Results 1 to 8 of 8

Thread: Hello, I need help with my system. All started with oledlg.dll error...

  1. #1
    Member
    Join Date
    Jan 2009
    Posts
    53

    Default Hello, I need help with my system. All started with oledlg.dll error...

    Hello SNF,

    It's been about 5 years since my last visit...mixed emotions about that.

    I attempted Tweaking Registry Backup (#2 post in sticky) and it Errored after 22/26 Registry Files Backed up. Should I continue with the FRST and aswMBR logs at this time or do I need to get a 26/26 Backup with Tweaking first?

    Please advise.

    Also, I can give you a short history of weirdness if you need it. Looking forward to working with you to exorcise my system

    Much appreciate your time and consideration,

    Alex (Awong)

  2. #2
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,810

    Default

    Lets see if we can continue


    • Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) andsave the file to your Desktop.
    • Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
    • Right-Click FRST.exe / FRST64.exe and select Run as administrator to run the programme.
    • Click Yes to the disclaimer.
    • Ensure the Addition.txt box is checked.
    • Click the Scan button and let the programme run.
    • Upon completion, click OK, then OK on the Addition.txt pop up screen.
    • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #3
    Member
    Join Date
    Jan 2009
    Posts
    53

    Default FRST64 logs, FRST.txt and Addition.txt

    Here are the results of the FRST Scans. I had actually gone ahead and attempted to run the aswMBR.exe as well but that ended in a Blue Screen Error :(...but the FRST scans went just fine. Thanks for your time and patience!
    Alex

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.02.2019 02
    Ran by alexander (administrator) on MARX (23-02-2019 18:32:03)
    Running from C:\Users\alexander\Desktop
    Loaded Profiles: alexander & postgres & DefaultAppPool (Available Profiles: duck & alexander & Eileen & justi & nicho & kidsWorldOfTanks & postgres & DefaultAppPool)
    Platform: Windows 10 Pro Version 1803 17134.590 (X64) Language: English (United States)
    Default browser: Chrome
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\afwServ.exe
    (Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    () C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
    (Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
    (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Microsoft Corporation) C:\Windows\System32\mqsvc.exe
    (Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
    (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
    (SafeNet Inc.) C:\Windows\System32\hasplms.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    () C:\Program Files (x86)\Silhouette America\Silhouette Link\Resources\Resources\SPEC_LK\SilhouetteLinkServer.32.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.5\bin\pg_ctl.exe
    (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.5\bin\postgres.exe
    (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.5\bin\postgres.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\aswEngSrv.exe
    (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.5\bin\postgres.exe
    (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.5\bin\postgres.exe
    (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.5\bin\postgres.exe
    (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.5\bin\postgres.exe
    (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.5\bin\postgres.exe
    (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
    (Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
    (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
    (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
    () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Video.UI.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Wargaming.net) C:\ProgramData\Wargaming.net\GameCenter\wgc.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (NETGEAR Inc.) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
    (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    (Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe
    (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
    (Wargaming.net) C:\ProgramData\Wargaming.net\GameCenter\wargamingerrormonitor.exe
    (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    () C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
    (Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
    (Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
    (Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
    () C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
    (Microsoft Corporation) C:\Windows\splwow64.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
    (Tweaking.com) C:\Program Files (x86)\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\QtWebEngineProcess.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\aswidsagent.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\WinStore.App.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\SkypeApp.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
    HKLM...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor Corp -> Realtek Semiconductor)
    HKLM...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2728736 2014-01-24] (NVIDIA Corporation -> )
    HKLM...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc. -> Apple Inc.)
    HKLM...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [307632 2019-02-16] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    HKLM-x32...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] (Logitech Inc -> )
    HKLM-x32...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard) [File not signed]
    HKLM-x32...\Run: [Adobe Photo Downloader] => C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe [67488 2007-09-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
    HKLM-x32...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
    HKLM-x32...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.) [File not signed]
    HKLM-x32...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle America, Inc. -> Oracle Corporation)
    HKLM-x32...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [4190016 2019-02-19] (Dropbox, Inc -> Dropbox, Inc.)
    HKLM-x32...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [704424 2017-06-15] (Autodesk, Inc -> Autodesk, Inc.)
    HKLM-x32...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [3029480 2018-05-09] (Sony Imaging Products & Solutions Inc. -> Sony Corporation)
    HKLM-x32...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [307632 2019-02-16] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
    HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
    HKU\S-1-5-21-2772892075-776610616-2658955011-1003\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
    HKU\S-1-5-21-2772892075-776610616-2658955011-1003\...\Run: [Google Update] => C:\Users\alexander\AppData\Local\Google\Update\1.3.33.23\GoogleUpdateCore.exe [605992 2018-12-19] (Google Inc -> Google Inc.)
    HKU\S-1-5-21-2772892075-776610616-2658955011-1003\...\Run: [Wargaming.net Game Center] => C:\ProgramData\Wargaming.net\GameCenter\wgc.exe [2536824 2019-01-29] (Wargaming.net Limited -> Wargaming.net)
    HKU\S-1-5-21-2772892075-776610616-2658955011-1003\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [610904 2018-07-22] (NETGEAR TAIWAN CO., LTD -> NETGEAR Inc.)
    HKU\S-1-5-21-2772892075-776610616-2658955011-1003\...\Policies\system: [LogonHoursAction] 2
    HKU\S-1-5-21-2772892075-776610616-2658955011-1003\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    HKU\S-1-5-21-2772892075-776610616-2658955011-1003\...\MountPoints2: {a198cc0f-985b-11e8-a96a-0025907a28f5} - "F:\MI.exe"
    HKU\S-1-5-21-2772892075-776610616-2658955011-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [148480 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
    HKU\S-1-5-21-2772892075-776610616-2658955011-1020\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
    HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
    HKLM\...\Drivers32: [vidc.i420] => C:\WINDOWS\system32\lvcod64.dll [398360 2009-10-07] (Logitech Inc -> Logitech Inc.)
    HKLM\...\Drivers32: [MSVideo] => C:\WINDOWS\system32\vfwwdm32.dll [67072 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
    HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [416280 2009-10-07] (Logitech Inc -> Logitech Inc.)
    HKLM\Software\...\AppCompatFlags\Custom\TIE95.EXE: [{42105f6c-f48a-42e0-8b17-b47f53c395ed}.sdb] -> GOG.com Star Wars TIE Fighter 95
    HKLM\Software\...\AppCompatFlags\Custom\TIESTART.EXE: [{42105f6c-f48a-42e0-8b17-b47f53c395ed}.sdb] -> GOG.com Star Wars TIE Fighter 95
    HKLM\Software\...\AppCompatFlags\Custom\XWING95.EXE: [{6dc948fa-eb58-4467-9258-196cf4c620f7}.sdb] -> Star Wars X-Wing 95 Compatibility Fix
    HKLM\Software\...\AppCompatFlags\Custom\XWINGTIE.EXE: [{6dc948fa-eb58-4467-9258-196cf4c620f7}.sdb] -> Star Wars X-Wing 95 Compatibility Fix
    HKLM\Software\...\AppCompatFlags\InstalledSDB\{42105f6c-f48a-42e0-8b17-b47f53c395ed}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{42105f6c-f48a-42e0-8b17-b47f53c395ed}.sdb [2014-10-10]
    HKLM\Software\...\AppCompatFlags\InstalledSDB\{6dc948fa-eb58-4467-9258-196cf4c620f7}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{6dc948fa-eb58-4467-9258-196cf4c620f7}.sdb [2014-10-10]
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.119\Installer\chrmstp.exe [2019-02-22] (Google LLC -> Google Inc.)
    HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
    HKLM\Software\...\Winlogon\GPExtensions: [{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}] -> C:\WINDOWS\system32\dot3gpclnt.dll [2018-04-11] ()
    ShellServiceObjects-x32: WPDShServiceObj Class -> {AAA288BA-9A4C-45B0-95D7-94D524869DB5} => C:\WINDOWS\SysWOW64\wpdshserviceobj.dll [2018-04-11] ()
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-07-14]
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
    Startup: C:\Users\duck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk [2014-04-09]
    ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe (Leader Technologies/Logitech)
    GroupPolicy\User: Restriction ? <==== ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{a82a9a0b-a9ce-419f-9598-795189fe40e1}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKU\S-1-5-21-2772892075-776610616-2658955011-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2018-11-14] (Microsoft Corporation -> Microsoft Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2018-12-11] (Microsoft Corporation -> Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2018-12-11] (Microsoft Corporation -> Microsoft Corporation)
    BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Company -> Hewlett-Packard Co.)
    BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2017-08-15] (Microsoft Corporation -> Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-27] (Oracle America, Inc. -> Oracle Corporation)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2018-12-12] (Microsoft Corporation -> Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-27] (Oracle America, Inc. -> Oracle Corporation)
    BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Company -> Hewlett-Packard Co.)
    DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    Handler-x32: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\msvidctl.dll [2018-04-11] ()
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\msvidctl.dll [2018-04-11] ()

    FireFox:
    ========
    FF DefaultProfile: psg8aigl.default-1403756767325
    FF ProfilePath: C:\Users\alexander\AppData\Roaming\Mozilla\Firefox\Profiles\psg8aigl.default-1403756767325 [2017-06-16]
    FF Homepage: Mozilla\Firefox\Profiles\psg8aigl.default-1403756767325 -> hxxps://bay179.mail.live.com/default.aspx
    FF Extension: (Craigslist Fusion) - C:\Users\alexander\AppData\Roaming\Mozilla\Firefox\Profiles\psg8aigl.default-1403756767325\Extensions\craigslistfusion@craigslistfusion.com.xpi [2016-05-16] [Legacy]
    FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-07-14] [Legacy] [not signed]
    FF HKU\S-1-5-21-2772892075-776610616-2658955011-1003\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_142.dll [2019-02-12] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_142.dll [2019-02-12] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
    FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
    FF Plugin-x32: @DVR/npmedia,version=33.2.0.4 -> C:\Program Files (x86)\webrec\WEB30\DVR32\33.2.0.4\npmedia.dll [2016-09-22] ()
    FF Plugin-x32: @DVR/npTimeGrid,version=33.2.0.4 -> C:\Program Files (x86)\webrec\WEB30\DVR32\33.2.0.4\npTimeGrid.dll [2016-09-22] (Unauthorized copy)
    FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-27] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-27] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-04-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-18] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-18] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-01-31] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2772892075-776610616-2658955011-1003: @talk.google.com/GoogleTalkPlugin -> C:\Users\alexander\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
    FF Plugin HKU\S-1-5-21-2772892075-776610616-2658955011-1003: @talk.google.com/O1DPlugin -> C:\Users\alexander\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
    FF Plugin HKU\S-1-5-21-2772892075-776610616-2658955011-1003: @tools.google.com/Google Update;version=3 -> C:\Users\alexander\AppData\Local\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
    FF Plugin HKU\S-1-5-21-2772892075-776610616-2658955011-1003: @tools.google.com/Google Update;version=9 -> C:\Users\alexander\AppData\Local\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
    FF Plugin HKU\S-1-5-21-2772892075-776610616-2658955011-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\alexander\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)
    FF Plugin HKU\S-1-5-21-2772892075-776610616-2658955011-1003: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
    FF Plugin ProgramFiles/Appdata: C:\Users\alexander\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\alexander\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

    Chrome:
    =======
    CHR Profile: C:\Users\alexander\AppData\Local\Google\Chrome\User Data\Default [2019-02-23]
    CHR Extension: (Slides) - C:\Users\alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-02-22]
    CHR Extension: (Docs) - C:\Users\alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-02-22]
    CHR Extension: (Google Drive) - C:\Users\alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-02-22]
    CHR Extension: (YouTube) - C:\Users\alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-02-22]
    CHR Extension: (uBlock Origin) - C:\Users\alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2019-02-22]
    CHR Extension: (Adobe Acrobat) - C:\Users\alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-02-22]
    CHR Extension: (Sheets) - C:\Users\alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-02-22]
    CHR Extension: (Google Docs Offline) - C:\Users\alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-02-22]
    CHR Extension: (OneNote Web Clipper) - C:\Users\alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\gojbdfnpnhogfdgjbigejoaolejmgdhk [2019-02-22]
    CHR Extension: (Evernote Web) - C:\Users\alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2019-02-22]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-02-22]
    CHR Extension: (uBlock Origin Extra) - C:\Users\alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgdnlhfefecpicbbihgmbmffkjpaplco [2019-02-22]
    CHR Extension: (Gmail) - C:\Users\alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-02-22]
    CHR Extension: (Chrome Media Router) - C:\Users\alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-22]
    CHR HKU\S-1-5-21-2772892075-776610616-2658955011-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1353208 2017-06-15] (Autodesk, Inc -> Autodesk Inc.)
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc. -> Apple Inc.)
    R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [357360 2019-02-16] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    R2 AVG Firewall; C:\Program Files (x86)\AVG\Antivirus\afwServ.exe [369312 2019-02-16] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\aswidsagent.exe [6807360 2019-02-16] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    S3 AvgWscReporter; C:\Program Files (x86)\AVG\Antivirus\wsc_proxy.exe [110048 2019-02-16] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058392 2017-12-12] (Microsoft Corporation -> Microsoft Corporation)
    S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-09-16] (Dropbox, Inc -> Dropbox, Inc.)
    S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-09-16] (Dropbox, Inc -> Dropbox, Inc.)
    R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2019-02-19] (Dropbox, Inc -> Dropbox, Inc.)
    S3 fhsvc; C:\WINDOWS\system32\fhsvc.dll [121344 2018-04-11] () [File not signed]
    S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2014-08-12] (Macrovision Europe Ltd.) [File not signed]
    R2 hasplms; C:\Windows\system32\hasplms.exe [4608320 2014-11-27] (SafeNet, Inc. -> SafeNet Inc.)
    R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
    R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
    R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
    S3 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [233456 2017-07-03] (Netgear Incorporated -> NETGEAR)
    R2 NVWMI; C:\Windows\system32\nvwmi64.exe [2510112 2014-01-24] (NVIDIA Corporation -> NVIDIA Corporation)
    R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [498152 2018-05-09] (Sony Imaging Products & Solutions Inc. -> Sony Corporation)
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
    S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-07-14] (Microsoft Windows Publisher -> Microsoft Corporation)
    R2 SilhouetteLink; C:\Program Files (x86)\Silhouette America\Silhouette Link\Resources\Resources\SPEC_LK\SilhouetteLinkServer.32.exe [897200 2016-12-06] (Silhouette Research & Technology Ltd -> )
    S4 tzautoupdate; C:\WINDOWS\system32\tzautoupdate.dll [92160 2018-11-08] (Error3: CryptCATAdminCalcHashFromFileHandle failed to return cbHash, #2 -> ) [File not signed]
    S4 UevAgentService; C:\WINDOWS\system32\AgentService.exe [1189376 2018-04-12] () [File not signed]
    S3 VSS; C:\WINDOWS\system32\vssvc.exe [1540096 2018-04-11] (Error3: CryptCATAdminCalcHashFromFileHandle failed to return cbHash, #2 -> ) [File not signed]
    S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56040 2015-11-19] (Microsoft Corporation -> Microsoft Corporation)
    S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3880120 2019-02-17] (Microsoft Corporation -> Microsoft Corporation)
    S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [114208 2019-02-17] (Microsoft Corporation -> Microsoft Corporation)
    R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [1764296 2017-12-13] (Wacom Technology Corporation -> Wacom Technology, Corp.)
    R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
    R2 postgresql-x64-9.5; "C:\Program Files\PostgreSQL\9.5\bin\pg_ctl.exe" runservice -N "postgresql-x64-9.5" -D "C:\Program Files\PostgreSQL\9.5\data" -w

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [205656 2019-02-16] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriver.sys [226448 2019-02-16] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsh.sys [196848 2019-02-16] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    R0 avgblog; C:\WINDOWS\System32\drivers\avgblog.sys [320960 2019-02-16] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniv.sys [58008 2019-02-16] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    R0 avgElam; C:\WINDOWS\System32\drivers\avgElam.sys [15280 2019-01-15] (Microsoft Windows Early Launch Anti-malware Publisher -> AVG Technologies CZ, s.r.o.)
    R1 avgKbd; C:\WINDOWS\System32\drivers\avgKbd.sys [42552 2019-02-16] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    R2 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [167560 2019-02-16] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    R1 avgNetSec; C:\WINDOWS\System32\drivers\avgNetSec.sys [519920 2019-02-16] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [112568 2019-02-16] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [88208 2019-02-16] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [1034184 2019-02-16] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [474712 2019-02-16] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    R2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [217040 2019-02-16] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [380208 2019-02-16] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
    R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [331608 2014-11-27] (SafeNet, Inc. -> SafeNet Inc.)
    S0 iaStorV; C:\WINDOWS\System32\drivers\iaStorV.sys [412064 2018-04-11] (Error3: CryptCATAdminCalcHashFromFileHandle failed to return cbHash, #2 -> ) [File not signed]
    R3 LVPr2M64; C:\WINDOWS\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] (Logitech Inc -> )
    S3 LVPr2Mon; C:\WINDOWS\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] (Logitech Inc -> )
    S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
    R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [274416 2019-02-23] (Malwarebytes Corporation -> Malwarebytes)
    S3 NdisWan; C:\WINDOWS\System32\drivers\ndiswan.sys [193536 2018-11-08] (Error3: CryptCATAdminCalcHashFromFileHandle failed to return cbHash, #2 -> ) [File not signed]
    S3 ndiswanlegacy; C:\WINDOWS\System32\DRIVERS\ndiswan.sys [193536 2018-11-08] (Error3: CryptCATAdminCalcHashFromFileHandle failed to return cbHash, #2 -> ) [File not signed]
    S3 netvsc; C:\WINDOWS\System32\drivers\netvsc.sys [197632 2018-04-11] (Error3: CryptCATAdminCalcHashFromFileHandle failed to return cbHash, #2 -> ) [File not signed]
    R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35344 2018-10-15] (CACE Technologies, Inc. -> CACE Technologies, Inc.)
    R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_b7e5dd1387001335\nvlddmkm.sys [16936560 2017-11-09] (NVIDIA Corporation -> NVIDIA Corporation)
    S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> )
    S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> )
    S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
    S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
    S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46680 2019-02-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [330936 2019-02-17] (Microsoft Windows -> Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62136 2019-02-17] (Microsoft Windows -> Microsoft Corporation)
    U3 idsvc; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-02-23 18:32 - 2019-02-23 18:33 - 000035819 _____ C:\Users\alexander\Desktop\FRST.txt
    2019-02-23 18:26 - 2019-02-23 18:32 - 000000000 ____D C:\FRST
    2019-02-23 18:20 - 2019-02-23 18:20 - 002435072 _____ (Farbar) C:\Users\alexander\Desktop\FRST64.exe
    2019-02-23 16:29 - 2019-02-23 16:29 - 000000000 ____D C:\Users\alexander\Desktop\saferNetworkingForum
    2019-02-23 16:26 - 2019-02-23 16:26 - 000000207 _____ C:\WINDOWS\tweaking.com-regbackup-MARX-Windows-10-Pro-(64-bit).dat
    2019-02-23 16:26 - 2019-02-23 16:26 - 000000000 ____D C:\RegBackup
    2019-02-23 16:25 - 2019-02-23 16:25 - 000002308 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2019-02-23 16:25 - 2019-02-23 16:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2019-02-23 16:25 - 2019-02-23 16:25 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
    2019-02-23 16:23 - 2019-02-23 16:25 - 000018004 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
    2019-02-23 16:16 - 2019-02-23 16:16 - 005198336 _____ (AVAST Software) C:\Users\alexander\Desktop\aswMBR.exe
    2019-02-23 16:13 - 2019-02-23 16:13 - 005766144 _____ (Tweaking.com) C:\Users\alexander\Desktop\tweaking.com_registry_backup_setup.exe
    2019-02-22 22:46 - 2019-02-22 22:46 - 000000000 ____D C:\Users\alexander\AppData\Roaming\Logitech
    2019-02-22 00:28 - 2019-02-22 00:28 - 000000000 ____D C:\Users\alexander\AppData\Roaming\Google
    2019-02-22 00:27 - 2019-02-22 00:27 - 000002373 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2019-02-22 00:27 - 2019-02-22 00:27 - 000002332 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2019-02-21 23:52 - 2019-02-21 23:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
    2019-02-19 17:46 - 2019-02-19 17:46 - 000034304 _____ C:\Users\alexander\Downloads\Tiger Ads Log 2019.xls
    2019-02-19 17:40 - 2019-02-19 17:40 - 000083587 _____ C:\Users\alexander\Downloads\2019 TTConcussionForm.pdf
    2019-02-19 15:19 - 2019-02-19 15:19 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
    2019-02-19 15:19 - 2019-02-19 15:19 - 000047800 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
    2019-02-19 15:19 - 2019-02-19 15:19 - 000047800 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
    2019-02-19 15:19 - 2019-02-19 15:19 - 000047800 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
    2019-02-17 11:54 - 2019-02-23 18:00 - 000274416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
    2019-02-16 22:11 - 2019-02-16 22:11 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2019-02-16 22:11 - 2019-02-16 22:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2019-02-16 22:11 - 2019-02-01 11:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
    2019-02-16 22:11 - 2019-01-08 15:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
    2019-02-16 19:44 - 2019-02-16 19:44 - 000000080 ___SH C:\bootTel.dat
    2019-02-16 11:21 - 2019-02-16 11:21 - 000519920 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgNetSec.sys
    2019-02-16 11:20 - 2019-02-16 11:19 - 000362928 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
    2019-02-12 15:36 - 2019-02-05 23:54 - 004527584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
    2019-02-12 15:36 - 2019-02-05 23:53 - 001634704 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
    2019-02-12 15:36 - 2019-02-05 23:32 - 003648512 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2019-02-12 15:36 - 2019-02-05 23:30 - 004052992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
    2019-02-12 15:36 - 2019-02-05 23:30 - 001662464 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
    2019-02-12 15:36 - 2019-02-05 23:30 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
    2019-02-12 15:36 - 2019-02-05 23:11 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
    2019-02-12 15:36 - 2019-02-05 22:52 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
    2019-02-12 15:36 - 2019-02-05 22:52 - 002891776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
    2019-02-12 15:36 - 2019-02-05 22:52 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
    2019-02-12 15:36 - 2019-02-05 19:01 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
    2019-02-12 15:36 - 2019-02-05 19:01 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
    2019-02-12 15:36 - 2019-02-05 19:01 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
    2019-02-12 15:36 - 2019-02-05 19:01 - 000720480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
    2019-02-12 15:36 - 2019-02-05 19:01 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
    2019-02-12 15:36 - 2019-02-05 19:00 - 009084432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2019-02-12 15:36 - 2019-02-05 19:00 - 007520112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2019-02-12 15:36 - 2019-02-05 19:00 - 006572416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2019-02-12 15:36 - 2019-02-05 19:00 - 002719760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2019-02-12 15:36 - 2019-02-05 19:00 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
    2019-02-12 15:36 - 2019-02-05 19:00 - 002421264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
    2019-02-12 15:36 - 2019-02-05 19:00 - 001257904 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2019-02-12 15:36 - 2019-02-05 19:00 - 001140680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2019-02-12 15:36 - 2019-02-05 19:00 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
    2019-02-12 15:36 - 2019-02-05 19:00 - 001098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
    2019-02-12 15:36 - 2019-02-05 19:00 - 000899728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
    2019-02-12 15:36 - 2019-02-05 19:00 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
    2019-02-12 15:36 - 2019-02-05 18:59 - 001922064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
    2019-02-12 15:36 - 2019-02-05 18:59 - 001457248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2019-02-12 15:36 - 2019-02-05 18:59 - 000983128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
    2019-02-12 15:36 - 2019-02-05 18:52 - 022014464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2019-02-12 15:36 - 2019-02-05 18:45 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2019-02-12 15:36 - 2019-02-05 18:42 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2019-02-12 15:36 - 2019-02-05 18:41 - 025853952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2019-02-12 15:36 - 2019-02-05 18:41 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
    2019-02-12 15:36 - 2019-02-05 18:40 - 005792256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2019-02-12 15:36 - 2019-02-05 18:38 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
    2019-02-12 15:36 - 2019-02-05 18:38 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
    2019-02-12 15:36 - 2019-02-05 18:37 - 004515840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2019-02-12 15:36 - 2019-02-05 18:33 - 022714880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2019-02-12 15:36 - 2019-02-05 18:29 - 004865536 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2019-02-12 15:36 - 2019-02-05 18:27 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
    2019-02-12 15:36 - 2019-02-05 18:27 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
    2019-02-12 15:36 - 2019-02-05 18:27 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
    2019-02-12 15:36 - 2019-02-05 18:26 - 007599616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2019-02-12 15:36 - 2019-02-05 18:25 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
    2019-02-12 15:36 - 2019-02-05 18:25 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
    2019-02-12 15:36 - 2019-02-05 18:24 - 004937728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2019-02-12 15:36 - 2019-02-05 18:23 - 000393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
    2019-02-12 15:36 - 2019-02-05 18:22 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
    2019-02-12 15:36 - 2019-02-05 18:22 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
    2019-02-12 15:36 - 2019-01-11 18:28 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
    2019-02-12 15:36 - 2019-01-09 10:08 - 000309560 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
    2019-02-12 15:36 - 2019-01-09 09:57 - 000720536 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
    2019-02-12 15:36 - 2019-01-09 09:42 - 004716032 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
    2019-02-12 15:36 - 2019-01-09 09:41 - 012730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2019-02-12 15:36 - 2019-01-09 09:35 - 002919936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
    2019-02-12 15:36 - 2019-01-09 02:14 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
    2019-02-12 15:36 - 2019-01-09 01:55 - 011919872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2019-02-12 15:36 - 2019-01-09 00:55 - 001285432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
    2019-02-12 15:36 - 2019-01-08 21:59 - 000611848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
    2019-02-12 15:36 - 2019-01-08 21:44 - 000078688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
    2019-02-12 15:36 - 2019-01-08 21:43 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
    2019-02-12 15:36 - 2019-01-08 21:43 - 004789944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2019-02-12 15:36 - 2019-01-08 21:43 - 002253480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2019-02-12 15:36 - 2019-01-08 21:43 - 001981280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2019-02-12 15:36 - 2019-01-08 21:43 - 001620264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2019-02-12 15:36 - 2019-01-08 21:43 - 000607376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
    2019-02-12 15:36 - 2019-01-08 21:43 - 000581592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
    2019-02-12 15:36 - 2019-01-08 21:43 - 000287640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
    2019-02-12 15:36 - 2019-01-08 21:43 - 000127744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
    2019-02-12 15:36 - 2019-01-08 21:43 - 000071456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe
    2019-02-12 15:36 - 2019-01-08 21:42 - 001035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
    2019-02-12 15:36 - 2019-01-08 21:40 - 002765336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2019-02-12 15:36 - 2019-01-08 21:40 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
    2019-02-12 15:36 - 2019-01-08 21:40 - 000432952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
    2019-02-12 15:36 - 2019-01-08 21:40 - 000090872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
    2019-02-12 15:36 - 2019-01-08 21:39 - 007436016 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2019-02-12 15:36 - 2019-01-08 21:39 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2019-02-12 15:36 - 2019-01-08 21:39 - 002571632 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2019-02-12 15:36 - 2019-01-08 21:39 - 001943128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2019-02-12 15:36 - 2019-01-08 21:39 - 000789696 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
    2019-02-12 15:36 - 2019-01-08 21:39 - 000349656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
    2019-02-12 15:36 - 2019-01-08 21:39 - 000269624 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
    2019-02-12 15:36 - 2019-01-08 21:39 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
    2019-02-12 15:36 - 2019-01-08 21:39 - 000164192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
    2019-02-12 15:36 - 2019-01-08 21:39 - 000085472 _____ (Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
    2019-02-12 15:36 - 2019-01-08 21:33 - 016597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2019-02-12 15:36 - 2019-01-08 21:32 - 013878272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2019-02-12 15:36 - 2019-01-08 21:29 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
    2019-02-12 15:36 - 2019-01-08 21:29 - 002500096 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
    2019-02-12 15:36 - 2019-01-08 21:27 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
    2019-02-12 15:36 - 2019-01-08 21:27 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
    2019-02-12 15:36 - 2019-01-08 21:27 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
    2019-02-12 15:36 - 2019-01-08 21:26 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
    2019-02-12 15:36 - 2019-01-08 21:26 - 003396608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2019-02-12 15:36 - 2019-01-08 21:26 - 002966016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
    2019-02-12 15:36 - 2019-01-08 21:23 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
    2019-02-12 15:36 - 2019-01-08 21:23 - 001189888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
    2019-02-12 15:36 - 2019-01-08 21:23 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
    2019-02-12 15:36 - 2019-01-08 21:22 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
    2019-02-12 15:36 - 2019-01-08 21:22 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
    2019-02-12 15:36 - 2019-01-08 21:22 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
    2019-02-12 15:36 - 2019-01-08 21:22 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
    2019-02-12 15:36 - 2019-01-08 21:22 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
    2019-02-12 15:36 - 2019-01-08 21:22 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
    2019-02-12 15:36 - 2019-01-08 21:21 - 002173440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
    2019-02-12 15:36 - 2019-01-08 21:21 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
    2019-02-12 15:36 - 2019-01-08 21:20 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
    2019-02-12 15:36 - 2019-01-08 21:20 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
    2019-02-12 15:36 - 2019-01-08 21:20 - 000607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
    2019-02-12 15:36 - 2019-01-08 21:19 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
    2019-02-12 15:36 - 2019-01-08 21:19 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
    2019-02-12 15:36 - 2019-01-08 20:34 - 000806320 _____ C:\WINDOWS\SysWOW64\locale.nls
    2019-02-12 15:36 - 2019-01-08 20:34 - 000806320 _____ C:\WINDOWS\system32\locale.nls
    2019-02-12 15:36 - 2019-01-07 19:06 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
    2019-02-12 15:35 - 2019-02-05 23:35 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
    2019-02-12 15:35 - 2019-02-05 22:57 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
    2019-02-12 15:35 - 2019-02-05 19:01 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
    2019-02-12 15:35 - 2019-02-05 19:01 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
    2019-02-12 15:35 - 2019-02-05 19:01 - 000033576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NtlmShared.dll
    2019-02-12 15:35 - 2019-02-05 19:00 - 000945680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
    2019-02-12 15:35 - 2019-02-05 19:00 - 000466960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
    2019-02-12 15:35 - 2019-02-05 19:00 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
    2019-02-12 15:35 - 2019-02-05 19:00 - 000038792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NtlmShared.dll
    2019-02-12 15:35 - 2019-02-05 18:59 - 000144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
    2019-02-12 15:35 - 2019-02-05 18:40 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\npmproxy.dll
    2019-02-12 15:35 - 2019-02-05 18:37 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
    2019-02-12 15:35 - 2019-02-05 18:28 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
    2019-02-12 15:35 - 2019-02-05 18:28 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll
    2019-02-12 15:35 - 2019-02-05 18:27 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
    2019-02-12 15:35 - 2019-02-05 18:26 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
    2019-02-12 15:35 - 2019-02-05 18:26 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
    2019-02-12 15:35 - 2019-02-05 18:26 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
    2019-02-12 15:35 - 2019-02-05 18:26 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2019-02-12 15:35 - 2019-02-05 18:24 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
    2019-02-12 15:35 - 2019-02-05 18:21 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
    2019-02-12 15:35 - 2019-02-05 17:04 - 000001314 _____ C:\WINDOWS\system32\tcbres.wim
    2019-02-12 15:35 - 2019-01-12 00:56 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
    2019-02-12 15:35 - 2019-01-09 09:41 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
    2019-02-12 15:35 - 2019-01-09 09:40 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
    2019-02-12 15:35 - 2019-01-09 09:36 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
    2019-02-12 15:35 - 2019-01-09 01:55 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
    2019-02-12 15:35 - 2019-01-09 00:48 - 000527368 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
    2019-02-12 15:35 - 2019-01-08 21:43 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
    2019-02-12 15:35 - 2019-01-08 21:42 - 000092704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
    2019-02-12 15:35 - 2019-01-08 21:40 - 000226104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
    2019-02-12 15:35 - 2019-01-08 21:39 - 000713264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
    2019-02-12 15:35 - 2019-01-08 21:39 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
    2019-02-12 15:35 - 2019-01-08 21:25 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
    2019-02-12 15:35 - 2019-01-08 21:24 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
    2019-02-12 15:35 - 2019-01-08 21:24 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
    2019-02-12 15:35 - 2019-01-08 21:24 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
    2019-02-12 15:35 - 2019-01-08 21:23 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
    2019-02-12 15:35 - 2019-01-08 21:23 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
    2019-02-12 15:35 - 2019-01-08 21:23 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
    2019-02-12 15:35 - 2019-01-08 21:23 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
    2019-02-12 15:35 - 2019-01-08 21:23 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
    2019-02-12 15:35 - 2019-01-08 21:22 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
    2019-02-12 15:35 - 2019-01-08 21:22 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
    2019-02-12 15:35 - 2019-01-08 21:21 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
    2019-02-12 15:35 - 2019-01-08 21:20 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
    2019-02-12 15:35 - 2019-01-08 21:19 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
    2019-02-12 15:35 - 2019-01-08 21:19 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
    2019-02-12 15:35 - 2019-01-08 21:18 - 000195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
    2019-02-12 15:35 - 2019-01-08 01:08 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
    2019-02-12 15:35 - 2019-01-07 19:06 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
    2019-02-12 15:35 - 2019-01-07 19:06 - 000000072 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
    2019-02-09 10:16 - 2019-02-09 10:16 - 000183169 _____ C:\Users\alexander\Downloads\2018 CYC player Release V1.2 (1).pdf
    2019-02-09 10:15 - 2019-02-09 10:15 - 000183169 _____ C:\Users\alexander\Downloads\2018 CYC player Release V1.2.pdf
    2019-02-02 14:06 - 2019-02-02 14:06 - 000000000 ____D C:\Users\alexander\AppData\Roaming\Blackmagic Design
    2019-02-02 14:06 - 2019-02-02 14:06 - 000000000 ____D C:\Users\alexander\Alex_Documents\Blackmagic Design
    2019-02-02 13:51 - 2019-02-02 13:51 - 000002020 _____ C:\Users\alexander\Desktop\DaVinci Resolve Project Server.lnk
    2019-02-02 13:51 - 2019-02-02 13:51 - 000002000 _____ C:\Users\alexander\Desktop\Resolve.lnk
    2019-02-02 13:50 - 2019-02-02 13:51 - 000000000 ____D C:\Users\alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blackmagic Design
    2019-02-02 13:50 - 2019-02-02 13:50 - 000000000 ____D C:\ProgramData\Blackmagic Design
    2019-02-02 13:47 - 2019-02-02 13:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blackmagic Design
    2019-02-02 13:47 - 2019-02-02 13:52 - 000000000 ____D C:\Program Files (x86)\Blackmagic Design
    2019-02-02 13:47 - 2019-02-02 13:47 - 000000000 ____D C:\Program Files\Blackmagic Design
    2019-02-02 13:46 - 2019-02-23 16:04 - 000000000 ____D C:\Users\postgres
    2019-02-02 13:46 - 2019-02-22 00:21 - 000000000 ____D C:\Users\postgres\AppData\Local\Google
    2019-02-02 13:46 - 2019-02-02 13:46 - 000000020 ___SH C:\Users\postgres\ntuser.ini
    2019-02-02 13:46 - 2018-06-13 13:50 - 000000000 ____D C:\Users\postgres\AppData\Local\AVG
    2019-02-02 13:46 - 2018-04-11 15:34 - 000001105 _____ C:\Users\postgres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2019-02-02 13:46 - 2018-01-30 13:07 - 000000000 ____D C:\Users\postgres\AppData\Roaming\Autodesk
    2019-02-02 13:46 - 2018-01-30 13:07 - 000000000 ____D C:\Users\postgres\AppData\Local\Autodesk
    2019-02-02 13:46 - 2017-09-30 15:45 - 000000000 ____D C:\Users\postgres\AppData\Roaming\AVG
    2019-02-02 13:46 - 2017-09-30 15:44 - 000000000 ____D C:\Users\postgres\AppData\Local\Dropbox
    2019-02-02 13:46 - 2017-09-30 15:44 - 000000000 ____D C:\Users\postgres\AppData\Local\CEF
    2019-02-02 13:46 - 2017-09-30 15:43 - 000000000 ____D C:\Users\postgres\AppData\Roaming\Sony Corporation
    2019-02-02 13:46 - 2017-09-30 15:41 - 000002260 _____ C:\Users\postgres\Desktop\Google Chrome.lnk
    2019-02-02 13:46 - 2017-09-30 15:41 - 000000000 ____D C:\Users\postgres\AppData\Roaming\Adobe
    2019-02-02 13:46 - 2016-09-13 03:51 - 000000000 ____D C:\Users\postgres\AppData\Roaming\TuneUp Software
    2019-02-02 13:46 - 2016-09-13 03:51 - 000000000 ____D C:\Users\postgres\AppData\Roaming\Media Center Programs
    2019-02-02 13:46 - 2015-10-25 07:25 - 000002100 _____ C:\Users\postgres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
    2019-02-02 13:45 - 2019-02-02 13:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PostgreSQL 9.5
    2019-02-02 13:44 - 2019-02-02 13:44 - 000000000 ____D C:\Program Files\PostgreSQL
    2019-01-29 21:53 - 2019-01-29 21:53 - 000001403 _____ C:\Users\Public\Desktop\WinX DVD Ripper Platinum.lnk
    2019-01-29 21:53 - 2019-01-29 21:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digiarty
    2019-01-29 21:52 - 2019-01-29 21:52 - 000000000 ____D C:\Program Files (x86)\Digiarty
    2019-01-29 21:48 - 2019-01-29 21:48 - 000000000 ____D C:\Users\alexander\Downloads\winx-dvd-ripper-platinum-giveaway-file
    2019-01-27 23:22 - 2019-01-27 23:22 - 000001558 _____ C:\Users\alexander\Desktop\vlc.exe - Shortcut.lnk
    2019-01-27 22:56 - 2019-01-27 22:57 - 000000000 ____D C:\Users\alexander\AppData\Roaming\Digiarty

    ==================== One month (modified) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-02-23 18:25 - 2018-10-21 13:55 - 000000000 ____D C:\Users\alexander\AppData\Local\CrashDumps
    2019-02-23 18:25 - 2018-04-11 15:38 - 000000000 ___HD C:\Program Files\WindowsApps
    2019-02-23 18:25 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\AppReadiness
    2019-02-23 18:18 - 2018-07-16 22:50 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2019-02-23 18:03 - 2018-04-11 15:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2019-02-23 18:02 - 2018-07-17 22:40 - 000000000 ___RD C:\Users\alexander\Dropbox
    2019-02-23 16:24 - 2018-10-07 13:54 - 000000000 ____D C:\Users\alexander\AppData\Local\NETGEARGenie
    2019-02-23 16:19 - 2018-07-16 23:01 - 000000000 ____D C:\Users\DefaultAppPool
    2019-02-23 16:05 - 2018-01-19 23:32 - 000000000 ____D C:\Users\alexander\AppData\Roaming\WTablet
    2019-02-23 16:04 - 2018-07-17 07:51 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2019-02-23 16:04 - 2017-06-17 02:20 - 000000000 ____D C:\ProgramData\NVIDIA
    2019-02-23 16:03 - 2017-06-17 02:19 - 000000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs
    2019-02-23 14:32 - 2018-07-17 07:51 - 000004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1118AB29-F4E9-4A92-9DC2-9E0E9608FC14}
    2019-02-23 09:19 - 2018-07-16 23:01 - 000000000 ____D C:\Users\alexander\AppData\Local\Dropbox
    2019-02-23 00:06 - 2018-04-11 15:30 - 000000000 ____D C:\WINDOWS\CbsTemp
    2019-02-22 22:54 - 2016-02-04 06:29 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2019-02-22 17:16 - 2019-01-21 21:48 - 000000684 _____ C:\WINDOWS\Tasks\WpsPdf2WordUpdateTask_alexander.job
    2019-02-22 17:16 - 2017-09-16 05:54 - 000000924 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
    2019-02-22 17:16 - 2017-09-16 05:54 - 000000920 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
    2019-02-22 17:16 - 2016-07-28 12:53 - 000000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2772892075-776610616-2658955011-1003UA1d1e9121cdfcb22.job
    2019-02-22 17:16 - 2016-07-28 12:53 - 000000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2772892075-776610616-2658955011-1003Core1d1e9121a922e11.job
    2019-02-22 17:16 - 2015-11-01 13:46 - 000000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2772892075-776610616-2658955011-1003UA.job
    2019-02-22 17:16 - 2015-11-01 13:46 - 000000872 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2772892075-776610616-2658955011-1003Core.job
    2019-02-22 00:28 - 2019-01-21 21:48 - 000003184 _____ C:\WINDOWS\System32\Tasks\WpsPdf2WordUpdateTask_alexander
    2019-02-22 00:28 - 2018-10-21 11:31 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
    2019-02-22 00:28 - 2018-07-17 07:51 - 000003750 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
    2019-02-22 00:28 - 2018-07-17 07:51 - 000003638 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2772892075-776610616-2658955011-1003UA1d1e9121cdfcb22
    2019-02-22 00:28 - 2018-07-17 07:51 - 000003558 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2772892075-776610616-2658955011-1003UA1d257ee10fffd6a
    2019-02-22 00:28 - 2018-07-17 07:51 - 000003538 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2772892075-776610616-2658955011-1003UA
    2019-02-22 00:28 - 2018-07-17 07:51 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
    2019-02-22 00:28 - 2018-07-17 07:51 - 000003438 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
    2019-02-22 00:28 - 2018-07-17 07:51 - 000003370 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2772892075-776610616-2658955011-1003Core1d1e9121a922e11
    2019-02-22 00:28 - 2018-07-17 07:51 - 000003346 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
    2019-02-22 00:28 - 2018-07-17 07:51 - 000003322 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
    2019-02-22 00:28 - 2018-07-17 07:51 - 000003290 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2772892075-776610616-2658955011-1003Core1d257ee10ebf98b
    2019-02-22 00:28 - 2018-07-17 07:51 - 000003266 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2772892075-776610616-2658955011-1003Core
    2019-02-22 00:28 - 2018-07-17 07:51 - 000003262 _____ C:\WINDOWS\System32\Tasks\Antivirus Emergency Update
    2019-02-22 00:28 - 2018-07-17 07:51 - 000003214 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
    2019-02-22 00:28 - 2018-07-17 07:51 - 000003122 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
    2019-02-22 00:28 - 2018-07-17 07:51 - 000003094 _____ C:\WINDOWS\System32\Tasks\Java Platform SE Auto Updater
    2019-02-22 00:28 - 2018-07-17 07:51 - 000002856 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2772892075-776610616-2658955011-1018
    2019-02-22 00:28 - 2018-07-17 07:51 - 000002856 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2772892075-776610616-2658955011-1003
    2019-02-22 00:28 - 2018-07-17 07:51 - 000002828 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
    2019-02-22 00:28 - 2018-07-17 07:51 - 000002792 _____ C:\WINDOWS\System32\Tasks\Seagate_Install_Launch
    2019-02-22 00:27 - 2018-07-16 23:01 - 000000000 ____D C:\Users\alexander\AppData\Local\Google
    2019-02-22 00:26 - 2015-01-13 23:50 - 000000000 ____D C:\Program Files (x86)\Google
    2019-02-22 00:20 - 2018-07-16 23:01 - 000000000 ____D C:\Users\nicho\AppData\Local\Google
    2019-02-22 00:18 - 2018-07-16 23:01 - 000000000 ____D C:\Users\kidsWorldOfTanks\AppData\Local\Google
    2019-02-22 00:15 - 2018-07-16 23:01 - 000000000 ____D C:\Users\justi\AppData\Local\Google
    2019-02-22 00:11 - 2018-07-16 23:01 - 000000000 ____D C:\Users\Eileen\AppData\Local\Google
    2019-02-22 00:11 - 2018-07-16 23:01 - 000000000 ____D C:\Users\duck\AppData\Local\Google
    2019-02-22 00:10 - 2018-07-16 23:01 - 000000000 ____D C:\Users\DefaultAppPool\AppData\Local\Google
    2019-02-22 00:09 - 2016-09-13 03:51 - 000000000 ____D C:\Users\Default\AppData\Local\Google
    2019-02-22 00:09 - 2016-09-13 03:51 - 000000000 ____D C:\Users\Default User\AppData\Local\Google
    2019-02-22 00:02 - 2018-07-16 23:01 - 000000000 ____D C:\Users\nicho
    2019-02-22 00:02 - 2018-07-16 23:01 - 000000000 ____D C:\Users\kidsWorldOfTanks
    2019-02-22 00:02 - 2018-07-16 23:01 - 000000000 ____D C:\Users\justi
    2019-02-22 00:02 - 2018-07-16 23:01 - 000000000 ____D C:\Users\Eileen
    2019-02-22 00:02 - 2018-07-16 23:01 - 000000000 ____D C:\Users\duck
    2019-02-21 23:53 - 2017-09-16 05:54 - 000000000 ____D C:\Program Files (x86)\Dropbox
    2019-02-19 17:47 - 2018-01-20 21:22 - 000000000 ____D C:\Users\alexander\AppData\Local\Packages
    2019-02-19 09:31 - 2018-01-12 23:40 - 000000000 ____D C:\Program Files\rempl
    2019-02-18 11:17 - 2018-07-16 23:01 - 000000000 ____D C:\Users\alexander
    2019-02-18 08:58 - 2018-04-11 15:36 - 000000000 ____D C:\WINDOWS\INF
    2019-02-17 11:54 - 2018-07-17 07:51 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
    2019-02-17 01:34 - 2018-04-11 13:04 - 001310720 _____ C:\WINDOWS\system32\config\BBI
    2019-02-16 22:11 - 2018-04-11 15:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
    2019-02-16 22:11 - 2015-12-27 23:51 - 000000000 ____D C:\ProgramData\Malwarebytes
    2019-02-16 11:21 - 2017-09-29 15:11 - 000474712 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
    2019-02-16 11:20 - 2018-10-13 06:11 - 000042552 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgKbd.sys
    2019-02-16 11:20 - 2017-09-29 15:11 - 000380208 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
    2019-02-16 11:20 - 2017-09-29 15:11 - 000217040 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys
    2019-02-16 11:20 - 2017-09-29 15:11 - 000167560 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
    2019-02-16 11:20 - 2017-09-29 15:11 - 000112568 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
    2019-02-16 11:20 - 2017-09-29 15:11 - 000088208 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
    2019-02-16 11:19 - 2019-01-15 21:39 - 000226448 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdriver.sys
    2019-02-16 11:19 - 2019-01-15 19:13 - 000320960 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgblog.sys
    2019-02-16 11:19 - 2019-01-15 19:13 - 000196848 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsh.sys
    2019-02-16 11:19 - 2019-01-15 19:13 - 000058008 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniv.sys
    2019-02-16 11:19 - 2017-11-13 21:33 - 000205656 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
    2019-02-16 11:19 - 2017-09-29 15:11 - 001034184 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
    2019-02-16 09:19 - 2018-12-14 00:22 - 000000000 ____D C:\Users\alexander\Alex_Documents\20182019_AA_reimbursementCruise
    2019-02-16 08:55 - 2018-07-17 07:31 - 000968400 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2019-02-14 22:13 - 2018-07-16 22:50 - 000465384 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2019-02-13 23:41 - 2018-04-11 15:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
    2019-02-13 23:41 - 2018-04-11 15:38 - 000000000 ___SD C:\WINDOWS\system32\F12
    2019-02-13 23:41 - 2018-04-11 15:38 - 000000000 ___RD C:\Program Files\Windows Defender
    2019-02-13 23:41 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\TextInput
    2019-02-13 23:41 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
    2019-02-13 23:41 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\bcastdvr
    2019-02-12 23:13 - 2016-10-22 08:22 - 000000000 ___RD C:\Users\alexander\Alex_Documents\Scanned Documents
    2019-02-12 16:18 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
    2019-02-12 16:18 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
    2019-02-12 15:35 - 2014-04-09 02:06 - 000000000 ____D C:\WINDOWS\system32\MRT
    2019-02-12 15:30 - 2012-03-12 15:27 - 129330784 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2019-02-10 14:10 - 2018-07-16 23:01 - 000002409 _____ C:\Users\alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2019-02-10 14:10 - 2015-10-25 07:25 - 000000000 ___RD C:\Users\alexander\OneDrive
    2019-02-09 20:47 - 2014-07-15 20:54 - 000000000 ____D C:\Users\alexander\AppData\Roaming\vlc
    2019-02-08 22:55 - 2019-01-21 19:18 - 000000000 ____D C:\Users\alexander\Alex_Documents\2019_DemoReel_Resume
    2019-02-07 23:57 - 2018-07-03 03:42 - 000000000 ____D C:\ProgramData\Packages
    2019-02-02 14:53 - 2018-11-18 21:52 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2019-02-02 14:53 - 2018-11-18 21:52 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2019-02-02 14:06 - 2014-04-10 19:48 - 000000000 ___RD C:\Users\alexander\Alex_Documents
    2019-02-02 13:40 - 2014-04-08 22:14 - 000000000 ____D C:\Install
    2019-01-31 23:42 - 2010-11-20 19:27 - 000592616 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
    2019-01-27 11:17 - 2015-05-25 13:26 - 000000000 ____D C:\Users\alexander\AppData\Roaming\dvdcss
    2019-01-27 11:03 - 2015-10-25 07:24 - 000000000 ____D C:\Users\alexander\AppData\Local\Windows Live
    2019-01-27 11:03 - 2015-06-13 13:14 - 000000000 ____D C:\Users\alexander\AppData\Local\Apple Computer

    ==================== Files in the root of some directories =======

    2018-01-13 00:17 - 2018-01-13 00:17 - 000000008 _____ () C:\Users\alexander\AppData\Roaming\com.silhouettesoftware.id
    2014-08-08 15:34 - 2014-08-08 15:34 - 000006656 _____ () C:\Users\alexander\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2016-05-06 20:24 - 2016-05-06 20:24 - 000000600 _____ () C:\Users\alexander\AppData\Local\PUTTY.RND
    2017-09-17 16:46 - 2017-09-17 16:46 - 000000843 _____ () C:\Users\alexander\AppData\Local\recently-used.xbel

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\dllhost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2018-07-16 22:50

    ==================== End of FRST.txt ============================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.02.2019 02
    Ran by alexander (23-02-2019 18:34:05)
    Running from C:\Users\alexander\Desktop
    Windows 10 Pro Version 1803 17134.590 (X64) (2018-07-17 15:52:00)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2772892075-776610616-2658955011-500 - Administrator - Disabled)
    alexander (S-1-5-21-2772892075-776610616-2658955011-1003 - Administrator - Enabled) => C:\Users\alexander
    DefaultAccount (S-1-5-21-2772892075-776610616-2658955011-503 - Limited - Disabled)
    duck (S-1-5-21-2772892075-776610616-2658955011-1000 - Administrator - Enabled) => C:\Users\duck
    Eileen (S-1-5-21-2772892075-776610616-2658955011-1004 - Administrator - Enabled) => C:\Users\Eileen
    Guest (S-1-5-21-2772892075-776610616-2658955011-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2772892075-776610616-2658955011-1002 - Limited - Enabled)
    justi (S-1-5-21-2772892075-776610616-2658955011-1008 - Limited - Disabled) => C:\Users\justi
    kidsWorldOfTanks (S-1-5-21-2772892075-776610616-2658955011-1018 - Limited - Enabled) => C:\Users\kidsWorldOfTanks
    nicho (S-1-5-21-2772892075-776610616-2658955011-1009 - Limited - Disabled) => C:\Users\nicho
    postgres (S-1-5-21-2772892075-776610616-2658955011-1020 - Limited - Enabled) => C:\Users\postgres
    WDAGUtilityAccount (S-1-5-21-2772892075-776610616-2658955011-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: AVG Antivirus (Enabled - Up to date) {4FC75CA5-1654-5411-7CFB-1893D506BCF4}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: AVG Antivirus (Enabled - Up to date) {F4A6BD41-306E-5B9F-464B-23E1AE81F649}
    FW: AVG Antivirus (Enabled) {77FCDD80-5C3B-5549-57A4-B1A62BD5FB8F}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    2600 (HKLM-x32\...\{0E4EDFCB-DC4D-4339-AB85-A8444E85D37B}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
    2600_Help (HKLM-x32\...\{8A4B0C5D-035C-4643-B80F-AFF81534D117}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden
    2600Trb (HKLM-x32\...\{6F215D53-6560-4E65-B268-3358508C6D6D}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden
    64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20098 - Adobe Systems Incorporated)
    Adobe Flash Player 10 ActiveX (HKLM-x32\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
    Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.142 - Adobe Systems Incorporated)
    Adobe Photoshop Elements 6.0 (HKLM-x32\...\Adobe Photoshop Elements 6) (Version: 6.0 - Adobe Systems Inc.)
    AIO_CDB_ProductContext (HKLM-x32\...\{E7112940-5F8E-4918-B9FE-251F2F8DC81F}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
    AIO_CDB_Software (HKLM-x32\...\{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
    AIO_Scan (HKLM-x32\...\{104066F4-5897-4067-85D3-4C88B67CCF75}) (Version: 130.0.421.000 - Hewlett-Packard) Hidden
    Amcrest IP Config 3.20.10 (HKLM-x32\...\Amcrest IP Config) (Version: 3.20.10 - Amcrest Technologies LLC)
    Anime Studio Pro 9.2 (HKLM\...\ASP920_is1) (Version: 9.2 - Smith Micro Software, Inc.)
    Anime Studio Pro 9.2 (x86) (HKLM-x32\...\ASP920_is1) (Version: 9.2 - Smith Micro Software, Inc.)
    Anime Studio Pro 9.5 (HKLM\...\ASP95_is1) (Version: 9.5 - Smith Micro Software, Inc.)
    App Game Kit 2 (HKU\S-1-5-21-2772892075-776610616-2658955011-1003\...\AGK2) (Version: - )
    Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
    Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{97FCE17A-EE75-465B-A844-3D458CF8B801}) (Version: 4.2.60128.3 - Microsoft Corporation)
    Autodesk Backburner 2014 (HKLM-x32\...\{3D347E6D-5A03-4342-B5BA-6A771885F379}) (Version: 14.0.0.0 - Autodesk, Inc.)
    Autodesk Certificate Package (x64) - 5.1.4 (HKLM\...\{79D5E475-5EAB-4474-84F5-BD612337A175}) (Version: 5.1.4.100 - Autodesk)
    Autodesk Composite 2014 (HKLM\...\{5AAB972C-FF31-4B01-8445-50C42860EC02}) (Version: 9.0.0.0 - Autodesk) Hidden
    Autodesk Composite 2014 (HKLM\...\Autodesk Composite 2014) (Version: 9.0.0.0 - Autodesk)
    Autodesk Desktop App (HKLM-x32\...\Autodesk Desktop App) (Version: 7.0.6.378 - Autodesk)
    Autodesk DirectConnect 2014 64-bit (HKLM\...\{8FC7C2B2-0F64-4B35-AA3D-2B051D009243}) (Version: 8.0.56.1 - Autodesk) Hidden
    Autodesk DirectConnect 2014 64-bit (HKLM\...\Autodesk DirectConnect 2014 64-bit) (Version: 8.0.56.1 - Autodesk)
    Autodesk License Service (x64) - 4.1 (HKLM\...\{B827D6B7-7731-43BA-92EC-916C89C88964}) (Version: 4.1.1.0 - Autodesk)
    Autodesk License Service (x64) - 5.1.5 (HKLM\...\{3609A8D9-FC0C-4C9B-9F58-0B1D1A4FE556}) (Version: 5.1.5.0 - Autodesk)
    Autodesk MatchMover 2014 (HKLM\...\{B151ECD3-2DBE-45E9-816E-F8AA6238F6A8}) (Version: 14.00.0000 - Autodesk)
    Autodesk Material Library 2011 (HKLM-x32\...\{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}) (Version: 2.0.0.49 - Autodesk)
    Autodesk Material Library 2011 Base Image library (HKLM-x32\...\{CD1E078C-A6B9-47DA-B035-6365C85C7832}) (Version: 2.0.0.49 - Autodesk)
    Autodesk Material Library 2011 Medium Image library (HKLM-x32\...\{975951E7-14D0-49AF-A630-89680D12D7F6}) (Version: 2.0.0.49 - Autodesk)
    Autodesk Maya 2011 64-bit (HKLM\...\{887CB4A1-5DB4-4924-A2C6-CDCB72376CC7}) (Version: 13.00.0000 - Autodesk)
    Autodesk Maya 2011 English Documentation 64-bit (HKLM\...\{47374ACF-9023-40e7-9830-ECED0DCBC3DC}) (Version: 13.0 - Autodesk)
    Autodesk Maya 2014 (HKLM\...\{7FA8BC5D-7CE4-42F3-8EAE-32DF5BAB53A7}) (Version: 16.0.0.0 - Autodesk) Hidden
    Autodesk Maya 2014 (HKLM\...\Autodesk Maya 2014) (Version: 16.0.0.0 - Autodesk)
    Autodesk Maya 2017 (HKLM\...\{847DE41D-1C5A-4A52-ADD4-AE708757EDBD}) (Version: 17.0.1720.0 - Autodesk) Hidden
    Autodesk Maya 2017 (HKLM\...\Autodesk Maya 2017) (Version: 17.0.1720.0 - Autodesk)
    Autodesk Maya 2018 (HKLM\...\{DBC07F9F-5C44-4E76-8805-A970807DBD6B}) (Version: 18.0.0.5870 - Autodesk) Hidden
    Autodesk Maya 2018 (HKLM\...\Autodesk Maya 2018) (Version: 18.0.0.5870 - Autodesk)
    Autodesk Mudbox 2011 64-bit (HKLM\...\{B89C55B6-D6DF-415B-98CD-E6AD404AD5C5}) (Version: 2011.0.0 - Autodesk)
    AVG Internet Security (HKLM-x32\...\AVG Antivirus) (Version: 19.2.3079 - AVG Technologies)
    Azure AD Authentication Connected Service (HKLM-x32\...\{3FEAC561-1CF6-41D6-B0F3-BECDD9C88A1B}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
    AzureTools.Notifications (HKLM-x32\...\{1E5CA362-39B6-4BD0-B9C0-69CF15F0FEA2}) (Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
    Bifrost for Maya 2018 (HKLM\...\{88F9B0C0-F303-45AD-8FC8-48373B4479BD}) (Version: 1.5.0.0 - Autodesk)
    Bifrost for Maya 2018 1.5.0.0 (HKLM\...\Bifrost for Maya 2018) (Version: - )
    Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    BufferChm (HKLM-x32\...\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}) (Version: 130.0.331.000 - Hewlett-Packard) Hidden
    Canon Auto Update Service (HKLM-x32\...\Auto Update Service) (Version: 1.1.0.13 - Canon Inc.)
    Canon DIGITAL CAMERA Solution Disk Software Guide (HKLM-x32\...\Software Guide) (Version: 1.6.0.1 - Canon Inc.)
    CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM-x32\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)
    CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.)
    Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.9.0.8 - Canon Inc.)
    Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.8.0.1 - Canon Inc.)
    Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.9.0.6 - Canon Inc.)
    Canon PowerShot S100 Camera User Guide (HKLM-x32\...\CameraUserGuide-PSS100) (Version: 1.0.0.1 - Canon Inc.)
    Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC8) (Version: 8.6.0.11 - Canon Inc.)
    Canon Utilities CameraWindow Launcher (HKLM-x32\...\CameraWindowLauncher) (Version: 7.6.0.1 - Canon Inc.)
    Canon Utilities Digital Photo Professional 3.11 (HKLM-x32\...\DPP) (Version: 3.11.3.10 - Canon Inc.)
    Canon Utilities Digital Photo Professional 4 (HKLM-x32\...\Digital Photo Professional 4 (x64)) (Version: 4.8.30.0 - Canon Inc.)
    Canon Utilities EOS Lens Registration Tool (HKLM-x32\...\EOS Lens Registration Tool) (Version: 1.8.20.0 - Canon Inc.)
    Canon Utilities Map Utility (HKLM-x32\...\MapUtility) (Version: 1.1.0.4 - Canon Inc.)
    Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.5.0.1 - Canon Inc.)
    Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
    Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.8.0.10 - Canon Inc.)
    Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.6.0.15 - Canon Inc.)
    Composite 2011 (64-bit) (HKLM\...\{DBF6B4E9-CD43-476A-895D-4D688D41CE63}) (Version: 6.0.0 - Autodesk)
    Construct 2 r244 (HKLM\...\Construct 2_is1) (Version: 1.0.244.0 - Scirra)
    Copy (HKLM-x32\...\{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}) (Version: 130.0.428.000 - Hewlett-Packard) Hidden
    Creative Lettering Combo (HKLM-x32\...\Creative Lettering Combo) (Version: - )
    Cura 15.04.5 (HKLM-x32\...\Cura_15.04.5) (Version: - )
    D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
    DaVinci Resolve (HKLM\...\{9438E188-F562-4409-8748-D76B94FF104D}) (Version: 15.2.2007 - Blackmagic Design)
    DaVinci Resolve Panels (HKLM\...\{B1782967-E600-4BBD-B2F1-AEF3F2FE0A12}) (Version: 1.2.1.0 - Blackmagic Design)
    Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 140.0.77.000 - Hewlett-Packard) Hidden
    DeviceDiscovery (HKLM-x32\...\{2FF8C687-DB7D-4adc-A5DC-57983EC25046}) (Version: 130.0.465.000 - Hewlett-Packard) Hidden
    DiscAuthor (HKLM-x32\...\{D6CC65B0-B06E-41D5-83FA-25C29D73A2FF}) (Version: 9.3.00 - Sony Corporation) Hidden
    DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
    Dotfuscator and Analytics Community Edition 5.19.0 (HKLM-x32\...\{4C5B1DD0-7E8E-4972-9247-818E6D030552}) (Version: 5.19.0.2930 - PreEmptive Solutions) Hidden
    Dropbox (HKLM-x32\...\Dropbox) (Version: 67.4.83 - Dropbox, Inc.)
    Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.189.1 - Dropbox, Inc.) Hidden
    Facebook Games Arcade 0.11.2.4 (HKLM-x32\...\{923578AC-231E-4A7C-8AB8-A90C16B8A507}) (Version: 0.11.2.4 - Facebook)
    Fairlight Audio Accelerator Utility (HKLM\...\FairlightAudioAccelerator_is1) (Version: 1.0.6 - Blackmagic Design)
    Fairlight Studio Utility (HKLM\...\{B398FA50-A725-4837-A2A8-6DB38FB6FC0F}) (Version: 1.1.0.0 - Blackmagic Design)
    Fax (HKLM-x32\...\{440B915A-0C85-45DB-92AE-75AE14704A64}) (Version: 130.0.418.000 - Hewlett-Packard) Hidden
    GIMP 2.8.20 (HKLM\...\GIMP-2_is1) (Version: 2.8.20 - The GIMP Team)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.119 - Google Inc.)
    Google Drive (HKLM-x32\...\{A8DC81F2-D365-4248-892A-FA3B5951F731}) (Version: 2.34.9392.7803 - Google, Inc.)
    Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
    Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
    GPBaseService2 (HKLM-x32\...\{63FF21C9-A810-464F-B60A-3111747B1A6D}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
    Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
    HL-2270DW (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.0.7.0 - Brother Industries, Ltd.)
    HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
    HP Officejet Pro 8610 Basic Device Software (HKLM\...\{39DA3F40-0B9E-4002-8E01-108FEC9EFE43}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
    HP Officejet Pro 8610 Help (HKLM-x32\...\{F9569D00-4576-46C8-B6C7-207A4FD39745}) (Version: 32.0.0 - Hewlett Packard)
    HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
    HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
    HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
    HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
    HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 130.0.282.000 - Hewlett-Packard) Hidden
    HPPhotoSmartDiscLabelContent1 (HKLM-x32\...\{681B698F-C997-42C3-B184-B489C6CA24C9}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
    HPPhotosmartEssential (HKLM-x32\...\{D79113E7-274C-470B-BD46-01B10219DF6A}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
    HPProductAssistant (HKLM-x32\...\{C43326F5-F135-4551-8270-7F7ABA0462E1}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
    I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
    iCloud (HKLM\...\{B33C558F-772F-4308-A059-390FBF9BAAAE}) (Version: 5.0.2.61 - Apple Inc.)
    ideaMaker 3.1.7.1850 (HKU\S-1-5-21-2772892075-776610616-2658955011-1003\...\ideaMaker) (Version: 3.1.7.1850 - Raise3D)
    Intel(R) Network Connections 16.5.2.0 (HKLM\...\PROSetDX) (Version: 16.5.2.0 - Intel)
    IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.41 - Irfan Skiljan)
    iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
    Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
    Kingsoft PDF to Word SDK (2.0.1) (HKLM\...\{F0915BBA-A86F-4672-807D-30F38DFC2B44}) (Version: 2.0.1 - Zhuhai Kingsoft Office Software Co.,Ltd)
    Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
    Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
    mental ray renderer for Autodesk Maya 2014 (HKLM\...\{4F5AD3FF-38C6-43FB-BB6F-8EF830DEDF16}) (Version: 13.0.0.0 - mental ray)
    mental ray renderer for Autodesk Maya 2014 (HKLM\...\{8057481C-0CFC-43BB-8EEC-C6A0E1C82E19}) (Version: 13.0.1.0 - mental ray)
    MergeModule_x64 (HKLM\...\{12DCC5A7-0100-4433-B4FF-217A3C5DC83B}) (Version: 9.3.00 - Sony Corporation) Hidden
    MergeModule_x86 (HKLM-x32\...\{42251A8D-C4AE-4D3B-8A50-948CB98A0969}) (Version: 10.5.00 - Sony Corporation) Hidden
    Meshmixer (HKLM\...\Meshmixer_x64) (Version: 11.0.544 - Autodesk, Inc.)
    Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
    Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
    Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
    Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
    Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.24720 - Microsoft Corporation)
    Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.5101.1002 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-2772892075-776610616-2658955011-1003\...\OneDriveSetup.exe) (Version: 19.002.0107.0008 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
    Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
    Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Microsoft Visual Studio 2015 Tools for Unity (HKLM-x32\...\{D68E6605-F852-4936-AB64-04B80E0C85AD}) (Version: 2.2.0.0 - Microsoft Corporation)
    Microsoft Visual Studio Community 2015 with Update 1 (HKLM-x32\...\{1d03ad7c-fa27-4517-91b0-410bb49f94d9}) (Version: 14.0.24720.1 - Microsoft Corporation)
    MiniTool Partition Wizard Home Edition 8.1.1 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
    Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
    MSBuild/NuGet Integration 14.0 (x86) (HKLM-x32\...\{FA0599C5-C083-41BE-8AEA-E8EB9070D128}) (Version: 14.0.24720 - Microsoft Corporation) Hidden
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MtoA for Maya 2017 (HKU\S-1-5-21-2772892075-776610616-2658955011-1003\...\MtoA2017) (Version: 1.3.0.0 - Solid Angle)
    MtoA for Maya 2018 (HKU\S-1-5-21-2772892075-776610616-2658955011-1003\...\MtoA2018) (Version: 2.0.1 - Solid Angle)
    Multi-Device Hybrid Apps using C# - Templates - ENU (HKLM-x32\...\{12D99739-FFD3-3761-8AA6-F929E0FE407E}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
    netfabb Basic version 6.4 (HKLM\...\{7BB85DFB-F509-476F-95FF-F75457C60214}}_is1) (Version: 6.4 - )
    NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.4.56.00 - NETGEAR Inc.)
    Network64 (HKLM\...\{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}) (Version: 130.0.572.000 - Hewlett-Packard) Hidden
    Network64 (HKLM\...\{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}) (Version: 140.0.221.000 - Hewlett-Packard) Hidden
    NewsBin Pro 4.3 (HKLM-x32\...\NB40) (Version: - )
    NVIDIA 3D Vision Controller Driver 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 332.21 - NVIDIA Corporation)
    NVIDIA nView 141.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 141.00 - NVIDIA Corporation)
    NVIDIA WMI 2.16.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.16.0 - NVIDIA Corporation)
    OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
    Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5101.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5101.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5101.1002 - Microsoft Corporation) Hidden
    paint.net (HKLM\...\{E8FA8815-3817-4128-A814-E2EAC456ADF0}) (Version: 4.0.21 - dotPDN LLC)
    PlayMemories Home (HKLM-x32\...\{D3981248-DBE7-4050-B666-A7FE5AFFC62C}) (Version: 5.5.01.05091 - Sony Corporation)
    PMB_ModeEditor (HKLM-x32\...\{E95982CA-945F-41F2-B156-A603897AB242}) (Version: 10.3.00 - Sony Corporation) Hidden
    PMB_ServiceUploader (HKLM-x32\...\{7D3A0097-9E0E-4073-801C-295BBDAEAED8}) (Version: 10.5.01 - Sony Corporation) Hidden
    Poser 10 version 10.0.3 (HKLM-x32\...\Poser 10_is1) (Version: 10.0.3 - Smith Micro Software, Inc.)
    PoserContent2014 (HKLM\...\PoserContent2014_is1) (Version: 10.0.0 - Smith Micro Software, Inc.)
    PostgreSQL 9.5 (HKLM\...\PostgreSQL 9.5) (Version: 9.5 - PostgreSQL Global Development Group)
    PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{436A18DD-5F2C-4B3C-985E-AD3C13B0CC25}) (Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
    QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6438 - Realtek Semiconductor Corp.)
    Roslyn Language Services - x86 (HKLM-x32\...\{3107684C-8011-3031-BD28-10CA30F58267}) (Version: 14.0.24730 - Microsoft Corporation) Hidden
    Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
    Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.80.000 - Hewlett-Packard) Hidden
    Sculptris Alpha 6 (HKLM-x32\...\Sculptris Alpha 6 Alpha 6) (Version: Alpha 6 - Pixologic)
    SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
    Shotcut (HKLM-x32\...\Shotcut) (Version: - )
    Silhouette Link (HKLM-x32\...\{C2136C80-F9D4-4096-86D4-C641BB36DFF3}) (Version: 1.0.096 - Silhouette America)
    Silhouette ModelMaker (HKLM-x32\...\{1BB30D06-279A-452C-9054-8D1B57DFA777}) (Version: 3.0.058 - Silhouette America)
    Silhouette Studio (HKLM-x32\...\{0D8DBAD8-7EEF-4F16-8D1B-DE8EBBD46FFA}) (Version: 4.1.468 - Silhouette America)
    SmartWebPrinting (HKLM-x32\...\{DC635845-46D3-404B-BCB1-FC4A91091AFA}) (Version: 130.0.457.000 - Hewlett-Packard) Hidden
    Smith Micro Download Manager version 1.0 (HKLM-x32\...\{89816111-4490-46FB-B141-63EA77077A94}_is1) (Version: 1.0 - Smith Micro Software, Inc.)
    SolutionCenter (HKLM-x32\...\{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}) (Version: 130.0.373.000 - Hewlett-Packard) Hidden
    STAR WARSŪ - TIE Fighter (1998) (HKLM-x32\...\1207666413_is1) (Version: 2.0.0.5 - GOG.com)
    STAR WARSŪ - X-Wing (1998) (HKLM-x32\...\1207666393_is1) (Version: 2.0.0.5 - GOG.com)
    Status (HKLM-x32\...\{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}) (Version: 130.0.469.000 - Hewlett-Packard) Hidden
    Team Explorer for Microsoft Visual Studio 2015 (HKLM-x32\...\{48992F68-BEE6-35D8-89AC-6A81406F1096}) (Version: 14.0.24712 - Microsoft Corporation) Hidden
    TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29480 - TeamViewer)
    Test Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{9EABBFE1-7EED-47D9-8FB8-21D7E4808057}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
    Toolbox (HKLM-x32\...\{6BBA26E9-AB03-4FE7-831A-3535584CA002}) (Version: 130.0.648.000 - Hewlett-Packard) Hidden
    TrayApp (HKLM-x32\...\{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}) (Version: 130.0.422.000 - Hewlett-Packard) Hidden
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
    TypeScript Power Tool (HKLM-x32\...\{CF436B98-B0FE-447F-8E46-68E0B14FDDE0}) (Version: 1.7.6.0 - Microsoft Corporation) Hidden
    TypeScript Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{F66F9C2A-E14B-4D30-82C5-A4E32B569286}) (Version: 1.7.6.0 - Microsoft Corporation) Hidden
    TypeScript Tools for Microsoft Visual Studio 2015 1.7.6.0 (HKLM-x32\...\{5ee9a47a-3630-4016-b76d-dc752e9218dd}) (Version: 1.7.24809.0 - Microsoft Corporation)
    Unity (HKLM-x32\...\Unity) (Version: 5.3.5f1 - Unity Technologies ApS)
    Unity Web Player (HKU\S-1-5-21-2772892075-776610616-2658955011-1003\...\UnityWebPlayer) (Version: 5.3.5f1 - Unity Technologies ApS)
    UnloadSupport (HKLM-x32\...\{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}) (Version: 11.0.0 - Hewlett-Packard) Hidden
    Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
    Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C99F4AFA-B32C-4063-865C-D7B5CC0A78FB}) (Version: 2.54.0.0 - Microsoft Corporation)
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    Visual Studio 2015 Update 1 (KB3022398) (HKLM-x32\...\{fcaa9dba-9438-48b6-ad91-4e9b4cc7084a}) (Version: 14.0.24720 - Microsoft Corporation)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
    VoiceOver Kit (HKLM\...\{703D47B8-2869-4A50-B988-BDE18772A474}) (Version: 1.43.128.3 - Apple Inc.)
    VS Update core components (HKLM-x32\...\{5F7870A1-0586-313E-A9FF-3249DCE9F63A}) (Version: 14.0.24720 - Microsoft Corporation) Hidden
    Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.27-2 - Wacom Technology Corp.)
    WCF Data Services 5.6.4 Runtime (HKLM-x32\...\{DB85E7BD-B2DD-43D4-B3C0-23D7B527B597}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
    WCF Data Services Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{0A3B508E-5638-4471-BCC9-954E1868CB86}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
    WebReg (HKLM-x32\...\{43CDF946-F5D9-4292-B006-BA0D92013021}) (Version: 130.0.132.017 - Hewlett-Packard) Hidden
    Windows Driver Package - Arduino LLC (www.arduino.cc) Arduino USB Driver (01/04/2013 1.0.0.0) (HKLM\...\1E3EA5624DD04BEFECF3FFF6D3A21CCE9CD70A91) (Version: 01/04/2013 1.0.0.0 - Arduino LLC (www.arduino.cc))
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    WinX DVD Ripper Platinum 8.9.0 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version: - Digiarty Software, Inc.)
    World of Tanks (HKU\S-1-5-21-2772892075-776610616-2658955011-1003\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812na}_is1) (Version: - Wargaming.net)
    WPS PDF to Word (HKU\S-1-5-21-2772892075-776610616-2658955011-1003\...\Kingsoft PDF to Word) (Version: 10.2.0.5824 - Kingsoft Corp.)
    ZBrush 4R6 (HKLM-x32\...\ZBrush 4R6 4R6) (Version: 4R6 - Pixologic)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-2772892075-776610616-2658955011-1003_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\WINDOWS\system32\shell32.dll (Microsoft Windows -> Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2772892075-776610616-2658955011-1003_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll => No File
    CustomCLSID: HKU\S-1-5-21-2772892075-776610616-2658955011-1003_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\alexander\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2772892075-776610616-2658955011-1003_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\alexander\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2772892075-776610616-2658955011-1003_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\alexander\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll (Google Inc -> Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2772892075-776610616-2658955011-1003_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\InprocServer32 -> C:\WINDOWS\system32\shell32.dll (Microsoft Windows -> Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2772892075-776610616-2658955011-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\alexander\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll (Google Inc -> Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2772892075-776610616-2658955011-1003_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\alexander\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => No File
    ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-19] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-19] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-19] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-19] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-19] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-19] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-19] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-19] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-19] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-19] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-19] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-19] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-19] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-19] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-19] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-19] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-19] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-19] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-19] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-19] (Dropbox, Inc -> Dropbox, Inc.)
    ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2019-02-16] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-19] (Dropbox, Inc -> Dropbox, Inc.)
    ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
    ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2015-10-21] (Apple Inc. -> Apple Inc.)
    ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
    ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-19] (Dropbox, Inc -> Dropbox, Inc.)
    ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
    ContextMenuHandlers5: [00nView] -> {1E9B04FB-F9E5-4718-997B-B8DA88302A48} => C:\Program Files\NVIDIA Corporation\nview\nvshell.dll [2014-01-24] (NVIDIA Corporation -> )
    ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-19] (Dropbox, Inc -> Dropbox, Inc.)
    ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
    ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-30] (NVIDIA Corporation -> NVIDIA Corporation)
    ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2019-02-16] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {01D17DB1-038B-4B39-ADE3-9F9214986558} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
    Task: {0507462F-4DD2-4574-AB63-7D97E41CB23F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
    Task: {089860B1-9489-4CD2-A369-FD26267499DE} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
    Task: {092A0002-CEAB-4F6D-9872-4EFD00487134} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {1365BFF2-E343-4518-AFE8-7E9A326B1076} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {13FADFA6-5A2D-4933-BCFC-338E8645DC3C} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe
    Task: {16387243-EC06-4293-A29A-FB2CDF59ABCD} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
    Task: {1ABAC01C-A4C4-4876-8E89-8C4DB4F39044} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.)
    Task: {1D92B8E2-32D3-48DD-831D-580CDFB1E7D4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {1DDC534E-78BC-41AF-98DA-680474D0B1DE} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {22047C79-6C71-48F5-AE51-700EC557B724} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2772892075-776610616-2658955011-1003Core1d257ee10ebf98b => C:\Users\alexander\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
    Task: {2377A907-0EF1-4272-BB64-7119A35986FD} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
    Task: {2C455100-F2C5-466C-A1BA-0F9BE19C0256} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {3098E804-C142-47F2-87AA-4257C97C3A96} - System32\Tasks\WpsPdf2WordUpdateTask_alexander => C:\Users\alexander\AppData\Local\Kingsoft\PDF2Word\10.2.0.5824\wtoolex\pdf2wordupd.exe (Zhuhai Kingsoft Office Software Co.,Ltd -> Zhuhai Kingsoft Office Software Co.,Ltd)
    Task: {3170D00E-E7FE-4237-8480-A2A3C54782C0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
    Task: {34051E39-E6D9-41F9-803E-D54AC8B9B369} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    Task: {355FAC01-2552-4DC3-B8CB-7875DDE1BCAC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
    Task: {3B5A95AF-AAD2-492C-AFD8-D0BD87CDC33E} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
    Task: {3D437CFB-2A77-411B-A0BD-D05FDF472352} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {42011172-C95E-4825-A7A1-265A8300F5ED} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2772892075-776610616-2658955011-1003UA1d1e9121cdfcb22 => C:\Users\alexander\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
    Task: {46BF05B5-E36D-4513-9D86-5EFB5AD82F23} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {4BE12509-A3C8-4BB8-8AA6-AE2461B69C7A} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {50975536-67B1-4160-8465-8129123ADF25} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {5B686B57-C883-4A04-A37C-0FAAC2635F5F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
    Task: {6496A9F2-8D92-4B15-B6A8-6F3644D0435B} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {69DF5C15-C6AA-4822-94BA-7AED5C2361B3} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
    Task: {6A060F0F-2D7F-4B07-81DF-0C54C9C6DED5} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {70D8729C-C539-45D9-819F-A3B6C149B93F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2772892075-776610616-2658955011-1003UA1d257ee10fffd6a => C:\Users\alexander\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
    Task: {72B8013C-3619-482C-960E-D2DFD67B8771} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {749AC711-AA62-4D1D-B314-EF1C97E1CA56} - System32\Tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup => C:\WINDOWS\system32\dstokenclean.exe
    Task: {75522E26-6BE6-4F53-A0FA-14470ECAACAB} - System32\Tasks\Microsoft\Windows\Clip\License Validation => C:\WINDOWS\system32\ClipUp.exe (Error3: CryptCATAdminCalcHashFromFileHandle failed to return cbHash, #2 -> ) [File not signed]
    Task: {79674903-AB33-4E76-AAD9-3522D653FD15} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    Task: {79F05988-2250-4E0C-9EBF-6FDBCF163B1C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {7C2005CD-8308-4B2B-8655-7A1305941D41} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {7D0F7BE2-26F1-4BE7-A428-1E6293D0A641} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {7DAD2D6D-0D96-47E6-BD83-17E10A536DD9} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {7EB44E62-51AF-48F3-A343-559B78940CD1} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
    Task: {82BE69B9-DAC9-4B6D-86BA-8CD22751525B} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {83D5FB3A-4F8D-4736-B8F3-5E431D227047} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {844F3D5F-8089-4FB6-BBC6-875EDB63066A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
    Task: {8AFB88DC-A159-4A11-9E29-5DF23500597B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {8B3AABA7-9840-4F86-9CD2-5025A52C0BFA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {8F9F413A-2D28-44F1-ADE3-CF693517E1C9} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {921A5468-6D3C-4679-A3B0-A83B135704D5} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {990FD5CD-425C-402F-8C04-BDC0CFDFC107} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    Task: {A16BF80A-80CD-488C-BC3D-D9D4B3BF781B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2772892075-776610616-2658955011-1003Core1d1e9121a922e11 => C:\Users\alexander\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
    Task: {A5FBF168-BBEF-442B-B8FC-53A4E0BAFF8A} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
    Task: {AB8C22C4-E263-4618-AC9C-B924F8E8ECA3} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {AC218CB8-DC66-4D67-8DB2-6F578AD625B4} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Oracle America, Inc. -> Oracle Corporation)
    Task: {B36A94AC-7CAC-44E0-A52D-66F7F2F30C12} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
    Task: {BC0E0603-9A5C-4293-A58F-036771EEE5B5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2772892075-776610616-2658955011-1003UA => C:\Users\alexander\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
    Task: {BDC7EBD5-F33A-4590-B004-F89A10029FF1} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {C19FC2DD-0F83-4F89-B3C8-48F1B29BB3A1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {C52564C7-B70B-4373-98D9-8FDEC3B2AD2A} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {C540438D-5ABA-42D1-BFBB-243C7E46E98E} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {CC4CB81F-98DC-414F-919D-51ED79224802} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_142_Plugin.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
    Task: {CDEE4E3A-2B4C-48BA-8E16-6852DE205CFB} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.)
    Task: {D10BA129-DC3D-460F-B80E-5240E3E9A951} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
    Task: {D71F4F36-8984-4375-BE31-55960C91047F} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Nicholas\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
    Task: {D9EB11A1-7492-465A-AFF6-236E1EA358BF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2772892075-776610616-2658955011-1003Core => C:\Users\alexander\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
    Task: {DD0A4FFC-FC8E-4DE2-9FBE-CDBDB20368D0} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
    Task: {E19573A3-0F37-4711-9523-92CB058E73E4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe (Apple Inc. -> Apple Inc.)
    Task: {ECCDC3B6-7861-470A-8EBF-83EDCF3458F5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {F1645F35-BF36-42B0-A994-53E890A78B6F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {F294C219-48CF-44BE-9FCC-B31336FD42FD} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
    Task: {F5BD1DAF-A4BB-4354-9000-6CE423E503CD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
    Task: {FC680B43-9335-47EE-A5BF-99A79AF39A56} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2772892075-776610616-2658955011-1003Core.job => C:\Users\alexander\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2772892075-776610616-2658955011-1003Core1d1e9121a922e11.job => C:\Users\alexander\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2772892075-776610616-2658955011-1003UA.job => C:\Users\alexander\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2772892075-776610616-2658955011-1003UA1d1e9121cdfcb22.job => C:\Users\alexander\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\WpsPdf2WordUpdateTask_alexander.job => C:\Users\alexander\AppData\Local\Kingsoft\PDF2Word\10.2.0.5824\wtoolex\pdf2wordupd.exe

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)

    WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name="BVTConsumer"",Filter="__EventFilter.Name="BVTFilter"::
    WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
    WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

    ==================== Loaded Modules (Whitelisted) ==============

    2019-02-16 11:19 - 2019-02-16 11:19 - 000650672 _____ () c:\program files (x86)\avg\antivirus\streamback.dll
    2019-02-16 11:19 - 2019-02-16 11:19 - 000321968 _____ () C:\Program Files (x86)\AVG\Antivirus\serialization.dll
    2014-04-09 22:18 - 2017-01-17 03:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2016-03-18 21:56 - 2016-03-18 21:56 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2016-03-18 21:56 - 2016-03-18 21:56 - 001329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2007-09-10 23:45 - 2007-09-10 23:45 - 000124832 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    2016-12-06 03:06 - 2016-12-06 03:06 - 000897200 _____ () C:\Program Files (x86)\Silhouette America\Silhouette Link\Resources\Resources\SPEC_LK\SilhouetteLinkServer.32.exe
    2019-02-02 13:44 - 2016-08-08 21:13 - 000183296 _____ () C:\Program Files\PostgreSQL\9.5\bin\LIBPQ.dll
    2019-02-02 13:45 - 2016-07-27 00:08 - 002264576 _____ () C:\Program Files\PostgreSQL\9.5\bin\libxml2.dll
    2012-12-11 10:59 - 2014-01-24 00:40 - 002588960 _____ () C:\Program Files\NVIDIA Corporation\nview\nview64.dll
    2018-01-19 23:32 - 2017-12-13 10:49 - 002288072 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
    2018-04-11 15:34 - 2018-04-11 15:34 - 000491744 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
    2018-04-11 15:34 - 2018-04-11 15:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
    2018-12-11 12:47 - 2018-11-08 18:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
    2019-02-22 00:00 - 2019-02-23 01:17 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
    2019-02-22 00:00 - 2019-02-23 01:17 - 000019456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll
    2019-02-07 23:56 - 2019-02-07 23:56 - 028028416 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Video.UI.exe
    2019-02-06 12:55 - 2019-02-06 12:55 - 000305152 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\SharedUI.dll
    2017-12-01 23:42 - 2017-12-01 23:43 - 000902656 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.UI.Xaml.dll
    2018-11-28 11:01 - 2018-11-28 11:01 - 004202208 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
    2019-02-06 12:55 - 2019-02-06 12:55 - 006033408 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\EntCommon.dll
    2019-02-06 12:55 - 2019-02-06 12:55 - 009338368 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\EntPlat.dll
    2019-02-22 00:27 - 2019-02-19 20:51 - 005186032 _____ () C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.119\libglesv2.dll
    2019-02-22 00:27 - 2019-02-19 20:51 - 000117232 _____ () C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.119\libegl.dll
    2009-10-14 12:36 - 2009-10-14 12:36 - 002793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    2019-01-15 19:12 - 2019-01-15 19:12 - 093696960 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll
    2009-10-14 12:34 - 2009-10-14 12:34 - 000560472 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
    2018-07-22 21:31 - 2018-07-22 21:31 - 000080472 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
    2019-01-31 07:41 - 2019-01-31 07:42 - 000481280 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    2019-01-31 07:41 - 2019-01-31 07:42 - 080636416 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
    2017-10-04 20:15 - 2017-10-04 20:19 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
    2019-01-15 18:44 - 2019-01-15 18:46 - 000012288 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
    2019-01-31 07:41 - 2019-01-31 07:41 - 003824640 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
    2019-01-31 07:41 - 2019-01-31 07:42 - 014225408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
    2019-01-31 07:41 - 2019-01-31 07:41 - 002871296 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
    2018-08-30 22:48 - 2018-08-30 22:49 - 000973312 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
    2018-07-27 01:41 - 2018-07-27 01:41 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
    2019-01-30 06:37 - 2019-01-30 06:37 - 000282624 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
    2018-11-06 14:34 - 2018-11-06 14:34 - 002538056 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
    2019-01-30 06:37 - 2019-01-30 06:37 - 001757696 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.dll
    2018-10-04 00:38 - 2018-10-04 00:38 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
    2019-02-22 00:00 - 2019-02-23 01:17 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
    2017-10-12 21:56 - 2017-06-15 06:16 - 000061944 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\QtSolutions_Service-head.dll
    2017-10-12 21:56 - 2017-06-15 06:15 - 000110584 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qjson0.dll
    2012-12-11 10:59 - 2014-01-24 00:40 - 002148640 _____ () C:\Program Files\NVIDIA Corporation\nview\nview.dll
    2017-09-04 12:41 - 2018-10-02 06:51 - 001663352 _____ () \\?\C:\ProgramData\Wargaming.net\GameCenter\dlls\libGLESv2.dll
    2017-09-04 12:41 - 2018-10-02 06:51 - 000092536 _____ () \\?\C:\ProgramData\Wargaming.net\GameCenter\dlls\libEGL.dll
    2017-09-04 12:41 - 2018-11-29 12:15 - 049006456 _____ () \\?\C:\ProgramData\Wargaming.net\GameCenter\dlls\libcef.dll
    2014-12-21 08:07 - 2014-12-21 08:07 - 000119822 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
    2014-12-21 08:07 - 2014-12-21 08:07 - 001026062 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libstdc++-6.dll
    2018-08-08 22:07 - 2018-08-08 22:07 - 000706560 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll
    2018-08-05 22:46 - 2018-08-05 22:46 - 001698304 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SvtNetworkTool.dll
    2018-07-19 20:31 - 2018-07-19 20:31 - 000168448 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
    2018-07-19 20:31 - 2018-07-19 20:31 - 000591872 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll
    2018-08-05 22:45 - 2018-08-05 22:45 - 006901248 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll
    2016-02-26 02:07 - 2016-02-26 02:07 - 000049152 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QRCode.dll
    2016-08-15 00:28 - 2016-08-15 00:28 - 001125888 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\qwt.dll
    2018-07-19 20:36 - 2018-07-19 20:36 - 002980352 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_MyMedia.dll
    2012-06-27 14:23 - 2012-06-27 14:23 - 000111616 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libvlc.dll
    2012-06-27 14:23 - 2012-06-27 14:23 - 002285056 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libvlccore.dll
    2018-07-23 22:36 - 2018-07-23 22:36 - 000964096 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
    2016-02-22 00:25 - 2016-02-22 00:25 - 000116224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll
    2018-07-19 20:33 - 2018-07-19 20:33 - 001257984 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
    2018-07-20 02:50 - 2018-07-20 02:50 - 011971072 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll
    2018-07-23 23:59 - 2018-07-23 23:59 - 002669056 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
    2018-08-08 22:07 - 2018-08-08 22:07 - 000270848 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
    2018-08-08 22:07 - 2018-08-08 22:07 - 000887296 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Ui.dll
    2018-07-19 20:33 - 2018-07-19 20:33 - 000422400 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
    2016-01-14 18:06 - 2016-01-14 18:06 - 000057344 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll
    2016-03-02 20:17 - 2016-03-02 20:17 - 000146944 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll
    2015-08-24 00:41 - 2015-08-24 00:41 - 002360622 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\drivers\libntgr_api.dll
    2016-03-02 20:17 - 2016-03-02 20:17 - 000072192 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.dll
    2016-03-02 20:17 - 2016-03-02 20:17 - 000074752 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll
    2016-03-02 20:17 - 2016-03-02 20:17 - 000136704 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll
    2012-06-27 14:23 - 2012-06-27 14:23 - 000219648 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\plugins\access\libdshow_plugin.dll
    2012-06-27 14:23 - 2012-06-27 14:23 - 000049664 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\plugins\audio_output\libaout_directx_plugin.dll
    2012-06-27 14:23 - 2012-06-27 14:23 - 000051200 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\plugins\audio_output\libwaveout_plugin.dll
    2012-06-27 14:23 - 2012-06-27 14:23 - 001235456 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\plugins\misc\libxml_plugin.dll
    2012-06-27 14:23 - 2012-06-27 14:23 - 000070144 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\plugins\video_output\libdirectx_plugin.dll
    2012-06-27 14:23 - 2012-06-27 14:23 - 000037376 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\plugins\mmxext\libmemcpymmxext_plugin.dll
    2012-06-27 14:23 - 2012-06-27 14:23 - 000051200 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\plugins\control\libhotkeys_plugin.dll
    2018-07-19 20:34 - 2018-07-19 20:34 - 000633344 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_Update.dll
    2018-07-19 20:33 - 2018-07-19 20:33 - 000433664 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
    2016-01-14 18:23 - 2016-01-14 18:23 - 000026112 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll
    2016-04-11 22:13 - 2016-04-11 22:13 - 000067072 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll
    2018-04-11 15:34 - 2018-04-11 15:34 - 000180736 _____ () C:\WINDOWS\SYSTEM32\oledlg.dll
    2019-02-21 23:52 - 2019-02-19 15:19 - 001220936 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
    2019-02-21 23:52 - 2019-02-19 15:19 - 002103112 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
    2019-01-09 11:14 - 2019-02-19 15:22 - 000023376 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.cp36-win32.pyd
    2019-02-21 23:52 - 2019-02-19 15:21 - 000025456 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.cp36-win32.pyd
    2019-01-09 11:14 - 2019-02-19 15:19 - 000148968 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.cp36-win32.pyd
    2019-02-21 23:52 - 2019-02-19 15:21 - 001878888 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.cp36-win32.pyd
    2019-02-21 23:52 - 2019-02-19 15:21 - 000025960 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.cp36-win32.pyd
    2019-02-21 23:52 - 2019-02-19 15:19 - 000118232 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes36.dll
    2019-01-09 11:14 - 2019-02-19 15:19 - 000109024 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.cp36-win32.pyd
    2019-02-21 23:52 - 2019-02-19 15:21 - 000074072 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.cp36-win32.pyd
    2019-01-09 11:14 - 2019-02-19 15:19 - 000027616 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.cp36-win32.pyd
    2019-01-09 11:14 - 2019-02-19 15:19 - 000049128 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.cp36-win32.pyd
    2019-01-09 11:14 - 2019-02-19 15:19 - 000131552 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.cp36-win32.pyd
    2019-01-09 11:14 - 2019-02-19 15:22 - 000034664 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.cp36-win32.pyd
    2019-02-21 23:52 - 2019-02-19 15:21 - 000082760 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.cp36-win32.pyd
    2019-02-21 23:52 - 2019-02-19 15:19 - 000418776 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom36.dll
    2019-02-21 23:52 - 2019-02-19 15:21 - 000025944 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.cp36-win32.pyd
    2019-01-09 11:14 - 2019-02-19 15:19 - 000026600 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.cp36-win32.pyd
    2019-01-09 11:14 - 2019-02-19 15:19 - 000182752 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.cp36-win32.pyd
    2019-01-09 11:14 - 2019-02-19 15:19 - 000027616 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.cp36-win32.pyd
    2019-01-09 11:14 - 2019-02-19 15:19 - 000119272 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.cp36-win32.pyd
    2019-01-09 11:14 - 2019-02-19 15:22 - 000401752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.cp36-win32.pyd
    2019-01-09 11:14 - 2019-02-19 15:19 - 000028640 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.cp36-win32.pyd
    2019-01-09 11:14 - 2019-02-19 15:22 - 000062304 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.cp36-win32.pyd
    2019-02-21 23:52 - 2019-02-19 15:19 - 000023520 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.cp36-win32.pyd
    2019-02-21 23:52 - 2019-02-19 15:21 - 001457488 _____ () C:\Program Files (x86)\Dropbox\Client\dbxlog._dbxlog.cp36-win32.pyd
    2019-02-21 23:52 - 2019-02-19 15:21 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.cp36-win32.pyd
    2019-01-09 11:14 - 2019-02-19 15:19 - 000053736 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.cp36-win32.pyd
    2019-01-09 11:14 - 2019-02-19 15:19 - 000065504 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.cp36-win32.pyd
    2019-01-09 11:14 - 2019-02-19 15:22 - 000068968 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.cp36-win32.pyd
    2019-01-09 11:14 - 2019-02-19 15:22 - 000028520 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.cp36-win32.pyd
    2019-01-09 11:14 - 2019-02-19 15:19 - 000032224 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.cp36-win32.pyd
    2019-02-21 23:52 - 2019-02-19 15:21 - 001755472 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.cp36-win32.pyd
    2019-02-21 23:52 - 2019-02-19 15:21 - 000101200 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt592.sip.cp36-win32.pyd
    2019-02-21 23:52 - 2019-02-19 15:21 - 001886032 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.cp36-win32.pyd
    2019-02-21 23:52 - 2019-02-19 15:21 - 000523600 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.cp36-win32.pyd
    2019-02-21 23:52 - 2019-02-19 15:21 - 003755344 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.cp36-win32.pyd
    2019-01-09 11:14 - 2019-02-19 15:19 - 000061408 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.cp36-win32.pyd
    2019-02-21 23:52 - 2019-02-19 15:21 - 000169304 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.cp36-win32.pyd
    2019-02-21 23:52 - 2019-02-19 15:21 - 000061784 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.cp36-win32.pyd
    2019-02-21 23:52 - 2019-02-19 15:21 - 000042840 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.cp36-win32.pyd
    2019-02-21 23:52 - 2019-02-19 15:21 - 000202584 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.cp36-win32.pyd
    2019-02-21 23:52 - 2019-02-19 15:21 - 000099664 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.cp36-win32.pyd
    2019-01-09 11:14 - 2019-02-19 15:22 - 000029544 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.shell32.compiled._winffi_shell32.cp36-win32.pyd
    2019-01-09 11:14 - 2019-02-19 15:22 - 000028008 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.cp36-win32.pyd
    2019-01-09 11:14 - 2019-02-19 15:22 - 000033632 _____ () C:\Program Files (x86)\Dropbox\Client\winreindex.compiled._winreindex.cp36-win32.pyd
    2019-02-21 23:52 - 2019-02-19 15:21 - 000117584 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.cp36-win32.pyd
    2019-02-21 23:52 - 2019-02-19 15:21 - 000214872 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.cp36-win32.pyd
    2019-01-09 11:14 - 2019-02-19 15:19 - 000027624 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.cp36-win32.pyd
    2019-01-09 11:14 - 2019-02-19 15:22 - 000025960 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.cp36-win32.pyd
    2019-01-09 11:14 - 2019-02-19 15:22 - 000025448 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.cp36-win32.pyd
    2019-01-09 11:14 - 2019-02-19 15:22 - 000025960 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.cp36-win32.pyd
    2019-02-21 23:52 - 2019-02-19 15:21 - 000031600 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.cp36-win32.pyd
    2019-01-09 11:14 - 2019-02-19 15:19 - 000486880 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.cp36-win32.pyd
    2019-01-09 11:14 - 2019-02-19 15:22 - 000051552 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.cp36-win32.pyd
    2019-01-09 11:14 - 2019-02-19 15:22 - 000029040 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.cp36-win32.pyd
    2019-02-21 23:52 - 2019-02-19 15:21 - 012484944 _____ () C:\Program Files (x86)\Dropbox\Client\nucleus_python.cp36-win32.pyd
    2019-02-21 23:52 - 2019-02-19 15:21 - 000029024 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.cp36-win32.pyd
    2019-02-21 23:52 - 2019-02-19 15:19 - 000036312 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
    2019-02-21 23:52 - 2019-02-19 15:21 - 000036712 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.cp36-win32.pyd
    2019-02-21 23:52 - 2019-02-19 15:21 - 000272208 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
    2019-01-09 11:14 - 2019-02-19 15:22 - 000025960 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.cp36-win32.pyd
    2019-02-21 23:52 - 2019-02-19 15:21 - 000433992 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
    2019-01-09 11:14 - 2019-02-19 15:22 - 000038240 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.cp36-win32.pyd
    2019-02-21 23:52 - 2019-02-19 15:21 - 000026432 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
    2019-02-21 23:52 - 2019-02-19 15:21 - 001967936 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
    2019-01-09 11:14 - 2019-02-19 15:22 - 000025960 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.shcore.compiled._winffi_shcore.cp36-win32.pyd
    2019-01-09 11:14 - 2019-02-19 15:22 - 000095592 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.cp36-win32.pyd
    2019-02-21 23:52 - 2019-02-19 15:21 - 000054096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngine.cp36-win32.pyd
    2019-01-09 11:14 - 2019-02-19 15:22 - 000029544 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.cp36-win32.pyd
    2019-01-09 11:14 - 2019-02-19 15:22 - 000025448 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.gdi32.compiled._winffi_gdi32.cp36-win32.pyd
    2019-02-21 23:52 - 2019-02-19 15:21 - 000556880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.cp36-win32.pyd
    2019-02-21 23:52 - 2019-02-19 15:21 - 000335184 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.cp36-win32.pyd
    2017-10-12 21:57 - 2017-04-04 11:11 - 000043912 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\QtSolutions_MFCMigrationFramework_Ad_2.dll
    2017-10-12 21:57 - 2017-04-04 11:11 - 000052224 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qoauth_Ad_1.dll
    2017-10-12 21:57 - 2017-04-04 11:11 - 000195584 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qjson_Ad_0.dll
    2017-10-12 21:57 - 2017-04-04 11:11 - 000742400 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qca_Ad_2.dll
    2017-10-12 21:57 - 2017-06-15 05:49 - 000279976 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\en-US\AdWingManRes.dll
    2018-05-09 12:45 - 2018-05-09 12:45 - 000696296 _____ () C:\Program Files (x86)\Sony\PlayMemories Home\XMPCore.dll
    2018-05-09 12:45 - 2018-05-09 12:45 - 000748008 _____ () C:\Program Files (x86)\Sony\PlayMemories Home\XMPFiles.dll
    2017-10-12 21:57 - 2017-02-13 22:39 - 040640808 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\libcef.dll
    2017-10-12 21:57 - 2017-02-13 22:39 - 000912384 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\libglesv2.dll
    2017-10-12 21:57 - 2017-02-13 22:39 - 000134144 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\libegl.dll
    2017-10-12 21:57 - 2017-02-13 22:39 - 000950272 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\ffmpegsumo.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Users\justi\Downloads\spelling.jpeg:3or4kl4x13tuuug3Byamue2s4b [97]
    AlternateDataStreams: C:\Users\justi\Downloads\spelling.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 18:34 - 2018-12-03 07:06 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\GtkSharp\2.12\bin;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Autodesk\Backburner\;%SYSTEMROOT%\System32\OpenSSH\
    HKU\S-1-5-21-2772892075-776610616-2658955011-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\alexander\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg
    HKU\S-1-5-21-2772892075-776610616-2658955011-1020\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
    HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\Control Panel\Desktop\\Wallpaper ->
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    If an entry is included in the fixlist, it will be removed.

    HKLM\...\StartupApproved\StartupFolder: => "Update Notifier.lnk"
    HKLM\...\StartupApproved\Run: => "iTunesHelper"
    HKLM\...\StartupApproved\Run32: => "Adobe Photo Downloader"
    HKLM\...\StartupApproved\Run32: => "HP Software Update"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [UDP Query User{42B27355-55CC-46CD-BB2E-654B1F6BD3B2}C:\program files\raise3d\ideamaker\ideamaker.exe] => (Allow) C:\program files\raise3d\ideamaker\ideamaker.exe (Raise3D)
    FirewallRules: [TCP Query User{C9000C91-C024-4BF9-B670-ADDFB7449DD3}C:\program files\raise3d\ideamaker\ideamaker.exe] => (Allow) C:\program files\raise3d\ideamaker\ideamaker.exe (Raise3D)
    FirewallRules: [{60682A45-7180-4395-9611-4F263BBB800A}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe No File
    FirewallRules: [{7ED2F85A-7D1B-4574-BD97-4EFCCE834C04}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe No File
    FirewallRules: [{FB9ABC37-74FD-4F64-95EB-F2A17F4A3C90}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{1C264917-EFAB-4CC9-B97E-0956275E0448}] => (Allow) C:\PROGRA~2\Unity\Editor\Unity.exe (Unity Technologies SF -> Unity Technologies ApS)
    FirewallRules: [{CD74744F-906D-4769-8D02-1AFF686542CC}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{3D95EEDF-E54B-4539-B3B6-B92B6BE736D0}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio Tools for Unity\2015\UnityVS.OpenFile.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{209EE820-A902-4E6F-AC77-D8E35C6771C5}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{56967596-F7AE-4797-A1C4-2F8AF8B87C88}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
    FirewallRules: [{4C148D57-4C9B-4C98-AF85-55ED88413E43}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
    FirewallRules: [{F8E0CBD7-9522-48D0-8F47-E4937E9CF8CA}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe (Wargaming PCL -> Wargaming.net)
    FirewallRules: [{2D53F94E-6216-4492-98B6-0C70E43421C8}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe (Wargaming PCL -> Wargaming.net)
    FirewallRules: [{838CADFB-7215-40EE-B010-A7BA9EA95E99}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{F1ABA3AF-78FC-499D-9F89-DE74B3DA8E4A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{90379DF8-ACE5-43D6-A2F1-5956E3B341A9}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{9D68E945-43F7-45C7-937E-D13DDBA956CD}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{270E1BE1-E9CB-43D4-AAF7-DEDA87B49E31}] => (Allow) C:\Windows\system32\hasplms.exe (SafeNet, Inc. -> SafeNet Inc.)
    FirewallRules: [{02463919-5B0A-45BF-9F28-B70EDC1E51EF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{7BA8E4C8-6EC6-4A06-A895-0D2952C9533A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{4DE3BC0E-020F-4685-AF52-C22BD12E5521}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{C959577B-16DF-47F2-BFE3-A3ED7708E016}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{4B9FE73F-D1CC-44CD-94F4-58478ABB8072}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{1ED1B6A8-9179-4D28-AC20-CC6D6F451F51}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{615AA7DC-3DD5-4497-B906-FA2E7ECD17F2}] => (Allow) C:\Program Files\FusionTech\ideaMaker\ideaMaker.exe (Fusiontech)
    FirewallRules: [{7AA7AC44-DC9E-416E-B416-EC80B40C0B3D}] => (Allow) C:\Program Files\FusionTech\ideaMaker\ideaMaker.exe (Fusiontech)
    FirewallRules: [{62DA16D6-5047-4DFB-8238-566D6FDE5718}] => (Allow) LPort=1900
    FirewallRules: [{4E953230-590D-4869-97F3-03687CDD57D0}] => (Allow) LPort=2869
    FirewallRules: [{1C44866A-9AFF-4E12-A090-B01BA0D871C2}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{57F7C815-AB58-4685-8E84-AF54D45A2992}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{09277F1E-0D49-4FEA-BBE8-28CE5C956218}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{0B8F6AB3-F8D5-4155-80F0-225F728B670C}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
    FirewallRules: [{51D85ECD-C7C3-43D2-9923-C42B5B110803}] => (Allow) LPort=5357
    FirewallRules: [{CE0A0F75-C7AC-4039-BF14-B858E204A3EB}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
    FirewallRules: [{B014E80C-2C01-46FE-969E-F67E47B96CD3}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\SendAFax.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
    FirewallRules: [{D28DF353-B6C7-47B4-BA43-1D1A21BE3E5C}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\DigitalWizards.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
    FirewallRules: [{A3C6438F-7839-4CFB-A1A2-75DBC6543B70}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\FaxApplications.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
    FirewallRules: [UDP Query User{BADC3D5D-60AB-43FB-9748-55C2BD498879}C:\games\world_of_tanks\worldoftanks.exe] => (Block) C:\games\world_of_tanks\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
    FirewallRules: [TCP Query User{67236C1C-5E9A-4537-B394-1E5E8CBCEEC6}C:\games\world_of_tanks\worldoftanks.exe] => (Block) C:\games\world_of_tanks\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
    FirewallRules: [{B0363820-0424-4708-B5F2-2AED5703F107}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe (Sony Imaging Products & Solutions Inc. -> Sony Corporation)
    FirewallRules: [{325F28D5-E5DB-47AD-8F1B-D8BBAC491FD1}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe (Sony Imaging Products & Solutions Inc. -> Sony Corporation)
    FirewallRules: [UDP Query User{CE82B2FA-0B38-4356-A434-4A7782E26432}C:\users\alexander\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\alexander\appdata\local\akamai\netsession_win.exe No File
    FirewallRules: [TCP Query User{A7D19DEA-A1D4-41DA-A38F-3B36112E3CEC}C:\users\alexander\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\alexander\appdata\local\akamai\netsession_win.exe No File
    FirewallRules: [{F3B07483-F998-4613-9844-3B0A8F7F288A}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe (Adobe Systems Incorporated -> )
    FirewallRules: [{57708D20-CBB8-4753-B64D-3D0F3AA52F10}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe (Adobe Systems Incorporated -> )
    FirewallRules: [{61AD3BCD-0C71-4278-97E3-D7C1A52963B2}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe (Hewlett-Packard Company -> Hewlett-Packard Co.)
    FirewallRules: [{99091EFE-C675-4DD2-8767-59215C12CB09}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe (Hewlett-Packard Company -> Hewlett-Packard)
    FirewallRules: [{6A0E6320-D955-4685-BA57-36D3A9B02D8B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett-Packard)
    FirewallRules: [{67B63130-1617-4D02-93F3-129AC05D321E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe (Hewlett-Packard Co.)
    FirewallRules: [{05AFB494-7DCE-407D-8708-3CCD7F6816FC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe (Hewlett Packard -> Hewlett-Packard Development Co. L.P.)
    FirewallRules: [{515B62D5-9493-4D5E-8A92-C525C5443810}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe (Hewlett-Packard Co.)
    FirewallRules: [{66259A6B-8526-47CF-ACDA-B6FDA7F2A2B9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe (Hewlett-Packard Co.)
    FirewallRules: [{3043BA36-9142-4068-9F94-BDAB9D4E60A5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe (Hewlett-Packard Development Co. L.P.)
    FirewallRules: [{1A3F832E-8F8F-43E8-808C-5E1207C37CBD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe (Hewlett-Packard Development Co. L.P.)
    FirewallRules: [{51D51D8A-EA45-4124-97AA-6618B801AC3E}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe (Hewlett-Packard Development Co. L.P.)
    FirewallRules: [{F5D3F200-FFF9-4F30-BA46-037450904958}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe (Hewlett Packard -> Hewlett-Packard Co.)
    FirewallRules: [{5DDEBCF1-F1A9-4D8C-874D-106895C8B7C8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe (Hewlett-Packard Co.)
    FirewallRules: [{01434FBA-1C00-4B7F-A4AE-77CE1AE24822}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe (Hewlett-Packard Co.)
    FirewallRules: [{1F0E3E35-E07E-4503-A623-04E4678CC908}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe (Hewlett-Packard Co.)
    FirewallRules: [{64053503-E585-4536-B984-41255DE17549}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe (Hewlett Packard -> Hewlett-Packard Co.)
    FirewallRules: [{F4AC9C66-E63B-4F41-9914-1169B086FA6B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe (Hewlett-Packard Co.)
    FirewallRules: [{A503E1A9-FA80-49D3-841C-267942BACF21}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe (Hewlett Packard -> Hewlett-Packard Co.)
    FirewallRules: [{428FA56D-B45D-44BC-9721-E05DF8F1203A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe (Hewlett-Packard Co.)
    FirewallRules: [{3677DF1C-8950-4646-BD2F-42B52A8A0404}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe (Hewlett-Packard Co.)
    FirewallRules: [{0606D9B3-5FBE-4E4A-A5D5-53EE5590B5FB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe (Hewlett-Packard Co.)
    FirewallRules: [{399AD936-5204-45E3-8E99-59A62F2D7081}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.)
    FirewallRules: [{FC076F04-CA2E-4EDC-B722-F4D0667B9BFB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
    FirewallRules: [{68D47E7B-7928-4711-84B2-D9EB4A392073}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer -> TeamViewer GmbH)
    FirewallRules: [{36474CF8-E1C8-42D0-87DC-E97DC71763E6}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer -> TeamViewer GmbH)
    FirewallRules: [{EA6FAD89-C2AB-41DE-AAF7-28E92E621537}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer -> TeamViewer GmbH)
    FirewallRules: [{13B2DF9B-0643-4FFC-8D58-28EA306D78D2}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer -> TeamViewer GmbH)
    FirewallRules: [UDP Query User{0D24E169-7676-41C9-A4A2-6F110D48CCDC}C:\users\alexander\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\alexander\appdata\local\akamai\netsession_win.exe No File
    FirewallRules: [TCP Query User{02789F3E-58AC-4EAB-804F-5CD87A06372F}C:\users\alexander\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\alexander\appdata\local\akamai\netsession_win.exe No File
    FirewallRules: [{654B6BFF-9BCE-43E5-AE3E-FB044CCA1047}] => (Allow) C:\Program Files\Smith Micro\Anime Studio Pro 9.5\Anime Studio Pro x64.exe (Smith Micro Software, Inc. -> Smith Micro Software, Inc.)
    FirewallRules: [{1427E1DE-3936-46F8-BC36-BC77767C762C}] => (Allow) C:\Program Files\Smith Micro\Anime Studio Pro 9.5\Anime Studio Pro x64.exe (Smith Micro Software, Inc. -> Smith Micro Software, Inc.)
    FirewallRules: [{E3E9225E-E272-41C3-BC43-9FC07802788C}] => (Allow) C:\Program Files (x86)\Smith Micro\Anime Studio Pro 9.5\Anime Studio Pro Win32.exe (Smith Micro Software, Inc. -> Smith Micro Software, Inc.)
    FirewallRules: [{F6C41654-F8FD-4C93-883D-B0F5F5513FE9}] => (Allow) C:\Program Files (x86)\Smith Micro\Anime Studio Pro 9.5\Anime Studio Pro Win32.exe (Smith Micro Software, Inc. -> Smith Micro Software, Inc.)
    FirewallRules: [{67E5E781-510F-4C5A-A23E-1C327EE21E34}] => (Allow) C:\Program Files\Smith Micro\Anime Studio Pro 9\Anime Studio Pro.exe (Smith Micro Software, Inc. -> Smith Micro Software, Inc.)
    FirewallRules: [{F1F62159-DC0B-40A5-9620-9BCFB93EC304}] => (Allow) C:\Program Files\Smith Micro\Anime Studio Pro 9\Anime Studio Pro.exe (Smith Micro Software, Inc. -> Smith Micro Software, Inc.)
    FirewallRules: [{5E4F3E89-8DF1-405C-AA78-7A9F544F5FDB}] => (Allow) C:\Program Files (x86)\Smith Micro\Anime Studio Pro 9\Anime Studio Pro.exe (Smith Micro Software, Inc. -> Smith Micro Software, Inc.)
    FirewallRules: [{6B59F961-F052-4F05-8A1D-2D8F3D639915}] => (Allow) C:\Program Files (x86)\Smith Micro\Anime Studio Pro 9\Anime Studio Pro.exe (Smith Micro Software, Inc. -> Smith Micro Software, Inc.)
    FirewallRules: [{405718C1-19AA-453F-A1B1-EB8FA032D264}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{E95AE59E-559E-4BEA-9B76-05D6F841D66A}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\monitor.exe (Autodesk, Inc.)
    FirewallRules: [{E9D59F23-F07A-4A78-B103-54508FF8FC75}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\monitor.exe (Autodesk, Inc.)
    FirewallRules: [{99E930BC-69CE-4688-B73D-2107998A2BB0}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\manager.exe (Autodesk, Inc.)
    FirewallRules: [{76C096BD-C216-4FB0-8F4F-138593B7EED4}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\manager.exe (Autodesk, Inc.)
    FirewallRules: [{68BC1EEF-DA6A-47D9-968E-F681834D4207}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\server.exe (Autodesk, Inc.)
    FirewallRules: [{FD8512B9-11C7-45D6-B6A2-DE099447084E}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\server.exe (Autodesk, Inc.)
    FirewallRules: [TCP Query User{99CD23C7-3690-49F6-BF1E-FE702C78EF9F}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
    FirewallRules: [UDP Query User{C0686ACE-84CE-43D2-8685-F5178BFBA990}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
    FirewallRules: [{F2C7C445-7B37-4E56-8E46-DC7FB9BF1B45}] => (Allow) C:\Program Files (x86)\Silhouette America\Silhouette Link\SilhouetteLinkConsole.exe (Silhouette Research & Technology Ltd -> )
    FirewallRules: [{1899BF1D-A0B0-4145-B0BF-9BBE36C2764C}] => (Allow) C:\Program Files (x86)\Silhouette America\Silhouette Link\Resources\Resources\SPEC_LK\SilhouetteLinkServer.32.exe (Silhouette Research & Technology Ltd -> )
    FirewallRules: [{CF96872C-6BF1-4E24-891E-45DB29EEAAFC}] => (Allow) C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    FirewallRules: [{2646707F-66DA-4F2D-8810-878D7B21CD07}] => (Allow) C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    FirewallRules: [TCP Query User{CFC358F3-2F03-40EF-B378-3B035ED54A17}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe (NETGEAR TAIWAN CO., LTD -> NETGEAR Inc.)
    FirewallRules: [UDP Query User{F50A743F-A652-44A9-ADEA-8AE68E5BC6BD}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe (NETGEAR TAIWAN CO., LTD -> NETGEAR Inc.)
    FirewallRules: [TCP Query User{553A9C47-418D-468D-9D2F-BD9CA91F34E6}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
    FirewallRules: [UDP Query User{147B65CF-C77C-45B7-BF01-8652084376FE}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
    FirewallRules: [TCP Query User{E75E47F1-5045-406B-97BC-BE648D0C07F0}C:\program files\raise3d\ideamaker\ideamaker.exe] => (Allow) C:\program files\raise3d\ideamaker\ideamaker.exe (Raise3D)
    FirewallRules: [UDP Query User{EE1E6696-A2CA-43DF-8F21-2145908D7B6E}C:\program files\raise3d\ideamaker\ideamaker.exe] => (Allow) C:\program files\raise3d\ideamaker\ideamaker.exe (Raise3D)
    FirewallRules: [{FF010EE5-75F2-4475-8F37-850A5BB02BBD}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.)
    FirewallRules: [{20BFAADF-D6A6-4145-ACA9-0BD95E3890FC}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe ()
    FirewallRules: [{72060FEC-F515-40C8-AD85-2CA64DA7B959}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DaVinciPanelDaemon.exe ()
    FirewallRules: [{4FEE3192-98D3-4932-9752-39CB881974A8}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe ()
    FirewallRules: [{1B9BA686-4A8B-4558-B591-04D9DEA3F9DA}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe ()
    FirewallRules: [{25192F8A-1F8B-478E-9D59-353DCAA6D18B}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe ()
    FirewallRules: [{03B40D99-A9D1-4516-9AA2-411D29B5008B}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe No File
    FirewallRules: [{5B56A8F3-81CE-4A15-931B-E996FCDDA681}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\OxygenPanelDaemon.exe No File
    FirewallRules: [{CAD082B7-C48F-46C8-BE38-1AF217565F78}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DPDecoder.exe (Blackmagic Design Pty Ltd -> )
    FirewallRules: [{C7E5BF8F-0CC8-4B5C-B174-9773D17EF561}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe No File
    FirewallRules: [{DF82ACCA-A9E2-4E55-861D-FE574C363D9E}] => (Allow) C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    FirewallRules: [{EF51A7A5-66EE-43A7-AD85-1120120CF470}] => (Allow) C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    FirewallRules: [{A3D93E3D-922E-43E0-9D44-7F24F7A241A9}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
    FirewallRules: [{3A6195C2-E616-4183-B8DE-4ED2E55B050D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)

    ==================== Restore Points =========================

    Check "winmgmt" service or repair WMI.


    ==================== Faulty Device Manager Devices =============

    Name: WAN Miniport (Network Monitor)
    Description: WAN Miniport (Network Monitor)
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: NdisWan
    Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
    Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
    Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

    Name: WAN Miniport (IP)
    Description: WAN Miniport (IP)
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: NdisWan
    Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
    Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
    Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

    Name: WAN Miniport (IPv6)
    Description: WAN Miniport (IPv6)
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: NdisWan
    Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
    Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
    Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (02/23/2019 06:35:06 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: CoCreateInstance0x800700c1, %1 is not a valid Win32 application.


    Operation:
    Instantiating VSS server

    Error: (02/23/2019 06:35:06 PM) (Source: VSS) (EventID: 13) (User: )
    Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x800700c1, %1 is not a valid Win32 application.


    Operation:
    Instantiating VSS server

    Error: (02/23/2019 06:25:55 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: SearchUI.exe, version: 10.0.17134.590, time stamp: 0x5c5a46b7
    Faulting module name: MrmCoreR.dll, version: 10.0.17134.1, time stamp: 0x8a8f885b
    Exception code: 0xc0000006
    Fault offset: 0x0000000000044960
    Faulting process id: 0x5f0
    Faulting application start time: 0x01d4cbe845091147
    Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
    Faulting module path: C:\Windows\System32\MrmCoreR.dll
    Report Id: 6fc6fdad-3449-45ad-8361-e2aa1feb5b22
    Faulting package full name: Microsoft.Windows.Cortana_1.10.7.17134_neutral_neutral_cw5n1h2txyewy
    Faulting package-relative application ID: CortanaUI

    Error: (02/23/2019 06:25:14 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: SearchUI.exe, version: 10.0.17134.590, time stamp: 0x5c5a46b7
    Faulting module name: MrmCoreR.dll, version: 10.0.17134.1, time stamp: 0x8a8f885b
    Exception code: 0xc0000006
    Fault offset: 0x0000000000044960
    Faulting process id: 0x3e7c
    Faulting application start time: 0x01d4cbe82c56becf
    Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
    Faulting module path: C:\Windows\System32\MrmCoreR.dll
    Report Id: e1c98c49-1b47-40fc-a011-ecb1d647850f
    Faulting package full name: Microsoft.Windows.Cortana_1.10.7.17134_neutral_neutral_cw5n1h2txyewy
    Faulting package-relative application ID: CortanaUI

    Error: (02/23/2019 06:16:57 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: SearchUI.exe, version: 10.0.17134.590, time stamp: 0x5c5a46b7
    Faulting module name: MrmCoreR.dll, version: 10.0.17134.1, time stamp: 0x8a8f885b
    Exception code: 0xc0000006
    Fault offset: 0x0000000000044960
    Faulting process id: 0x16f0
    Faulting application start time: 0x01d4cbe7040b35a6
    Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
    Faulting module path: C:\Windows\System32\MrmCoreR.dll
    Report Id: 361ecd24-8f2c-4ec8-b235-ebd85ea1bc22
    Faulting package full name: Microsoft.Windows.Cortana_1.10.7.17134_neutral_neutral_cw5n1h2txyewy
    Faulting package-relative application ID: CortanaUI

    Error: (02/23/2019 06:16:25 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: SearchUI.exe, version: 10.0.17134.590, time stamp: 0x5c5a46b7
    Faulting module name: MrmCoreR.dll, version: 10.0.17134.1, time stamp: 0x8a8f885b
    Exception code: 0xc0000006
    Fault offset: 0x0000000000044960
    Faulting process id: 0x29d0
    Faulting application start time: 0x01d4cbe6f0cb5b52
    Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
    Faulting module path: C:\Windows\System32\MrmCoreR.dll
    Report Id: c9bb9114-cef0-44f8-82b3-e05d18d6482c
    Faulting package full name: Microsoft.Windows.Cortana_1.10.7.17134_neutral_neutral_cw5n1h2txyewy
    Faulting package-relative application ID: CortanaUI

    Error: (02/23/2019 06:14:30 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: SearchUI.exe, version: 10.0.17134.590, time stamp: 0x5c5a46b7
    Faulting module name: MrmCoreR.dll, version: 10.0.17134.1, time stamp: 0x8a8f885b
    Exception code: 0xc0000006
    Fault offset: 0x0000000000044960
    Faulting process id: 0x1eb4
    Faulting application start time: 0x01d4cbe6aca6564b
    Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
    Faulting module path: C:\Windows\System32\MrmCoreR.dll
    Report Id: 6231a97e-8473-4b6f-9011-0a10c6f4f7e5
    Faulting package full name: Microsoft.Windows.Cortana_1.10.7.17134_neutral_neutral_cw5n1h2txyewy
    Faulting package-relative application ID: CortanaUI

    Error: (02/23/2019 06:14:05 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: SearchUI.exe, version: 10.0.17134.590, time stamp: 0x5c5a46b7
    Faulting module name: MrmCoreR.dll, version: 10.0.17134.1, time stamp: 0x8a8f885b
    Exception code: 0xc0000006
    Fault offset: 0x0000000000044960
    Faulting process id: 0x1064
    Faulting application start time: 0x01d4cbe69d417aeb
    Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
    Faulting module path: C:\Windows\System32\MrmCoreR.dll
    Report Id: e75f619d-9758-46a0-bcb0-d1c8ed882454
    Faulting package full name: Microsoft.Windows.Cortana_1.10.7.17134_neutral_neutral_cw5n1h2txyewy
    Faulting package-relative application ID: CortanaUI


    System errors:
    =============
    Error: (02/23/2019 06:02:55 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows Defender Antivirus antimalware platform - KB4052623 (Version 4.18.1902.2).

    Error: (02/23/2019 04:56:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    After starting, the service hung in a start-pending state.

    Error: (02/23/2019 04:56:04 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Server service hung on starting.

    Error: (02/23/2019 04:54:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    After starting, the service hung in a start-pending state.

    Error: (02/23/2019 04:54:44 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Server service hung on starting.

    Error: (02/23/2019 04:53:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    After starting, the service hung in a start-pending state.

    Error: (02/23/2019 04:53:24 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Server service hung on starting.

    Error: (02/23/2019 04:50:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    After starting, the service hung in a start-pending state.


    Windows Defender:
    ===================================
    Date: 2019-02-17 11:54:05.883
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {63827C35-3431-44DC-B2A4-66D5BD72E1A1}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2019-02-16 10:47:44.526
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {CBCDB9B6-2384-4B3D-A831-73F33249E1E4}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2019-01-31 23:43:36.030
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {7FFCFA71-4ABB-4AB4-B037-97EDA4EB2C4C}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2019-02-16 10:26:04.437
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.271.1182.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.15000.2
    Error code: 0x80240022
    Error description: The program can't check for definition updates.

    Date: 2019-02-16 10:26:04.437
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.271.1182.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.15000.2
    Error code: 0x80240022
    Error description: The program can't check for definition updates.

    Date: 2019-01-31 23:43:30.285
    Description:
    Windows Defender Antivirus has encountered an error trying to update the engine.
    New Engine Version: 1.1.15600.4
    Previous Engine Version: 1.1.15000.2
    Error Code: 0x80509004
    Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

    CodeIntegrity:
    ===================================

    Date: 2019-02-23 01:18:11.251
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.

    Date: 2019-02-23 01:18:10.064
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.

    Date: 2019-02-23 01:18:09.201
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.

    Date: 2019-02-23 01:18:08.428
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.

    Date: 2019-02-23 01:18:07.665
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsreg.dll because the set of per-page image hashes could not be found on the system.

    Date: 2019-02-23 01:18:06.931
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsreg.dll because the set of per-page image hashes could not be found on the system.

    Date: 2019-02-23 01:18:05.566
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

    Date: 2019-02-23 01:18:04.827
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

    ==================== Memory info ===========================

    Processor: Intel(R) Xeon(R) CPU E5645 @ 2.40GHz
    Percentage of memory in use: 12%
    Total physical RAM: 49143.17 MB
    Available physical RAM: 42795.22 MB
    Total Virtual: 98295.17 MB
    Available Virtual: 91975.07 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:464.91 GB) (Free:126.81 GB) NTFS
    Drive e: (New Storage) (Fixed) (Total:1862.88 GB) (Free:1812.44 GB) exFAT

    \\?\Volume{fb2e6d1e-6c95-11e1-a2d1-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.85 GB) (Free:0.44 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 1 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000)

    Partition: GPT.

    ==================== End of Addition.txt ============================

  4. #4
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,810

    Default

    Let's run the below script and a couple of searches and see if this finds anything.

    Start Farbar Recovery Scan Tool with Administrator privileges
    (Right click on the FRST icon and select Run as administrator)

    highlight on the text below and select Copy.
    beginning with Start:: and finishing with End::
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Highlight the entire content of the quote box below and select Copy.


    Start::
    CloseProcesses:
    CreateRestorePoint:
    GroupPolicy\User: Restriction ? <==== ATTENTION
    U3 idsvc; no ImagePath
    CustomCLSID: HKU\S-1-5-21-2772892075-776610616-2658955011-1003_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll => No File
    CustomCLSID: HKU\S-1-5-21-2772892075-776610616-2658955011-1003_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\alexander\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2772892075-776610616-2658955011-1003_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\alexander\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2772892075-776610616-2658955011-1003_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\alexander\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => No File
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
    Task: {089860B1-9489-4CD2-A369-FD26267499DE} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
    Task: {092A0002-CEAB-4F6D-9872-4EFD00487134} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {1D92B8E2-32D3-48DD-831D-580CDFB1E7D4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {2377A907-0EF1-4272-BB64-7119A35986FD} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
    Task: {3B5A95AF-AAD2-492C-AFD8-D0BD87CDC33E} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
    Task: {69DF5C15-C6AA-4822-94BA-7AED5C2361B3} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
    Task: {79F05988-2250-4E0C-9EBF-6FDBCF163B1C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTIONTask: {83D5FB3A-4F8D-4736-B8F3-5E431D227047} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {8AFB88DC-A159-4A11-9E29-5DF23500597B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {8B3AABA7-9840-4F86-9CD2-5025A52C0BFA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {8F9F413A-2D28-44F1-ADE3-CF693517E1C9} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {BDC7EBD5-F33A-4590-B004-F89A10029FF1} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {C19FC2DD-0F83-4F89-B3C8-48F1B29BB3A1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {D10BA129-DC3D-460F-B80E-5240E3E9A951} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
    Task: {DD0A4FFC-FC8E-4DE2-9FBE-CDBDB20368D0} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
    Task: {ECCDC3B6-7861-470A-8EBF-83EDCF3458F5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {F1645F35-BF36-42B0-A994-53E890A78B6F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    AlternateDataStreams: C:\Users\justi\Downloads\spelling.jpeg:3or4kl4x13tuuug3Byamue2s4b [97]
    AlternateDataStreams: C:\Users\justi\Downloads\spelling.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
    FirewallRules: [UDP Query User{0D24E169-7676-41C9-A4A2-6F110D48CCDC}C:\users\alexander\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\alexander\appdata\local\akamai\netsession_win.exe No File
    FirewallRules: [TCP Query User{02789F3E-58AC-4EAB-804F-5CD87A06372F}C:\users\alexander\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\alexander\appdata\local\akamai\netsession_win.exe No File
    C:\Windows\Temp\*.*
    Emptytemp:
    End::

    Start FRST (FRST64) with Administrator privileges
    Press the Fix button. FRST will process the lines copied above from the clipboard.
    When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.

    Please copy and paste its contents in your next reply.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    AdwCleaner - Fix Mode
    • Download AdwCleaner and move it to your Desktop
    • Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
    • Accept the EULA (I accept), then click on Scan
    • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean & Repair button. This will kill all the active processes
    • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
    • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply



    ~~~~~~~~~~~~~~~
    RogueKiller
    • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
    • Once done, move the executable file to your Desktop, right-click on it and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
    • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
    • Wait for the scan to complete
    • On completion, the results will be displayed
    • Check every single entry (threat found), and click on the Remove Selected button
    • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
    • This will open the report in Notepad. Copy/paste its content in your next reply


    created by Aura

    Please post these 3 logs when finished.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  5. #5
    Member
    Join Date
    Jan 2009
    Posts
    53

    Default

    Fix result of Farbar Recovery Scan Tool (x64) Version: 24.02.2019 02
    Ran by alexander (25-02-2019 06:35:21) Run:1
    Running from C:\Users\alexander\Desktop
    Loaded Profiles: alexander & postgres & DefaultAppPool (Available Profiles: duck & alexander & Eileen & justi & nicho & kidsWorldOfTanks & postgres & DefaultAppPool)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CloseProcesses:
    CreateRestorePoint:
    GroupPolicy\User: Restriction ? <==== ATTENTION
    U3 idsvc; no ImagePath
    CustomCLSID: HKU\S-1-5-21-2772892075-776610616-2658955011-1003_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll => No File
    CustomCLSID: HKU\S-1-5-21-2772892075-776610616-2658955011-1003_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\alexander\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2772892075-776610616-2658955011-1003_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\alexander\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2772892075-776610616-2658955011-1003_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\alexander\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => No File
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
    Task: {089860B1-9489-4CD2-A369-FD26267499DE} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
    Task: {092A0002-CEAB-4F6D-9872-4EFD00487134} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {1D92B8E2-32D3-48DD-831D-580CDFB1E7D4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {2377A907-0EF1-4272-BB64-7119A35986FD} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
    Task: {3B5A95AF-AAD2-492C-AFD8-D0BD87CDC33E} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
    Task: {69DF5C15-C6AA-4822-94BA-7AED5C2361B3} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
    Task: {79F05988-2250-4E0C-9EBF-6FDBCF163B1C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTIONTask: {83D5FB3A-4F8D-4736-B8F3-5E431D227047} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {8AFB88DC-A159-4A11-9E29-5DF23500597B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {8B3AABA7-9840-4F86-9CD2-5025A52C0BFA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {8F9F413A-2D28-44F1-ADE3-CF693517E1C9} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {BDC7EBD5-F33A-4590-B004-F89A10029FF1} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {C19FC2DD-0F83-4F89-B3C8-48F1B29BB3A1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {D10BA129-DC3D-460F-B80E-5240E3E9A951} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
    Task: {DD0A4FFC-FC8E-4DE2-9FBE-CDBDB20368D0} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
    Task: {ECCDC3B6-7861-470A-8EBF-83EDCF3458F5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {F1645F35-BF36-42B0-A994-53E890A78B6F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    AlternateDataStreams: C:\Users\justi\Downloads\spelling.jpeg:3or4kl4x13tuuug3Byamue2s4b [97]
    AlternateDataStreams: C:\Users\justi\Downloads\spelling.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
    FirewallRules: [UDP Query User{0D24E169-7676-41C9-A4A2-6F110D48CCDC}C:\users\alexander\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\alexander\appdata\local\akamai\netsession_win.exe No File
    FirewallRules: [TCP Query User{02789F3E-58AC-4EAB-804F-5CD87A06372F}C:\users\alexander\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\alexander\appdata\local\akamai\netsession_win.exe No File
    C:\Windows\Temp\*.*
    Emptytemp:

    *****************

    Processes closed successfully.
    Error: (0) Failed to create a restore point.
    C:\WINDOWS\system32\GroupPolicy\User => moved successfully
    C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
    HKLM\System\CurrentControlSet\Services\idsvc => removed successfully
    idsvc => service removed successfully
    HKU\S-1-5-21-2772892075-776610616-2658955011-1003_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308} => removed successfully
    HKU\S-1-5-21-2772892075-776610616-2658955011-1003_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4} => removed successfully
    HKU\S-1-5-21-2772892075-776610616-2658955011-1003_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8} => removed successfully
    HKU\S-1-5-21-2772892075-776610616-2658955011-1003_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4} => removed successfully
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => removed successfully
    HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
    HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets => removed successfully
    HKLM\Software\Classes\CLSID\{6B9228DA-9C15-419e-856C-19E768A13BDC} => not found
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{089860B1-9489-4CD2-A369-FD26267499DE}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{089860B1-9489-4CD2-A369-FD26267499DE}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{092A0002-CEAB-4F6D-9872-4EFD00487134}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{092A0002-CEAB-4F6D-9872-4EFD00487134}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1D92B8E2-32D3-48DD-831D-580CDFB1E7D4}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D92B8E2-32D3-48DD-831D-580CDFB1E7D4}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2377A907-0EF1-4272-BB64-7119A35986FD}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2377A907-0EF1-4272-BB64-7119A35986FD}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3B5A95AF-AAD2-492C-AFD8-D0BD87CDC33E}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B5A95AF-AAD2-492C-AFD8-D0BD87CDC33E}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{69DF5C15-C6AA-4822-94BA-7AED5C2361B3}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69DF5C15-C6AA-4822-94BA-7AED5C2361B3}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-Weekend" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{79F05988-2250-4E0C-9EBF-6FDBCF163B1C}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79F05988-2250-4E0C-9EBF-6FDBCF163B1C}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8AFB88DC-A159-4A11-9E29-5DF23500597B}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8AFB88DC-A159-4A11-9E29-5DF23500597B}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8B3AABA7-9840-4F86-9CD2-5025A52C0BFA}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B3AABA7-9840-4F86-9CD2-5025A52C0BFA}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8F9F413A-2D28-44F1-ADE3-CF693517E1C9}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F9F413A-2D28-44F1-ADE3-CF693517E1C9}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BDC7EBD5-F33A-4590-B004-F89A10029FF1}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BDC7EBD5-F33A-4590-B004-F89A10029FF1}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C19FC2DD-0F83-4F89-B3C8-48F1B29BB3A1}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C19FC2DD-0F83-4F89-B3C8-48F1B29BB3A1}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D10BA129-DC3D-460F-B80E-5240E3E9A951}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D10BA129-DC3D-460F-B80E-5240E3E9A951}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DD0A4FFC-FC8E-4DE2-9FBE-CDBDB20368D0}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD0A4FFC-FC8E-4DE2-9FBE-CDBDB20368D0}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ECCDC3B6-7861-470A-8EBF-83EDCF3458F5}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ECCDC3B6-7861-470A-8EBF-83EDCF3458F5}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F1645F35-BF36-42B0-A994-53E890A78B6F}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F1645F35-BF36-42B0-A994-53E890A78B6F}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
    C:\Users\justi\Downloads\spelling.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
    C:\Users\justi\Downloads\spelling.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{0D24E169-7676-41C9-A4A2-6F110D48CCDC}C:\users\alexander\appdata\local\akamai\netsession_win.exe" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{02789F3E-58AC-4EAB-804F-5CD87A06372F}C:\users\alexander\appdata\local\akamai\netsession_win.exe" => removed successfully

    =========== "C:\Windows\Temp\*.*" ==========

    C:\Windows\Temp\AdobeARM.log => moved successfully
    C:\Windows\Temp\AdobeARM_NotLocked.log => moved successfully
    C:\Windows\Temp\ArmUI.ini => moved successfully
    C:\Windows\Temp\chrome_installer.log => moved successfully
    C:\Windows\Temp\HighPerformancePlan.log => moved successfully
    C:\Windows\Temp\hpqddsvc.log => moved successfully
    C:\Windows\Temp\HPSLPSVC0000.log => moved successfully
    C:\Windows\Temp\HPSLPSVC0001.log => moved successfully
    C:\Windows\Temp\HPSLPSVC0002.log => moved successfully
    C:\Windows\Temp\HPSLPSVC0003.log => moved successfully
    C:\Windows\Temp\HPSLPSVC0004.log => moved successfully
    C:\Windows\Temp\HPSLPSVC0005.log => moved successfully
    C:\Windows\Temp\HPSLPSVC0006.log => moved successfully
    C:\Windows\Temp\HPSLPSVC0007.log => moved successfully
    C:\Windows\Temp\HPSLPSVC0008.log => moved successfully
    C:\Windows\Temp\HPSLPSVC0009.log => moved successfully
    C:\Windows\Temp\HPSLPSVC0010.log => moved successfully
    C:\Windows\Temp\HPSLPSVC0011.log => moved successfully
    C:\Windows\Temp\HPSLPSVC0012.log => moved successfully
    C:\Windows\Temp\HPSLPSVC0013.log => moved successfully
    C:\Windows\Temp\HPSLPSVC0014.log => moved successfully
    C:\Windows\Temp\HPSLPSVC0015.log => moved successfully
    C:\Windows\Temp\MARX-20190205-2249.log => moved successfully
    C:\Windows\Temp\MARX-20190209-0400.log => moved successfully
    C:\Windows\Temp\MARX-20190209-0602.log => moved successfully
    C:\Windows\Temp\MARX-20190209-0749.log => moved successfully
    C:\Windows\Temp\MARX-20190209-0800.log => moved successfully
    C:\Windows\Temp\MARX-20190209-0843.log => moved successfully
    C:\Windows\Temp\MARX-20190210-0340.log => moved successfully
    C:\Windows\Temp\MARX-20190210-0400.log => moved successfully
    C:\Windows\Temp\MARX-20190210-0602.log => moved successfully
    C:\Windows\Temp\MARX-20190210-0749.log => moved successfully
    C:\Windows\Temp\MARX-20190210-0800.log => moved successfully
    C:\Windows\Temp\MARX-20190210-0843.log => moved successfully
    C:\Windows\Temp\MARX-20190210-0912.log => moved successfully
    C:\Windows\Temp\MARX-20190211-0400.log => moved successfully
    C:\Windows\Temp\MARX-20190211-0446.log => moved successfully
    C:\Windows\Temp\MARX-20190211-0602.log => moved successfully
    C:\Windows\Temp\MARX-20190211-0749.log => moved successfully
    C:\Windows\Temp\MARX-20190211-0800.log => moved successfully
    C:\Windows\Temp\MARX-20190211-0843.log => moved successfully
    C:\Windows\Temp\MARX-20190211-0912.log => moved successfully
    C:\Windows\Temp\MARX-20190212-0400.log => moved successfully
    C:\Windows\Temp\MARX-20190212-0446.log => moved successfully
    C:\Windows\Temp\MARX-20190212-0455.log => moved successfully
    C:\Windows\Temp\MARX-20190212-0548.log => moved successfully
    C:\Windows\Temp\MARX-20190212-0602.log => moved successfully
    C:\Windows\Temp\MARX-20190212-0749.log => moved successfully
    C:\Windows\Temp\MARX-20190212-0800.log => moved successfully
    C:\Windows\Temp\MARX-20190212-0843.log => moved successfully
    C:\Windows\Temp\MARX-20190212-0912.log => moved successfully
    C:\Windows\Temp\MARX-20190213-0400.log => moved successfully
    C:\Windows\Temp\MARX-20190213-0446.log => moved successfully
    C:\Windows\Temp\MARX-20190213-0455.log => moved successfully
    C:\Windows\Temp\MARX-20190213-0602.log => moved successfully
    C:\Windows\Temp\MARX-20190213-0604.log => moved successfully
    C:\Windows\Temp\MARX-20190213-0749.log => moved successfully
    C:\Windows\Temp\MARX-20190213-0800.log => moved successfully
    C:\Windows\Temp\MARX-20190213-0843.log => moved successfully
    C:\Windows\Temp\MARX-20190213-0912.log => moved successfully
    C:\Windows\Temp\MARX-20190214-2213.log => moved successfully
    C:\Windows\Temp\MARX-20190214-2223.log => moved successfully
    C:\Windows\Temp\MARX-20190215-0400.log => moved successfully
    C:\Windows\Temp\MARX-20190215-0533.log => moved successfully
    C:\Windows\Temp\MARX-20190215-0627.log => moved successfully
    C:\Windows\Temp\MARX-20190215-0738.log => moved successfully
    C:\Windows\Temp\MARX-20190215-1905.log => moved successfully
    C:\Windows\Temp\MARX-20190215-1909.log => moved successfully
    C:\Windows\Temp\MARX-20190215-1934.log => moved successfully
    C:\Windows\Temp\MARX-20190215-1939.log => moved successfully
    C:\Windows\Temp\MARX-20190215-2004.log => moved successfully
    C:\Windows\Temp\MARX-20190215-2009.log => moved successfully
    C:\Windows\Temp\MARX-20190216-0745.log => moved successfully
    C:\Windows\Temp\MARX-20190216-0849.log => moved successfully
    C:\Windows\Temp\MARX-20190216-0852.log => moved successfully
    C:\Windows\Temp\MARX-20190216-0907.log => moved successfully
    C:\Windows\Temp\MARX-20190216-1000.log => moved successfully
    C:\Windows\Temp\MARX-20190216-1017.log => moved successfully
    C:\Windows\Temp\MARX-20190216-1047.log => moved successfully
    C:\Windows\Temp\MARX-20190216-1117.log => moved successfully
    C:\Windows\Temp\MARX-20190216-1948.log => moved successfully
    C:\Windows\Temp\MARX-20190216-2138.log => moved successfully
    C:\Windows\Temp\MARX-20190216-2155.log => moved successfully
    C:\Windows\Temp\MARX-20190216-2225.log => moved successfully
    C:\Windows\Temp\MARX-20190216-2255.log => moved successfully
    C:\Windows\Temp\MARX-20190216-2337.log => moved successfully
    C:\Windows\Temp\MARX-20190216-2353.log => moved successfully
    C:\Windows\Temp\MARX-20190217-0023.log => moved successfully
    C:\Windows\Temp\MARX-20190217-0053.log => moved successfully
    C:\Windows\Temp\MARX-20190217-0958.log => moved successfully
    C:\Windows\Temp\MARX-20190217-1005.log => moved successfully
    C:\Windows\Temp\MARX-20190217-1005a.log => moved successfully
    C:\Windows\Temp\MARX-20190217-1014.log => moved successfully
    C:\Windows\Temp\MARX-20190217-1044.log => moved successfully
    C:\Windows\Temp\MARX-20190217-1114.log => moved successfully
    C:\Windows\Temp\MARX-20190218-0400.log => moved successfully
    C:\Windows\Temp\MARX-20190218-0541.log => moved successfully
    C:\Windows\Temp\MARX-20190218-0858.log => moved successfully
    C:\Windows\Temp\MARX-20190218-1132.log => moved successfully
    C:\Windows\Temp\MARX-20190218-1202.log => moved successfully
    C:\Windows\Temp\MARX-20190218-1232.log => moved successfully
    C:\Windows\Temp\MARX-20190219-0400.log => moved successfully
    C:\Windows\Temp\MARX-20190219-0639.log => moved successfully
    C:\Windows\Temp\MARX-20190219-0730.log => moved successfully
    C:\Windows\Temp\MARX-20190220-0400.log => moved successfully
    C:\Windows\Temp\MARX-20190220-0730.log => moved successfully
    C:\Windows\Temp\MARX-20190220-0743.log => moved successfully
    C:\Windows\Temp\MARX-20190220-2209.log => moved successfully
    C:\Windows\Temp\MARX-20190221-0400.log => moved successfully
    C:\Windows\Temp\MARX-20190221-0633.log => moved successfully
    C:\Windows\Temp\MARX-20190221-2149.log => moved successfully
    C:\Windows\Temp\MARX-20190221-2205.log => moved successfully
    C:\Windows\Temp\MARX-20190221-2235.log => moved successfully
    C:\Windows\Temp\MARX-20190221-2305.log => moved successfully
    C:\Windows\Temp\MARX-20190221-2325.log => moved successfully
    C:\Windows\Temp\MARX-20190221-2341.log => moved successfully
    C:\Windows\Temp\MARX-20190222-0011.log => moved successfully
    C:\Windows\Temp\MARX-20190222-0041.log => moved successfully
    C:\Windows\Temp\MARX-20190222-0311.log => moved successfully
    C:\Windows\Temp\MARX-20190222-0400.log => moved successfully
    C:\Windows\Temp\MARX-20190222-0454.log => moved successfully
    C:\Windows\Temp\MARX-20190222-1716.log => moved successfully
    C:\Windows\Temp\MARX-20190222-2256.log => moved successfully
    C:\Windows\Temp\MARX-20190222-2326.log => moved successfully
    C:\Windows\Temp\MARX-20190222-2356.log => moved successfully
    C:\Windows\Temp\MARX-20190223-0400.log => moved successfully
    C:\Windows\Temp\MARX-20190223-0445.log => moved successfully
    C:\Windows\Temp\MARX-20190223-1604.log => moved successfully
    C:\Windows\Temp\MARX-20190223-1620.log => moved successfully
    C:\Windows\Temp\MARX-20190223-1650.log => moved successfully
    C:\Windows\Temp\MARX-20190223-1720.log => moved successfully
    C:\Windows\Temp\MARX-20190223-2204.log => moved successfully
    C:\Windows\Temp\MARX-20190224-1052.log => moved successfully
    C:\Windows\Temp\MARX-20190224-1100.log => moved successfully
    C:\Windows\Temp\MARX-20190224-1100a.log => moved successfully
    C:\Windows\Temp\MARX-20190224-1624.log => moved successfully
    C:\Windows\Temp\MARX-20190224-1654.log => moved successfully
    C:\Windows\Temp\MARX-20190224-1724.log => moved successfully
    C:\Windows\Temp\MARX-20190225-0400.log => moved successfully
    Could not move "C:\Windows\Temp\MARX-20190225-0635.log" => Scheduled to move on reboot.
    C:\Windows\Temp\MpCmdRun.log => moved successfully
    C:\Windows\Temp\MpSigStub.log => moved successfully
    C:\Windows\Temp\nsc402D.tmp => moved successfully
    C:\Windows\Temp\officeclicktorun.exe_c2ruidll(20190218085816FEC).log => moved successfully
    C:\Windows\Temp\officeclicktorun.exe_c2ruidll(201902200743331054).log => moved successfully
    C:\Windows\Temp\officeclicktorun.exe_c2ruidll(20190220220900E68).log => moved successfully
    C:\Windows\Temp\officeclicktorun.exe_c2ruidll(20190221214902A94).log => moved successfully
    C:\Windows\Temp\officeclicktorun.exe_c2ruidll(2019022123252510E8).log => moved successfully
    C:\Windows\Temp\officeclicktorun.exe_c2ruidll(20190222171656F00).log => moved successfully
    C:\Windows\Temp\officeclicktorun.exe_c2ruidll(20190223160423E9C).log => moved successfully
    C:\Windows\Temp\officeclicktorun.exe_c2ruidll(20190223220436320).log => moved successfully
    C:\Windows\Temp\officeclicktorun.exe_c2ruidll(20190224105212FBC).log => moved successfully
    Could not move "C:\Windows\Temp\officeclicktorun.exe_c2ruidll(2019022506352144E0).log" => Scheduled to move on reboot.
    C:\Windows\Temp\officeclicktorun.exe_streamserver(20190218085817FEC).log => moved successfully
    C:\Windows\Temp\officeclicktorun.exe_streamserver(201902200743331054).log => moved successfully
    C:\Windows\Temp\officeclicktorun.exe_streamserver(20190220220901E68).log => moved successfully
    C:\Windows\Temp\officeclicktorun.exe_streamserver(20190221214902A94).log => moved successfully
    C:\Windows\Temp\officeclicktorun.exe_streamserver(2019022123252510E8).log => moved successfully
    C:\Windows\Temp\officeclicktorun.exe_streamserver(20190222171656F00).log => moved successfully
    C:\Windows\Temp\officeclicktorun.exe_streamserver(20190223160423E9C).log => moved successfully
    C:\Windows\Temp\officeclicktorun.exe_streamserver(20190223220436320).log => moved successfully
    C:\Windows\Temp\officeclicktorun.exe_streamserver(20190224105212FBC).log => moved successfully
    Could not move "C:\Windows\Temp\officeclicktorun.exe_streamserver(2019022506352344E0).log" => Scheduled to move on reboot.
    C:\Windows\Temp\ood_stream.x86.en-us.dat => moved successfully
    C:\Windows\Temp\ood_stream.x86.x-none.dat => moved successfully
    C:\Windows\Temp\PowerPlan.log => moved successfully
    C:\Windows\Temp\TS_2398.tmp => moved successfully
    C:\Windows\Temp\TS_761E.tmp => moved successfully
    C:\Windows\Temp\WacomInstallO.txt => moved successfully

    ========= End -> "C:\Windows\Temp\*.*" ========


    =========== EmptyTemp: ==========

    BITS transfer queue => 10772480 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 170981062 B
    Java, Flash, Steam htmlcache => 23040 B
    Windows/system/drivers => 2959505 B
    Edge => 17819380 B
    Chrome => 218194684 B
    Firefox => 162462014 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 18755 B
    Users => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 0 B
    systemprofile32 => 0 B
    LocalService => 104283 B
    LocalService => 0 B
    NetworkService => 119869 B
    NetworkService => 0 B
    duck => 470452 B
    alexander => 329999884 B
    Eileen => 79897 B
    justi => 296878 B
    nicho => 359156 B
    kidsWorldOfTanks => 66486689 B
    postgres => 18755 B
    DefaultAppPool => 18755 B

    RecycleBin => 15147875776 B
    EmptyTemp: => 15 GB temporary data Removed.

    ================================

    Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 25-02-2019 21:02:30)

    C:\Windows\Temp\MARX-20190225-0635.log => Is moved successfully
    C:\Windows\Temp\officeclicktorun.exe_c2ruidll(2019022506352144E0).log => Is moved successfully
    C:\Windows\Temp\officeclicktorun.exe_streamserver(2019022506352344E0).log => Is moved successfully

    ==== End of Fixlog 21:02:30 ====

    # -------------------------------
    # Malwarebytes AdwCleaner 7.2.7.0
    # -------------------------------
    # Build: 01-30-2019
    # Database: 2019-02-21.1 (Cloud)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Clean
    # -------------------------------
    # Start: 02-25-2019
    # Duration: 00:00:02
    # OS: Windows 10 Pro
    # Cleaned: 5
    # Failed: 0


    ***** [ Services ] *****

    No malicious services cleaned.

    ***** [ Folders ] *****

    Deleted C:\Program Files\WinZip Smart Monitor

    ***** [ Files ] *****

    No malicious files cleaned.

    ***** [ DLL ] *****

    No malicious DLLs cleaned.

    ***** [ WMI ] *****

    No malicious WMI cleaned.

    ***** [ Shortcuts ] *****

    No malicious shortcuts cleaned.

    ***** [ Tasks ] *****

    No malicious tasks cleaned.

    ***** [ Registry ] *****

    Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dotomi.com
    Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\st.chatango.com
    Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\chatango.com
    Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\thebrighttag.com

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries cleaned.

    ***** [ Chromium URLs ] *****

    No malicious Chromium URLs cleaned.

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries cleaned.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs cleaned.


    *************************

    [+] Delete Tracing Keys
    [+] Reset Winsock

    *************************

    AdwCleaner[S00].txt - [1702 octets] - [25/02/2019 21:22:13]

    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########


    RogueKiller crashed as it ran it's scan...I'll try that again. I thought I'd better send these Just In Case.

    I'm also suspecting hardware issues as my machine will Blue Screen Error. For instance, after running FRST fixes, I performed the required restart and got the BSE. (stopcode = Memory Management). After running AdwCleaner, adwCleaner attempted restart but just stalled. I had to hold on/off button until machine went down. Upon restart I get

    PS2 Mouse not found
    Sec Master Hard Disk:S.M.A.R.T. Status BAD Backup and Replace
    Press F1 to Resume

    (I've actually seen this before).

    RAVCpl64.exe - bad image and ScanToPCActivationApp.exe - bad image errors also pop up and claim something is wrong with my oledlg.dll

    Sky is falling?
    Thanks
    AW

  6. #6
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,810

    Default

    I dont think the sky is falling it's just mildly raining.

    It's possible you have some faulty or missing divers.

    Let's see if system restore or VSS can be turned on.
    Enable or Disable System Restore in Windows
    https://www.tenforums.com/tutorials/...e-windows.html

    scroll to Windows 10

    ~~~

    I would suggest you to try the below methods and check if it helps.

    Method 1:
    Perform System File Checker (sfc) scan.
    System File Checker is a utility in Windows that allows users to scan for corruptions in Windows system files and restore corrupted files.



    To perform SFC Scan, refer to the below link:

    https://support.microsoft.com/en-us/kb/929833

    Note: Steps mentioned for Windows 8/8.1, will work fine with Windows 10.


    Method 2: Clean boot.

    A clean boot is performed to start Windows by using a minimal set of drivers and startup programs. This helps eliminate software conflicts that occur when you install a program or an update or when you run a program in Windows. You may also troubleshoot or determine what conflict is causing the problem by performing a clean boot.


    Follow the link to place your computer in Clean boot:
    https://support.microsoft.com/en-us/kb/929135
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  7. #7
    Member
    Join Date
    Jan 2009
    Posts
    53

    Default

    Hello Juliet,

    I was able to disable the "Turn off System Restore" , which, I'm guessing means that I actually enabled System Restore.
    I didn't see any other instructions related to the System Restore so that's where I left it.

    I tried to perform the SFC scan but the site asked for access to the raised cmd prompt (in 10 its Administration Windows PowerShell correct?) but I couldn't get a command prompt in the shell. It opened but just sits there. I also can't LMB click my Start button (the lower left windows logo button?). I can RMB and that's how I got the Administrator: Windows PowerShell BUT, the shell just sits there...I don't get a prompt to type to.

    Also, I was supposed to run DISM.exe /Online /Cleanup-image /Restorehealth in the shell before doing a SFC. I have attempted the DISM.exe command before and it just Blue Screen Errors my machine. At this time, I can't even perform the sfc as my shells seems dead.

    I was able to disable all but two start-up apps (those were my AVG which wouldn't disable) for a clean boot. I restarted my machine but it's still not able to call up a usable command prompt shell. Positive note, I guess with the apps disabled in my start-up, I didn't get the usual oledlg.dll error...

    I have a second drive (that also won't allow me to repair) and I do have a WIN10 installation media USB. Can I somehow turn my second drive into my boot-able and proceed from there?

    Please advise.

    Thanks
    Alex

  8. #8
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,810

    Default

    These are system/internal errors that I have no knowledge in but, I'm going to refer you to a site that can possibly help (that I'm a member of too)

    If you would, become a member here, create a new topic, supply a link to this thread so they can see what issues your having with the machine.

    https://forums.whatthetech.com/index.php?showforum=119
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •