16:16 - 000339552 _____ C:\WINDOWS\system32\clinfo.exe
    2018-11-30 15:24 - 2018-11-30 15:25 - 003471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap
    2018-11-30 15:12 - 2018-11-30 15:13 - 003437632 _____ C:\WINDOWS\system32\atiumd6a.cap
    2018-11-30 15:08 - 2018-11-30 15:08 - 000159848 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll
    2018-11-30 15:08 - 2018-11-30 15:08 - 000135776 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll
    2018-11-30 14:48 - 2018-11-30 14:48 - 000137080 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
    2018-11-30 14:48 - 2018-11-30 14:48 - 000125024 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
    2018-11-30 14:48 - 2018-11-30 14:48 - 000113104 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
    2018-11-30 14:33 - 2018-11-30 14:33 - 000432224 _____ C:\WINDOWS\system32\atieah64.exe
    2018-11-30 14:33 - 2018-11-30 14:33 - 000349288 _____ C:\WINDOWS\SysWOW64\atieah32.exe
    2018-11-30 14:23 - 2018-11-30 14:23 - 000468072 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
    2018-11-30 14:22 - 2018-11-30 14:22 - 001192032 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
    2018-11-30 14:22 - 2018-11-30 14:22 - 000899920 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb
    2018-11-30 14:22 - 2018-11-30 14:22 - 000899920 _____ C:\WINDOWS\system32\atiapfxx.blb
    2018-11-30 14:21 - 2018-11-30 14:21 - 000069736 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ati2erec.dll
    2018-11-30 14:20 - 2018-11-30 14:21 - 003712096 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amfrt64.dll
    2018-11-30 14:19 - 2018-11-30 14:20 - 003340896 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amfrt32.dll
    2018-11-30 14:19 - 2018-11-30 14:19 - 001663072 _____ (AMD) C:\WINDOWS\system32\amf-mft-mjpeg-decoder64.dll
    2018-11-30 14:18 - 2018-11-30 14:19 - 001347168 _____ (AMD) C:\WINDOWS\SysWOW64\amf-mft-mjpeg-decoder32.dll
    2018-11-30 14:18 - 2018-11-30 14:18 - 000128104 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll
    2018-11-30 14:18 - 2018-11-30 14:18 - 000108648 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll
    2018-11-30 14:00 - 2018-11-30 14:00 - 000137080 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
    2018-11-30 14:00 - 2018-11-30 14:00 - 000113104 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
    2018-11-30 13:13 - 2018-11-30 13:13 - 000553064 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmcl64.dll
    2018-11-30 13:13 - 2018-11-30 13:13 - 000544816 _____ C:\WINDOWS\system32\amdmiracast.dll
    2018-11-30 13:13 - 2018-11-30 13:13 - 000383072 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmcl32.dll
    2018-11-30 13:05 - 2018-11-30 13:05 - 000920160 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll
    2018-11-30 13:04 - 2018-11-30 13:05 - 000750688 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll
    2018-11-30 13:04 - 2018-11-30 13:04 - 000199360 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll
    2018-11-30 13:04 - 2018-11-30 13:04 - 000173392 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll
    2018-11-30 13:04 - 2018-11-30 13:04 - 000034450 _____ C:\WINDOWS\system32\AMDKernelEvents.man
    2018-11-30 12:57 - 2018-11-30 12:58 - 077407972 _____ C:\Users\di_bl\Downloads\ba4d6c91-cf55-44ac-8868-2622b4c28ccd_22fbb8c2d0c8c8b4855aedbffb28b0bee6f53a8d.cab
    2018-11-30 11:52 - 2018-11-30 11:52 - 000398376 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPEnhService.exe
    2018-11-30 11:52 - 2018-11-30 11:52 - 000242216 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPHelper.exe
    2018-11-30 11:46 - 2018-11-30 11:52 - 019836456 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPRes.dll
    2018-11-30 11:45 - 2018-11-30 11:46 - 004512288 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPEnh.exe
    2018-11-30 11:28 - 2018-11-30 11:29 - 001804696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdfcoinstaller01011.dll
    2018-11-30 11:28 - 2018-11-30 11:28 - 000037112 _____ (Hewlett-Packard Company) C:\WINDOWS\system32\Drivers\HpqKbFiltr64.sys
    2018-11-30 11:17 - 2018-11-30 11:17 - 000213312 _____ (Broadcom Corporation.) C:\WINDOWS\system32\Drivers\btwampfl.sys
    2018-11-30 11:14 - 2018-11-30 11:14 - 000093240 _____ (Advanced Micro Devices) C:\WINDOWS\system32\Drivers\amd_sata.sys
    2018-11-30 11:14 - 2018-11-30 11:14 - 000033336 _____ (Advanced Micro Devices) C:\WINDOWS\system32\Drivers\amd_xata.sys
    2018-11-30 11:11 - 2018-11-30 11:11 - 000465504 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
    2018-11-30 11:10 - 2018-11-30 11:11 - 000377448 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
    2018-11-30 11:10 - 2018-11-30 11:10 - 000144816 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll
    2018-11-30 11:10 - 2018-11-30 11:10 - 000124552 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll
    2018-11-30 11:05 - 2018-11-30 11:06 - 000368008 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\tbaseregistry32.dll
    2018-11-30 11:05 - 2018-11-30 11:05 - 000466312 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\tbaseregistry64.dll
    2018-11-30 11:05 - 2018-11-30 11:05 - 000421448 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\t-base_client_api.dll
    2018-11-30 11:05 - 2018-11-30 11:05 - 000336456 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\t-base_client_api.dll
    2018-11-30 11:02 - 2018-11-30 11:03 - 000045416 _____ (Advanced Micro Devices) C:\WINDOWS\system32\Drivers\stormmc.sys
    2018-11-30 10:56 - 2018-12-01 08:04 - 000003620 _____ C:\WINDOWS\System32\Tasks\Driver Easy Scheduled Scan
    2018-11-30 10:56 - 2018-12-01 08:04 - 000000438 _____ C:\WINDOWS\Tasks\Driver Easy Scheduled Scan.job
    2018-11-30 10:56 - 2018-11-30 10:56 - 000000000 ____D C:\Users\di_bl\AppData\Roaming\Easeware
    2018-11-30 10:55 - 2018-11-30 10:55 - 004115408 _____ (Easeware ) C:\Users\di_bl\Downloads\DriverEasy_Setup.exe
    2018-11-30 10:55 - 2018-11-30 10:55 - 000001019 _____ C:\Users\Public\Desktop\Driver Easy.lnk
    2018-11-30 10:55 - 2018-11-30 10:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Easy
    2018-11-30 10:55 - 2018-11-30 10:55 - 000000000 ____D C:\Program Files\Easeware
    2018-11-30 10:41 - 2018-11-09 06:00 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
    2018-11-30 10:41 - 2018-11-09 05:56 - 000103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSoftwareInstallationClient.dll
    2018-11-30 10:41 - 2018-11-09 02:48 - 007519896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2018-11-30 10:41 - 2018-11-09 02:48 - 000899920 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
    2018-11-30 10:41 - 2018-11-09 02:47 - 001285432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
    2018-11-30 10:41 - 2018-11-09 02:47 - 000930616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
    2018-11-30 10:41 - 2018-11-09 02:31 - 025856000 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2018-11-30 10:41 - 2018-11-09 02:21 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
    2018-11-30 10:41 - 2018-11-09 02:21 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
    2018-11-30 10:41 - 2018-11-09 02:19 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
    2018-11-30 10:41 - 2018-11-09 02:18 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2018-11-30 10:41 - 2018-11-09 02:17 - 001069568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
    2018-11-30 10:41 - 2018-11-09 02:16 - 004939776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2018-11-30 10:41 - 2018-11-09 02:15 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
    2018-11-30 10:41 - 2018-11-09 01:46 - 006571392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2018-11-30 10:41 - 2018-11-09 01:46 - 000829960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
    2018-11-30 10:41 - 2018-11-09 01:46 - 000721024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
    2018-11-30 10:41 - 2018-11-09 01:31 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
    2018-11-30 10:41 - 2018-11-09 01:28 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
    2018-11-30 10:41 - 2018-11-09 01:26 - 004514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2018-11-30 10:40 - 2018-11-09 06:15 - 021388752 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2018-11-30 10:40 - 2018-11-09 06:15 - 004527584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
    2018-11-30 10:40 - 2018-11-09 06:14 - 001617120 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
    2018-11-30 10:40 - 2018-11-09 06:00 - 006586880 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2018-11-30 10:40 - 2018-11-09 06:00 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
    2018-11-30 10:40 - 2018-11-09 05:59 - 012710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2018-11-30 10:40 - 2018-11-09 05:59 - 008623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
    2018-11-30 10:40 - 2018-11-09 05:57 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
    2018-11-30 10:40 - 2018-11-09 05:56 - 003649024 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2018-11-30 10:40 - 2018-11-09 05:55 - 001254400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
    2018-11-30 10:40 - 2018-11-09 05:32 - 020383832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2018-11-30 10:40 - 2018-11-09 05:23 - 005657600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2018-11-30 10:40 - 2018-11-09 05:22 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
    2018-11-30 10:40 - 2018-11-09 05:21 - 011902976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2018-11-30 10:40 - 2018-11-09 05:20 - 007987712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
    2018-11-30 10:40 - 2018-11-09 02:56 - 001213472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
    2018-11-30 10:40 - 2018-11-09 02:56 - 001040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
    2018-11-30 10:40 - 2018-11-09 02:50 - 005624648 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
    2018-11-30 10:40 - 2018-11-09 02:49 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
    2018-11-30 10:40 - 2018-11-09 02:49 - 000723416 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
    2018-11-30 10:40 - 2018-11-09 02:49 - 000565048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
    2018-11-30 10:40 - 2018-11-09 02:48 - 007436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2018-11-30 10:40 - 2018-11-09 02:48 - 003179760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
    2018-11-30 10:40 - 2018-11-09 02:48 - 001613288 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
    2018-11-30 10:40 - 2018-11-09 02:48 - 000766704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
    2018-11-30 10:40 - 2018-11-09 02:48 - 000745472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
    2018-11-30 10:40 - 2018-11-09 02:48 - 000375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
    2018-11-30 10:40 - 2018-11-09 02:47 - 009089848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2018-11-30 10:40 - 2018-11-09 02:47 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2018-11-30 10:40 - 2018-11-09 02:47 - 002822456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2018-11-30 10:40 - 2018-11-09 02:47 - 002765344 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2018-11-30 10:40 - 2018-11-09 02:47 - 002571128 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2018-11-30 10:40 - 2018-11-09 02:47 - 002371296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
    2018-11-30 10:40 - 2018-11-09 02:47 - 002062392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
    2018-11-30 10:40 - 2018-11-09 02:47 - 000527160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
    2018-11-30 10:40 - 2018-11-09 02:24 - 022715904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2018-11-30 10:40 - 2018-11-09 02:23 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
    2018-11-30 10:40 - 2018-11-09 02:22 - 007056896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
    2018-11-30 10:40 - 2018-11-09 02:22 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
    2018-11-30 10:40 - 2018-11-09 02:21 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2018-11-30 10:40 - 2018-11-09 02:21 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
    2018-11-30 10:40 - 2018-11-09 02:21 - 003396608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2018-11-30 10:40 - 2018-11-09 02:20 - 006032384 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
    2018-11-30 10:40 - 2018-11-09 02:19 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2018-11-30 10:40 - 2018-11-09 02:19 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
    2018-11-30 10:40 - 2018-11-09 02:19 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
    2018-11-30 10:40 - 2018-11-09 02:18 - 001487360 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
    2018-11-30 10:40 - 2018-11-09 02:17 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
    2018-11-30 10:40 - 2018-11-09 02:16 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
    2018-11-30 10:40 - 2018-11-09 02:16 - 001457152 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
    2018-11-30 10:40 - 2018-11-09 02:16 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
    2018-11-30 10:40 - 2018-11-09 02:07 - 001299704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
    2018-11-30 10:40 - 2018-11-09 01:46 - 006044008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
    2018-11-30 10:40 - 2018-11-09 01:46 - 004789952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2018-11-30 10:40 - 2018-11-09 01:46 - 002331480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
    2018-11-30 10:40 - 2018-11-09 01:46 - 002253184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2018-11-30 10:40 - 2018-11-09 01:46 - 002161008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
    2018-11-30 10:40 - 2018-11-09 01:46 - 000573504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
    2018-11-30 10:40 - 2018-11-09 01:38 - 022016512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2018-11-30 10:40 - 2018-11-09 01:35 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2018-11-30 10:40 - 2018-11-09 01:30 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
    2018-11-30 10:40 - 2018-11-09 01:29 - 005883392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
    2018-11-30 10:40 - 2018-11-09 01:29 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2018-11-30 10:40 - 2018-11-09 01:29 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
    2018-11-30 10:40 - 2018-11-09 01:28 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2018-11-30 10:40 - 2018-11-09 01:28 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
    2018-11-30 10:40 - 2018-11-09 01:26 - 001110528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
    2018-11-30 10:40 - 2018-11-09 01:26 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
    2018-11-30 10:40 - 2018-11-09 01:26 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
    2018-11-30 10:39 - 2018-11-09 06:19 - 001048480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
    2018-11-30 10:39 - 2018-11-09 06:19 - 000549736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
    2018-11-30 10:39 - 2018-11-09 06:01 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
    2018-11-30 10:39 - 2018-11-09 05:58 - 000244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
    2018-11-30 10:39 - 2018-11-09 05:57 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\sensrsvc.dll
    2018-11-30 10:39 - 2018-11-09 05:56 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
    2018-11-30 10:39 - 2018-11-09 05:56 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
    2018-11-30 10:39 - 2018-11-09 05:56 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2018-11-30 10:39 - 2018-11-09 05:56 - 000381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll
    2018-11-30 10:39 - 2018-11-09 05:55 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
    2018-11-30 10:39 - 2018-11-09 05:55 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
    2018-11-30 10:39 - 2018-11-09 05:54 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
    2018-11-30 10:39 - 2018-11-09 05:35 - 000443864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
    2018-11-30 10:39 - 2018-11-09 05:20 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
    2018-11-30 10:39 - 2018-11-09 05:19 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
    2018-11-30 10:39 - 2018-11-09 05:18 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2018-11-30 10:39 - 2018-11-09 05:18 - 000320512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll
    2018-11-30 10:39 - 2018-11-09 05:17 - 002892800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
    2018-11-30 10:39 - 2018-11-09 05:17 - 000704000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
    2018-11-30 10:39 - 2018-11-09 02:56 - 000272408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
    2018-11-30 10:39 - 2018-11-09 02:56 - 000269320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
    2018-11-30 10:39 - 2018-11-09 02:49 - 001062712 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
    2018-11-30 10:39 - 2018-11-09 02:49 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
    2018-11-30 10:39 - 2018-11-09 02:49 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
    2018-11-30 10:39 - 2018-11-09 02:49 - 000491208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
    2018-11-30 10:39 - 2018-11-09 02:49 - 000368656 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
    2018-11-30 10:39 - 2018-11-09 02:49 - 000135184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
    2018-11-30 10:39 - 2018-11-09 02:49 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
    2018-11-30 10:39 - 2018-11-09 02:48 - 002719736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2018-11-30 10:39 - 2018-11-09 02:48 - 001209696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2018-11-30 10:39 - 2018-11-09 02:47 - 001934808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
    2018-11-30 10:39 - 2018-11-09 02:47 - 001456520 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2018-11-30 10:39 - 2018-11-09 02:47 - 001257672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2018-11-30 10:39 - 2018-11-09 02:47 - 001140480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2018-11-30 10:39 - 2018-11-09 02:47 - 000982400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
    2018-11-30 10:39 - 2018-11-09 02:47 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
    2018-11-30 10:39 - 2018-11-09 02:47 - 000793400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
    2018-11-30 10:39 - 2018-11-09 02:47 - 000594032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
    2018-11-30 10:39 - 2018-11-09 02:47 - 000537912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
    2018-11-30 10:39 - 2018-11-09 02:47 - 000413720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
    2018-11-30 10:39 - 2018-11-09 02:47 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
    2018-11-30 10:39 - 2018-11-09 02:47 - 000335672 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
    2018-11-30 10:39 - 2018-11-09 02:47 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
    2018-11-30 10:39 - 2018-11-09 02:22 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
    2018-11-30 10:39 - 2018-11-09 02:21 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
    2018-11-30 10:39 - 2018-11-09 02:21 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
    2018-11-30 10:39 - 2018-11-09 02:21 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
    2018-11-30 10:39 - 2018-11-09 02:21 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
    2018-11-30 10:39 - 2018-11-09 02:20 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
    2018-11-30 10:39 - 2018-11-09 02:20 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
    2018-11-30 10:39 - 2018-11-09 02:20 - 000399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvctpSvc.dll
    2018-11-30 10:39 - 2018-11-09 02:20 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
    2018-11-30 10:39 - 2018-11-09 02:20 - 000193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndiswan.sys
    2018-11-30 10:39 - 2018-11-09 02:20 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2018-11-30 10:39 - 2018-11-09 02:20 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
    2018-11-30 10:39 - 2018-11-09 02:19 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
    2018-11-30 10:39 - 2018-11-09 02:19 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
    2018-11-30 10:39 - 2018-11-09 02:19 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
    2018-11-30 10:39 - 2018-11-09 02:19 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
    2018-11-30 10:39 - 2018-11-09 02:19 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
    2018-11-30 10:39 - 2018-11-09 02:18 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
    2018-11-30 10:39 - 2018-11-09 02:18 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2018-11-30 10:39 - 2018-11-09 02:18 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
    2018-11-30 10:39 - 2018-11-09 02:18 - 000573952 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
    2018-11-30 10:39 - 2018-11-09 02:18 - 000514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
    2018-11-30 10:39 - 2018-11-09 02:18 - 000300032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
    2018-11-30 10:39 - 2018-11-09 02:17 - 002584576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
    2018-11-30 10:39 - 2018-11-09 02:17 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
    2018-11-30 10:39 - 2018-11-09 02:17 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2018-11-30 10:39 - 2018-11-09 02:16 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2018-11-30 10:39 - 2018-11-09 02:16 - 002224640 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2018-11-30 10:39 - 2018-11-09 02:16 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
    2018-11-30 10:39 - 2018-11-09 02:16 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
    2018-11-30 10:39 - 2018-11-09 02:16 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
    2018-11-30 10:39 - 2018-11-09 02:16 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
    2018-11-30 10:39 - 2018-11-09 02:16 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
    2018-11-30 10:39 - 2018-11-09 02:15 - 001097216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
    2018-11-30 10:39 - 2018-11-09 02:15 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
    2018-11-30 10:39 - 2018-11-09 02:15 - 000933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
    2018-11-30 10:39 - 2018-11-09 02:15 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
    2018-11-30 10:39 - 2018-11-09 02:15 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
    2018-11-30 10:39 - 2018-11-09 02:15 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
    2018-11-30 10:39 - 2018-11-09 02:15 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
    2018-11-30 10:39 - 2018-11-09 02:15 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
    2018-11-30 10:39 - 2018-11-09 02:15 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
    2018-11-30 10:39 - 2018-11-09 02:07 - 002417976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
    2018-11-30 10:39 - 2018-11-09 01:48 - 000550728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
    2018-11-30 10:39 - 2018-11-09 01:47 - 000295224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
    2018-11-30 10:39 - 2018-11-09 01:46 - 001980776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2018-11-30 10:39 - 2018-11-09 01:46 - 001805656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
    2018-11-30 10:39 - 2018-11-09 01:46 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
    2018-11-30 10:39 - 2018-11-09 01:46 - 000567048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
    2018-11-30 10:39 - 2018-11-09 01:46 - 000129288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
    2018-11-30 10:39 - 2018-11-09 01:31 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
    2018-11-30 10:39 - 2018-11-09 01:31 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
    2018-11-30 10:39 - 2018-11-09 01:31 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
    2018-11-30 10:39 - 2018-11-09 01:30 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
    2018-11-30 10:39 - 2018-11-09 01:29 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
    2018-11-30 10:39 - 2018-11-09 01:29 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
    2018-11-30 10:39 - 2018-11-09 01:29 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
    2018-11-30 10:39 - 2018-11-09 01:29 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
    2018-11-30 10:39 - 2018-11-09 01:28 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
    2018-11-30 10:39 - 2018-11-09 01:28 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
    2018-11-30 10:39 - 2018-11-09 01:28 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
    2018-11-30 10:39 - 2018-11-09 01:27 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
    2018-11-30 10:39 - 2018-11-09 01:27 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
    2018-11-30 10:39 - 2018-11-09 01:27 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
    2018-11-30 10:39 - 2018-11-09 01:27 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
    2018-11-30 10:39 - 2018-11-09 01:27 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
    2018-11-30 10:39 - 2018-11-09 01:26 - 000978944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
    2018-11-30 10:39 - 2018-11-09 01:26 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
    2018-11-30 10:39 - 2018-11-09 01:26 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
    2018-11-30 10:39 - 2018-11-09 01:25 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
    2018-11-30 10:39 - 2018-11-09 01:25 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
    2018-11-30 10:39 - 2018-11-09 01:25 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
    2018-11-30 10:39 - 2018-11-09 01:25 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
    2018-11-30 10:39 - 2018-11-09 01:25 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
    2018-11-30 10:39 - 2018-11-09 01:25 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
    2018-11-30 10:39 - 2018-11-09 01:01 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
    2018-11-30 10:06 - 2018-11-30 10:08 - 018169856 _____ (Piriform Software Ltd) C:\Users\di_bl\Downloads\Unconfirmed 384632.crdownload
    2018-11-29 18:51 - 2018-11-29 18:51 - 000001417 _____ C:\Users\di_bl\Desktop\Auslogics Registry Cleaner.lnk
    2018-11-25 10:55 - 2018-11-25 10:55 - 000234306 _____ C:\Users\di_bl\Downloads\INTEGRATION-RESPONSIVENESS_FRAMEWORK_FOR_CHINESE_M.pdf
    2018-11-24 11:20 - 2018-11-24 11:20 - 014621054 _____ C:\Users\di_bl\Downloads\Presentation-Eric-Schulz-GMF-2018.pdf
    2018-11-24 11:20 - 2018-11-24 11:20 - 000596565 _____ C:\Users\di_bl\Downloads\Global-Market-Forecast-2018-2037-Airbus.xlsx
    2018-11-23 11:38 - 2018-11-23 11:38 - 018071560 _____ (Piriform Software Ltd) C:\Users\di_bl\Downloads\ccsetup549.exe
    2018-11-23 09:42 - 2018-11-23 09:41 - 000378640 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
    2018-11-22 22:08 - 2018-11-22 22:08 - 000002505 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
    2018-11-22 22:08 - 2018-11-22 22:08 - 000002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
    2018-11-22 22:08 - 2018-11-22 22:08 - 000002499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
    2018-11-22 22:08 - 2018-11-22 22:08 - 000002463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
    2018-11-22 22:08 - 2018-11-22 22:08 - 000002462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
    2018-11-22 22:08 - 2018-11-22 22:08 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
    2018-11-22 22:08 - 2018-11-22 22:08 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
    2018-11-22 22:08 - 2018-11-22 22:08 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
    2018-11-22 22:08 - 2018-11-22 22:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
    2018-11-19 21:15 - 2018-11-19 21:15 - 005003397 _____ C:\Users\di_bl\Downloads\Working Abroad_1997 (2).pdf
    2018-11-19 21:14 - 2018-11-19 21:14 - 005003397 _____ C:\Users\di_bl\Downloads\Working Abroad_1997.pdf
    2018-11-19 21:14 - 2018-11-19 21:14 - 005003397 _____ C:\Users\di_bl\Downloads\Working Abroad_1997 (1).pdf
    2018-11-16 14:34 - 2018-11-16 14:34 - 000000000 ____D C:\Users\di_bl\OneDrive\Documents\Avatar
    2018-11-14 21:37 - 2018-11-14 21:37 - 000000000 ____D C:\Users\di_bl\AppData\Roaming\Python
    2018-11-14 21:25 - 2018-11-07 16:35 - 372357916 _____ C:\Users\di_bl\Desktop\Polishing cell layout.stp
    2018-11-14 21:14 - 2018-11-16 23:00 - 000834960 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2018-11-14 21:14 - 2018-11-16 23:00 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2018-11-14 19:58 - 2018-11-01 11:27 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
    2018-11-14 19:58 - 2018-11-01 10:09 - 001027000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
    2018-11-14 19:58 - 2018-11-01 09:53 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
    2018-11-14 19:58 - 2018-11-01 06:57 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2018-11-14 19:58 - 2018-11-01 04:47 - 001379792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
    2018-11-14 19:58 - 2018-11-01 04:47 - 000581600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
    2018-11-14 19:58 - 2018-11-01 04:30 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
    2018-11-14 19:58 - 2018-11-01 04:27 - 001627648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2018-11-14 19:58 - 2018-11-01 04:27 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2018-11-14 19:58 - 2018-10-21 13:00 - 001639560 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
    2018-11-14 19:58 - 2018-10-21 12:44 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\INETRES.dll
    2018-11-14 19:58 - 2018-10-21 11:37 - 001626656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
    2018-11-14 19:58 - 2018-10-21 11:28 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\INETRES.dll
    2018-11-14 19:58 - 2018-10-21 07:46 - 000709936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2018-11-14 19:58 - 2018-10-21 07:46 - 000171024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
    2018-11-14 19:58 - 2018-10-21 07:20 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
    2018-11-14 19:58 - 2018-10-21 07:17 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
    2018-11-14 19:58 - 2018-04-28 04:02 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
    2018-11-14 19:57 - 2018-11-01 11:46 - 002394960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
    2018-11-14 19:57 - 2018-11-01 11:45 - 001376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
    2018-11-14 19:57 - 2018-11-01 07:27 - 001017152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
    2018-11-14 19:57 - 2018-11-01 07:26 - 003291640 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
    2018-11-14 19:57 - 2018-11-01 07:25 - 001784680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
    2018-11-14 19:57 - 2018-11-01 07:25 - 001288920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
    2018-11-14 19:57 - 2018-11-01 07:25 - 000713472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
    2018-11-14 19:57 - 2018-11-01 07:25 - 000375824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
    2018-11-14 19:57 - 2018-11-01 06:57 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
    2018-11-14 19:57 - 2018-11-01 06:53 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
    2018-11-14 19:57 - 2018-11-01 06:53 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2018-11-14 19:57 - 2018-11-01 04:50 - 000861712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
    2018-11-14 19:57 - 2018-11-01 04:50 - 000786288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
    2018-11-14 19:57 - 2018-11-01 04:48 - 002478872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
    2018-11-14 19:57 - 2018-11-01 04:47 - 001020064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
    2018-11-14 19:57 - 2018-11-01 04:33 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
    2018-11-14 19:57 - 2018-10-21 12:45 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
    2018-11-14 19:57 - 2018-10-21 11:28 - 012501504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
    2018-11-14 19:57 - 2018-10-21 11:22 - 002405888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
    2018-11-14 19:57 - 2018-10-21 09:29 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
    2018-11-14 19:57 - 2018-10-21 08:44 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
    2018-11-14 19:57 - 2018-10-21 07:45 - 000607136 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
    2018-11-14 19:57 - 2018-10-21 07:19 - 002487088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
    2018-11-14 19:57 - 2018-10-21 07:19 - 001130768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
    2018-11-14 19:57 - 2018-10-21 07:19 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
    2018-11-14 19:57 - 2018-10-21 07:17 - 000473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
    2018-11-14 19:57 - 2018-10-21 07:16 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2018-11-14 19:57 - 2018-10-21 07:15 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
    2018-11-14 19:57 - 2018-10-21 07:09 - 013873664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2018-11-14 19:57 - 2018-10-21 06:58 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
    2018-11-14 19:56 - 2018-11-01 07:25 - 001190248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
    2018-11-14 19:56 - 2018-11-01 07:00 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
    2018-11-14 19:56 - 2018-11-01 06:58 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
    2018-11-14 19:56 - 2018-11-01 06:57 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
    2018-11-14 19:56 - 2018-11-01 06:56 - 000506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
    2018-11-14 19:56 - 2018-11-01 06:53 - 002248192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
    2018-11-14 19:56 - 2018-11-01 06:53 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
    2018-11-14 19:56 - 2018-10-21 12:43 - 000345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
    2018-11-14 19:56 - 2018-10-21 07:46 - 000560136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
    2018-11-14 19:56 - 2018-10-21 07:45 - 003283512 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
    2018-11-14 19:56 - 2018-10-21 07:28 - 016592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2018-11-14 19:56 - 2018-10-21 07:17 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
    2018-11-14 19:56 - 2018-10-21 07:17 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
    2018-11-14 19:56 - 2018-10-21 07:16 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
    2018-11-14 19:56 - 2018-10-21 07:14 - 001034752 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
    2018-11-14 19:55 - 2018-11-01 11:49 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
    2018-11-14 19:55 - 2018-11-01 09:15 - 023861760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
    2018-11-14 19:55 - 2018-11-01 09:13 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
    2018-11-14 19:55 - 2018-11-01 07:26 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
    2018-11-14 19:55 - 2018-11-01 07:25 - 000268088 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
    2018-11-14 19:55 - 2018-11-01 07:00 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
    2018-11-14 19:55 - 2018-11-01 06:59 - 000322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
    2018-11-14 19:55 - 2018-11-01 06:57 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
    2018-11-14 19:55 - 2018-11-01 06:54 - 000606208 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
    2018-11-14 19:55 - 2018-11-01 06:53 - 001373696 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
    2018-11-14 19:55 - 2018-11-01 04:48 - 000880248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
    2018-11-14 19:55 - 2018-11-01 04:28 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
    2018-11-14 19:55 - 2018-11-01 04:27 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
    2018-11-14 19:55 - 2018-10-21 13:00 - 001516120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
    2018-11-14 19:55 - 2018-10-21 12:59 - 000236728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
    2018-11-14 19:55 - 2018-10-21 12:46 - 013572096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
    2018-11-14 19:55 - 2018-10-21 12:46 - 004393472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
    2018-11-14 19:55 - 2018-10-21 12:42 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
    2018-11-14 19:55 - 2018-10-21 12:41 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
    2018-11-14 19:55 - 2018-10-21 11:38 - 001322376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
    2018-11-14 19:55 - 2018-10-21 11:38 - 000221216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
    2018-11-14 19:55 - 2018-10-21 07:46 - 000717112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
    2018-11-14 19:55 - 2018-10-21 07:45 - 001098064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
    2018-11-14 19:55 - 2018-10-21 07:22 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
    2018-11-14 19:55 - 2018-10-21 07:19 - 000505616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
    2018-11-14 19:55 - 2018-10-21 07:02 - 002966528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
    2018-11-14 19:55 - 2018-10-21 06:58 - 001124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdprt.dll
    2018-11-14 19:55 - 2018-10-21 05:59 - 000806320 _____ C:\WINDOWS\SysWOW64\locale.nls
    2018-11-14 19:55 - 2018-10-21 05:59 - 000806320 _____ C:\WINDOWS\system32\locale.nls
    2018-11-14 19:54 - 2018-11-01 11:30 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
    2018-11-14 19:54 - 2018-11-01 11:30 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
    2018-11-14 19:54 - 2018-11-01 11:29 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
    2018-11-14 19:54 - 2018-11-01 11:28 - 000253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
    2018-11-14 19:54 - 2018-11-01 09:56 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
    2018-11-14 19:54 - 2018-11-01 09:56 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
    2018-11-14 19:54 - 2018-11-01 07:25 - 000463672 _____ (Microsoft Corporation) C:\WINDOWS\system32\coml2.dll
    2018-11-14 19:54 - 2018-11-01 07:03 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmtask.exe
    2018-11-14 19:54 - 2018-11-01 07:02 - 000047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmapi.dll
    2018-11-14 19:54 - 2018-11-01 07:02 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\CSystemEventsBrokerClient.dll
    2018-11-14 19:54 - 2018-11-01 06:59 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
    2018-11-14 19:54 - 2018-11-01 06:59 - 000192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
    2018-11-14 19:54 - 2018-11-01 06:59 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPTaskScheduler.dll
    2018-11-14 19:54 - 2018-11-01 06:59 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
    2018-11-14 19:54 - 2018-11-01 06:58 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
    2018-11-14 19:54 - 2018-11-01 06:57 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
    2018-11-14 19:54 - 2018-11-01 06:57 - 000281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
    2018-11-14 19:54 - 2018-11-01 06:56 - 002929664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsservices.dll
    2018-11-14 19:54 - 2018-11-01 06:56 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
    2018-11-14 19:54 - 2018-11-01 06:54 - 001679360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
    2018-11-14 19:54 - 2018-11-01 06:54 - 001023488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
    2018-11-14 19:54 - 2018-11-01 06:54 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
    2018-11-14 19:54 - 2018-11-01 04:48 - 000384520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\coml2.dll
    2018-11-14 19:54 - 2018-11-01 04:29 - 001862656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsservices.dll
    2018-11-14 19:54 - 2018-11-01 04:29 - 000848384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
    2018-11-14 19:54 - 2018-11-01 04:29 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
    2018-11-14 19:54 - 2018-10-21 13:00 - 000790416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
    2018-11-14 19:54 - 2018-10-21 13:00 - 000396304 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
    2018-11-14 19:54 - 2018-10-21 12:59 - 000766480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
    2018-11-14 19:54 - 2018-10-21 12:44 - 000623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
    2018-11-14 19:54 - 2018-10-21 12:43 - 000276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
    2018-11-14 19:54 - 2018-10-21 12:43 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
    2018-11-14 19:54 - 2018-10-21 12:42 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
    2018-11-14 19:54 - 2018-10-21 12:42 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
    2018-11-14 19:54 - 2018-10-21 12:42 - 000592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserLanguagesCpl.dll
    2018-11-14 19:54 - 2018-10-21 11:38 - 000662312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
    2018-11-14 19:54 - 2018-10-21 11:38 - 000660480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
    2018-11-14 19:54 - 2018-10-21 11:23 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
    2018-11-14 19:54 - 2018-10-21 11:23 - 000523264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll
    2018-11-14 19:54 - 2018-10-21 11:22 - 000224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
    2018-11-14 19:54 - 2018-10-21 07:46 - 000611640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
    2018-11-14 19:54 - 2018-10-21 07:46 - 000497864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
    2018-11-14 19:54 - 2018-10-21 07:45 - 001946208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2018-11-14 19:54 - 2018-10-21 07:45 - 000185120 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
    2018-11-14 19:54 - 2018-10-21 07:45 - 000175624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
    2018-11-14 19:54 - 2018-10-21 07:45 - 000139792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
    2018-11-14 19:54 - 2018-10-21 07:45 - 000058088 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
    2018-11-14 19:54 - 2018-10-21 07:21 - 001589248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
    2018-11-14 19:54 - 2018-10-21 07:21 - 000123424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
    2018-11-14 19:54 - 2018-10-21 07:20 - 000424000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
    2018-11-14 19:54 - 2018-10-21 07:20 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
    2018-11-14 19:54 - 2018-10-21 07:20 - 000141312 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
    2018-11-14 19:54 - 2018-10-21 07:19 - 001620776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2018-11-14 19:54 - 2018-10-21 07:19 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
    2018-11-14 19:54 - 2018-10-21 07:19 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
    2018-11-14 19:54 - 2018-10-21 07:19 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
    2018-11-14 19:54 - 2018-10-21 07:19 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
    2018-11-14 19:54 - 2018-10-21 07:19 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
    2018-11-14 19:54 - 2018-10-21 07:19 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ofdeploy.exe
    2018-11-14 19:54 - 2018-10-21 07:19 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvrcpAppSvc.dll
    2018-11-14 19:54 - 2018-10-21 07:19 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhf.sys
    2018-11-14 19:54 - 2018-10-21 07:19 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
    2018-11-14 19:54 - 2018-10-21 07:18 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
    2018-11-14 19:54 - 2018-10-21 07:18 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Activities.dll
    2018-11-14 19:54 - 2018-10-21 07:18 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll
    2018-11-14 19:54 - 2018-10-21 07:18 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
    2018-11-14 19:54 - 2018-10-21 07:18 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
    2018-11-14 19:54 - 2018-10-21 07:18 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
    2018-11-14 19:54 - 2018-10-21 07:17 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
    2018-11-14 19:54 - 2018-10-21 07:17 - 001668096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdprt.dll
    2018-11-14 19:54 - 2018-10-21 07:17 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvrcp.dll
    2018-11-14 19:54 - 2018-10-21 07:16 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
    2018-11-14 19:54 - 2018-10-21 07:15 - 003212800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
    2018-11-14 19:54 - 2018-10-21 07:15 - 000743936 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintRenderAPIHost.DLL
    2018-11-14 19:54 - 2018-10-21 07:14 - 001919488 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
    2018-11-14 19:54 - 2018-10-21 07:14 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
    2018-11-14 19:54 - 2018-10-21 07:14 - 000632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
    2018-11-14 19:54 - 2018-10-21 07:14 - 000453632 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
    2018-11-14 19:54 - 2018-10-21 07:02 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
    2018-11-14 19:54 - 2018-10-21 07:01 - 001189376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
    2018-11-14 19:54 - 2018-10-21 07:01 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
    2018-11-14 19:54 - 2018-10-21 07:00 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scecli.dll
    2018-11-14 19:54 - 2018-10-21 06:59 - 000602112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
    2018-11-14 19:54 - 2018-10-21 06:58 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
    2018-11-14 19:54 - 2018-10-21 06:57 - 002611200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
    2018-11-12 22:21 - 2018-11-12 22:22 - 058949181 _____ C:\Users\di_bl\Downloads\Polishing cell layout.zip
    2018-11-03 14:11 - 2018-11-03 14:11 - 000000000 ____D C:\WINDOWS\Panther
    2018-11-03 07:54 - 2018-11-03 07:54 - 000080856 _____ C:\Users\di_bl\Downloads\OptimaDownload-07.54.09.pdf
    2018-11-01 18:54 - 2018-11-01 18:54 - 000080856 _____ C:\Users\di_bl\Downloads\Marriage Certificate.pdf

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-12-01 09:17 - 2018-04-11 23:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
    2018-12-01 09:16 - 2016-02-01 03:13 - 000000000 ____D C:\Program Files\AVAST Software
    2018-12-01 09:02 - 2018-09-13 16:09 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
    2018-12-01 09:02 - 2018-06-26 20:34 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
    2018-12-01 09:02 - 2018-06-26 20:34 - 000003262 _____ C:\WINDOWS\System32\Tasks\Antivirus Emergency Update
    2018-12-01 09:02 - 2018-06-26 20:34 - 000002988 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
    2018-12-01 09:02 - 2018-06-26 20:34 - 000002852 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-439163156-588376408-1409899048-1003
    2018-12-01 09:02 - 2018-06-26 20:34 - 000002216 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
    2018-12-01 08:14 - 2018-07-13 16:12 - 000000000 ____D C:\Users\di_bl\AppData\Local\D3DSCache
    2018-12-01 08:14 - 2018-04-11 23:36 - 000000000 ____D C:\WINDOWS\INF
    2018-12-01 08:08 - 2018-04-11 23:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2018-12-01 08:04 - 2018-10-11 20:44 - 000002858 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleFordi_bl
    2018-12-01 08:04 - 2018-10-11 20:44 - 000000364 _____ C:\WINDOWS\Tasks\HPCeeScheduleFordi_bl.job
    2018-12-01 08:04 - 2018-06-26 20:34 - 000003820 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
    2018-12-01 08:04 - 2018-06-26 20:34 - 000003808 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
    2018-12-01 08:04 - 2018-06-26 20:34 - 000003406 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
    2018-12-01 08:04 - 2018-06-26 20:34 - 000003338 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
    2018-12-01 08:04 - 2018-06-26 20:34 - 000003182 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
    2018-12-01 08:04 - 2018-06-26 20:34 - 000002912 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-439163156-588376408-1409899048-1002
    2018-12-01 08:04 - 2018-06-26 20:34 - 000002762 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask
    2018-12-01 08:04 - 2018-06-26 20:34 - 000002098 _____ C:\WINDOWS\System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance
    2018-12-01 08:01 - 2018-09-06 20:48 - 000000000 ____D C:\Users\di_bl\AppData\Local\CrashDumps
    2018-12-01 08:00 - 2017-09-14 14:14 - 000000000 ___RD C:\Users\di_bl\Google Drive
    2018-12-01 07:56 - 2018-06-26 20:34 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2018-12-01 07:55 - 2018-04-11 21:04 - 001048576 _____ C:\WINDOWS\system32\config\BBI
    2018-12-01 07:55 - 2016-10-10 23:44 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
    2018-12-01 07:52 - 2016-05-06 20:34 - 000000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
    2018-12-01 07:28 - 2018-06-26 20:00 - 000931448 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2018-12-01 07:17 - 2018-06-26 19:54 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2018-11-30 21:52 - 2018-10-28 19:36 - 000007665 _____ C:\Users\di_bl\AppData\Local\resmon.resmoncfg
    2018-11-30 20:38 - 2018-06-26 20:01 - 000000000 ____D C:\Users\di_bl
    2018-11-30 20:27 - 2017-11-28 20:09 - 000000000 ____D C:\Program Files (x86)\Auslogics
    2018-11-30 20:27 - 2017-11-09 16:32 - 000000000 ____D C:\ProgramData\Auslogics
    2018-11-30 18:59 - 2017-02-21 22:05 - 000000000 ____D C:\Users\di_bl\OneDrive\Documents\YouCam
    2018-11-30 17:57 - 2017-11-28 20:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
    2018-11-30 16:47 - 2018-04-11 23:38 - 000000000 ____D C:\PerfLogs
    2018-11-30 16:23 - 2018-01-07 09:43 - 000000000 ____D C:\Users\di_bl\AppData\Local\AMD
    2018-11-30 16:23 - 2016-10-10 23:44 - 000000000 ____D C:\Program Files\AMD
    2018-11-30 14:34 - 2016-02-01 02:57 - 000218208 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
    2018-11-30 14:33 - 2016-02-01 02:57 - 000753256 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe
    2018-11-30 14:33 - 2016-02-01 02:57 - 000249440 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
    2018-11-30 14:33 - 2016-02-01 02:57 - 000132712 _____ C:\WINDOWS\system32\atidxx64.dll
    2018-11-30 14:33 - 2016-02-01 02:57 - 000111712 _____ C:\WINDOWS\SysWOW64\atidxx32.dll
    2018-11-30 14:23 - 2016-02-01 02:57 - 000169264 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll
    2018-11-30 14:23 - 2016-02-01 02:57 - 000149128 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll
    2018-11-30 14:22 - 2016-02-01 02:57 - 001629280 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll
    2018-11-30 14:22 - 2016-02-01 02:57 - 001192032 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
    2018-11-30 12:13 - 2017-11-30 01:47 - 000000000 ____D C:\Users\di_bl\AppData\Local\Packages
    2018-11-30 11:52 - 2017-08-18 02:23 - 000821288 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynCOM.dll
    2018-11-30 11:52 - 2017-08-18 02:23 - 000282152 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPAPI.dll
    2018-11-30 11:45 - 2017-08-18 02:23 - 000767016 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynTP.sys
    2018-11-30 11:41 - 2015-11-02 18:02 - 000000000 __RHD C:\Users\Public\AccountPictures
    2018-11-30 11:40 - 2018-04-11 23:38 - 000000000 ____D C:\WINDOWS\AppReadiness
    2018-11-30 11:40 - 2017-11-30 06:30 - 000000000 ___RD C:\Users\di_bl\3D Objects
    2018-11-30 11:38 - 2018-06-26 19:54 - 000483400 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2018-11-30 11:36 - 2018-06-26 20:01 - 000000000 ____D C:\Users\emmab
    2018-11-30 11:34 - 2018-04-11 23:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2018-11-30 11:34 - 2018-04-11 23:38 - 000000000 ____D C:\WINDOWS\TextInput
    2018-11-30 11:34 - 2018-04-11 23:38 - 000000000 ____D C:\WINDOWS\ShellComponents
    2018-11-30 11:34 - 2018-04-11 23:38 - 000000000 ____D C:\WINDOWS\bcastdvr
    2018-11-30 11:26 - 2016-02-01 03:00 - 001131024 _____ (Realtek ) C:\WINDOWS\system32\Drivers\rt640x64.sys
    2018-11-30 11:20 - 2018-05-11 16:37 - 000035360 _____ (HP) C:\WINDOWS\system32\Drivers\WirelessButtonDriver64.sys
    2018-11-30 11:18 - 2018-04-11 23:38 - 000000000 ___HD C:\Program Files\WindowsApps
    2018-11-30 11:17 - 2015-12-01 12:30 - 000186152 _____ (Broadcom Corporation.) C:\WINDOWS\system32\Drivers\bcbtums.sys
    2018-11-30 11:16 - 2016-02-01 02:57 - 000026888 _____ (Advanced Micro Devices, INC.) C:\WINDOWS\system32\Drivers\AmdAS4.sys
    2018-11-30 11:10 - 2016-02-01 02:57 - 000178792 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
    2018-11-30 11:10 - 2016-02-01 02:57 - 000154720 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
    2018-11-30 11:04 - 2017-06-12 04:07 - 000137688 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\Drivers\amdpsp.sys
    2018-11-30 11:01 - 2018-04-11 23:30 - 000000000 ____D C:\WINDOWS\CbsTemp
    2018-11-30 11:01 - 2016-02-01 02:57 - 000107400 _____ (Advanced Micro Devices) C:\WINDOWS\system32\Drivers\AtihdWT6.sys
    2018-11-30 10:41 - 2016-07-18 20:20 - 000097352 _____ C:\Users\di_bl\AppData\Local\GDIPFONTCACHEV1.DAT
    2018-11-30 09:58 - 2017-06-21 15:53 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2018-11-29 21:51 - 2016-11-18 16:02 - 000000000 ____D C:\Users\di_bl\AppData\LocalLow\Mozilla
    2018-11-29 19:05 - 2016-05-02 11:59 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2018-11-29 19:05 - 2016-05-02 11:59 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2018-11-23 23:02 - 2018-04-11 23:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
    2018-11-23 23:02 - 2018-04-11 23:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
    2018-11-23 16:28 - 2017-02-01 08:55 - 000000000 ____D C:\Users\di_bl\AppData\Local\Citrix
    2018-11-23 11:43 - 2018-04-11 23:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
    2018-11-23 09:41 - 2018-10-13 10:20 - 000042552 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgKbd.sys
    2018-11-23 09:41 - 2017-11-30 00:26 - 000469520 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
    2018-11-23 09:41 - 2017-11-30 00:26 - 000380704 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
    2018-11-23 09:41 - 2017-11-30 00:26 - 000208712 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys
    2018-11-23 09:41 - 2017-11-30 00:26 - 000201504 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
    2018-11-23 09:41 - 2017-11-30 00:26 - 000163496 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
    2018-11-23 09:41 - 2017-11-30 00:26 - 000112040 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
    2018-11-23 09:41 - 2017-11-30 00:26 - 000087680 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
    2018-11-23 09:41 - 2017-11-30 00:26 - 000046648 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgHwid.sys
    2018-11-23 09:40 - 2017-11-30 00:26 - 001028920 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
    2018-11-23 09:39 - 2017-11-30 00:26 - 000346840 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbloga.sys
    2018-11-23 09:39 - 2017-11-30 00:26 - 000231104 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdrivera.sys
    2018-11-23 09:39 - 2017-11-30 00:26 - 000202528 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsha.sys
    2018-11-23 09:39 - 2017-11-30 00:26 - 000059744 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniva.sys
    2018-11-23 09:36 - 2016-05-16 04:41 - 000001235 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
    2018-11-23 09:36 - 2016-05-16 04:41 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2018-11-22 22:03 - 2016-02-01 03:25 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
    2018-11-19 21:06 - 2017-09-29 19:15 - 000000000 ____D C:\Program Files\rempl
    2018-11-16 14:40 - 2018-07-19 08:34 - 000002370 _____ C:\Users\di_bl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2018-11-16 14:40 - 2016-05-02 11:44 - 000000000 ___RD C:\Users\di_bl\OneDrive
    2018-11-16 14:34 - 2016-12-23 18:42 - 000000000 ____D C:\Users\di_bl\AppData\Roaming\CyberLink
    2018-11-14 21:09 - 2018-04-11 23:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
    2018-11-14 21:09 - 2018-04-11 23:38 - 000000000 ___SD C:\WINDOWS\system32\F12
    2018-11-14 21:09 - 2018-04-11 23:38 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
    2018-11-14 21:09 - 2018-04-11 23:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
    2018-11-14 20:45 - 2016-05-02 15:06 - 000000000 ____D C:\WINDOWS\system32\MRT
    2018-11-14 20:19 - 2016-05-02 15:06 - 137810048 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2018-11-07 20:56 - 2017-09-14 14:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
    2018-11-03 14:33 - 2016-02-01 03:15 - 000000000 ____D C:\ProgramData\CyberLink
    2018-11-01 10:24 - 2018-06-23 09:38 - 000000000 ____D C:\Users\di_bl\AppData\Local\PlaceholderTileLogoFolder

    ==================== Files in the root of some directories =======

    2018-10-28 19:36 - 2018-11-30 21:52 - 000007665 _____ () C:\Users\di_bl\AppData\Local\resmon.resmoncfg

    Some files in TEMP:
    ====================
    2018-12-01 07:45 - 2018-11-30 20:48 - 011576808 _____ (SurfRight B.V.) C:\Users\di_bl\AppData\Local\Temp\HitmanPro.exe

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2018-06-26 19:54

    ==================== End of FRST.txt ============================


    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29.11.2018 01
    Ran by di_bl (01-12-2018 09:36:40)
    Running from C:\Users\di_bl\Desktop
    Windows 10 Home Version 1803 17134.441 (X64) (2018-06-26 20:35:49)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-439163156-588376408-1409899048-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-439163156-588376408-1409899048-503 - Limited - Disabled)
    di_bl (S-1-5-21-439163156-588376408-1409899048-1002 - Administrator - Enabled) => C:\Users\di_bl
    emmab (S-1-5-21-439163156-588376408-1409899048-1003 - Limited - Enabled) => C:\Users\emmab
    Guest (S-1-5-21-439163156-588376408-1409899048-501 - Limited - Disabled)
    WDAGUtilityAccount (S-1-5-21-439163156-588376408-1409899048-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: AVG Antivirus (Enabled - Up to date) {4FC75CA5-1654-5411-7CFB-1893D506BCF4}
    AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
    AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: AVG Antivirus (Enabled - Up to date) {F4A6BD41-306E-5B9F-464B-23E1AE81F649}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
    Adobe Flash Player 31 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 31.0.0.153 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.9.199 - Adobe Systems, Inc.)
    AMD Catalyst Install Manager (HKLM\...\{A30D3EA3-B90A-DDD5-949E-6DDE67E64FE6}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
    ANT Drivers Installer x64 (HKLM\...\{20AB389B-8602-403C-B19B-F0A1D6C510A5}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
    Apple Application Support (32-bit) (HKLM-x32\...\{308F2F8C-9D33-4B22-8A6C-D9C13DBEF8C6}) (Version: 7.0.2 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{0CB84A7D-9697-4526-A819-60FB050E8F05}) (Version: 7.0.2 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{77F8C879-88CD-4145-945A-541C35285285}) (Version: 12.0.0.1039 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
    Auslogics Registry Cleaner (HKLM-x32\...\{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1) (Version: 7.0.20.0 - Auslogics Labs Pty Ltd)
    Autodesk Fusion 360 (HKU\S-1-5-21-439163156-588376408-1409899048-1002\...\73e72ada57b7480280f7a6f4a289729f) (Version: 2.0.3800 - Autodesk, Inc.)
    Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.8.2356 - AVAST Software)
    AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 18.8.3071 - AVG Technologies)
    Backup and Sync from Google (HKLM\...\{608EBDC6-D18A-4CF6-AD54-EE6B71D29065}) (Version: 3.43.1584.4446 - Google, Inc.)
    Bejeweled 3 (HKLM-x32\...\WTA-12c2e92b-5d72-48a3-b1f9-5257205a16fc) (Version: 2.2.0.95 - WildTangent) Hidden
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: - Broadcom Corporation)
    Broadcom Bluetooth Drivers (HKLM\...\{0A1B4690-E176-4533-8058-939480AEE1D0}) (Version: 12.0.1.850 - Broadcom Corporation)
    Build-a-lot (HKLM-x32\...\WTA-8533d3be-bbd7-46a6-9b80-8160d92e115f) (Version: 3.0.2.59 - WildTangent) Hidden
    Building the Great Wall of China Collector's Edition (HKLM-x32\...\WTA-4cf61823-288b-49ec-aaa4-ac3883423a12) (Version: 3.0.2.48 - WildTangent) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 5.50 - Piriform)
    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Crazy Chicken Soccer (HKLM-x32\...\WTA-01d16b4d-d7d2-4e83-bb8f-fa9e4e82add1) (Version: 2.2.0.110 - WildTangent) Hidden
    CyberLink PhotoDirector (HKLM\...\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.6.7006 - CyberLink Corp.) Hidden
    CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.6.7006 - CyberLink Corp.)
    CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.3.6129 - CyberLink Corp.)
    CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.5.4601 - CyberLink Corp.) Hidden
    CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.5.4601 - CyberLink Corp.)
    CyberLink YouCam (HKLM-x32\...\{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.2.4627 - CyberLink Corp.)
    Delicious: Emily's Wonder Wedding Premium Edition (HKLM-x32\...\WTA-abf9b0c8-81fb-4c4e-8ab1-79c30b31960e) (Version: 3.0.2.59 - WildTangent) Hidden
    DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
    Driver Easy 5.6.7 (HKLM\...\DriverEasy_is1) (Version: 5.6.7 - Easeware)
    Elevated Installer (HKLM-x32\...\{6E257EB0-5EFF-416D-82D4-592924566BB4}) (Version: 6.5.1.0 - Garmin Ltd or its subsidiaries) Hidden
    Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
    FreeCAD 0.16 - A free open source CAD system (HKLM\...\FreeCAD 0.16) (Version: 0.16.6712 - Juergen Riegel)
    FreeSpeedVideo (HKLM-x32\...\{01995E6E-DABA-47BE-8E59-4149038DAC0A}) (Version: 1.06 - Free Speed Video)
    Garmin Express (HKLM-x32\...\{3e534d41-dcc4-4f51-9858-70dd42beb3d5}) (Version: 6.5.1.0 - Garmin Ltd or its subsidiaries)
    Garmin Express (HKLM-x32\...\{E1C18A5C-63D7-4DC5-977F-5B4BAB4169D9}) (Version: 6.5.1.0 - Garmin Ltd or its subsidiaries) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.110 - Google Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
    HP Documentation (HKLM\...\HP_Documentation) (Version: - HP)
    HP Dropbox Plugin (HKLM-x32\...\{23617173-F935-4C17-A323-EB1207F3ED49}) (Version: 36.0.31.53050 - Hewlett-Packard Co.)
    HP ENVY 4520 series Basic Device Software (HKLM\...\{AA543771-C534-4954-831A-9862C626796F}) (Version: 36.0.72.54013 - Hewlett-Packard Co.)
    HP ENVY 4520 series Help (HKLM-x32\...\{201E58BD-2A1D-4C4D-BD6F-ADA7669FE3AE}) (Version: 36.0.0 - Hewlett Packard)
    HP ePrint SW (HKLM-x32\...\{88970959-baf7-4864-a39a-69a58e8ae5cf}) (Version: 5.0.18701 - HP)
    HP Google Drive Plugin (HKLM-x32\...\{AFF80405-E56A-48E7-98FC-8E46E261949F}) (Version: 36.0.31.53050 - Hewlett-Packard Co.)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
    HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8305.5282 - Hewlett-Packard)
    HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.6.18.11 - Hewlett-Packard Company)
    HP Support Solutions Framework (HKLM-x32\...\{CE7447C2-EF12-4EF3-BE51-BFC3B049C0F6}) (Version: 12.9.24.3 - HP)
    HP System Event Utility (HKLM-x32\...\{D17A3B70-B75E-4C49-83D6-C17DDF65B35F}) (Version: 1.3.4 - Hewlett-Packard Company)
    HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - HP Inc.)
    iCloud (HKLM\...\{29C6B346-C29C-40CE-89EB-DF7C149E0EB9}) (Version: 7.7.0.27 - Apple Inc.)
    iTunes (HKLM\...\{7DDA6271-F51E-4BE5-AAE9-5A8A4612FA43}) (Version: 12.9.0.167 - Apple Inc.)
    iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
    Jewel Match 3 (HKLM-x32\...\WTA-2c7aeb52-136d-44b4-b290-d48ef9688c31) (Version: 2.2.0.97 - WildTangent) Hidden
    Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
    Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.11001.20108 - Microsoft Corporation)
    Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6506.0 - Microsoft Corporation)
    Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-439163156-588376408-1409899048-1002\...\OneDriveSetup.exe) (Version: 18.192.0920.0015 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-439163156-588376408-1409899048-1003\...\OneDriveSetup.exe) (Version: 18.111.0603.0006 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
    Mozilla Firefox 63.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 63.0.3 (x64 en-US)) (Version: 63.0.3 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 63.0.1.6877 - Mozilla)
    NOW TV Player 2.1.4.0 (HKU\S-1-5-21-439163156-588376408-1409899048-1002\...\com.bskyb.nowtvplayer_is1) (Version: 2.1.4.0 - NOW TV)
    OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
    Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11001.20108 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11001.20108 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11001.20108 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11001.20108 - Microsoft Corporation) Hidden
    Origin (HKLM-x32\...\Origin) (Version: 10.4.8.36918 - Electronic Arts, Inc.)
    Polar Bowler 1st Frame (HKLM-x32\...\WTA-b26d1d90-7109-486c-b452-550861feb195) (Version: 3.0.2.59 - WildTangent) Hidden
    Ranch Rush 2 - Premium Edition (HKLM-x32\...\WTA-285f8302-558e-4d9e-8188-1c069000d5f1) (Version: 2.2.0.97 - WildTangent) Hidden
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.31213 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7944 - Realtek Semiconductor Corp.)
    Runefall (HKLM-x32\...\WTA-8855a481-94f8-495f-85fd-d34ebbc2531c) (Version: 3.0.2.126 - WildTangent) Hidden
    Spotify (HKU\S-1-5-21-439163156-588376408-1409899048-1002\...\Spotify) (Version: 1.0.57.474.gca9c9538 - Spotify AB)
    swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.69.43.024017 - Electronic Arts Inc.)
    Trinklit Supreme (HKLM-x32\...\WTA-47b36746-5189-4fef-ba03-89e31a97ea36) (Version: 2.2.0.98 - WildTangent) Hidden
    Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C5FDDED7-DEC7-48B4-AFD8-DFB8A0FD199A}) (Version: 2.51.0.0 - Microsoft Corporation)
    Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
    Vacation Quest™ - Australia (HKLM-x32\...\WTA-be876361-2eb9-4629-af3b-18c00da93200) (Version: 3.0.2.59 - WildTangent) Hidden
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    VitalSource Bookshelf (HKLM-x32\...\{85de0cbc-e163-4090-90bc-8df9830640dc}) (Version: 7.6.0007 - Ingram Content Group)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.4 - VideoLAN)
    VSDC Free Video Editor version 5.8.9.858 (HKLM\...\VSDC Free Video Editor_is1) (Version: 5.8.9.858 - Flash-Integro LLC)
    Wedding Dash (HKLM-x32\...\WTA-707f443e-9331-46fc-a761-8dc0f500221c) (Version: 2.2.0.95 - WildTangent) Hidden
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
    WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.11.16 - WildTangent) Hidden
    Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22391 - Microsoft Corporation)
    Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
    Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
    WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
    Youda Jewel Shop (HKLM-x32\...\WTA-2000b757-2bee-43d4-867b-bf2cb619da12) (Version: 3.0.2.51 - WildTangent) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-439163156-588376408-1409899048-1002_Classes\CLSID\{C4F0910E-E0B4-4E68-8086-452730C7A26A}\InprocServer32 -> C:\Users\di_bl\AppData\Local\Autodesk\webdeploy\production\5669a8135e51a5c306a7cdb9b99cf334ce773328\NPreview10.dll ()
    ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-10-04] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-10-04] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-10-04] (Google)
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-12-01] (AVAST Software)
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-12-01] (AVAST Software)
    ContextMenuHandlers1: [7-Zip] -> [CC]{23170F69-40C1-278A-1000-000100020000} => -> No File
    ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-12-01] (AVAST Software)
    ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2018-11-23] (AVG Technologies CZ, s.r.o.)
    ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-10-04] (Google)
    ContextMenuHandlers1: [PhotoStreamsExt] -> [CC]{89D984B3-813B-406A-8298-118AFA3A22AE} => -> No File
    ContextMenuHandlers1: [WinRAR] -> [CC]{B41DB860-64E4-11D2-9906-E49FADC173CA} => -> No File
    ContextMenuHandlers1: [WinRAR32] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
    ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-12-01] (AVAST Software)
    ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-10-04] (Google)
    ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-08-06] (Advanced Micro Devices, Inc.)
    ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-12-01] (AVAST Software)
    ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2018-11-23] (AVG Technologies CZ, s.r.o.)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {02C5A9E3-5D84-470C-943F-2999E866A777} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-11-19] (Microsoft Corporation)
    Task: {07B56E33-3204-49F4-8AEF-CD7DA48B1B54} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-11-19] (Microsoft Corporation)
    Task: {0A8EF1C7-1367-49F2-A868-907C43077B16} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2018-10-28] (AVG Technologies CZ, s.r.o.)
    Task: {1E839B69-87D8-434C-9A16-D3DFA3982E76} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-02] (Google Inc.)
    Task: {261C6288-8931-4373-8596-BAB92221E33B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2018-08-30] (HP Inc.)
    Task: {28D533EA-B092-414F-AB77-C3A5B3A6C834} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_153_pepper.exe [2018-11-23] (Adobe Systems Incorporated)
    Task: {2E7AB072-E32D-487D-9142-D3EB3F99F9A2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-11-09] (HP Inc.)
    Task: {349009FC-D15D-4D79-8674-C6FBFA792552} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-11-02] (Microsoft Corporation)
    Task: {34D83C40-B871-4FFB-91EF-F6999CE08247} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
    Task: {3D9A5E40-905E-4A6C-9E8C-40AE778F576A} - System32\Tasks\Driver Easy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [2018-10-22] (Easeware)
    Task: {3E24A5F8-7AA2-4F54-B242-62502C075105} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-11-28] (Piriform Ltd)
    Task: {42BC73FC-9A49-47F2-8993-A0002CF35789} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-11-08] (HP Inc.)
    Task: {4A507A28-AEE1-4301-9899-7B9161CDFA3D} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2018-11-23] (AVG Technologies CZ, s.r.o.)
    Task: {4EDD4083-0776-4974-93B1-D62A70924315} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-11-19] (Microsoft Corporation)
    Task: {574FA014-3E8B-4532-A354-24AE8A228D17} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_153_Plugin.exe [2018-11-22] (Adobe Systems Incorporated)
    Task: {5EDDF56C-96D8-4449-BD2F-EE9FE7EA0A48} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-11-19] (Microsoft Corporation)
    Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
    Task: {7AC23753-8314-4223-8D48-4656BA442296} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-11-02] (Microsoft Corporation)
    Task: {8863CF95-7C3C-404F-BE37-6FD8372FA8EC} - \YCMServiceAgent -> No File <==== ATTENTION
    Task: {944FDFCE-AC79-4B89-BF43-98603ADB4C5D} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
    Task: {96F353A0-B9A1-49E1-91BD-273A2F9FF58C} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {98BC744D-27A4-413A-A561-848EF45F2E85} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [2018-11-19] (Microsoft Corporation)
    Task: {B0B4B369-B6A0-4321-8597-4D65CC7F2717} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2018-06-06] ()
    Task: {BAD657D0-B924-42AE-AFD2-75E956811495} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
    Task: {BE5E1957-4E1D-4C00-A443-672BD843623B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)
    Task: {C9D887D3-BEDD-4FFB-8920-1CEF6A9CFAC6} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [2018-11-19] (Microsoft Corporation)
    Task: {CA980668-E404-40B2-80BC-4EAAE822DA26} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-11-28] (Piriform Software Ltd)
    Task: {CECAA6B4-1DA9-49E4-89B5-966654AEDF3E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
    Task: {D3927365-A77D-4E24-8347-E898EB65C0F7} - System32\Tasks\Microsoft\Windows\PLA\System\{41FF2E53-34E2-40BC-A39A-5AE677070385}_System Diagnostics => Command(1): C:\WINDOWS\system32\rundll32.exe -> C:\WINDOWS\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)"
    Task: {D3927365-A77D-4E24-8347-E898EB65C0F7} - System32\Tasks\Microsoft\Windows\PLA\System\{41FF2E53-34E2-40BC-A39A-5AE677070385}_System Diagnostics => Command(2): C:\WINDOWS\system32\schtasks.exe -> /delete /f /tn "\Microsoft\Windows\PLA\System\{41FF2E53-34E2-40BC-A39A-5AE677070385}_System Diagnostics"
    Task: {D9D043FE-BBDC-4CDE-8573-CF0B12FF1B50} - System32\Tasks\HPCeeScheduleFordi_bl => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
    Task: {D9DAFFF4-D153-4B23-A10E-B02F4876D885} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-11-23] (Adobe Systems Incorporated)
    Task: {E05AAD9A-75DB-46D3-BA10-82B25A8DA43F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-11-09] (HP Inc.)
    Task: {E358FADC-2F63-45D1-B66E-27B88C539CC0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-02] (Google Inc.)
    Task: {F111B3FA-2DE4-413C-9F3C-9327F640C04D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
    Task: {F42F9BC4-45A1-4547-BF9F-F322B11B29D8} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-22] ()

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
    Task: C:\WINDOWS\Tasks\Driver Easy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
    Task: C:\WINDOWS\Tasks\HPCeeScheduleFordi_bl.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2018-04-11 23:34 - 2018-04-11 23:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
    2018-05-15 17:59 - 2018-05-15 17:59 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2018-08-22 22:18 - 2018-08-22 22:18 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2016-02-01 03:22 - 2014-04-14 18:59 - 000389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    2015-08-06 21:39 - 2015-08-06 21:39 - 000127488 _____ () c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
    2018-04-11 23:34 - 2018-04-11 23:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
    2018-11-30 10:39 - 2018-11-09 02:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
    2018-11-30 10:40 - 2018-11-09 02:17 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2018-10-04 19:44 - 2018-10-04 19:44 - 046459080 _____ () C:\Program Files\Google\Drive\googledrivesync.exe
    2018-12-01 07:58 - 2018-12-01 07:58 - 000113664 _____ () C:\Users\di_bl\AppData\Local\Temp\_MEI11242\_ctypes.pyd
    2018-12-01 07:58 - 2018-12-01 07:58 - 000080896 _____ () C:\Users\di_bl\AppData\Local\Temp\_MEI11242\bz2.pyd
    2018-12-01 07:58 - 2018-12-01 07:58 - 001792512 _____ () C:\Users\di_bl\AppData\Local\Temp\_MEI11242\_hashlib.pyd
    2018-12-01 07:58 - 2018-12-01 07:58 - 000128512 _____ () C:\Users\di_bl\AppData\Local\Temp\_MEI11242\win32api.pyd
    2018-12-01 07:58 - 2018-12-01 07:58 - 000137728 _____ () C:\Users\di_bl\AppData\Local\Temp\_MEI11242\pywintypes27.dll
    2018-12-01 07:58 - 2018-12-01 07:58 - 000548864 _____ () C:\Users\di_bl\AppData\Local\Temp\_MEI11242\pythoncom27.dll
    2018-12-01 07:58 - 2018-12-01 07:58 - 000689664 _____ () C:\Users\di_bl\AppData\Local\Temp\_MEI11242\unicodedata.pyd
    2018-12-01 07:58 - 2018-12-01 07:58 - 000438784 _____ () C:\Users\di_bl\AppData\Local\Temp\_MEI11242\win32com.shell.shell.pyd
    2018-12-01 07:58 - 2018-12-01 07:58 - 001489408 _____ () C:\Users\di_bl\AppData\Local\Temp\_MEI11242\wx._core_.pyd
    2018-12-01 07:58 - 2018-12-01 07:58 - 001007104 _____ () C:\Users\di_bl\AppData\Local\Temp\_MEI11242\wx._gdi_.pyd
    2018-12-01 07:58 - 2018-12-01 07:58 - 001039872 _____ () C:\Users\di_bl\AppData\Local\Temp\_MEI11242\wx._windows_.pyd
    2018-12-01 07:58 - 2018-12-01 07:58 - 001325056 _____ () C:\Users\di_bl\AppData\Local\Temp\_MEI11242\wx._controls_.pyd
    2018-12-01 07:58 - 2018-12-01 07:58 - 000916992 _____ () C:\Users\di_bl\AppData\Local\Temp\_MEI11242\wx._misc_.pyd
    2018-12-01 07:58 - 2018-12-01 07:58 - 001084416 _____ () C:\Users\di_bl\AppData\Local\Temp\_MEI11242\pysqlite2._sqlite.pyd
    2018-12-01 07:58 - 2018-12-01 07:58 - 000149504 _____ () C:\Users\di_bl\AppData\Local\Temp\_MEI11242\win32file.pyd
    2018-12-01 07:58 - 2018-12-01 07:58 - 000136192 _____ () C:\Users\di_bl\AppData\Local\Temp\_MEI11242\win32security.pyd
    2018-12-01 07:58 - 2018-12-01 07:58 - 000007680 _____ () C:\Users\di_bl\AppData\Local\Temp\_MEI11242\hashobjs_ext.pyd
    2018-12-01 07:58 - 2018-12-01 07:58 - 000020992 _____ () C:\Users\di_bl\AppData\Local\Temp\_MEI11242\thumbnails_ext.pyd
    2018-12-01 07:58 - 2018-12-01 07:58 - 000118784 _____ () C:\Users\di_bl\AppData\Local\Temp\_MEI11242\usb_ext.pyd
    2018-12-01 07:58 - 2018-12-01 07:58 - 000047616 _____ () C:\Users\di_bl\AppData\Local\Temp\_MEI11242\_socket.pyd
    2018-12-01 07:58 - 2018-12-01 07:58 - 002224640 _____ () C:\Users\di_bl\AppData\Local\Temp\_MEI11242\_ssl.pyd
    2018-12-01 07:58 - 2018-12-01 07:58 - 000014848 _____ () C:\Users\di_bl\AppData\Local\Temp\_MEI11242\common.time34.pyd
    2018-12-01 07:58 - 2018-12-01 07:58 - 000023040 _____ () C:\Users\di_bl\AppData\Local\Temp\_MEI11242\win32event.pyd
    2018-12-01 07:58 - 2018-12-01 07:58 - 000034304 _____ () C:\Users\di_bl\AppData\Local\Temp\_MEI11242\windows.conditional.pyd
    2018-12-01 07:58 - 2018-12-01 07:58 - 000020480 _____ () C:\Users\di_bl\AppData\Local\Temp\_MEI11242\windows.winwrap.pyd
    2018-12-01 07:58 - 2018-12-01 07:58 - 000110080 _____ () C:\Users\di_bl\AppData\Local\Temp\_MEI11242\windows.volumes.pyd
    2018-12-01 07:58 - 2018-12-01 07:58 - 000223232 _____ () C:\Users\di_bl\AppData\Local\Temp\_MEI11242\win32gui.pyd
    2018-12-01 07:58 - 2018-12-01 07:58 - 000173568 _____ () C:\Users\di_bl\AppData\Local\Temp\_MEI11242\_elementtree.pyd
    2018-12-01 07:58 - 2018-12-01 07:58 - 000169472 _____ () C:\Users\di_bl\AppData\Local\Temp\_MEI11242\pyexpat.pyd
    2018-12-01 07:58 - 2018-12-01 07:58 - 000048128 _____ () C:\Users\di_bl\AppData\Local\Temp\_MEI11242\win32inet.pyd
    2018-12-01 07:58 - 2018-12-01 07:58 - 000103424 _____ () C:\Users\di_bl\AppData\Local\Temp\_MEI11242\wx._html2.pyd
    2018-12-01 07:58 - 2018-12-01 07:58 - 000046080 _____ () C:\Users\di_bl\AppData\Local\Temp\_MEI11242\_psutil_windows.pyd
    2018-12-01 07:58 - 2018-12-01 07:58 - 000633272 _____ () C:\Users\di_bl\AppData\Local\Temp\_MEI11242\windows._cacheinvalidation.pyd
    2018-12-01 07:58 - 2018-12-01 07:58 - 000011776 _____ () C:\Users\di_bl\AppData\Local\Temp\_MEI11242\win32crypt.pyd
    2018-12-01 07:58 - 2018-12-01 07:58 - 000301568 _____ () C:\Users\di_bl\AppData\Local\Temp\_MEI11242\PIL._imaging.pyd
    2018-12-01 07:58 - 2018-12-01 07:58 - 000032256 _____ () C:\Users\di_bl\AppData\Local\Temp\_MEI11242\_multiprocessing.pyd
    2018-12-01 07:58 - 2018-12-01 07:58 - 005752320 _____ () C:\Users\di_bl\AppData\Local\Temp\_MEI11242\cello.pyd
    2018-12-01 07:58 - 2018-12-01 07:58 - 000026112 _____ () C:\Users\di_bl\AppData\Local\Temp\_MEI11242\_yappi.pyd
    2018-12-01 07:58 - 2018-12-01 07:58 - 000044032 _____ () C:\Users\di_bl\AppData\Local\Temp\_MEI11242\win32process.pyd
    2018-12-01 07:58 - 2018-12-01 07:58 - 000027648 _____ () C:\Users\di_bl\AppData\Local\Temp\_MEI11242\win32pipe.pyd
    2018-12-01 07:58 - 2018-12-01 07:58 - 000010752 _____ () C:\Users\di_bl\AppData\Local\Temp\_MEI11242\select.pyd
    2018-12-01 07:58 - 2018-12-01 07:58 - 000029696 _____ () C:\Users\di_bl\AppData\Local\Temp\_MEI11242\win32pdh.pyd
    2018-12-01 07:58 - 2018-12-01 07:58 - 000038400 _____ () C:\Users\di_bl\AppData\Local\Temp\_MEI11242\windows.connectivity.pyd
    2018-12-01 07:58 - 2018-12-01 07:58 - 000073216 _____ () C:\Users\di_bl\AppData\Local\Temp\_MEI11242\windows.device_monitor.pyd
    2018-12-01 07:58 - 2018-12-01 07:58 - 000020480 _____ () C:\Users\di_bl\AppData\Local\Temp\_MEI11242\win32profile.pyd
    2018-12-01 07:58 - 2018-12-01 07:58 - 000026624 _____ () C:\Users\di_bl\AppData\Local\Temp\_MEI11242\win32ts.pyd
    2017-05-08 09:35 - 2017-05-08 09:35 - 000325632 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\GpsImgWrapper.dll
    2018-06-06 13:31 - 2018-06-06 13:31 - 000073216 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\FixBootSector.dll
    2018-03-07 19:18 - 2018-03-07 19:19 - 067127976 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll
    2018-11-23 09:41 - 2018-11-23 09:41 - 000594192 _____ () C:\Program Files (x86)\AVG\Antivirus\streamback.dll
    2018-11-29 18:51 - 2018-07-18 11:10 - 002448384 _____ () C:\Program Files (x86)\Auslogics\Registry Cleaner\ciniwin-dll.dll
    2018-11-29 19:04 - 2018-11-16 06:34 - 004238168 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.110\libglesv2.dll
    2018-11-29 19:04 - 2018-11-16 06:34 - 000096600 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.110\libegl.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-439163156-588376408-1409899048-1002\...\sharepoint.com -> hxxps://livewarwickac-files.sharepoint.com

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2015-10-30 07:24 - 2018-11-15 20:18 - 000000828 _____ C:\WINDOWS\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-439163156-588376408-1409899048-1002\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
    HKU\S-1-5-21-439163156-588376408-1409899048-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
    DNS Servers: 194.168.4.100 - 194.168.8.100
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    If an entry is included in the fixlist, it will be removed.

    HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
    HKLM\...\StartupApproved\Run: => "RTHDVCPL"
    HKLM\...\StartupApproved\Run: => "DeliveryAndStatusCheck"
    HKLM\...\StartupApproved\Run: => "iTunesHelper"
    HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
    HKLM\...\StartupApproved\Run: => "HPRadioMgr"
    HKLM\...\StartupApproved\Run32: => "HPMessageService"
    HKLM\...\StartupApproved\Run32: => "StartCCC"
    HKLM\...\StartupApproved\Run32: => "PowerDVD14Agent"
    HKLM\...\StartupApproved\Run32: => "HP Software Update"
    HKLM\...\StartupApproved\Run32: => "HPRadioMgr"
    HKLM\...\StartupApproved\Run32: => "ConnectionCenter"
    HKLM\...\StartupApproved\Run32: => "Redirector"
    HKLM\...\StartupApproved\Run32: => "SecurityHealth"
    HKU\S-1-5-21-439163156-588376408-1409899048-1002\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
    HKU\S-1-5-21-439163156-588376408-1409899048-1002\...\StartupApproved\Run: => "CCleaner Monitoring"
    HKU\S-1-5-21-439163156-588376408-1409899048-1002\...\StartupApproved\Run: => "GarminExpressTrayApp"
    HKU\S-1-5-21-439163156-588376408-1409899048-1002\...\StartupApproved\Run: => "OneDrive"
    HKU\S-1-5-21-439163156-588376408-1409899048-1002\...\StartupApproved\Run: => "iCloudServices"
    HKU\S-1-5-21-439163156-588376408-1409899048-1002\...\StartupApproved\Run: => "iCloudDrive"
    HKU\S-1-5-21-439163156-588376408-1409899048-1002\...\StartupApproved\Run: => "iCloudPhotos"
    HKU\S-1-5-21-439163156-588376408-1409899048-1002\...\StartupApproved\Run: => "ApplePhotoStreams"
    HKU\S-1-5-21-439163156-588376408-1409899048-1002\...\StartupApproved\Run: => "EADM"
    HKU\S-1-5-21-439163156-588376408-1409899048-1002\...\StartupApproved\Run: => "Spotify Web Helper"
    HKU\S-1-5-21-439163156-588376408-1409899048-1002\...\StartupApproved\Run: => "Spotify"
    HKU\S-1-5-21-439163156-588376408-1409899048-1002\...\StartupApproved\Run: => "VideoGuardMonitor"
    HKU\S-1-5-21-439163156-588376408-1409899048-1002\...\StartupApproved\Run: => "CCleaner Smart Cleaning"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{1C114CEF-6234-4E5B-8E14-D306043C7E70}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    FirewallRules: [UDP Query User{CA6518D4-B0E3-4CCA-AF41-953BC5A7A7EC}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [TCP Query User{6EF7033F-849A-4AAC-98C4-3840B953171D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [{FEE66317-2A86-4B8F-A515-73E5B0A769D5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
    FirewallRules: [{DDFC309C-8B59-44A4-B37E-3099F9E0B05E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
    FirewallRules: [{BAD51284-5C59-4DE7-8290-1C30CF820693}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
    FirewallRules: [{501F7187-2D91-46DB-9094-ECBC54C6F372}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
    FirewallRules: [{43657C22-7644-468C-885F-B7F70E9811C4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
    FirewallRules: [{A352B1A4-6A16-4B25-8E4E-672C60776F55}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{510C5568-F670-4CEF-8578-1A56CFDA5E5E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{58958B74-F45C-4CF9-B34E-8CABAAF19023}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{8BE9648D-44B7-47CD-8CA1-ED2942B5DB49}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{12E5C47A-600F-477A-AAD9-DE6910D79669}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{B48A9CBB-81E0-48E6-9B8F-444CEEC4CC09}] => (Allow) C:\Program Files\HP\HP ENVY 4520 series\Bin\HPNetworkCommunicatorCom.exe
    FirewallRules: [{20CFD3F8-5D62-4D33-90CB-713406F52C1E}] => (Allow) LPort=5357
    FirewallRules: [{BF01E206-5461-4FC2-9AB4-4BE5B6E797BD}] => (Allow) C:\Program Files\HP\HP ENVY 4520 series\Bin\DeviceSetup.exe
    FirewallRules: [{3208E382-C499-4E32-AF68-C699285114FB}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe
    FirewallRules: [{B510C6AD-2C36-42F5-B354-FD7E7EC8352A}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [TCP Query User{DDB14AA4-4C83-4D8D-A289-D3F057F20974}C:\users\di_bl\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\di_bl\appdata\roaming\spotify\spotify.exe
    FirewallRules: [UDP Query User{58496E9C-17B1-4E18-BC1E-402E28247530}C:\users\di_bl\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\di_bl\appdata\roaming\spotify\spotify.exe
    FirewallRules: [{3A3C1951-DAF5-4FAD-8438-43DB0B767FDA}] => (Block) C:\users\di_bl\appdata\roaming\spotify\spotify.exe
    FirewallRules: [{565D1AB3-2822-4C1B-A9C2-67AC79BF38D1}] => (Block) C:\users\di_bl\appdata\roaming\spotify\spotify.exe
    FirewallRules: [{DD5C9805-3840-437C-B086-9417DE1966B3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.84.344.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{ACC5FCDB-BFAB-4BB4-807A-69B2B7C193F6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.84.344.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{69DF9C67-74BD-4EF0-8409-008746587DF8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.84.344.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{A23EF730-3C81-4A2E-AA5D-7EBC88452AF3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.84.344.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{8450C64F-5CDB-40DD-8CE6-64D7DDD41803}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.84.344.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{C545B494-A05E-4AC7-B67C-2427F46D7633}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.84.344.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{7C09D0BA-7470-4CEE-804F-EAB8BE87623B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.84.344.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{70DA6F98-B252-435A-9BD3-59F70BB4DD03}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.84.344.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{96B01362-470B-4F7A-BAD8-98902674C244}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.84.344.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
    FirewallRules: [{B71AEF66-0CC2-40FC-82ED-898607C0C720}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.84.344.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
    FirewallRules: [{8AB685C8-7D33-4ED7-B174-F144E675ECB7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.84.344.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{19DEDA58-06A3-48C0-85E2-2368E2739168}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.84.344.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{F85A784F-2540-49FB-9DEE-445AAE1F6A61}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.84.344.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{18EB6DAA-4496-4CEA-B8F0-67AFD0009CE4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.84.344.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{6D842B1A-163C-4007-B23F-8D03D5AC0DFE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.84.344.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{925C76C8-0E74-4322-A65E-A618E0B07D49}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.84.344.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{540264D4-D2BF-4589-B2C6-DFF8B14EE640}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.84.344.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{487303F8-1120-44E3-9D8B-46DBE141E510}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.84.344.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{751BFC5D-A4DD-405F-856F-2A486A7506B8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.84.344.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
    FirewallRules: [{157E3ED2-F086-476D-AE8C-DA9B71557D6C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.84.344.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
    FirewallRules: [{AFF25C4F-07B2-430A-845A-058D0ACC8BD6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.259.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{E0E8780D-BC21-4457-A0F9-1D20F32CADF1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.259.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{94B5024F-C28B-4748-AD39-8B9D573D057F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.259.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{28A9FA2E-AB9D-4F14-BB75-81CE5F76B6CB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.259.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{5B216DA8-B462-4ACF-92F0-D7FF3090FCA7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.259.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{04035B69-CB1F-4D83-8397-BACF8D9CF01D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.259.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{43F41E35-6D28-4ADD-9877-319609AC5353}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.259.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{E82FE1C1-7566-4531-84E1-A427C9E1F8CC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.259.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{D960D71E-4999-4151-9BE4-AB97FF43BF81}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.259.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
    FirewallRules: [{DBEB6942-4FEB-4B74-9E4B-9B57637C2C8A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.259.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
    FirewallRules: [{64D3CC88-674F-4F90-9D93-B0981C0E14F0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.86.337.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{3BD7A32A-08CA-4061-AE3B-BF5C8E51D64B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.86.337.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{0BA73F0A-40CC-402A-8D23-55B39973380F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.86.337.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{694A4F3D-FB71-4EA0-9A37-0966497B63A0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.86.337.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{DB0A811E-BCCB-46B4-B2C0-5EA566BF4339}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.86.337.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{F41A70D1-D80F-4DB2-8832-1C9DDEDA193A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.86.337.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{89A0F54C-3911-462E-AA7C-3AA889FA6DA3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.86.337.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{72D24965-816C-49CA-8AD5-9899691CFF5E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.86.337.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{6B7A43C1-06BC-4ED8-AEA3-AF70511C91A4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
    FirewallRules: [{84C01C40-EE38-4548-95C3-E9D7B99AD8F4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
    FirewallRules: [{22545676-80F3-475F-9B0D-7C11711A3AAC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{284B77AA-1639-4DD7-B376-2FECE04952F4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{822A22B6-E814-464F-B121-074CC9AE6F05}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{E0D604E7-07ED-4CDE-8534-8995BA1D9769}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{C5EDE4E9-B5DE-4ED6-BDA9-1E6C772FCB51}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{73A561D0-8C24-4C5F-AE86-6F1835806496}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{BE164B20-592B-4430-B0DF-9F04FC8AF3F9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{879A076D-1B8B-4D48-A2B9-2DC73D3F7A24}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{9FAB1D2C-9DD8-48D6-BE73-7FD42C18912F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{FE3FEFBB-AF18-4E9F-BD74-57419926A628}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{CFF634F8-38ED-454C-ABA9-5CEADAE27AFC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{B5BE221A-DAFD-435F-94B9-FB81ABC65568}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{90A4BB7F-3857-46C9-830C-85ED1535D1B5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{15C337C1-8793-4F79-8F82-EA3D03CE9987}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{CCDD323D-F1CE-4B63-BC81-748B3C68D4E3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{6371FA4F-E685-422C-9C0B-3294536E0357}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{3400E0A8-7340-42F8-9AC8-B4E18FEDEC9F}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\VideoEditor.exe
    FirewallRules: [{E9126420-0C3F-482B-A97F-C4965D78B1E4}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\VideoEditor.exe
    FirewallRules: [{235A93BA-19A4-4F92-9F8B-D2267D31C6E3}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Activation.exe
    FirewallRules: [{A3C65D52-4BC4-476D-AC22-F730DEE7BD85}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Activation.exe
    FirewallRules: [{C74C44D3-1C44-4FBD-A9D0-EB5F97CFD4E6}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Updater.exe
    FirewallRules: [{6C5DB629-3E72-4AFF-A93E-E4FA98A685BE}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Updater.exe
    FirewallRules: [{B1A26D1E-78FF-4ACB-A337-7E2663B726BA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.88.353.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{B0B75318-56CB-4C24-895B-149693D96F85}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.88.353.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{B9DD0B7E-ACA0-4BBF-A270-681E51FB9AC8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.88.353.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{9B48863A-1A11-4919-B71E-35228AE1E71D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.88.353.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{BCE95A7C-4540-4FB0-8AA4-C8391907C8C2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.88.353.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{27C62516-385A-493A-84B0-9A9D9F7D0A79}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.88.353.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{4D3E76F9-8510-486D-B444-B943A8C21188}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.88.353.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{1B95A97E-1D37-4A67-A06A-760A9AE6CAD1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.88.353.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{3E659387-5F30-4D64-BB26-9BC3DA0FD06B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.88.353.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{ED58A6D3-06FC-4771-8E10-4B458183EF85}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.88.353.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{83795451-4EBA-49BB-928C-8A5FC83D0F3C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.88.353.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{F77BFFBB-D810-4647-B595-E63D51873309}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.88.353.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{EC62DB5B-4DC8-4BBF-B242-0026603B186D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.88.353.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{C4426D63-E751-4F9F-B648-63C718CE3044}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.88.353.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{343F5ACF-063D-42EF-9C35-CBF61A0F33D8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.88.353.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{DE99EEE4-0074-4B9B-BECA-27DAD0F53A2E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.88.353.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{FE994990-0E99-4989-A0D0-CB4EEB255A78}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.88.353.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{116DBABB-CE8B-4791-8404-72275A60FBA2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.88.353.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{54ABE259-273E-49DB-BE9A-A97B43CF5E83}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.88.353.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{A3BF5575-9DF6-4832-8A17-E680A61E3485}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.88.353.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{6C2963C1-B269-4826-8D93-8FD807D9E955}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.88.353.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{41B660C3-1723-4E44-A799-0A990F384344}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.88.353.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{5C90E7F7-E83B-4EC1-B544-F2704B4408B6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.88.353.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{C59B3C24-FA01-4F8C-B99B-DACF8970FB35}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.88.353.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{F3FF38B9-593C-4F87-A140-A82FE7F813A7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
    FirewallRules: [{C53B6EDE-63EB-44CD-B401-D5CA9138A853}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
    FirewallRules: [{A41FDA0C-D665-4BA3-97C5-A4A3DE34FA9F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
    FirewallRules: [{3E6DEF42-E2EE-4C93-A036-31EB09C7B7C9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.89.313.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{E1F7FE89-D179-4F28-B01B-7A1BD1D55A89}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.89.313.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{CBF9EFAA-FD58-4D63-90AB-BD6BF93B91A3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.89.313.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{591E38BA-B62D-4EB4-AFF4-0964BE178524}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.89.313.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{0E6E6D56-17F7-4E4C-876A-6228DD16F69C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.89.313.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{05F3E424-A64A-492A-A4ED-020FA2A50F6D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.89.313.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{3C59DAD7-8F1E-448A-9BA4-AFC415A242EF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.89.313.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{7A931DA5-0626-422A-A2F6-73A0157B302A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.89.313.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{64B1FDD4-5958-4B63-B062-687D7133146D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.90.268.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{5E03929E-D0FF-4ADB-A896-8CCA506219A9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.90.268.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{15CC7FAD-356B-42D5-B93E-C9A03B1F35C4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.90.268.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{E092467A-1D3D-4E2E-B77B-64FE2F52FAE0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.90.268.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{769414E3-BF9C-4835-8541-31A58968D567}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.90.268.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{7BB175B7-6D2B-42AE-AF6D-D223340149B6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.90.268.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{1CE34A81-A7B8-4E97-B479-21EBC4DF4743}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.90.268.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{4B7A8443-56A6-4093-B69D-784CF55A1A5E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.90.268.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{00110D63-8ECE-4478-8A45-BE44C9889E5B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.91.183.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{E8073E33-1DB1-4B98-AB83-0D18CF668C78}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.91.183.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{AA0ACC36-3BF3-4764-BB30-03081DADFDC8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.91.183.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{53670592-2ECA-47E0-9381-A6364947E418}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.91.183.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{333C0DB5-562B-4D0D-89CB-6B8AEBBF5CF1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.91.183.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{79941385-EFA2-4B62-B425-8B4781DAC912}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.91.183.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{4A3FBD2D-3665-4C9E-8FB3-3AAFE74C31D3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.91.183.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{E6039BDA-2C3F-4EB3-B88B-9643EC67D2FF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.91.183.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{A77E43AF-3D93-4126-B210-A4D336CD4DF7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.92.390.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{040C9C9E-AFEB-4A13-9F0D-BEE508E33114}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.92.390.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{0000B203-F7AE-4197-8724-0BB6655F51EE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.92.390.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{F02818AA-DC9D-4C80-B470-7F77B59A5E94}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.92.390.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{DCFEF891-F1E2-4838-BF50-105260B1F95C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.92.390.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{FBFD9A3D-A089-4208-A314-AEF9D8418051}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.92.390.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{88F99ABA-5B31-41FA-8B0E-7A04B16DB4BA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.92.390.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{47DFC6C7-ECF6-43B7-9A1E-ABB1A4FDE4CB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.92.390.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{10B90DE6-2AB8-44DB-84E3-0B244B0A0EB7}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{7FCF9BF1-D4AC-4003-AABD-A7D2406A688A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.92.390.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{99F3594E-6D5D-4DD4-9093-BB4B0073BCE9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.92.390.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{606066D7-5835-4DD4-9EC3-4E3CCC92AB1C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.92.390.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{32EB6B22-8F26-4ED1-8D91-316565E9A939}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.92.390.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{A530A451-8343-47B7-83B1-26849372D7F0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.92.390.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{A8F9E393-DA3A-4125-B04F-7BC826214E5E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.92.390.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{542836A7-96FC-4A03-AE15-A00184CEE177}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.92.390.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{5E860C93-F8E4-4752-A6E6-ED796C9004EB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.92.390.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{53963C08-DE18-4D6C-A7CF-E1F5E7909A58}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.92.390.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{1467D9F0-B258-4059-B72D-E4FF5AB2E322}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.92.390.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{BE19E41E-1E58-4CE1-B7A8-8CEF63D58F04}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.92.390.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{1791C838-9115-44C3-997E-EF6B65641111}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.92.390.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{4F5547BE-66BB-460C-AF5A-CDC6EB4C27CA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.92.390.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{23520C45-3403-49A2-B1FA-D5D2F86E877A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.92.390.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{6CFE473E-688D-433E-ADEB-BC0246696611}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.92.390.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{CD4C20DA-D6DF-45FA-928F-BA33013DD92F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.92.390.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{B4CC97D7-F97E-43BF-A533-C5E41F614574}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.93.244.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{811E13ED-62BA-4C4B-9940-04C87F66FF05}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.93.244.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{14D85255-D461-4B45-9660-55EF16D46C58}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.93.244.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{23E9A6D0-388E-4351-A881-8EA88E466811}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.93.244.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{B4CCC018-F4D6-48D2-9075-3CFEFAD75651}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.93.244.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{8A445854-C8B8-4969-B2FD-F3DCED091AEC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.93.244.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{35B41740-27BE-4926-BC66-DBFBB6BE1013}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.93.244.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{E45D121A-6D26-49B4-A9EA-887B863C11F0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.93.244.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{98E97B37-60F7-4466-921E-113703FED369}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.93.244.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{D5091842-0E84-49A6-8FD2-3CCB4C991AB2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.93.244.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{8AED8739-9859-4BC5-A41F-07E13D357132}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.93.244.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{C5412AB9-07C9-4285-9072-540CD29A0DB9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.93.244.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{F5802DB8-6CC3-4C5D-A61A-7AE98F19387D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.93.244.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{D1DBAE86-E5C7-42BB-B965-65D02762437A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.93.244.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{17ACB8C8-B02A-4903-A044-5467ED383E7B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.93.244.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{B88DB747-6653-4E12-9401-8A18F36FAE62}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.93.244.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{C33EE65C-FBF6-4164-B817-663753A29EB8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{E83EA065-4A49-4161-9962-6B91B8BECB85}] => (Allow) C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe
    FirewallRules: [{62EAA8CE-11FF-4755-BFAE-2F120605639A}] => (Allow) C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe
    FirewallRules: [{0AD48C9A-9FCA-4AF5-982A-146B99699A43}] => (Allow) C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
    FirewallRules: [{23161249-CB99-4E09-A3D2-DB3B695BF068}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.94.262.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{CE85051C-CCC2-45D3-A52C-5E1135EF1DBA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.94.262.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{1AE56885-6B8B-4433-94FF-7E543D5917E8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.94.262.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{4699EFEF-D840-44E6-9BA9-8A194CAD8818}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.94.262.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{0FA685AE-BCC0-4667-B5A9-73F207C0930E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.94.262.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{123F48E4-624F-4C08-B2D8-0B82486684C7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.94.262.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{7D778FF6-8EAC-46B4-8984-6EE6511928DF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.94.262.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{2C39342D-4697-43CC-B74B-F59047DA48BF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.94.262.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{191EB29F-38E6-4084-8B4C-F95C0EDFAE98}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
    FirewallRules: [{F83A82D2-C07D-4E2B-B895-5AABB503EC82}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe

    ==================== Restore Points =========================

    30-11-2018 10:37:05 Windows Update

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (12/01/2018 09:21:02 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: AdaptiveSleepService.exe, version: 0.0.0.0, time stamp: 0x55c40c49
    Faulting module name: AdaptiveSleepService.exe, version: 0.0.0.0, time stamp: 0x55c40c49
    Exception code: 0xc0000005
    Fault offset: 0x000000000000b9f4
    Faulting process ID: 0x1d90
    Faulting application start time: 0x01d4894bbd01bd71
    Faulting application path: c:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
    Faulting module path: c:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
    Report ID: 3fdd2784-f030-46d9-a046-8ebfc230e9ef
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (12/01/2018 07:41:15 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: mbamservice.exe, version: 3.2.0.704, time stamp: 0x5b9acf90
    Faulting module name: ntdll.dll, version: 10.0.17134.376, time stamp: 0x60d78cf9
    Exception code: 0xc0000005
    Fault offset: 0x000000000001d979
    Faulting process ID: 0xbc0
    Faulting application start time: 0x01d4894675499c9c
    Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
    Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
    Report ID: 031ec745-1f6a-4851-9405-784488398814
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (11/30/2018 08:27:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
    Description: The Cryptographic Services service failed to initialise the VSS backup "System Writer" object.

    Details:
    Could not query the status of the EventSystem service.

    System Error:
    A system shutdown is in progress.
    .

    Error: (11/30/2018 06:38:27 PM) (Source: Perflib) (EventID: 1008) (User: )
    Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

    Error: (11/30/2018 05:04:00 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: mbam.exe, version: 3.1.0.1644, time stamp: 0x5bc8b269
    Faulting module name: Qt5Core.dll, version: 5.11.1.0, time stamp: 0x5b9bc256
    Exception code: 0xc0000005
    Fault offset: 0x0019d749
    Faulting process ID: 0x2308
    Faulting application start time: 0x01d488ce003d312a
    Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
    Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
    Report ID: 7a88f95f-4294-4f65-8b3f-330ab8ca381a
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (11/30/2018 04:25:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 15579

    Error: (11/30/2018 04:25:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 15579

    Error: (11/30/2018 04:25:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second


    System errors:
    =============
    Error: (12/01/2018 09:21:06 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The AdaptiveSleepService service terminated unexpectedly. It has done this 1 time(s).

    Error: (12/01/2018 08:55:20 AM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-PPARAPRV)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user LAPTOP-PPARAPRV\di_bl SID (S-1-5-21-439163156-588376408-1409899048-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (12/01/2018 07:57:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Origin Web Helper Service service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (12/01/2018 07:57:08 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.

    Error: (12/01/2018 07:55:11 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
    Description: The avgbIDSAgent service did not shut down properly after receiving a pre-shutdown control.

    Error: (12/01/2018 07:52:59 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (12/01/2018 07:50:00 AM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-PPARAPRV)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user LAPTOP-PPARAPRV\di_bl SID (S-1-5-21-439163156-588376408-1409899048-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (12/01/2018 07:47:16 AM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-PPARAPRV)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user LAPTOP-PPARAPRV\di_bl SID (S-1-5-21-439163156-588376408-1409899048-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


    CodeIntegrity:
    ===================================

    Date: 2018-11-01 18:58:27.465
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-08-12 19:08:46.463
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-06-26 21:38:54.746
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.

    ==================== Memory info ===========================

    Processor: AMD A6-6310 APU with AMD Radeon R4 Graphics
    Percentage of memory in use: 73%
    Total physical RAM: 3529.01 MB
    Available physical RAM: 934.61 MB
    Total Virtual: 4302.63 MB
    Available Virtual: 848.53 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:913.57 GB) (Free:763.02 GB) NTFS
    Drive d: (RECOVERY) (Fixed) (Total:15.96 GB) (Free:1.88 GB) NTFS ==>[system with boot components (obtained from drive)]

    \\?\Volume{8eaa3cf7-3d32-41fe-ac84-dacf65452e5a}\ () (Fixed) (Total:1.71 GB) (Free:1.2 GB) NTFS
    \\?\Volume{272df27e-8b53-4532-8cb0-60d48a136259}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.19 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: A6FF75EF)

    Partition: GPT.

    ==================== End of Addition.txt ============================
    Last edited by tashi; 2018-12-02 at 08:08. Reason: Removed duplicate topic. :-)

  2. #2
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,674

    Default

    First thing I pick up on is your running 2 antivirus apps on the computer.

    Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.8.2356 - AVAST Software)
    AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 18.8.3071 - AVG Technologies)

    it might be you have set 1 as disabled but I have a gut feeling it's still trying to run in the background.
    For the running health of the computer and to prevent any false/positives, it would be best to uninstall one. It's possible having 2 will hinder work that needs to be done.

    I know you have probably used a couple of tools I will be recommending below, delete those and please download fresh installs as directed.

    ~~

    Start Farbar Recovery Scan Tool with Administrator privileges
    (Right click on the FRST icon and select Run as administrator)

    highlight on the text below and select Copy.
    beginning with Start:: and finishing with End::
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Highlight the entire content of the quote box below and select Copy.


    Start::
    CloseProcesses:
    CreateRestorePoint:

    SearchScopes: HKLM-x32 -> {7FFBE50A-2580-4284-B196-E51CA483A8C0} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKU\S-1-5-21-439163156-588376408-1409899048-1002 -> {7FFBE50A-2580-4284-B196-E51CA483A8C0} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKU\S-1-5-21-439163156-588376408-1409899048-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    2018-12-01 07:45 - 2018-11-30 20:48 - 011576808 _____ (SurfRight B.V.) C:\Users\di_bl\AppData\Local\Temp\HitmanPro.exe
    ContextMenuHandlers1: [7-Zip] -> [CC]{23170F69-40C1-278A-1000-000100020000} => -> No File
    ContextMenuHandlers1: [PhotoStreamsExt] -> [CC]{89D984B3-813B-406A-8298-118AFA3A22AE} => -> No File
    ContextMenuHandlers1: [WinRAR] -> [CC]{B41DB860-64E4-11D2-9906-E49FADC173CA} => -> No File
    ContextMenuHandlers1: [WinRAR32] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
    Task: {8863CF95-7C3C-404F-BE37-6FD8372FA8EC} - \YCMServiceAgent -> No File <==== ATTENTION
    Task: {96F353A0-B9A1-49E1-91BD-273A2F9FF58C} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    C:\Windows\Temp\*.*
    Emptytemp:
    End::

    Start FRST (FRST64) with Administrator privileges
    Press the Fix button. FRST will process the lines copied above from the clipboard.
    When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.

    Please copy and paste its contents in your next reply.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    AdwCleaner - Fix Mode
    • Download AdwCleaner and move it to your Desktop
    • Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
    • Accept the EULA (I accept), then click on Scan
    • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean & Repair button. This will kill all the active processes
    • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
    • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply



    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
    RogueKiller
    • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
    • Once done, move the executable file to your Desktop, right-click on it and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
    • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
    • Wait for the scan to complete
    • On completion, the results will be displayed
    • Check every single entry (threat found), and click on the Remove Selected button
    • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
    • This will open the report in Notepad. Copy/paste its content in your next reply


    created by Aura

    ~~~
    Your next reply(ies) should therefore contain:
    • Copy/pasted Fixlog.txt
    • Copy/pasted AdwCleaner clean log
    • Copy/pasted RogueKiller clean log
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
    Want to help others? Join the ClassRoom and learn how.

  3. #3
    Junior Member
    Join Date
    Dec 2018
    Posts
    6

    Default

    Thank you for reply. I have followed your instructions and log files are below:

    Fix result of Farbar Recovery Scan Tool (x64) Version: 01.12.2018 01
    Ran by di_bl (02-12-2018 15:28:42) Run:1
    Running from C:\Users\di_bl\Desktop
    Loaded Profiles: di_bl (Available Profiles: di_bl & emmab)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CloseProcesses:
    CreateRestorePoint:
    SearchScopes: HKLM-x32 -> {7FFBE50A-2580-4284-B196-E51CA483A8C0} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKU\S-1-5-21-439163156-588376408-1409899048-1002 -> {7FFBE50A-2580-4284-B196-E51CA483A8C0} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKU\S-1-5-21-439163156-588376408-1409899048-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    2018-12-01 07:45 - 2018-11-30 20:48 - 011576808 _____ (SurfRight B.V.) C:\Users\di_bl\AppData\Local\Temp\HitmanPro.exe
    ContextMenuHandlers1: [7-Zip] -> [CC]{23170F69-40C1-278A-1000-000100020000} => -> No File
    ContextMenuHandlers1: [PhotoStreamsExt] -> [CC]{89D984B3-813B-406A-8298-118AFA3A22AE} => -> No File
    ContextMenuHandlers1: [WinRAR] -> [CC]{B41DB860-64E4-11D2-9906-E49FADC173CA} => -> No File
    ContextMenuHandlers1: [WinRAR32] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
    Task: {8863CF95-7C3C-404F-BE37-6FD8372FA8EC} - \YCMServiceAgent -> No File <==== ATTENTION
    Task: {96F353A0-B9A1-49E1-91BD-273A2F9FF58C} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    C:\Windows\Temp\*.*
    Emptytemp:

    *****************

    Processes closed successfully.
    Restore point was successfully created.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{7FFBE50A-2580-4284-B196-E51CA483A8C0} => removed successfully
    HKLM\Software\Wow6432Node\Classes\CLSID\{7FFBE50A-2580-4284-B196-E51CA483A8C0} => not found
    HKU\S-1-5-21-439163156-588376408-1409899048-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7FFBE50A-2580-4284-B196-E51CA483A8C0} => removed successfully
    HKLM\Software\Classes\CLSID\{7FFBE50A-2580-4284-B196-E51CA483A8C0} => not found
    "HKU\S-1-5-21-439163156-588376408-1409899048-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => not found
    C:\Users\di_bl\AppData\Local\Temp\HitmanPro.exe => moved successfully
    HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
    HKLM\Software\Classes\CLSID\[CC]{23170F69-40C1-278A-1000-000100020000} => not found
    HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\PhotoStreamsExt => removed successfully
    HKLM\Software\Classes\CLSID\[CC]{89D984B3-813B-406A-8298-118AFA3A22AE} => not found
    HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR => removed successfully
    HKLM\Software\Classes\CLSID\[CC]{B41DB860-64E4-11D2-9906-E49FADC173CA} => not found
    HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32 => removed successfully
    HKLM\Software\Classes\CLSID\[CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} => not found
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8863CF95-7C3C-404F-BE37-6FD8372FA8EC}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8863CF95-7C3C-404F-BE37-6FD8372FA8EC}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YCMServiceAgent" => not found
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{96F353A0-B9A1-49E1-91BD-273A2F9FF58C}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{96F353A0-B9A1-49E1-91BD-273A2F9FF58C}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found

    =========== "C:\Windows\Temp\*.*" ==========

    C:\Windows\Temp\asw-4a4a5a53-bcbb-4d3f-a9c4-bd689f42952d.tmp => moved successfully
    C:\Windows\Temp\FXSAPIDebugLogFile.txt => moved successfully
    C:\Windows\Temp\FXSTIFFDebugLogFile.txt => moved successfully
    C:\Windows\Temp\HighPerformancePlan.log => moved successfully
    C:\Windows\Temp\LAPTOP-PPARAPRV-20181130-2028.log => moved successfully
    C:\Windows\Temp\LAPTOP-PPARAPRV-20181130-2036.log => moved successfully
    C:\Windows\Temp\LAPTOP-PPARAPRV-20181130-2144.log => moved successfully
    C:\Windows\Temp\LAPTOP-PPARAPRV-20181130-2150.log => moved successfully
    C:\Windows\Temp\LAPTOP-PPARAPRV-20181201-0718.log => moved successfully
    C:\Windows\Temp\LAPTOP-PPARAPRV-20181201-0721.log => moved successfully
    C:\Windows\Temp\LAPTOP-PPARAPRV-20181201-0724.log => moved successfully
    C:\Windows\Temp\LAPTOP-PPARAPRV-20181201-0742.log => moved successfully
    C:\Windows\Temp\LAPTOP-PPARAPRV-20181201-0748.log => moved successfully
    C:\Windows\Temp\LAPTOP-PPARAPRV-20181201-0756.log => moved successfully
    C:\Windows\Temp\LAPTOP-PPARAPRV-20181201-0801.log => moved successfully
    C:\Windows\Temp\LAPTOP-PPARAPRV-20181201-1019.log => moved successfully
    C:\Windows\Temp\LAPTOP-PPARAPRV-20181201-1043.log => moved successfully
    C:\Windows\Temp\LAPTOP-PPARAPRV-20181201-1053.log => moved successfully
    C:\Windows\Temp\LAPTOP-PPARAPRV-20181201-1121.log => moved successfully
    C:\Windows\Temp\LAPTOP-PPARAPRV-20181201-1143.log => moved successfully
    C:\Windows\Temp\LAPTOP-PPARAPRV-20181201-1326.log => moved successfully
    C:\Windows\Temp\LAPTOP-PPARAPRV-20181201-1429.log => moved successfully
    C:\Windows\Temp\LAPTOP-PPARAPRV-20181201-1550.log => moved successfully
    C:\Windows\Temp\LAPTOP-PPARAPRV-20181201-1602.log => moved successfully
    C:\Windows\Temp\LAPTOP-PPARAPRV-20181201-1618.log => moved successfully
    C:\Windows\Temp\LAPTOP-PPARAPRV-20181201-1626.log => moved successfully
    C:\Windows\Temp\LAPTOP-PPARAPRV-20181201-1748.log => moved successfully
    C:\Windows\Temp\LAPTOP-PPARAPRV-20181201-1753.log => moved successfully
    C:\Windows\Temp\LAPTOP-PPARAPRV-20181201-1840.log => moved successfully
    C:\Windows\Temp\LAPTOP-PPARAPRV-20181201-1846.log => moved successfully
    C:\Windows\Temp\LAPTOP-PPARAPRV-20181201-1859.log => moved successfully
    C:\Windows\Temp\LAPTOP-PPARAPRV-20181201-1901.log => moved successfully
    C:\Windows\Temp\LAPTOP-PPARAPRV-20181201-1917.log => moved successfully
    C:\Windows\Temp\LAPTOP-PPARAPRV-20181201-1918.log => moved successfully
    C:\Windows\Temp\LAPTOP-PPARAPRV-20181201-1922.log => moved successfully
    C:\Windows\Temp\LAPTOP-PPARAPRV-20181201-2128.log => moved successfully
    C:\Windows\Temp\LAPTOP-PPARAPRV-20181201-2134.log => moved successfully
    C:\Windows\Temp\LAPTOP-PPARAPRV-20181201-2223.log => moved successfully
    C:\Windows\Temp\LAPTOP-PPARAPRV-20181201-2235.log => moved successfully
    C:\Windows\Temp\LAPTOP-PPARAPRV-20181201-2242.log => moved successfully
    C:\Windows\Temp\LAPTOP-PPARAPRV-20181201-2244.log => moved successfully
    C:\Windows\Temp\LAPTOP-PPARAPRV-20181202-0001.log => moved successfully
    C:\Windows\Temp\LAPTOP-PPARAPRV-20181202-0021.log => moved successfully
    C:\Windows\Temp\LAPTOP-PPARAPRV-20181202-0837.log => moved successfully
    C:\Windows\Temp\LAPTOP-PPARAPRV-20181202-0840.log => moved successfully
    C:\Windows\Temp\LAPTOP-PPARAPRV-20181202-0944.log => moved successfully
    C:\Windows\Temp\LAPTOP-PPARAPRV-20181202-1012.log => moved successfully
    C:\Windows\Temp\LAPTOP-PPARAPRV-20181202-1133.log => moved successfully
    C:\Windows\Temp\LAPTOP-PPARAPRV-20181202-1232.log => moved successfully
    C:\Windows\Temp\LAPTOP-PPARAPRV-20181202-1240.log => moved successfully
    C:\Windows\Temp\LAPTOP-PPARAPRV-20181202-1309.log => moved successfully
    C:\Windows\Temp\LAPTOP-PPARAPRV-20181202-1453.log => moved successfully
    C:\Windows\Temp\LAPTOP-PPARAPRV-20181202-1518.log => moved successfully
    C:\Windows\Temp\LAPTOP-PPARAPRV-20181202-1527.log => moved successfully
    Could not move "C:\Windows\Temp\LAPTOP-PPARAPRV-20181202-1528.log" => Scheduled to move on reboot.
    C:\Windows\Temp\MpCmdRun.log => moved successfully
    C:\Windows\Temp\officeclicktorun.exe_streamserver(20181201104303B5C).log => moved successfully
    C:\Windows\Temp\officeclicktorun.exe_streamserver(20181201212844B50).log => moved successfully
    C:\Windows\Temp\officeclicktorun.exe_streamserver(20181201223556ABC).log => moved successfully
    C:\Windows\Temp\officeclicktorun.exe_streamserver(20181201224428A4C).log => moved successfully
    C:\Windows\Temp\officeclicktorun.exe_streamserver(20181202151809A24).log => moved successfully
    Could not move "C:\Windows\Temp\officeclicktorun.exe_streamserver(201812021528451D40).log" => Scheduled to move on reboot.
    C:\Windows\Temp\PowerPlan.log => moved successfully
    C:\Windows\Temp\sa.9PG15829SHZ3_0__.Public.InstallAgent.dat => moved successfully
    C:\Windows\Temp\WER4DE7.tmp.WERDataCollectionStatus.txt => moved successfully

    ========= End -> "C:\Windows\Temp\*.*" ========


    =========== EmptyTemp: ==========

    BITS transfer queue => 10510336 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 106692611 B
    Java, Flash, Steam htmlcache => 1187 B
    Windows/system/drivers => 10080674 B
    Edge => 13312 B
    Chrome => 32867117 B
    Firefox => 31433044 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 6656 B
    Users => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 0 B
    systemprofile32 => 0 B
    LocalService => 10282 B
    LocalService => 0 B
    NetworkService => 6656 B
    NetworkService => 0 B
    di_bl => 192693612 B
    emmab => 26144738 B

    RecycleBin => 99408 B
    EmptyTemp: => 391.5 MB temporary data Removed.

    ================================

    Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 02-12-2018 15:35:31)

    C:\Windows\Temp\LAPTOP-PPARAPRV-20181202-1528.log => Is moved successfully
    C:\Windows\Temp\officeclicktorun.exe_streamserver(201812021528451D40).log => Is moved successfully

    ==== End of Fixlog 15:35:31 ====



    # -------------------------------
    # Malwarebytes AdwCleaner 7.2.5.0
    # -------------------------------
    # Build: 11-26-2018
    # Database: 2018-11-30.1 (Cloud)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Clean
    # -------------------------------
    # Start: 12-02-2018
    # Duration: 00:00:05
    # OS: Windows 10 Home
    # Cleaned: 0
    # Failed: 0


    ***** [ Services ] *****

    No malicious services cleaned.

    ***** [ Folders ] *****

    No malicious folders cleaned.

    ***** [ Files ] *****

    No malicious files cleaned.

    ***** [ DLL ] *****

    No malicious DLLs cleaned.

    ***** [ WMI ] *****

    No malicious WMI cleaned.

    ***** [ Shortcuts ] *****

    No malicious shortcuts cleaned.

    ***** [ Tasks ] *****

    No malicious tasks cleaned.

    ***** [ Registry ] *****

    No malicious registry entries cleaned.

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries cleaned.

    ***** [ Chromium URLs ] *****

    No malicious Chromium URLs cleaned.

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries cleaned.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs cleaned.


    *************************

    [+] Delete Tracing Keys
    [+] Reset Winsock

    *************************

    AdwCleaner[S00].txt - [5544 octets] - [30/11/2018 20:26:37]
    AdwCleaner[C00].txt - [5052 octets] - [30/11/2018 20:27:45]
    AdwCleaner[S01].txt - [1372 octets] - [02/12/2018 15:45:53]
    AdwCleaner[S02].txt - [1433 octets] - [02/12/2018 15:47:23]

    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########




    RogueKiller Anti-Malware V13.0.14.0 (x64) [Nov 27 2018] (Free) by Adlice Software
    mail : https://adlice.com/contact/
    Website : https://adlice.com/download/roguekiller/
    Operating System : Windows 10 (10.0.17134) 64 bits
    Started in : Normal mode
    User : di_bl [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Mode : Standard Scan, Delete -- Date : 2018/12/02 16:50:53 (Duration : 00:51:13)

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    [Suspicious.Path (Potentially Malicious)] HKEY_CLASSES_ROOT\CLSID\{C4F0910E-E0B4-4E68-8086-452730C7A26A} -- [%localappdata%\Autodesk\webdeploy\production\5669a8135e51a5c306a7cdb9b99cf334ce773328\NPreview10.dll] -> Deleted
    [PUP.Auslogics (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Auslogics -- -> Deleted
    [PUP.InnovativeSolutions (Potentially Malicious)] HKEY_USERS\S-1-5-21-439163156-588376408-1409899048-1002\Software\Innovative Solutions -- -> Deleted
    [PUP.InnovativeSolutions (Potentially Malicious)] HKEY_USERS\S-1-5-21-439163156-588376408-1409899048-1002\Software\Innovative Solutions -- -> Deleted
    [PUP.Auslogics (Potentially Malicious)] Auslogics Registry Cleaner.lnk -- %USERPROFILE%\Desktop\Auslogics Registry Cleaner.lnk (lnk => C:\PROGRA~2\AUSLOG~1\REGIST~1\REGIST~1.EXE []) -> Deleted
    [PUP.Auslogics (Potentially Malicious)] Auslogics -- %programdata%\Auslogics -> Deleted
    [PUP.Auslogics (Potentially Malicious)] Auslogics -- %programdata%\Microsoft\Windows\Start Menu\Programs\Auslogics -> Deleted
    [PUP.Auslogics (Potentially Malicious)] Auslogics -- %programfiles(x86)%\Auslogics -> Deleted
    [PUP.InnovativeSolutions (Potentially Malicious)] Innovative Solutions -- %programfiles(x86)%\Innovative Solutions -> Deleted
    [PUP.Auslogics (Potentially Malicious)] Auslogics -- %programfiles(x86)%\Auslogics -> Removed at reboot [2]
    [PUP.InnovativeSolutions (Potentially Malicious)] Innovative Solutions -- %programfiles(x86)%\Innovative Solutions -> Removed at reboot [2]
    [PUP.Auslogics (Potentially Malicious)] Auslogics Registry Cleaner.lnk -- %USERPROFILE%\Desktop\Auslogics Registry Cleaner.lnk (lnk => C:\PROGRA~2\AUSLOG~1\REGIST~1\REGIST~1.EXE []) -> Removed at reboot [2]

  4. #4
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,674

    Default

    I can see you already have Malwarebytes Anti-Malware onboard.
    Let's update it and run a new scan.

    Open Malwarebytes Anti-Malware, click on the update tab, if an update is available allow it to install.

    click the Settings tab,at the top choose Protection and tick Scan for rootkits.
    Click the Dashboard tab, choose Scan, Threat Scan is checked and click Start Scan.
    If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
    Upon completion of the scan (or after the reboot), click the Reports tab.
    Double-click the Scan Log.
    At the bottom click Export and choose Text file.

    Save the file to your desktop and include its content in your next reply.

    You can access the logs by going in the "Reports" tab, clicking on the latest "Scan" entry (the one with detections), then clicking on the "Export" button in the bottom-left corner and select "Copy to clipboard". After that, all you have to do is paste it here

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    Emsisoft Emergency Kit - Fix Mode
    Follow the instructions below to run a scan using the Emsisoft Emergency Kit.
    • Download the Emsisoft Emergency Kit and execute it. From there, click on the Install button to extract the program in the EEK folder;
    • Once the extraction is complete, the EEK folder will open. Right-click on start emergency kit scanner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
    • EEK will suggest that you run an online update before using the program. Click on Yes to launch it.
    • After the update, click on Malware Scan under 2. Scan and accept to let EEK detect PUPs (click on Yes).
    • Once the scan is complete, make sure that every item in the list is checked, and click on the Quarantine selected button;
    • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
    • After the restart, open EEK again (in the C:\EEK folder);
    • This time, click on Logs;
    • From there, go under the Quarantine Log tab, and click on the Export button;
    • Save the log on your desktop, then open it, and copy/paste its content in your next reply;

    Please post these 2 logs when finished.

    Also, tell me how the computer is now.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
    Want to help others? Join the ClassRoom and learn how.

  5. #5
    Junior Member
    Join Date
    Dec 2018
    Posts
    6

    Default

    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 07/12/2018
    Scan Time: 13:03
    Log File: 7285d231-fa20-11e8-b6f0-705a0f05ef1c.json

    -Software Information-
    Version: 3.6.1.2711
    Components Version: 1.0.482
    Update Package Version: 1.0.8201
    Licence: Trial

    -System Information-
    OS: Windows 10 (Build 17134.441)
    CPU: x64
    File System: NTFS
    User: System

    -Scan Summary-
    Scan Type: Threat Scan
    Scan Initiated By: Scheduler
    Result: Completed
    Objects Scanned: 366853
    Threats Detected: 0
    Threats Quarantined: 0
    Time Elapsed: 39 min, 1 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 0
    (No malicious items detected)

    Registry Value: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 0
    (No malicious items detected)

    File: 0
    (No malicious items detected)

    Physical Sector: 0
    (No malicious items detected)

    WMI: 0
    (No malicious items detected)


    (end)



    Emsisoft Emergency Kit - Version 2018.6
    Last update: 06/12/2018 19:58:35
    User account: LAPTOP-PPARAPRV\di_bl
    Computer name: LAPTOP-PPARAPRV
    OS version: Windows 10x64

    Scan settings:

    Scan type: Malware Scan
    Objects: Rootkits, Memory, Traces, Files

    Detect PUPs: On
    Scan archives: Off
    Scan mail archives: Off
    ADS Scan: On
    File extension filter: Off
    Direct disk access: Off

    Scan start: 07/12/2018 16:33:29

    Scanned 87946
    Found 0

    Scan end: 07/12/2018 16:44:38
    Scan time: 0:11:09



    Possibly a little faster but still recording 92% CPU usage due to taskhostw.exe

  6. #6
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,674

    Default

    Follow the instructions in the thread below to run a scan with MBAR. Don't forget to update the database before launching the scan, and once launched, leave MBAR running and do not touch your computer until it is done scanning.

    https://forums.malwarebytes.com/topi...-malwarebytes/

    Once MBAR is done scanning, removing threats and rebooting your computer, go in its MBAR folder, and copy/paste the content of the mbar-log-TODAYS-DATE.txt log in your next reply.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
    Open FRST as you did before.

    Copy and paste the following in the edit box on FRST, after "Search:"
    taskhostw.exe
    Click the Search Files button.

    When finished, a log file (Search.txt) will open and is saved where FRST was run from, on the Desktop.

    Please post that log in your next reply.

    ~~~
    After completed, repeat the process, but this time around click for Search Registry. Another log will be produced, Searchreg.txt. Post it also in your next reply.

    Click Search Files button and post the log (Search.txt) it will produce in your next reply.

    Please post these logs when finished.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
    Want to help others? Join the ClassRoom and learn how.

  7. #7
    Junior Member
    Join Date
    Dec 2018
    Posts
    6

    Default

    Logs below as requested.

    Malwarebytes Anti-Rootkit BETA 1.10.3.1001
    www.malwarebytes.org

    Database version:
    main: v2018.12.08.01
    rootkit: v2018.12.08.01

    Windows 10 x64 NTFS
    Internet Explorer 11.407.17134.0
    di_bl :: LAPTOP-PPARAPRV [administrator]

    08/12/2018 08:08:37
    mbar-log-2018-12-08 (08-08-37).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 274438
    Time elapsed: 1 hour(s), 9 minute(s), 26 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)



    Farbar Recovery Scan Tool (x64) Version: 01.12.2018 01
    Ran by di_bl (08-12-2018 09:36:14)
    Running from C:\Users\di_bl\Desktop
    Boot Mode: Normal

    ================== Search Files: "taskhostw.exe" =============

    C:\Windows\WinSxS\amd64_microsoft-windows-taskhost_31bf3856ad364e35_10.0.17134.1_none_0dbf34b0c3803ee3\taskhostw.exe
    [2018-04-11 23:34][2018-04-11 23:34] 000087904 _____ (Microsoft Corporation) CE95E236FC9FE2D6F16C926C75B18BAF [File is digitally signed]

    C:\Windows\System32\taskhostw.exe
    [2018-04-11 23:34][2018-04-11 23:34] 000087904 _____ (Microsoft Corporation) CE95E236FC9FE2D6F16C926C75B18BAF [File is digitally signed]


    ====== End of Search ======



    Farbar Recovery Scan Tool (x64) Version: 01.12.2018 01
    Ran by di_bl (08-12-2018 09:56:47)
    Running from C:\Users\di_bl\Desktop
    Boot Mode: Normal

    ================== Search Registry: "taskhostw.exe" ===========


    ====== End of Search ======



    Thanks

  8. #8
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,674

    Default

    There is an infection with that very name, problem is there is also a legitimate Windows executable with the same name, also as expected the legitimate one runs from the system32 folder. This means we can't just go in and delete it out since it's showing as legit or other apps on the computer wont work.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

    Upload a File to Virustotal

    Go to http://www.virustotal.com/


    Click the Choose file button
    Navigate to the file C:\Windows\System32\taskhostw.exe
    Click the Scan it tab
    If you get a message saying File has already been analyzed: click Reanalyze file now
    Copy and paste the URL address back here please.

    Also, let's see if we can get this other locations to go through

    C:\Windows\WinSxS\amd64_microsoft-windows-taskhost_31bf3856ad364e35_10.0.17134.1_none_0dbf34b0c3803ee3\taskhostw.exe


    ~~~~

    ESET Online Scanner
    • Download and execute ESET Online Scanner
    • Check the following settings (two of them are under Advanced Settings, click on it to display them):
      • Enable detection of potentially unwanted applications
      • Enable detection of potentially unsafe applications
      • Scan archives
      • Scan for potentially unsafe applications
      • Optional : If you want to scan more drives, click on Change... and select the drives you want to include in the scan
    • After you're done checking these options, click on the Scan button and ESET Online Scanner will download its virus signature database before starting the scan
    • Once done, the scan will start automatically. ESET Online Scanner can have an extremely long scan time that can last between 2 or 3 hours. So if you start the scan, do not interrupt it, let it complete
    • On completion, a summary window will appear to give you the information about the scan. Then you'll have to the option to see what threads were found and to manage the threats that were quarantined
    • Click on List of found threats, it'll display every threat identified during that scan, their type and what action was taken against them. Click on Copy to clipboard to copy these results on our clipboard and post them in your next reply
    • Once you're done, click on the Back button, then click on the Finish button
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
    Want to help others? Join the ClassRoom and learn how.

  9. #9
    Junior Member
    Join Date
    Dec 2018
    Posts
    6

    Default

    https://www.virustotal.com/#/file/74...8085/detection

    I scanned the file from both locations and the results were the same.

    EST results:

    C:\AdwCleaner\Quarantine\v1\20181130.202708\1\BoostSpeed\RegistryCleaner.exe#18EE81AF8CB45D1E a variant of Win32/Auslogics.B potentially unwanted application
    C:\AdwCleaner\Quarantine\v1\20181130.202708\1\BoostSpeed\Setup\SetupCustom.dll#D85D06490710C521 a variant of Win32/Auslogics.K potentially unwanted application
    C:\AdwCleaner\Quarantine\v1\20181130.202708\25\Downloaded Installers\{ABA29C63-B22D-45F8-BA20-7C8EF17B5E62}\setup.msi#7B238CD47778005F a variant of Win32/Slimware.B potentially unwanted application,a variant of Win32/Slimware.C potentially unwanted application
    C:\Users\di_bl\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\166\DETAILS[901].pdf PDF/Phishing.A.Gen trojan
    C:\Users\di_bl\Downloads\ccsetup541.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
    C:\Users\di_bl\Downloads\ccsetup542.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
    C:\Users\di_bl\Downloads\ccsetup543.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
    C:\Users\di_bl\Downloads\ccsetup549.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
    C:\Users\di_bl\Downloads\ccsetup550.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
    C:\Users\di_bl\Downloads\registry-cleaner-setup.exe a variant of Win32/Auslogics.B potentially unwanted application
    C:\Users\di_bl\Downloads\Unconfirmed 384632.crdownload Win32/Bundled.Toolbar.Google.D potentially unsafe application
    Files\Software\FreewarePrimoPDF.exe Win32/OpenCandy potentially unsafe application
    C:\Windows\Installer\71f6c.msi a variant of Win32/Slimware.B potentially unwanted application,a variant of Win32/Slimware.C potentially unwanted application

  10. #10
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,674

    Default

    Did you allow it to remove/quarantine what it found?

    Not worried about the below items since their held in a quarantine folder from a tool I asked you to run

    C:\AdwCleaner\Quarantine\v1\20181130.202708\1\BoostSpeed\RegistryCleaner.exe#18EE81AF8CB45D1E a variant of Win32/Auslogics.B potentially unwanted application
    C:\AdwCleaner\Quarantine\v1\20181130.202708\1\BoostSpeed\Setup\SetupCustom.dll#D85D06490710C521 a variant of Win32/Auslogics.K potentially unwanted application
    C:\AdwCleaner\Quarantine\v1\20181130.202708\25\Downloaded Installers\{ABA29C63-B22D-45F8-BA20-7C8EF17B5E62}\setup.msi#7B238CD47778005F a variant of Win32/Slimware.B potentially unwanted application,a variant of Win32/Slimware.C potentially unwanted application
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
    Want to help others? Join the ClassRoom and learn how.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •