Thread: Malware, logs are attached, this is HP Omen running Win 10

    I was getting the BSOD several times a day. I ran Spybot S&D, AdwCleaner, Zemana, Malwarebytes, HitManPro.Alert, Avast Premiere. Spybot S&D, Malwarebytes, Hitman all found and removed a bunch of stuff. Others did not find anything, except AdwCleaner. It found and was unable to remove PUP.optional.advancedsystemcare, PUP.optional.legacy, and PUP.optional.productsetup.A. It said unknown handling error, terminating.

    I installed new copy of AdwCleaner, same problem:found them, can't remove them. On the last BSOD, which are still happening but less often, it said system service exception NETIO.sys. I thought there might be a problem with IOBit's Driver Booster so I uninstalled it (not necessarily because I thought it was related to NETIO.sys). I uninstalled a few other programs that I know are optional that I don't absolutely have to have such as Dropbox, etc as they are known for security holes. I ran CCleaner and it removed 65 GB of stuff no longer needed (this was after uninstalling those programs).

    I have included the required logs and Spybot's Rootkit scan logs as it found a bunch of stuff. I had to compress 3 of the .txt files.

    Hello geercom,

    In order for a volunteer analyst to respond please see the FAQ here.

    Copy and paste the Farbar Recovery Scan Tool and aswMBR logs into this topic as shown.

    The Addition.txt can be attached but not zipped.

    No need to post a log for the Root Analyzer:

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

    Default I will try to paste the logs again

    When I pasted the logs previously, I assumed they were too long because submitting the post timed out every time and went to a white error screen without posting the thread. When I tried to attach the files as they were, I got an error that they were too large.

    aswMBR version Copyright(c) 2014 AVAST Software
    Run date: 2018-03-26 14:55:33
    14:55:33.483 OS Version: Windows x64 6.2.9200
    14:55:33.483 Number of processors: 8 586 0x9E09
    14:55:33.483 ComputerName: DESKTOP-7F1R3BQ UserName: david
    14:55:34.389 Initialize success
    14:55:34.389 VM: initialized successfully
    14:55:34.389 VM: Intel CPU BiosDisabled
    14:55:42.487 AVAST engine defs: 18032600
    14:56:47.861 The log file has been saved successfully to "C:\Users\david\Desktop\aswMBR.txt"

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
    Ran by david (administrator) on DESKTOP-7F1R3BQ (26-03-2018 14:44:10)
    Running from C:\Users\david\Desktop
    Loaded Profiles: defaultuser0 & david & Administrator (Available Profiles: defaultuser0 & david & Administrator)
    Platform: Windows 10 Pro Version 1709 16299.309 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool:

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
    (SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
    () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235936 2018-03-22] (Realtek Semiconductor)
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-15] (NVIDIA Corporation)
    HKLM\...\Run: [ShadowPlay] => "C:\windows\system32\rundll32.exe" C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [245608 2018-03-13] (AVAST Software)
    HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1074600 2016-08-28] (The Eraser Project)
    HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
    HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297272 2017-12-11] (Apple Inc.)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [657424 2016-01-11] (HP Inc.)
    HKLM-x32\...\Run: [HPMSGSVC] => C:\Program Files (x86)\HP\HPPhoenixCtrl\HPMSGSVC.exe [502032 2016-06-16] (HP Development Company, L.P.)
    HKLM-x32\...\Run: [KeyScrambler] => C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [515600 2017-04-22] (QFX Software Corporation)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
    HKLM-x32\...\RunOnce: [SBrowserCheck] => C:\ProgramData\Avast Software\Avast\SecureBrowser\avast_browser_setup_checker.exe [2482128 2018-03-20] ()
    HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-3840204244-4144708379-2675172571-1000\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
    HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1223560 2017-05-07] (Ruiware)
    HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
    HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\Run: [f.lux] => C:\Users\david\AppData\Local\FluxSoftware\Flux\flux.exe [1678840 2017-10-10] (f.lux Software LLC)
    HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\Run: [Amazon Drive] => C:\Users\david\AppData\Local\Amazon Drive\AmazonDrive.exe [6319280 2018-03-22] ( Inc.)
    HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATILBE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)
    HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [17074688 2018-03-06] (Piriform Ltd)
    HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\RunOnce: [Uninstall 18.025.0204.0009\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\david\AppData\Local\Microsoft\OneDrive\18.025.0204.0009\amd64"
    HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\RunOnce: [Uninstall 18.025.0204.0009] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\david\AppData\Local\Microsoft\OneDrive\18.025.0204.0009"
    HKU\S-1-5-21-3840204244-4144708379-2675172571-500\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
    IFEO\appvlp.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
    IFEO\excel.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
    IFEO\groove.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
    IFEO\hporbit.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
    IFEO\hpphoenixctrl.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
    IFEO\hpsf.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
    IFEO\irmtmodernui.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
    IFEO\iwrap.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
    IFEO\lync.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
    IFEO\msaccess.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
    IFEO\msoev.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
    IFEO\msotd.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
    IFEO\msoxmled.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
    IFEO\mspub.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
    IFEO\ocpubmgr.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
    IFEO\onenote.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
    IFEO\onenotem.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
    IFEO\outlook.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
    IFEO\powerpnt.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
    IFEO\rebecca.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
    IFEO\setlang.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
    IFEO\softwareupdate.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
    IFEO\winword.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk [2017-10-05]
    ShortcutTarget: Avast Cleanup Premium.lnk -> C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe (AVAST Software)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2017-02-08]
    ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)
    Startup: C:\Users\david\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-12-22]
    ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer]
    Tcpip\..\Interfaces\{0f97bf0f-54bf-44f8-a554-0401debf0323}: [NameServer]
    Tcpip\..\Interfaces\{a1ab7776-22f9-428e-a8fd-c83a210a0aa1}: [DhcpNameServer]

    Internet Explorer:
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://
    HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://
    HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://
    SearchScopes: HKLM -> DefaultScope value is missing
    SearchScopes: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://{searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
    SearchScopes: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://{searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
    SearchScopes: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001 -> {518b33ae-375d-712d-6742-d1fe0400268d} URL =
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-03-01] (Microsoft Corporation)
    BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2018-03-18] (Microsoft Corporation)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-09-22] (HP Inc.)
    BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-03-01] (Microsoft Corporation)
    BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2018-03-18] (Microsoft Corporation)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-09-22] (HP Inc.)
    Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.)
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-01] (Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-01] (Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-01] (Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-01] (Microsoft Corporation)

    FF DefaultProfile: m3cozkdk.default
    FF ProfilePath: C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\m3cozkdk.default [2018-03-26]
    FF Homepage: Mozilla\Firefox\Profiles\m3cozkdk.default -> about:home
    FF Extension: (Avast SafePrice) - C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\m3cozkdk.default\Extensions\ [2017-09-03]
    FF Plugin-x32:,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-03-01] (Microsoft Corporation)
    FF Plugin-x32:,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-01] (Microsoft Corporation)
    FF Plugin-x32: Update;version=3 -> C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
    FF Plugin-x32: Update;version=9 -> C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\david\AppData\Roaming\mozilla\plugins\npatgpc.dll [2017-09-20] (Cisco WebEx LLC)

    CHR DefaultProfile: Default
    CHR HomePage: Default -> hxxps://
    CHR Profile: C:\Users\david\AppData\Local\Google\Chrome\User Data\Default [2018-03-26]
    CHR Extension: (Slides) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-18]
    CHR Extension: (Docs) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-18]
    CHR Extension: (Google Drive) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-18]
    CHR Extension: (YouTube) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-18]
    CHR Extension: (Honey) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2018-03-10]
    CHR Extension: (Rebrandly) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\eaidebojanpehpceonghnmgdofblnlae [2018-03-26]
    CHR Extension: (Chromebleed) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeoekjnjgppnaegdjbcafdggilajhpic [2017-05-18]
    CHR Extension: (Adobe Acrobat) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-05-18]
    CHR Extension: (Open options.) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiadekoaikejlgdbkbdfeijglgfdalml [2017-12-08]
    CHR Extension: (Sheets) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-18]
    CHR Extension: (HTTPS Everywhere) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2018-03-01]
    CHR Extension: (Google Docs Offline) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-18]
    CHR Extension: (Avast Online Security) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-03-02]
    CHR Extension: (Hunter) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgmhmanijnjhaffoampdlllchpolkdnj [2018-03-21]
    CHR Extension: (SimilarWeb - Traffic Rank & Website Analysis) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoklmmgfnpapgjgcpechhaamimifchmp [2018-03-01]
    CHR Extension: (Cisco WebEx Extension) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2017-09-20]
    CHR Extension: (Grammarly for Chrome) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2018-03-21]
    CHR Extension: (The Great Suspender) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2017-06-19]
    CHR Extension: (Flashcontrol) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2017-07-13]
    CHR Extension: (Crystal) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmaonghoefpmlfgaknnboiekjhfpmajh [2018-03-21]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21]
    CHR Extension: (Gmail) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-18]
    CHR Extension: (Chrome Media Router) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-23]
    CHR Extension: (Dux-Soup for LinkedIn) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppdakpfeaodfophjplfdedpcodkdkbal [2018-03-26]
    CHR Profile: C:\Users\david\AppData\Local\Google\Chrome\User Data\System Profile [2018-03-26]
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-11-27] (Apple Inc.)
    R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7556704 2018-03-13] (AVAST Software)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [303728 2018-03-13] (AVAST Software)
    R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [357760 2018-03-13] (AVAST Software)
    R2 CleanupPSvc; C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe [7649576 2018-03-09] (AVAST Software)
    S4 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7962288 2018-03-12] (Microsoft Corporation)
    S4 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [677880 2017-04-25] (SEIKO EPSON CORPORATION)
    S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-15] (NVIDIA Corporation)
    R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [4616328 2018-03-21] (SurfRight B.V.)
    S2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1309184 2016-10-07] (HP Inc.) [File not signed]
    S4 HP Orbit Service; C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe [3421616 2017-06-20] (HP Inc.)
    S4 HPJumpStartBridge; C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [471040 2017-07-28] (HP Inc.)
    S4 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-04] (HP)
    S4 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
    S4 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-22] (HP Inc.)
    S4 HPWMISVC; c:\Program Files (x86)\HP\HPPhoenixCtrl\HPWMISVC.exe [554768 2016-06-16] (HP Development Company, L.P.)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17976 2016-09-20] (Intel Corporation)
    S2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [542320 2017-12-06] (Intel Corporation)
    S2 IISExpressSVC; C:\Program Files (x86)\Lansweeper\IISExpress\IISexpressSVC.exe [131072 2017-06-23] (Hemoco bvba) [File not signed]
    S4 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [742704 2017-10-11] (Intel(R) Corporation)
    S4 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [668472 2017-10-11] (Intel(R) Corporation)
    S4 IRMTService; C:\Program Files\Intel\Intel(R) Ready Mode Technology\IRMTService.exe [182896 2016-10-13] (Intel Corporation)
    S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [213648 2017-11-09] (Intel Corporation)
    S2 lansweeperservice; C:\Program Files (x86)\Lansweeper\Service\Lansweeperservice.exe [17175552 2017-07-27] (Lansweeper) [File not signed]
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes)
    S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268928 2017-12-20] ()
    S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-15] (NVIDIA Corporation)
    S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-15] (NVIDIA Corporation)
    S3 QFXUpdateService; C:\Program Files (x86)\KeyScrambler\x64\QFXUpdateService.exe [86544 2017-04-22] ()
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324576 2018-03-22] (Realtek Semiconductor)
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed]
    S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed]
    S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2018-01-24] (Microsoft Corporation)
    S2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
    R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
    S4 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3758720 2017-12-20] (Intel® Corporation)
    R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 AmUStor; C:\WINDOWS\system32\drivers\AmUStor.SYS [90560 2018-03-22] (Alcorlink Corp.)
    R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [196648 2018-03-13] (AVAST Software)
    R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [227504 2018-03-13] (AVAST Software)
    R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [199440 2018-03-13] (AVAST Software)
    R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343752 2018-03-13] (AVAST Software)
    R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57680 2018-03-13] (AVAST Software)
    S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46968 2018-03-13] (AVAST Software)
    R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [41832 2017-09-03] (AVAST Software)
    R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [146656 2018-03-13] (AVAST Software)
    R1 aswNetSec; C:\WINDOWS\System32\drivers\aswNetSec.sys [619984 2018-03-13] (AVAST Software)
    R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110328 2018-03-13] (AVAST Software)
    R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84368 2018-03-13] (AVAST Software)
    R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1026696 2018-03-13] (AVAST Software)
    R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [460520 2018-03-13] (AVAST Software)
    R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [205976 2018-03-13] (AVAST Software)
    S3 aswTap; C:\WINDOWS\System32\drivers\aswTap.sys [53904 2017-05-18] (The OpenVPN Project)
    R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [380528 2018-03-13] (AVAST Software)
    S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
    R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [76200 2018-01-18] ()
    R3 ETDSMBus; C:\WINDOWS\System32\drivers\ETDSMBus.sys [32840 2017-07-01] (ELAN Microelectronic Corp.)
    R1 hmpalert; C:\windows\system32\drivers\hmpalert.sys [297712 2018-03-21] (SurfRight B.V.)
    R3 hmpnet; C:\windows\system32\drivers\hmpnet.sys [93800 2018-03-21] (SurfRight B.V.)
    R1 HWiNFO32; C:\windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-07-01] (REALiX(tm))
    R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [198080 2018-03-22] (Intel Corporation)
    R3 IntelReadyModeDriver; C:\WINDOWS\System32\drivers\IntelReadyModeDriver.sys [34720 2016-10-13] (Intel Corporation)
    R3 KeyScrambler; C:\WINDOWS\System32\drivers\keyscrambler.sys [233248 2017-02-19] (QFX Software Corporation)
    R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193248 2018-03-12] (Malwarebytes)
    R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [109800 2018-03-26] (Malwarebytes)
    R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [45960 2018-03-26] (Malwarebytes)
    R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-03-23] (Malwarebytes)
    R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [101600 2018-03-26] (Malwarebytes)
    S3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw04.sys [3556072 2017-09-03] (Intel Corporation)
    S3 NETwNs64; C:\WINDOWS\System32\drivers\Netwsw04.sys [3471880 2017-11-16] (Intel Corporation)
    R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [8614888 2018-03-22] (Intel Corporation)
    R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvhdci.inf_amd64_a33a405d786e1e76\nvlddmkm.sys [17493824 2018-03-22] (NVIDIA Corporation)
    S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-15] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [59240 2018-03-22] (NVIDIA Corporation)
    S3 pmxdrv; C:\WINDOWS\system32\drivers\pmxdrv.sys [31152 2018-02-02] ()
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1026896 2018-03-22] (Realtek )
    S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [420832 2017-09-03] (Realsil Semiconductor Corporation)
    R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [41104 2016-10-18] (SteelSeries ApS)
    S3 sshid; C:\WINDOWS\System32\drivers\sshid.sys [52960 2016-10-04] (SteelSeries ApS)
    S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
    R1 UimBus; C:\WINDOWS\System32\drivers\uimbus.sys [108856 2017-04-11] (Paragon Software GmbH)
    R1 Uim_DEVIM; C:\WINDOWS\System32\drivers\uimdevim.sys [44848 2017-04-11] (Paragon Software GmbH)
    S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
    R1 ZAM; C:\windows\System32\drivers\zam64.sys [203680 2017-12-08] (Zemana Ltd.)
    R1 ZAM_Guard; C:\windows\System32\drivers\zamguard64.sys [203680 2017-06-17] (Zemana Ltd.)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-03-26 14:44 - 2018-03-26 14:44 - 000031095 _____ C:\Users\david\Desktop\FRST.txt
    2018-03-26 14:43 - 2018-03-26 14:44 - 000000000 ____D C:\FRST
    2018-03-26 14:42 - 2018-03-26 14:42 - 002403328 _____ (Farbar) C:\Users\david\Desktop\FRST64.exe
    2018-03-26 14:39 - 2018-03-26 14:39 - 000000207 _____ C:\WINDOWS\
    2018-03-26 14:39 - 2018-03-26 14:39 - 000000000 ____D C:\RegBackup
    2018-03-26 14:38 - 2018-03-26 14:38 - 000017985 _____ C:\WINDOWS\ - Registry Backup Setup Log.txt
    2018-03-26 14:38 - 2018-03-26 14:38 - 000002319 _____ C:\Users\Public\Desktop\ - Registry Backup.lnk
    2018-03-26 14:38 - 2018-03-26 14:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\
    2018-03-26 14:38 - 2018-03-26 14:38 - 000000000 ____D C:\Program Files (x86)\
    2018-03-26 14:37 - 2018-03-26 14:37 - 005766144 _____ ( C:\Users\david\Desktop\tweaking.com_registry_backup_setup.exe
    2018-03-26 14:31 - 2018-03-26 14:31 - 000000088 _____ C:\Users\david\Desktop\Malware Removal.url
    2018-03-26 13:37 - 2018-03-26 13:40 - 000082432 _____ C:\Users\david\Desktop\RE Very important fact check for Stan Sterna comment.msg
    2018-03-26 13:37 - 2018-03-26 13:37 - 000076800 _____ C:\Users\david\Desktop\RE Very important question about one of Shane Randolph's comments.msg
    2018-03-26 12:01 - 2018-03-26 12:01 - 000061440 _____ C:\Users\david\Desktop\ANSWER THESE AND RETURN TO STACY Few more questions for your Smart Contracts story.msg
    2018-03-26 10:17 - 2018-03-26 10:17 - 000000096 _____ C:\Users\david\Desktop\How to Find the Best Contact for Your LOI - Technology Content Marketing Writer - Jennifer Goforth Gregory - Raleigh Freelance Technology Writer.url
    2018-03-26 09:40 - 2018-03-26 09:40 - 000103936 _____ C:\Users\david\Desktop\Today's LinkedIn Pulse post.msg
    2018-03-25 12:45 - 2018-03-25 12:45 - 000064000 _____ C:\Users\david\Desktop\Your order of Epson 200XL High Yield... has shipped!.msg
    2018-03-24 19:21 - 2018-03-24 19:21 - 000000163 _____ C:\Users\david\Desktop\-BEFORE You POST-(Please read this Procedure Before Requesting Assistance)- Updated.url
    2018-03-24 17:28 - 2018-03-24 17:28 - 000052224 _____ C:\Users\david\Desktop\Your order of Epson 200XL High Yield... and 1 more item..msg
    2018-03-24 03:02 - 2018-03-26 13:30 - 000045960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2018-03-24 03:02 - 2018-03-24 03:02 - 000428744 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2018-03-24 02:55 - 2018-01-09 19:36 - 000453575 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20180324-025507.backup
    2018-03-23 21:32 - 2018-03-23 21:32 - 000040448 _____ C:\Users\david\Desktop\CENTRIFY CALL IN DATA FOR WED 28TH 1P ET Discuss Next-Gen Access post.msg
    2018-03-23 21:31 - 2018-03-23 21:31 - 000117248 _____ C:\Users\david\Desktop\CALENDAR PREP FOR MEETING KAREN 1P ET WED 28TH.msg
    2018-03-23 19:02 - 2018-03-23 19:02 - 000076288 _____ C:\Users\david\Desktop\Story ideas for you Sarah.msg
    2018-03-23 18:43 - 2018-03-23 18:43 - 000110592 _____ C:\Users\david\Desktop\KAREN SAID THIS KIND OF TWEET FOR LI PULSE AMP LOOKS GREAT.msg
    2018-03-23 18:39 - 2018-03-23 18:39 - 000099840 _____ C:\Users\david\Desktop\SETTING CALL FOR THIS KAREN MON OR WED BETWE 10 AND 4 ET.msg
    2018-03-23 18:17 - 2018-03-23 18:17 - 000000000 ___HD C:\$SysReset
    2018-03-23 17:44 - 2018-03-23 17:44 - 000000000 ____D C:\Users\david\AppData\Local\Amazon Drive
    2018-03-23 16:04 - 2018-03-23 16:04 - 000069120 _____ C:\Users\david\Desktop\RE AICPA article we added more of your comments final approval.msg
    2018-03-23 15:30 - 2018-03-23 15:30 - 000092160 _____ C:\Users\david\Desktop\Today's tweet amplifying the blockchain identity post.msg
    2018-03-23 15:19 - 2018-03-23 15:19 - 000060416 _____ C:\Users\david\Desktop\Re EXTERNAL Quotes I'd like to use.msg
    2018-03-23 14:41 - 2018-03-23 14:41 - 000028672 _____ C:\Users\david\Desktop\EXPERT COMMENT DoJ Indictment of Iranian Hackers.msg
    2018-03-23 14:37 - 2018-03-23 14:37 - 000147456 _____ C:\Users\david\Desktop\Re Here is the blog post.msg
    2018-03-23 13:26 - 2018-03-23 13:26 - 000000192 _____ C:\Users\david\Desktop\your pc encountered a problem and needs to restart - Microsoft Community.url
    2018-03-23 13:26 - 2018-03-23 13:26 - 000000188 _____ C:\Users\david\Desktop\Windows 10 reboot loop with Your PC ran into a problem and needs to - Microsoft Community.url
    2018-03-23 13:26 - 2018-03-23 13:26 - 000000083 _____ C:\Users\david\Desktop\-Your PC ran into a problem and needs to restart- error [FIX].url
    2018-03-23 13:25 - 2018-03-23 13:25 - 000000266 _____ C:\Users\david\Desktop\Windows 10 your computer encountered a problem and must restart - Google Search.url
    2018-03-23 13:25 - 2018-03-23 13:25 - 000000184 _____ C:\Users\david\Desktop\Your PC ran into a problem and needs to restart. - Microsoft Community.url
    2018-03-23 13:25 - 2018-03-23 13:25 - 000000104 _____ C:\Users\david\Desktop\Your PC ran into a problem and needs to restart in Windows 10 [Fixed] - EaseUS.url
    2018-03-23 13:25 - 2018-03-23 13:25 - 000000103 _____ C:\Users\david\Desktop\Your PC ran into a problem and needs to restart.url
    2018-03-23 13:21 - 2018-03-23 13:21 - 000000000 ___HD C:\ProgramData\temp
    2018-03-23 11:42 - 2018-03-23 11:56 - 000024054 ____H C:\Users\david\Desktop\~WRL1113.tmp
    2018-03-23 11:40 - 2018-03-26 13:53 - 000000000 ____D C:\WINDOWS\Minidump
    2018-03-23 11:32 - 2018-03-23 11:32 - 000056320 _____ C:\Users\david\Desktop\WAIT TILL MAY TO PITCH OR PING CHRIS BAYSDEN AGAIN IF NO WORD FROM HIM BY THEN.msg
    2018-03-23 09:41 - 2018-03-23 09:41 - 000036864 _____ C:\Users\david\Desktop\Thank you for the work; pitches.msg
    2018-03-23 08:04 - 2018-03-23 08:04 - 000000067 _____ C:\Users\david\Desktop\Marketing & Sales Training, Courses, and Certifications - HubSpot Academy.url
    2018-03-23 07:44 - 2018-03-23 07:44 - 000000093 _____ C:\Users\david\Desktop\MARKETS TO CONSIDER AND HOW TO MARKET TOO.url
    2018-03-23 07:41 - 2018-03-23 07:41 - 000000093 _____ C:\Users\david\Desktop\USE FOR KEYWORDS AND SERVICES IN LI PROFILE SUMMARY.url
    2018-03-23 07:26 - 2018-03-23 07:26 - 000000068 _____ C:\Users\david\Desktop\I GET MOST LI VIEWS LAST 3RD OF MONTH.url
    2018-03-23 07:17 - 2018-03-23 07:17 - 006435449 _____ C:\Users\david\Desktop\workforce-of-future-appendix.pdf
    2018-03-23 06:56 - 2018-03-23 06:56 - 000000300 _____ C:\Users\david\Desktop\How are Windows shortcut files vulnerable to attacks-.url
    2018-03-22 15:08 - 2018-03-22 15:08 - 000045056 _____ C:\Users\david\Desktop\Mark McLaughlin (IBM) to speak with David Geer (Risk Management Magazine).msg
    2018-03-22 14:39 - 2018-03-22 14:39 - 000045056 _____ C:\Users\david\Desktop\ADD TO QS DOC MARK M AND CALENDAR BEFORE CALL FRI 30TH.msg
    2018-03-22 14:14 - 2018-03-22 19:35 - 000049664 _____ C:\Users\david\Desktop\CHRIS B AICPA SAYS SEND INVOICES HAVEN'T SENT FOR HIM PROB THE TWO AND LOOK UP HOW SENT AND WHERE.msg
    2018-03-22 14:09 - 2018-03-22 14:09 - 000087040 _____ C:\Users\david\Desktop\DO LI PULSE POST HACK ALIVE AFTER 8A MONDAY, 5 TWEETS ONCE KNOW WHAT POINT TO, SET CALL HAVE IDEAS STORIES READY ETC.msg
    2018-03-22 13:45 - 2018-03-22 13:45 - 000080896 _____ C:\Users\david\Desktop\TOLD KAREN CENTRIFY BE READY START UP AGAIN MONDAY.msg
    2018-03-22 11:05 - 2018-03-22 11:05 - 000000102 _____ C:\Users\david\Desktop\Customizing Your LOI for Multiple Niches - Technology Content Marketing Writer - Jennifer Goforth Gregory - Raleigh Freelance Technology Writer.url
    2018-03-22 09:45 - 2018-03-22 09:45 - 019796336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
    2018-03-22 09:45 - 2018-03-22 09:45 - 016449872 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
    2018-03-22 09:45 - 2018-03-22 09:45 - 013444552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
    2018-03-22 09:45 - 2018-03-22 09:45 - 011026080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
    2018-03-22 09:45 - 2018-03-22 09:45 - 001976120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6439077.dll
    2018-03-22 09:45 - 2018-03-22 09:45 - 001673616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6439077.dll
    2018-03-22 09:45 - 2018-03-22 09:45 - 001334808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
    2018-03-22 09:45 - 2018-03-22 09:45 - 001325384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
    2018-03-22 09:45 - 2018-03-22 09:45 - 001134768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
    2018-03-22 09:45 - 2018-03-22 09:45 - 001126888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
    2018-03-22 09:45 - 2018-03-22 09:45 - 001054704 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
    2018-03-22 09:45 - 2018-03-22 09:45 - 001049480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
    2018-03-22 09:45 - 2018-03-22 09:45 - 001043128 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
    2018-03-22 09:45 - 2018-03-22 09:45 - 000988464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
    2018-03-22 09:45 - 2018-03-22 09:45 - 000939832 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
    2018-03-22 09:45 - 2018-03-22 09:45 - 000885680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
    2018-03-22 09:45 - 2018-03-22 09:45 - 000795928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
    2018-03-22 09:45 - 2018-03-22 09:45 - 000740336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
    2018-03-22 09:45 - 2018-03-22 09:45 - 000635248 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
    2018-03-22 09:45 - 2018-03-22 09:45 - 000618928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
    2018-03-22 09:45 - 2018-03-22 09:45 - 000616240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
    2018-03-22 09:45 - 2018-03-22 09:45 - 000599352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
    2018-03-22 09:45 - 2018-03-22 09:45 - 000506864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
    2018-03-22 09:45 - 2018-03-22 09:45 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
    2018-03-22 09:44 - 2018-03-22 09:44 - 040269808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
    2018-03-22 09:44 - 2018-03-22 09:44 - 035180016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
    2018-03-22 09:44 - 2018-03-22 09:44 - 013333668 _____ C:\WINDOWS\system32\Drivers\Netwfw04.dat
    2018-03-22 09:44 - 2018-03-22 09:44 - 012843496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
    2018-03-22 09:44 - 2018-03-22 09:44 - 010900248 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
    2018-03-22 09:44 - 2018-03-22 09:44 - 004308976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
    2018-03-22 09:44 - 2018-03-22 09:44 - 003894304 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
    2018-03-22 09:44 - 2018-03-22 09:44 - 003709424 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
    2018-03-22 09:44 - 2018-03-22 09:44 - 000117392 _____ C:\WINDOWS\system32\Drivers\ibtfw.dat
    2018-03-22 09:43 - 2018-03-22 09:43 - 000045600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
    2018-03-22 09:42 - 2018-03-22 09:42 - 072520704 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
    2018-03-22 09:42 - 2018-03-22 09:42 - 013831786 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
    2018-03-22 09:42 - 2018-03-22 09:42 - 003677152 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
    2018-03-22 09:42 - 2018-03-22 09:42 - 003410832 _____ (DTS, Inc.) C:\WINDOWS\system32\slcnt64.dll
    2018-03-22 09:42 - 2018-03-22 09:42 - 003205120 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
    2018-03-22 09:42 - 2018-03-22 09:42 - 003122648 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
    2018-03-22 09:42 - 2018-03-22 09:42 - 002922976 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
    2018-03-22 09:42 - 2018-03-22 09:42 - 001435136 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll
    2018-03-22 09:42 - 2018-03-22 09:42 - 001348160 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
    2018-03-22 09:42 - 2018-03-22 09:42 - 001083424 _____ C:\WINDOWS\system32\AmRdrIco.icl
    2018-03-22 09:42 - 2018-03-22 09:42 - 001016920 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDHF64.dll
    2018-03-22 09:42 - 2018-03-22 09:42 - 000984904 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
    2018-03-22 09:42 - 2018-03-22 09:42 - 000877424 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SEHDHF32.dll
    2018-03-22 09:42 - 2018-03-22 09:42 - 000868168 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SECOMN64.dll
    2018-03-22 09:42 - 2018-03-22 09:42 - 000866632 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDRA64.dll
    2018-03-22 09:42 - 2018-03-22 09:42 - 000737960 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SECOMN32.dll
    2018-03-22 09:42 - 2018-03-22 09:42 - 000691672 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
    2018-03-22 09:42 - 2018-03-22 09:42 - 000532376 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
    2018-03-22 09:42 - 2018-03-22 09:42 - 000526272 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEAPO64.dll
    2018-03-22 09:42 - 2018-03-22 09:42 - 000467152 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll
    2018-03-22 09:42 - 2018-03-22 09:42 - 000387304 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
    2018-03-22 09:42 - 2018-03-22 09:42 - 000381400 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll
    2018-03-22 09:42 - 2018-03-22 09:42 - 000343704 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
    2018-03-22 09:42 - 2018-03-22 09:42 - 000341144 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll
    2018-03-22 09:42 - 2018-03-22 09:42 - 000341144 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll
    2018-03-22 09:42 - 2018-03-22 09:42 - 000321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
    2018-03-22 09:42 - 2018-03-22 09:42 - 000321704 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
    2018-03-22 09:42 - 2018-03-22 09:42 - 000258856 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
    2018-03-22 09:42 - 2018-03-22 09:42 - 000221960 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll
    2018-03-22 09:42 - 2018-03-22 09:42 - 000214824 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
    2018-03-22 09:42 - 2018-03-22 09:42 - 000209528 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll
    2018-03-22 09:42 - 2018-03-22 09:42 - 000166200 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
    2018-03-22 09:42 - 2018-03-22 09:42 - 000122312 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
    2018-03-22 09:42 - 2018-03-22 09:42 - 000110976 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
    2018-03-22 09:42 - 2018-03-22 09:42 - 000090560 _____ (Alcorlink Corp.) C:\WINDOWS\system32\Drivers\AmUStor.sys
    2018-03-22 09:42 - 2018-03-22 09:42 - 000088336 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
    2018-03-22 09:42 - 2018-03-22 09:42 - 000083616 _____ (Virage Logic Corporation / Sonic Focus) C:\WINDOWS\SysWOW64\SFCOM.dll
    2018-03-22 09:42 - 2018-03-22 09:42 - 000005115 _____ C:\WINDOWS\system32\AmUStor.ini
    2018-03-21 17:43 - 2018-03-21 17:43 - 001274504 _____ (SurfRight B.V.) C:\WINDOWS\system32\hmpalert.dll
    2018-03-21 17:43 - 2018-03-21 17:43 - 000866440 _____ (SurfRight B.V.) C:\WINDOWS\SysWOW64\hmpalert.dll
    2018-03-21 17:43 - 2018-03-21 17:43 - 000093800 _____ (SurfRight B.V.) C:\WINDOWS\system32\Drivers\hmpnet.sys
    2018-03-21 11:31 - 2018-03-21 11:31 - 000048640 _____ C:\Users\david\Desktop\Latest news from Naked Security (03212018).msg
    2018-03-21 10:24 - 2018-03-21 10:24 - 000030208 _____ C:\Users\david\Desktop\Centrify Corporation Payment Notification 0000031211.msg
    2018-03-21 03:14 - 2018-03-21 03:14 - 000044544 _____ C:\Users\david\Desktop\You're activated!.msg
    2018-03-20 18:10 - 2018-03-21 14:30 - 000056320 _____ C:\Users\david\Desktop\Re URGENT REMINDER Docker Payment Portal Registration required.msg
    2018-03-20 17:45 - 2018-03-20 17:45 - 000000066 _____ C:\Users\david\Desktop\ActualTech Media - About ActualTech Media.url
    2018-03-20 17:44 - 2018-03-20 17:44 - 000000078 _____ C:\Users\david\Desktop\Editorial Calendar.url
    2018-03-20 17:40 - 2018-03-20 17:40 - 000091648 _____ C:\Users\david\Desktop\WILL LET ME KNOW WHEN SHE WANTS TO GO LIVE WITH HACKING IND LI PULSE POST PERHAPS MONDAY.msg
    2018-03-20 17:39 - 2018-03-20 17:39 - 000102912 _____ C:\Users\david\Desktop\ALL GOOD W KAREN REYNOLDS LET HER KNOW WHEN BACK UP AND RUNNING.msg
    2018-03-20 17:16 - 2018-03-20 17:16 - 000049152 _____ C:\Users\david\Desktop\RE Did you get everything you needed with my first invoice.msg
    2018-03-20 17:15 - 2018-03-20 17:15 - 000039936 _____ C:\Users\david\Desktop\IBM's Watson Assistant is coming to IFTTT.msg
    2018-03-20 17:13 - 2018-03-20 17:13 - 000036352 _____ C:\Users\david\Desktop\Homeland Security Experts Build $50 million Blockchain.msg
    2018-03-20 15:27 - 2018-03-23 16:15 - 000045568 _____ C:\Users\david\Desktop\RE FM Fatal Flaw Review Request (rq5702-414).msg
    2018-03-20 15:07 - 2018-03-23 16:03 - 000089088 _____ C:\Users\david\Desktop\FM Fatal Flaw Review Request (rq5702-414).msg
    2018-03-20 14:57 - 2018-03-20 14:57 - 000040960 _____ C:\Users\david\Desktop\Re Anything in the pipeline.msg
    2018-03-20 13:54 - 2018-03-20 13:54 - 000022016 _____ C:\Users\david\Desktop\Orbitz Breach - need sources.msg
    2018-03-19 10:21 - 2018-03-19 10:21 - 000084480 _____ C:\Users\david\Desktop\Today's LI pulse post illness.msg
    2018-03-18 14:50 - 2018-03-18 14:50 - 000029696 _____ C:\Users\david\Desktop\Re Part of the tree came down front yard.msg
    2018-03-16 14:54 - 2018-03-16 14:54 - 000077312 _____ C:\Users\david\Desktop\Link to today's tweet.msg
    2018-03-16 14:34 - 2018-03-16 14:34 - 000100352 _____ C:\Users\david\Desktop\Here is the hacking industry alive and well post.msg
    2018-03-16 10:49 - 2018-03-16 10:49 - 001008980 _____ C:\Users\david\Desktop\security-advisor_security-outlook-2017_december.pdf
    2018-03-15 10:01 - 2018-03-15 10:01 - 000061952 _____ C:\Users\david\Desktop\RE 1099 Form.msg
    2018-03-13 20:02 - 2018-03-13 20:01 - 000380768 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
    2018-03-13 15:36 - 2018-03-01 23:36 - 017085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
    2018-03-13 15:36 - 2018-03-01 22:59 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
    2018-03-13 15:36 - 2018-03-01 03:50 - 000270744 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
    2018-03-13 15:36 - 2018-03-01 03:49 - 000389536 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
    2018-03-13 15:36 - 2018-03-01 03:48 - 000664472 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2018-03-13 15:36 - 2018-03-01 03:47 - 000749464 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
    2018-03-13 15:36 - 2018-03-01 03:47 - 000035224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
    2018-03-13 15:36 - 2018-03-01 03:46 - 002003352 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
    2018-03-13 15:36 - 2018-03-01 03:46 - 001568664 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
    2018-03-13 15:36 - 2018-03-01 03:46 - 000609176 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
    2018-03-13 15:36 - 2018-03-01 03:46 - 000138144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
    2018-03-13 15:36 - 2018-03-01 03:45 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
    2018-03-13 15:36 - 2018-03-01 03:40 - 002514936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2018-03-13 15:36 - 2018-03-01 03:40 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
    2018-03-13 15:36 - 2018-03-01 03:40 - 000273304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
    2018-03-13 15:36 - 2018-03-01 03:37 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
    2018-03-13 15:36 - 2018-03-01 03:31 - 008602520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2018-03-13 15:36 - 2018-03-01 03:30 - 000540064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
    2018-03-13 15:36 - 2018-03-01 03:30 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
    2018-03-13 15:36 - 2018-03-01 03:29 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
    2018-03-13 15:36 - 2018-03-01 03:27 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
    2018-03-13 15:36 - 2018-03-01 03:23 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
    2018-03-13 15:36 - 2018-03-01 03:17 - 002710736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2018-03-13 15:36 - 2018-03-01 03:17 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
    2018-03-13 15:36 - 2018-03-01 03:17 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
    2018-03-13 15:36 - 2018-03-01 03:15 - 002574232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2018-03-13 15:36 - 2018-03-01 03:14 - 007675784 _____ (Microsoft Corporation) C:\WINDOWS\system32\
    2018-03-13 15:36 - 2018-03-01 03:14 - 007384576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2018-03-13 15:36 - 2018-03-01 03:14 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
    2018-03-13 15:36 - 2018-03-01 03:14 - 000356952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
    2018-03-13 15:36 - 2018-03-01 03:14 - 000147872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
    2018-03-13 15:36 - 2018-03-01 03:12 - 000677272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2018-03-13 15:36 - 2018-03-01 03:12 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
    2018-03-13 15:36 - 2018-03-01 03:11 - 000093600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
    2018-03-13 15:36 - 2018-03-01 03:10 - 001779936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
    2018-03-13 15:36 - 2018-03-01 03:10 - 000075168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
    2018-03-13 15:36 - 2018-03-01 03:09 - 001054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
    2018-03-13 15:36 - 2018-03-01 02:51 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
    2018-03-13 15:36 - 2018-03-01 02:48 - 001930736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2018-03-13 15:36 - 2018-03-01 02:39 - 000213400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
    2018-03-13 15:36 - 2018-03-01 02:30 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
    2018-03-13 15:36 - 2018-03-01 02:29 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\
    2018-03-13 15:36 - 2018-03-01 02:28 - 006480616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2018-03-13 15:36 - 2018-03-01 02:28 - 002193168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2018-03-13 15:36 - 2018-03-01 02:27 - 000284112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
    2018-03-13 15:36 - 2018-03-01 02:26 - 001524776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
    2018-03-13 15:36 - 2018-03-01 02:26 - 001057816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
    2018-03-13 15:36 - 2018-03-01 02:21 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
    2018-03-13 15:36 - 2018-03-01 02:09 - 025251840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2018-03-13 15:36 - 2018-03-01 02:03 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
    2018-03-13 15:36 - 2018-03-01 02:03 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
    2018-03-13 15:36 - 2018-03-01 02:03 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
    2018-03-13 15:36 - 2018-03-01 02:03 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
    2018-03-13 15:36 - 2018-03-01 02:03 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
    2018-03-13 15:36 - 2018-03-01 02:01 - 019354624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2018-03-13 15:36 - 2018-03-01 02:01 - 006575616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
    2018-03-13 15:36 - 2018-03-01 02:01 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
    2018-03-13 15:36 - 2018-03-01 01:58 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
    2018-03-13 15:36 - 2018-03-01 01:58 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
    2018-03-13 15:36 - 2018-03-01 01:58 - 000405504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
    2018-03-13 15:36 - 2018-03-01 01:58 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
    2018-03-13 15:36 - 2018-03-01 01:57 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
    2018-03-13 15:36 - 2018-03-01 01:56 - 018922496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2018-03-13 15:36 - 2018-03-01 01:56 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
    2018-03-13 15:36 - 2018-03-01 01:55 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
    2018-03-13 15:36 - 2018-03-01 01:54 - 003664384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2018-03-13 15:36 - 2018-03-01 01:54 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
    2018-03-13 15:36 - 2018-03-01 01:54 - 001296896 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
    2018-03-13 15:36 - 2018-03-01 01:54 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2018-03-13 15:36 - 2018-03-01 01:54 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
    2018-03-13 15:36 - 2018-03-01 01:54 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2018-03-13 15:36 - 2018-03-01 01:53 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
    2018-03-13 15:36 - 2018-03-01 01:53 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
    2018-03-13 15:36 - 2018-03-01 01:53 - 000399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
    2018-03-13 15:36 - 2018-03-01 01:53 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
    2018-03-13 15:36 - 2018-03-01 01:53 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
    2018-03-13 15:36 - 2018-03-01 01:53 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
    2018-03-13 15:36 - 2018-03-01 01:53 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
    2018-03-13 15:36 - 2018-03-01 01:52 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2018-03-13 15:36 - 2018-03-01 01:52 - 006030336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2018-03-13 15:36 - 2018-03-01 01:51 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
    2018-03-13 15:36 - 2018-03-01 01:51 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
    2018-03-13 15:36 - 2018-03-01 01:50 - 003677184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2018-03-13 15:36 - 2018-03-01 01:50 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2018-03-13 15:36 - 2018-03-01 01:50 - 000526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
    2018-03-13 15:36 - 2018-03-01 01:49 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
    2018-03-13 15:36 - 2018-03-01 01:49 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
    2018-03-13 15:36 - 2018-03-01 01:49 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
    2018-03-13 15:36 - 2018-03-01 01:48 - 000543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
    2018-03-13 15:36 - 2018-03-01 01:48 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
    2018-03-13 15:36 - 2018-03-01 01:47 - 023674368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2018-03-13 15:36 - 2018-03-01 01:47 - 000579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
    2018-03-13 15:36 - 2018-03-01 01:46 - 004051968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
    2018-03-13 15:36 - 2018-03-01 01:46 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
    2018-03-13 15:36 - 2018-03-01 01:45 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
    2018-03-13 15:36 - 2018-03-01 01:45 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2018-03-13 15:36 - 2018-03-01 01:45 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
    2018-03-13 15:36 - 2018-03-01 01:44 - 008030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
    2018-03-13 15:36 - 2018-03-01 01:44 - 005195776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
    2018-03-13 15:36 - 2018-03-01 01:43 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2018-03-13 15:36 - 2018-03-01 01:42 - 003505664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
    2018-03-13 15:36 - 2018-03-01 01:42 - 002084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2018-03-13 15:36 - 2018-03-01 01:41 - 008103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2018-03-13 15:36 - 2018-03-01 01:41 - 004745728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2018-03-13 15:36 - 2018-03-01 01:41 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2018-03-13 15:36 - 2018-03-01 01:41 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2018-03-13 15:36 - 2018-03-01 01:41 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2018-03-13 15:36 - 2018-03-01 01:40 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
    2018-03-13 15:36 - 2018-03-01 01:39 - 002222592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
    2018-03-13 15:36 - 2018-03-01 01:39 - 002035712 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
    2018-03-13 15:36 - 2018-03-01 01:39 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
    2018-03-13 15:36 - 2018-03-01 01:39 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
    2018-03-13 15:36 - 2018-03-01 01:38 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
    2018-03-13 15:36 - 2018-03-01 01:38 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
    2018-03-13 15:36 - 2018-03-01 01:35 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
    2018-03-13 15:36 - 2018-02-21 22:23 - 001092016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2018-03-13 15:36 - 2018-02-21 22:23 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
    2018-03-13 15:36 - 2018-02-21 22:13 - 000279456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
    2018-03-13 15:36 - 2018-02-21 22:13 - 000077216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
    2018-03-13 15:36 - 2018-02-21 22:11 - 000109984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
    2018-03-13 15:36 - 2018-02-21 22:10 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
    2018-03-13 15:36 - 2018-02-21 22:08 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
    2018-03-13 15:36 - 2018-02-21 22:08 - 001055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
    2018-03-13 15:36 - 2018-02-21 22:08 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
    2018-03-13 15:36 - 2018-02-21 22:07 - 001415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2018-03-13 15:36 - 2018-02-21 22:07 - 001209248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2018-03-13 15:36 - 2018-02-21 22:03 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
    2018-03-13 15:36 - 2018-02-21 22:03 - 000082848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
    2018-03-13 15:36 - 2018-02-21 22:02 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
    2018-03-13 15:36 - 2018-02-21 22:00 - 000187296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
    2018-03-13 15:36 - 2018-02-21 21:59 - 021351624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2018-03-13 15:36 - 2018-02-21 21:54 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
    2018-03-13 15:36 - 2018-02-21 21:52 - 000103328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
    2018-03-13 15:36 - 2018-02-21 21:51 - 000555424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
    2018-03-13 15:36 - 2018-02-21 21:51 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
    2018-03-13 15:36 - 2018-02-21 21:51 - 000045472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
    2018-03-13 15:36 - 2018-02-21 21:50 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
    2018-03-13 15:36 - 2018-02-21 20:41 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2018-03-13 15:36 - 2018-02-21 20:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
    2018-03-13 15:36 - 2018-02-21 20:30 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
    2018-03-13 15:36 - 2018-02-21 20:30 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidparse.sys
    2018-03-13 15:36 - 2018-02-21 20:30 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
    2018-03-13 15:36 - 2018-02-21 20:26 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
    2018-03-13 15:36 - 2018-02-21 20:25 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
    2018-03-13 15:36 - 2018-02-21 20:12 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
    2018-03-13 15:35 - 2018-03-01 23:02 - 000037888 _____ C:\WINDOWS\system32\SpectrumSyncClient.dll
    2018-03-13 15:35 - 2018-03-01 23:01 - 000640000 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
    2018-03-13 15:35 - 2018-03-01 23:00 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.dll
    2018-03-13 15:35 - 2018-03-01 23:00 - 000248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\svf.dll
    2018-03-13 15:35 - 2018-03-01 23:00 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
    2018-03-13 15:35 - 2018-03-01 16:28 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll
    2018-03-13 15:35 - 2018-03-01 03:26 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
    2018-03-13 15:35 - 2018-03-01 03:25 - 000377752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
    2018-03-13 15:35 - 2018-03-01 03:19 - 000710768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
    2018-03-13 15:35 - 2018-03-01 03:14 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthFWSnapin.dll
    2018-03-13 15:35 - 2018-03-01 03:14 - 000128928 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
    2018-03-13 15:35 - 2018-03-01 03:12 - 000250264 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
    2018-03-13 15:35 - 2018-03-01 03:10 - 000022936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys
    2018-03-13 15:35 - 2018-03-01 02:29 - 000574960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
    2018-03-13 15:35 - 2018-03-01 02:28 - 000115096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
    2018-03-13 15:35 - 2018-03-01 02:27 - 000221592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
    2018-03-13 15:35 - 2018-03-01 02:23 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthFWSnapin.dll
    2018-03-13 15:35 - 2018-03-01 02:01 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
    2018-03-13 15:35 - 2018-03-01 02:00 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
    2018-03-13 15:35 - 2018-03-01 01:59 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountWAMExtension.dll
    2018-03-13 15:35 - 2018-03-01 01:53 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
    2018-03-13 15:35 - 2018-03-01 01:53 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
    2018-03-13 15:35 - 2018-03-01 01:53 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
    2018-03-13 15:35 - 2018-03-01 01:51 - 002329088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
    2018-03-13 15:35 - 2018-03-01 01:51 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
    2018-03-13 15:35 - 2018-03-01 01:50 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
    2018-03-13 15:35 - 2018-03-01 01:50 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
    2018-03-13 15:35 - 2018-03-01 01:49 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountWAMExtension.dll
    2018-03-13 15:35 - 2018-03-01 01:47 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
    2018-03-13 15:35 - 2018-03-01 01:46 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
    2018-03-13 15:35 - 2018-03-01 01:36 - 004050432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
    2018-03-13 15:35 - 2018-03-01 01:36 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
    2018-03-13 15:35 - 2018-03-01 01:35 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
    2018-03-13 15:35 - 2018-03-01 01:35 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\racpldlg.dll
    2018-03-13 15:35 - 2018-02-21 22:07 - 000194456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ataport.sys
    2018-03-13 15:35 - 2018-02-21 21:50 - 000229272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
    2018-03-13 15:35 - 2018-02-21 20:30 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
    2018-03-13 15:35 - 2018-02-21 20:27 - 001282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
    2018-03-13 15:35 - 2018-02-21 20:16 - 001286144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
    2018-03-13 09:18 - 2018-03-13 09:18 - 000043520 _____ C:\Users\david\Desktop\Pavan Udayagiri sent you a new message.msg
    2018-03-12 18:19 - 2018-03-26 13:30 - 000109800 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
    2018-03-12 18:19 - 2018-03-26 13:30 - 000101600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
    2018-03-12 18:19 - 2018-03-23 18:11 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
    2018-03-12 18:19 - 2018-03-12 18:19 - 000193248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
    2018-03-12 18:19 - 2018-03-12 18:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2018-03-12 15:19 - 2018-03-12 15:19 - 000036864 _____ C:\Users\david\Desktop\New tweet links.msg
    2018-03-12 15:00 - 2018-03-12 15:15 - 000047616 _____ C:\Users\david\Desktop\RE Today's tweet.msg
    2018-03-12 09:20 - 2018-03-12 09:20 - 000093696 _____ C:\Users\david\Desktop\RE No word yet; is it time to invoice you.msg
    2018-03-10 17:40 - 2018-03-10 17:40 - 000000053 _____ C:\Users\david\Desktop\Billions - Official Series Site - SHOWTIME.url
    2018-03-09 20:06 - 2018-03-09 20:06 - 000106496 _____ C:\Users\david\Desktop\How long do they take to pay.msg
    2018-03-09 13:27 - 2018-03-09 13:27 - 000036864 _____ C:\Users\david\Desktop\SEND DeOS TECH TIP AND INVOICE TO ROB WRIGHT NOT BRENDA BUT COPY HER.msg
    2018-03-08 22:33 - 2018-03-10 20:27 - 000000100 _____ C:\Users\david\Desktop\Today's notice and being paid to share or endorse a product or service - LinkedIn Help Forum.url
    2018-03-08 22:24 - 2018-03-08 22:24 - 000059904 _____ C:\Users\david\Desktop\Updates to our Terms of Service.msg
    2018-03-08 19:20 - 2018-03-08 19:20 - 000001638 _____ C:\Users\david\Desktop\TechTarget--DeOS {SEND ART & INVOICE TO ROB, COPY BRENDA} Attacks Tech Tip - Shortcut.lnk
    2018-03-08 15:39 - 2018-03-08 15:39 - 000224256 _____ C:\Users\david\Desktop\Analytics from all tweets.msg
    2018-03-08 11:51 - 2018-03-20 13:29 - 000048128 _____ C:\Users\david\Desktop\Re Apple project.msg
    2018-03-07 17:53 - 2018-03-08 15:38 - 000068096 _____ C:\Users\david\Desktop\BY FRI MORN 9TH PUT ANALYTICS FROM ALL 5 CENTRIFY TWEETS TOGETHER IN DOC AND SEND TO KAREN.msg
    2018-03-07 12:01 - 2018-03-07 12:01 - 000001765 _____ C:\Users\david\Desktop\Centrify--LIPulse, Blockchain+ID How Secure, + 5-7Tweets - Shortcut.lnk
    2018-03-07 12:01 - 2018-03-07 12:01 - 000001711 _____ C:\Users\david\Desktop\Centrify--LI Pulse, Hacking Industry, + 5-7 Tweets - Shortcut.lnk
    2018-03-07 11:16 - 2018-03-07 11:16 - 000061952 _____ C:\Users\david\Desktop\CodeCanyon Update available for 'WPBakery Page Builder for WordPress (formerly Visual Composer)'.msg
    2018-03-06 20:07 - 2018-03-06 20:07 - 000045056 _____ C:\Users\david\Desktop\Re David Geer SoW - for next 3 Pulse Posts.msg
    2018-03-06 12:21 - 2018-03-06 12:21 - 000024064 _____ C:\Users\david\Desktop\Reply to thread 'parts that keep cupboard doors and closet doors closed'.msg
    2018-03-05 18:17 - 2018-03-05 18:17 - 000000212 _____ C:\Users\david\Desktop\5% CASH BACK GROCERIES APRIL THRU JUNE DISCOVER CARD.url
    2018-03-05 17:35 - 2018-03-05 17:35 - 000001850 _____ C:\Users\david\Desktop\AICPA, for Sabine V--8 insights boards know AI - Shortcut.lnk
    2018-03-02 19:28 - 2018-03-02 19:28 - 000001626 _____ C:\Users\david\Desktop\Centrify--1 LinkedIn Pulse post Equifax, 5 Tweets - Shortcut.lnk
    2018-03-01 22:01 - 2018-03-01 22:01 - 000000000 ____D C:\Users\david\AppData\Local\{1442221E-30EA-4EA6-5D72-6B4E791A97D6}
    2018-02-28 20:48 - 2018-02-28 20:48 - 000001707 _____ C:\Users\david\Desktop\QASymphony--Barriers to Adopting Test Automation - Shortcut.lnk
    2018-02-28 19:35 - 2018-02-28 19:35 - 000001715 _____ C:\Users\david\Desktop\RMM--Smart contracts & risk management - Shortcut.lnk
    2018-02-28 17:17 - 2018-02-28 17:27 - 000060416 _____ C:\Users\david\Desktop\Re Pitch--slideshow seven hard truths about blockchain security.msg
    2018-02-28 16:20 - 2018-02-28 16:20 - 000059904 _____ C:\Users\david\Desktop\FW Heard a rumor you were back doing some work at IDG.msg
    2018-02-28 12:59 - 2018-03-20 13:40 - 000055808 _____ C:\Users\david\Desktop\Re Support on content creation.msg
    2018-02-28 11:46 - 2018-02-28 11:46 - 000097792 _____ C:\Users\david\Desktop\Analytics for 2nd and 3rd tweet.msg
    2018-02-27 17:26 - 2018-02-27 17:26 - 000116736 _____ C:\Users\david\Desktop\CONTACT WPP AGENCIES THIS WAY.msg
    2018-02-27 16:59 - 2018-02-27 16:59 - 000103936 _____ C:\Users\david\Desktop\RE Thank you for connecting on LinkedIn.msg
    2018-02-27 15:09 - 2018-02-27 15:09 - 000001647 _____ C:\Users\david\Desktop\iboss-Hackers target cybersec sw - Shortcut.lnk
    2018-02-27 15:09 - 2018-02-27 15:09 - 000001521 _____ C:\Users\david\Desktop\iboss-DeOS attacks - Shortcut.lnk
    2018-02-27 12:19 - 2018-02-27 12:19 - 000084992 _____ C:\Users\david\Desktop\CONTACT THIS EDITOR ABOUT WRITING FOR THE FOUNDRY AGAIN.msg
    2018-02-27 05:01 - 2018-02-27 14:53 - 000046592 _____ C:\Users\david\Desktop\SEND REQUESTED SAMPLES.msg
    2018-02-26 19:27 - 2018-02-26 19:27 - 000049152 _____ C:\Users\david\Desktop\Re Risk cybersecurity technical topics.msg
    2018-02-26 17:41 - 2018-02-26 17:41 - 000032256 _____ C:\Users\david\Desktop\ASKED JOAN ABOUT HER LONG FORM CONTENT NEEDS AT IDG NOW SHE BACK WITH IDG SMS.msg
    2018-02-26 15:59 - 2018-02-26 15:59 - 000030720 _____ C:\Users\david\Desktop\3rd tweet link.msg
    2018-02-26 14:47 - 2018-02-26 14:47 - 000935936 _____ C:\Users\david\Desktop\TECH AND OTHER EDITOR EMAILS.msg

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-03-26 14:44 - 2017-06-17 18:42 - 000699676 _____ C:\WINDOWS\ZAM.krnl.trace
    2018-03-26 14:43 - 2017-06-17 18:42 - 000120544 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
    2018-03-26 14:43 - 2017-05-18 14:21 - 000000000 ____D C:\WINDOWS\CryptoGuard
    2018-03-26 14:36 - 2017-06-24 09:43 - 000000000 ___RD C:\Users\david\Documents\Home, office tech, other
    2018-03-26 14:34 - 2017-07-01 15:47 - 000000000 ____D C:\Users\david\AppData\Local\ClassicShell
    2018-03-26 14:30 - 2017-06-18 13:18 - 000000000 ____D C:\Users\david\Documents\Outlook Files
    2018-03-26 14:26 - 2017-08-07 12:37 - 000000000 ____D C:\Users\david\AppData\Roaming\StyleGuard
    2018-03-26 14:18 - 2017-09-30 07:16 - 000000000 ____D C:\ProgramData\NVIDIA
    2018-03-26 14:18 - 2017-06-29 05:33 - 000000000 ____D C:\AdwCleaner
    2018-03-26 14:10 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
    2018-03-26 13:45 - 2017-09-03 09:06 - 000000000 ____D C:\Users\david\AppData\Roaming\Opera Software
    2018-03-26 13:45 - 2017-09-03 09:06 - 000000000 ____D C:\Users\david\AppData\Local\Opera Software
    2018-03-26 13:45 - 2017-09-03 09:06 - 000000000 ____D C:\Program Files (x86)\Opera
    2018-03-26 13:44 - 2017-05-18 14:54 - 000000000 ____D C:\Program Files\Sandboxie
    2018-03-26 13:44 - 2017-05-18 11:10 - 000000000 ___RD C:\Users\david\OneDrive
    2018-03-26 13:38 - 2018-01-24 09:38 - 001335196 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2018-03-26 13:35 - 2017-05-18 14:23 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
    2018-03-26 13:32 - 2017-07-02 08:53 - 000000000 ____D C:\Users\david\AppData\Roaming\IObit
    2018-03-26 13:32 - 2017-07-01 17:43 - 000000000 ____D C:\ProgramData\ProductData
    2018-03-26 13:30 - 2018-01-24 09:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2018-03-26 13:30 - 2018-01-24 09:38 - 000000000 ____D C:\Users\david
    2018-03-26 13:30 - 2018-01-24 09:37 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2018-03-26 13:30 - 2017-06-23 21:56 - 000000364 _____ C:\WINDOWS\Tasks\HPCeeScheduleFordavid.job
    2018-03-26 12:01 - 2018-01-24 09:38 - 000000000 ____D C:\Users\david\AppData\Local\Packages
    2018-03-26 11:25 - 2017-06-24 10:58 - 000000000 ___RD C:\Users\david\Documents\Taxes
    2018-03-24 21:36 - 2018-01-24 09:45 - 000003256 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleFordavid
    2018-03-24 03:02 - 2017-05-18 14:21 - 000000000 ____D C:\ProgramData\HitmanPro.Alert
    2018-03-24 03:01 - 2017-09-29 04:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
    2018-03-24 03:01 - 2017-05-18 14:21 - 000000000 ____D C:\ProgramData\HitmanPro
    2018-03-24 02:56 - 2017-09-29 09:44 - 000000000 ____D C:\WINDOWS\INF
    2018-03-24 02:56 - 2017-05-18 14:19 - 000000000 ____D C:\Users\david\AppData\Roaming\hpqLog
    2018-03-24 02:51 - 2017-09-16 08:27 - 000055232 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
    2018-03-24 02:14 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\rescache
    2018-03-23 18:22 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
    2018-03-23 18:15 - 2017-07-06 10:10 - 000000000 ____D C:\Users\david\AppData\Local\ElevatedDiagnostics
    2018-03-23 18:11 - 2018-01-24 09:45 - 000002916 _____ C:\WINDOWS\System32\Tasks\HPJumpStartLaunch
    2018-03-23 17:44 - 2017-12-12 07:27 - 000001225 _____ C:\Users\david\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Drive.lnk
    2018-03-23 17:44 - 2017-07-03 18:55 - 000000000 ____D C:\Users\david\AppData\Roaming\Amazon Cloud Drive
    2018-03-23 16:33 - 2018-01-23 06:14 - 000000000 ___DC C:\WINDOWS\Panther
    2018-03-23 13:24 - 2017-09-29 09:46 - 000000000 ___HD C:\Program Files\WindowsApps
    2018-03-23 13:24 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\AppReadiness
    2018-03-23 13:22 - 2017-05-18 16:11 - 000000000 ____D C:\Program Files (x86)\Rainlendar2
    2018-03-23 11:40 - 2018-01-24 09:38 - 000000000 ____D C:\Users\defaultuser0
    2018-03-23 11:40 - 2018-01-24 09:38 - 000000000 ____D C:\Users\Administrator
    2018-03-22 19:26 - 2017-05-18 11:15 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2018-03-22 10:25 - 2017-05-18 11:14 - 000000000 ____D C:\Users\david\AppData\Local\CrashDumps
    2018-03-22 10:24 - 2018-01-24 09:45 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
    2018-03-22 09:45 - 2017-11-16 09:15 - 017493824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
    2018-03-22 09:45 - 2017-11-16 09:15 - 000048407 _____ C:\WINDOWS\system32\nvinfo.pb
    2018-03-22 09:44 - 2017-11-16 09:15 - 004580832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
    2018-03-22 09:44 - 2017-11-16 09:14 - 000198080 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\ibtusb.sys
    2018-03-22 09:44 - 2017-10-05 23:38 - 008614888 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\Netwtw04.sys
    2018-03-22 09:44 - 2017-10-01 12:55 - 001026896 _____ (Realtek ) C:\WINDOWS\system32\Drivers\rt640x64.sys
    2018-03-22 09:43 - 2018-01-24 09:37 - 000002065 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DTS Audio Control.lnk
    2018-03-22 09:43 - 2017-11-16 11:06 - 001682288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
    2018-03-22 09:43 - 2017-11-16 11:06 - 000226760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
    2018-03-22 09:43 - 2017-10-01 12:55 - 000059240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
    2018-03-22 09:42 - 2018-01-24 09:45 - 000003194 _____ C:\WINDOWS\System32\Tasks\RTKCPL
    2018-03-22 09:42 - 2017-11-16 09:14 - 005995944 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
    2018-03-22 09:42 - 2017-11-16 09:14 - 003561920 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
    2018-03-22 09:42 - 2017-11-16 09:14 - 003509192 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
    2018-03-22 09:42 - 2017-11-16 09:14 - 000192976 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
    2018-03-22 09:42 - 2017-11-16 09:14 - 000023688 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
    2018-03-22 09:42 - 2017-09-30 07:16 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
    2018-03-22 09:42 - 2017-07-01 18:17 - 000018464 _____ (Alcorlink Corp.) C:\WINDOWS\system32\AmUStor2.dll
    2018-03-21 20:30 - 2018-01-24 09:51 - 000000000 ___RD C:\Users\david\3D Objects
    2018-03-21 20:30 - 2016-07-29 08:33 - 000000000 __RHD C:\Users\Public\AccountPictures
    2018-03-21 20:29 - 2017-05-18 14:21 - 000000000 ____D C:\Program Files (x86)\HitmanPro.Alert
    2018-03-21 20:28 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\TextInput
    2018-03-21 20:28 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
    2018-03-21 20:28 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
    2018-03-21 20:28 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
    2018-03-21 19:11 - 2017-09-29 09:37 - 000000000 ____D C:\WINDOWS\CbsTemp
    2018-03-21 17:43 - 2017-05-18 14:21 - 000297712 _____ (SurfRight B.V.) C:\WINDOWS\system32\Drivers\hmpalert.sys
    2018-03-20 14:01 - 2018-02-04 19:07 - 000655360 _____ C:\Users\david\Desktop\MUST INVOICE CENTRIFY THSI WAY WITH PO FROM THEM AND COPYING AP AND MY CONTACT.msg
    2018-03-20 13:53 - 2017-10-26 10:01 - 000055808 _____ C:\Users\david\Desktop\SHES FROM SHAKER HEIGHTS GRAD BEACHWOOD HS s.msg
    2018-03-20 13:50 - 2017-09-17 15:05 - 000042496 _____ C:\Users\david\Desktop\New blog post ideas.msg
    2018-03-20 13:14 - 2017-06-24 10:51 - 000000000 ___RD C:\Users\david\Documents\Markets, Queries
    2018-03-20 12:57 - 2017-06-24 10:56 - 000000000 ___RD C:\Users\david\Documents\Personal
    2018-03-20 11:15 - 2017-06-24 10:51 - 000000000 ___RD C:\Users\david\Documents\Marketing, Social Networking, Etc
    2018-03-20 07:27 - 2017-05-18 14:54 - 000001864 _____ C:\WINDOWS\Sandboxie.ini
    2018-03-18 04:28 - 2017-09-29 09:46 - 000000000 ____D C:\ProgramData\
    2018-03-18 04:26 - 2017-02-08 11:28 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
    2018-03-13 20:05 - 2018-01-05 05:03 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
    2018-03-13 20:04 - 2018-01-24 09:45 - 000003990 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
    2018-03-13 20:01 - 2017-11-16 06:43 - 000196648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
    2018-03-13 20:01 - 2017-06-18 15:26 - 000619984 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetSec.sys
    2018-03-13 20:01 - 2017-05-18 11:48 - 001026696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
    2018-03-13 20:01 - 2017-05-18 11:48 - 000460520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
    2018-03-13 20:01 - 2017-05-18 11:48 - 000380528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
    2018-03-13 20:01 - 2017-05-18 11:48 - 000343752 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys
    2018-03-13 20:01 - 2017-05-18 11:48 - 000227504 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
    2018-03-13 20:01 - 2017-05-18 11:48 - 000205976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
    2018-03-13 20:01 - 2017-05-18 11:48 - 000199440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys
    2018-03-13 20:01 - 2017-05-18 11:48 - 000146656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
    2018-03-13 20:01 - 2017-05-18 11:48 - 000110328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
    2018-03-13 20:01 - 2017-05-18 11:48 - 000084368 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
    2018-03-13 20:01 - 2017-05-18 11:48 - 000057680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys
    2018-03-13 20:01 - 2017-05-18 11:48 - 000046968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
    2018-03-13 15:41 - 2017-05-18 12:44 - 000000000 ____D C:\WINDOWS\system32\MRT
    2018-03-13 15:39 - 2017-10-10 23:37 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
    2018-03-13 15:38 - 2017-05-18 12:44 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2018-03-13 15:37 - 2017-09-29 09:41 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2018-03-13 15:37 - 2017-09-29 09:41 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
    2018-03-12 15:37 - 2017-08-02 14:41 - 000000000 ____D C:\Users\david\AppData\Roaming\audacity
    2018-03-09 14:34 - 2017-07-01 17:50 - 000000600 _____ C:\Users\david\AppData\Roaming\winscp.rnd
    2018-03-03 11:22 - 2018-01-24 09:45 - 000004284 _____ C:\WINDOWS\System32\Tasks\Avast TUNEUP Update
    2018-03-02 17:09 - 2018-02-16 23:24 - 000834552 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2018-03-02 17:09 - 2018-02-16 23:24 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2018-03-02 13:57 - 2017-06-24 10:57 - 000000000 ___RD C:\Users\david\Documents\Songs
    2018-03-01 22:00 - 2017-07-01 17:42 - 000000000 ____D C:\ProgramData\IObit
    2018-03-01 21:33 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\oobe
    2018-03-01 21:33 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\bcastdvr
    2018-03-01 15:21 - 2018-02-15 19:18 - 000049152 _____ C:\Users\david\Desktop\PITCHED TO RMM, ALSO PITCH THIS AND OTHER VER ELSEWHERE.msg
    2018-02-26 21:02 - 2018-01-24 09:45 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
    2018-02-24 03:16 - 2017-05-18 16:12 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

    ==================== Files in the root of some directories =======

    2017-06-18 13:27 - 2017-06-18 13:27 - 000022913 _____ () C:\Users\david\AppData\Roaming\Comma Separated Values (Windows).ADR
    2017-06-22 17:55 - 2017-10-12 10:43 - 000037833 _____ () C:\Users\david\AppData\Roaming\Comma Separated Values.ADR
    2017-07-01 17:50 - 2018-03-09 14:34 - 000000600 _____ () C:\Users\david\AppData\Roaming\winscp.rnd
    2017-07-01 16:56 - 2017-07-01 16:56 - 000000017 _____ () C:\Users\david\AppData\Local\resmon.resmoncfg

    Some files in TEMP:
    2018-03-26 13:45 - 2018-03-26 13:45 - 002183680 _____ (Opera Software) C:\Users\david\AppData\Local\Temp\Opera_installer_180326174532829.dll
    2018-03-26 13:45 - 2018-03-26 13:45 - 002183680 _____ (Opera Software) C:\Users\david\AppData\Local\Temp\Opera_installer_180326174532985.dll
    2018-03-26 13:45 - 2018-03-26 13:45 - 002183680 _____ (Opera Software) C:\Users\david\AppData\Local\Temp\Opera_installer_180326174533423.dll
    2018-03-26 13:45 - 2018-03-26 13:45 - 002183680 _____ (Opera Software) C:\Users\david\AppData\Local\Temp\Opera_installer_180326174538083.dll

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2018-03-25 19:02

    ==================== End of FRST.txt ============================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
    Ran by david (26-03-2018 14:44:34)
    Running from C:\Users\david\Desktop
    Windows 10 Pro Version 1709 16299.309 (X64) (2018-01-24 13:47:09)
    Boot Mode: Normal

    ==================== Accounts: =============================

    Administrator (S-1-5-21-3840204244-4144708379-2675172571-500 - Administrator - Enabled) => C:\Users\Administrator
    david (S-1-5-21-3840204244-4144708379-2675172571-1001 - Administrator - Enabled) => C:\Users\david
    david_ufnzexa (S-1-5-21-3840204244-4144708379-2675172571-1003 - Limited - Disabled)
    DefaultAccount (S-1-5-21-3840204244-4144708379-2675172571-503 - Limited - Disabled)
    defaultuser0 (S-1-5-21-3840204244-4144708379-2675172571-1000 - Limited - Disabled) => C:\Users\defaultuser0
    Guest (S-1-5-21-3840204244-4144708379-2675172571-501 - Limited - Disabled)
    WDAGUtilityAccount (S-1-5-21-3840204244-4144708379-2675172571-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
    AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
    FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
    Amazon Drive (HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\Amazon Drive) (Version: 5.2.3 -, Inc.)
    Amazon Kindle (HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\Amazon Kindle) (Version: - Amazon)
    Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 385.46 - NVIDIA Corporation) Hidden
    Apple Application Support (32-bit) (HKLM-x32\...\{BC7C46A4-D7A7-48EC-A98C-32A7762B5EFA}) (Version: 6.2.1 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{F0C4B709-8BF4-4A72-B527-12E7BF5482F8}) (Version: 6.2.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{BD6778C5-6FA5-492A-ADD6-E706339C2A7B}) (Version: - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: - Apple Inc.)
    Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
    Avast Cleanup Premium (HKLM-x32\...\{075CC190-59EE-499F-828B-0B5C098C8C15}_is1) (Version: 17.3.4228 - AVAST Software)
    Avast Premier (HKLM-x32\...\Avast Antivirus) (Version: 18.2.2328 - AVAST Software)
    AxCrypt 2.1.1494.0 (HKLM\...\{876F52CC-40A6-C31F-B14E-9E47509F6BAD}) (Version: 2.1.1494.0 - AxCrypt AB) Hidden
    AxCrypt 2.1.1494.0 (HKLM-x32\...\{699479f3-15fe-49aa-88cf-d76d0bbe1f71}) (Version: 2.1.1494.0 - AxCrypt AB)
    Belarc Advisor 8.5c (HKLM-x32\...\Belarc Advisor) (Version: - Belarc Inc.)
    Bulk Rename Utility (64-bit) (HKLM\...\Bulk Rename Utility Installation_is1) (Version: - TGRMN Software)
    CCleaner (HKLM\...\CCleaner) (Version: 5.41 - Piriform)
    Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
    CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: - CyberLink Corp.)
    Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
    EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
    Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.82.0000 - Seiko Epson Corporation)
    EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
    Epson Software Updater (HKLM-x32\...\{7BAC3F7A-B963-468E-982E-B5608A87408D}) (Version: 4.4.4 - SEIKO EPSON CORPORATION)
    EPSON XP-310 Series Printer Uninstall (HKLM\...\EPSON XP-310 Series) (Version: - SEIKO EPSON Corporation)
    EpsonNet Print (HKLM\...\{96ED1D58-440C-4345-8FEE-C4781366C67F}) (Version: - SEIKO EPSON Corporation)
    Eraser (HKLM\...\{C5900DE9-D199-4C27-B692-354C9A6A6C8B}) (Version: 6.2.2979 - The Eraser Project)
    f.lux (HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\Flux) (Version: - f.lux Software LLC)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: - Google Inc.) Hidden
    Grammarly (HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\GrammarlyForWindows) (Version: 1.5.29 - Grammarly)
    Grammarly for Microsoft® Office Suite (HKLM\...\{B443A4BE-E688-43BD-B152-6724A38437B1}) (Version: 6.6.129 - Grammarly) Hidden
    Grammarly for Microsoft® Office Suite (HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\{da7635e6-2ab8-496a-b5b5-8f82fb640c16}) (Version: 6.6.129 - Grammarly)
    HitmanPro.Alert 3 (HKLM\...\HitmanPro.Alert) (Version: - SurfRight B.V.)
    HP Audio Switch (HKLM-x32\...\{0C5D69BD-B518-46DB-8471-506CD27F9478}) (Version: - HP Inc.)
    HP Documentation (HKLM\...\HP_Documentation) (Version: - HP Inc.)
    HP ePrint SW (HKLM-x32\...\{5b1a1d22-bd59-44e0-a954-e2f18ec43a23}) (Version: 5.2.20454 - HP Inc.)
    HP JumpStart Bridge (HKLM-x32\...\{1E7D6A6F-E28B-4057-BD4F-9989C1F5353D}) (Version: - HP Inc.)
    HP JumpStart Launch (HKLM-x32\...\{4380D813-39E5-46FD-AC23-FC9A1A8B98AA}) (Version: 1.3.423.0 - HP Inc.)
    HP Orbit (HKLM-x32\...\{82b971c1-85fa-4c53-ada1-4ec6be0c0c8a}) (Version: - HP Inc.)
    HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8361.5688 - HP Inc.)
    HP Support Assistant (HKLM-x32\...\{30514137-FB26-4E1A-A3B4-5B48680F3ECE}) (Version: - HP Inc.)
    HP Support Solutions Framework (HKLM-x32\...\{D566DA31-9325-400E-B309-4BBA18B367E3}) (Version: - HP Inc.)
    HP Sure Connect (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: - HP Inc.)
    HP System Event Utility (HKLM-x32\...\{025C1573-2F1D-46AF-BAB8-594EBF56A889}) (Version: 1.4.11 - HP Inc.)
    HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: - HP Inc.)
    Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: - Intel(R) Corporation) Hidden
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: - Intel Corporation)
    Intel(R) Ready Mode Technology (HKLM\...\{CC3C017C-876D-4A31-A128-593FF92A1FE7}) (Version: - Intel Corporation)
    Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.866.0 - Intel Corporation) Hidden
    Intel(R) Trusted Connect Services Client (HKLM-x32\...\{246c6cc0-9810-4728-9a29-28474de2eec5}) (Version: 1.47.866.0 - Intel Corporation) Hidden
    Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{F50984E6-5E69-4A75-B1A5-7F5B4D964EB0}) (Version: 19.11.1641.0703 - Intel Corporation)
    Intel® PROSet/Wireless Software (HKLM-x32\...\{ed4a5da7-ac62-4aa5-9502-7b4de55e8cb5}) (Version: 20.20.2 - Intel Corporation)
    iTunes (HKLM\...\{D7D4465C-B3B6-4BC1-B336-2803FB57BFAF}) (Version: - Apple Inc.)
    KeyScrambler (HKLM-x32\...\KeyScrambler) (Version: - QFX Software Corporation)
    LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
    Malwarebytes version (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: - Malwarebytes)
    Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.9029.2253 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-3840204244-4144708379-2675172571-500\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    NVIDIA GeForce Experience (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: - NVIDIA Corporation)
    NVIDIA HD Audio Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
    Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9029.2253 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9029.2253 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9029.2253 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9029.2253 - Microsoft Corporation) Hidden
    OMEN Control (HKLM-x32\...\{AFE5BCE5-46DD-4DFA-9DD9-00F42E15ABD9}) (Version: 1.1.1 - HP)
    Paragon Backup & Recovery™ 16 (HKLM\...\{FA02F344-8F3D-4EDC-97DA-A7B4469EC72E}) (Version: - Paragon Software) Hidden
    Paragon Backup & Recovery™ 16 (HKLM-x32\...\{e34dc417-19f0-4881-8438-130eeb95d85b}) (Version: - Paragon Software GmbH)
    Paragon UIM (HKLM\...\{56EECD69-F428-41C4-ADF6-6CDEE14DDF3F}) (Version: - Paragon Software) Hidden
    PeaZip 6.4.1 (WIN64) (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version: 6.4.1 - Giorgio Tani)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31233 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.12.1007.2016 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - Realtek Semiconductor Corp.)
    Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: - Apple Inc.)
    SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
    Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: - Samsung Electronics Co., Ltd.)
    SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: - NVIDIA Corporation) Hidden
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    SteelSeries Engine 3.9.1 (HKLM\...\SteelSeries Engine 3) (Version: 3.9.1 - SteelSeries ApS)
    StyleGuard for Word 2013 (HKLM-x32\...\{E772411C-8FA7-4B12-9BF4-2C1E67A86604}) (Version: 3.16.0601 - StyleGuard)
    TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc) - Registry Backup (HKLM-x32\...\ - Registry Backup) (Version: 3.5.3 -
    Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{EC5A6438-850E-4AD1-9169-DD071C8EFFEF}) (Version: - Microsoft Corporation)
    Vulkan Run Time Libraries (HKLM\...\VulkanRT1.0.51.0) (Version: - LunarG, Inc.)
    WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 35.5.2017.8 - Ruiware)
    WinSCP 5.11.3 (HKLM-x32\...\winscp3_is1) (Version: 5.11.3 - Martin Prikryl)
    Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: - Zemana Ltd.)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001_Classes\CLSID\{2AD206F1-152C-4F9D-A24E-6F93FE7A4AFC}\InprocServer32 -> C:\Users\david\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.6.129\8E542C5E5C\GrammarlyShim64.dll (CompanyName)
    CustomCLSID: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001_Classes\CLSID\{4BE56754-B616-4998-B825-D16983AEE1B2}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-13] (AVAST Software)
    ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-12-08] ()
    ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-13] (AVAST Software)
    ContextMenuHandlers1: [axcrypt.File] -> {C3DFC144-30F8-4138-81F9-578DBEB9324A} => C:\Program Files\AxCrypt\AxCrypt\ShellExt.dll [2017-04-20] (AxCrypt AB)
    ContextMenuHandlers1: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files\Bulk Rename Utility\BRUhere64.dll [2016-02-04] (Bulk Rename Utility)
    ContextMenuHandlers1: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-08-28] (The Eraser Project)
    ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
    ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
    ContextMenuHandlers2: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files\Bulk Rename Utility\BRUhere64.dll [2016-02-04] (Bulk Rename Utility)
    ContextMenuHandlers2: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-08-28] (The Eraser Project)
    ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-13] (AVAST Software)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
    ContextMenuHandlers4: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files\Bulk Rename Utility\BRUhere64.dll [2016-02-04] (Bulk Rename Utility)
    ContextMenuHandlers4: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-08-28] (The Eraser Project)
    ContextMenuHandlers5: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-08-28] (The Eraser Project)
    ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-06] (NVIDIA Corporation)
    ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-12-08] ()
    ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-13] (AVAST Software)
    ContextMenuHandlers6: [axcrypt.File] -> {C3DFC144-30F8-4138-81F9-578DBEB9324A} => C:\Program Files\AxCrypt\AxCrypt\ShellExt.dll [2017-04-20] (AxCrypt AB)
    ContextMenuHandlers6: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-08-28] (The Eraser Project)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
    ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
    ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
    ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\System32\StartMenuHelper64.dll [2016-07-30] (IvoSoft)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {02763B06-4489-4B43-B370-B6CBA830C0E5} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
    Task: {08C76EA7-E305-4E43-A385-B38BD425B52E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-03-12] (Microsoft Corporation)
    Task: {09FC7C8A-A433-4DE4-9DC1-F2772DBDA66D} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-17] ()
    Task: {117E1754-61A8-4DA7-80D1-7BC3FA3A35B3} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [2016-10-04] (HP Inc.)
    Task: {27287D1C-0136-4B0C-8E96-D27DC856E3C9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-03-18] (Microsoft Corporation)
    Task: {2B4BFF20-5221-4BD7-BE04-F0F62967014F} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2018-03-22] (Realtek Semiconductor)
    Task: {2F72DB27-507E-4867-8D08-BB1EA3078EDE} - System32\Tasks\EPSON XP-310 Series Invitation {AD4B3D86-8A7B-44B2-B634-2FBACD597EA3} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
    Task: {33899C33-8F67-4BBA-B563-BD59AF63E1CF} - System32\Tasks\EPSON XP-310 Series Update {B6F0F63F-1841-4E98-B1F8-736E49490B37} => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
    Task: {4FA45BB6-66AC-4E95-9669-B247E91A14F6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-03-07] (HP Inc.)
    Task: {569EE456-83E5-4DC5-9C34-456CE2648240} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
    Task: {59F8152E-173C-44E9-8045-0156988876E4} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\david\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
    Task: {632227D3-6364-4188-9D48-0E45846B8A41} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
    Task: {65C74806-196E-48E9-A947-16571F89AA9F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-03-12] (Microsoft Corporation)
    Task: {68DEE128-477D-4BB5-9E15-A44603430DEE} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-01-07] (AVAST Software)
    Task: {6AA71443-6D56-4CE5-8FAF-9442FAD19D1D} - System32\Tasks\SafeZone scheduled Autoupdate 1495122600 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
    Task: {75B2A1BA-3541-4B8D-9162-1C4985AF9D6E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
    Task: {77C8EAE9-1A4F-4662-9504-5231A2E7F01D} - System32\Tasks\HPCeeScheduleFordavid => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.)
    Task: {7808A0BF-E35E-42AA-822F-D331C9CD6799} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-03-06] (Piriform Ltd)
    Task: {7AF678D5-7AAD-4E6B-92AD-56553559864E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
    Task: {7DCACBA5-CE33-4F91-8452-CA1DBED1B1B2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
    Task: {85A3292C-E5B2-4A3E-81E6-CEF89BDA8978} - System32\Tasks\EPSON XP-310 Series Update {AD4B3D86-8A7B-44B2-B634-2FBACD597EA3} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
    Task: {8C4FD5F0-24A4-4538-A48D-5F6A8C9E5312} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
    Task: {8C8ED49C-2C50-4A1A-84CD-300D7CBAF2DF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-18] (Google Inc.)
    Task: {9CD2F90E-4CDA-4559-B7BD-012852E4F2C3} - System32\Tasks\EPSON XP-310 Series Invitation {B6F0F63F-1841-4E98-B1F8-736E49490B37} => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
    Task: {9FAB5892-4E86-47DB-9792-BC336485D151} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe [2017-07-28] ()
    Task: {AFEBDAEC-4E73-476B-80CB-A380DAB94218} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-18] (Microsoft Corporation)
    Task: {B3E8F6AE-2800-4431-8104-C57BE9C5A8AD} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
    Task: {C3A06987-199D-4C1D-B377-E4FF3A937076} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
    Task: {C6EE379F-F1CD-40B4-B947-F1F1799C49BD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-10-12] (Apple Inc.)
    Task: {E8184F46-C460-4D4C-9C8A-C00F12961D8C} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-18] (Microsoft Corporation)
    Task: {E9C52515-B093-4542-8F66-B6C846A97802} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-03-18] (Microsoft Corporation)
    Task: {EAF409CC-6B7A-4288-8EA4-CC059B04BFCC} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-03-06] (Piriform Ltd)
    Task: {EEA6156F-5C91-42F7-8CE1-E0BC49C2ECA4} - System32\Tasks\Avast TUNEUP Update => C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe [2018-03-09] (AVAST Software)
    Task: {F18D3B78-ED7D-40E6-BEBD-21DF90FF8B3B} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-03-13] (AVAST Software)
    Task: {F5C60019-8070-43D5-9A6A-A4FDA6C3485D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-18] (Google Inc.)
    Task: {F63297C9-F46F-48D6-BDD1-154D85A410D6} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2017-10-11] (Intel(R) Corporation)
    Task: {FF82D779-C88D-4E52-A92A-A206B84FD034} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {FF9E9C96-2E7E-472A-A153-9F576E77F7C5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Invitation {AD4B3D86-8A7B-44B2-B634-2FBACD597EA3}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE
    Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Invitation {B6F0F63F-1841-4E98-B1F8-736E49490B37}.job => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE
    Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Update {AD4B3D86-8A7B-44B2-B634-2FBACD597EA3}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE:/EXE:{AD4B3D86-8A7B-44B2-B634-2FBACD597EA3} /F:UpdateWORKGROUP\DESKTOP-7F1R3BQ$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
    Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Update {B6F0F63F-1841-4E98-B1F8-736E49490B37}.job => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE:/EXE:{B6F0F63F-1841-4E98-B1F8-736E49490B37} /F:UpdateWORKGROUP\DESKTOP-7F1R3BQ$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
    Task: C:\WINDOWS\Tasks\HPCeeScheduleFordavid.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2017-04-25 14:22 - 2017-04-25 14:22 - 002250896 _____ () C:\Windows\System32\vimsdk.dll
    2017-04-25 14:22 - 2017-04-25 14:22 - 000143504 _____ () C:\Windows\System32\vimbase.dll
    2017-09-29 09:41 - 2017-09-29 09:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
    2017-12-12 07:28 - 2018-03-01 10:31 - 002488608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
    2017-12-12 07:28 - 2018-02-05 14:44 - 002299168 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
    2017-08-17 19:27 - 2018-03-01 22:11 - 008933552 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
    2017-12-08 13:43 - 2017-12-08 13:43 - 000155504 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
    2018-03-13 15:36 - 2018-02-21 20:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2018-03-13 15:36 - 2018-02-21 20:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2018-03-23 13:24 - 2018-03-23 13:24 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    2018-03-23 13:24 - 2018-03-23 13:24 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
    2018-03-23 13:24 - 2018-03-23 13:24 - 022050304 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkyWrap.dll
    2018-03-23 13:24 - 2018-03-23 13:24 - 002584576 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\skypert.dll
    2018-03-23 13:24 - 2018-03-23 13:24 - 000657408 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
    2018-03-22 19:26 - 2018-03-20 02:00 - 004435288 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libglesv2.dll
    2018-03-22 19:26 - 2018-03-20 02:00 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libegl.dll
    2018-03-13 20:01 - 2018-03-13 20:01 - 000280280 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
    2017-05-18 14:55 - 2012-08-23 10:38 - 000574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
    2017-05-18 14:55 - 2014-05-13 12:04 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2017-05-18 14:55 - 2014-05-13 12:04 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2017-05-18 14:55 - 2014-05-13 12:04 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2017-05-18 14:55 - 2012-04-03 17:06 - 000565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
    2018-03-13 20:01 - 2018-03-13 20:01 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2018-03-13 20:01 - 2018-03-13 20:01 - 000287960 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
    2018-03-13 20:01 - 2018-03-13 20:01 - 000275160 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Users\david\Documents\Amazon [177]
    AlternateDataStreams: C:\Users\david\Documents\Amazon [42]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\ ->
    IE restricted site: HKU\.DEFAULT\...\ ->
    IE restricted site: HKU\.DEFAULT\...\ ->
    IE restricted site: HKU\.DEFAULT\...\ ->
    IE restricted site: HKU\.DEFAULT\...\ ->
    IE restricted site: HKU\.DEFAULT\...\ ->
    IE restricted site: HKU\.DEFAULT\...\ ->
    IE restricted site: HKU\.DEFAULT\...\ ->
    IE restricted site: HKU\.DEFAULT\...\ ->
    IE restricted site: HKU\.DEFAULT\...\ ->
    IE restricted site: HKU\.DEFAULT\...\ ->
    IE restricted site: HKU\.DEFAULT\...\ ->
    IE restricted site: HKU\.DEFAULT\...\ ->
    IE restricted site: HKU\.DEFAULT\...\ ->
    IE restricted site: HKU\.DEFAULT\...\ ->
    IE restricted site: HKU\.DEFAULT\...\ ->
    IE restricted site: HKU\.DEFAULT\...\ ->
    IE restricted site: HKU\.DEFAULT\...\ ->
    IE restricted site: HKU\.DEFAULT\...\ ->
    IE restricted site: HKU\.DEFAULT\...\ ->

    There are 7936 more sites.

    IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1000\...\ ->
    IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1000\...\ ->
    IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1000\...\ ->
    IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1000\...\ ->
    IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1000\...\ ->
    IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1000\...\ ->
    IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1000\...\ ->
    IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1000\...\ ->
    IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1000\...\ ->
    IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1000\...\ ->
    IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1000\...\ ->
    IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1000\...\ ->
    IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1000\...\ ->
    IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1000\...\ ->
    IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1000\...\ ->
    IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1000\...\ ->
    IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1000\...\ ->
    IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1000\...\ ->
    IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1000\...\ ->
    IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1000\...\ ->

    There are 7936 more sites.

    IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\ ->
    IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\ ->
    IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\ ->
    IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\ ->
    IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\ ->
    IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\ ->
    IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\ ->
    IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\ ->
    IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\ ->
    IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\ ->
    IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\ ->
    IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\ ->
    IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\ ->
    IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\ ->
    IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\ ->
    IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\ ->
    IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\ ->
    IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\ ->
    IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\ ->
    IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\ ->

    There are 7936 more sites.

    IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-500\...\ ->
    IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-500\...\ ->
    IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-500\...\ ->
    IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-500\...\ ->
    IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-500\...\ ->
    IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-500\...\ ->
    IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-500\...\ ->
    IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-500\...\ ->
    IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-500\...\ ->
    IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-500\...\ ->
    IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-500\...\ ->
    IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-500\...\ ->
    IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-500\...\ ->
    IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-500\...\ ->
    IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-500\...\ ->
    IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-500\...\ ->
    IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-500\...\ ->
    IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-500\...\ ->
    IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-500\...\ ->
    IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-500\...\ ->

    There are 7936 more sites.

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2016-07-16 07:47 - 2018-03-24 02:55 - 000453575 ____R C:\WINDOWS\system32\Drivers\etc\hosts localhost

    There are 15597 more lines.

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3840204244-4144708379-2675172571-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
    HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\david\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{67f2a7bc-59ba-43c5-95ae-e37a14016eb3}.jpg
    HKU\S-1-5-21-3840204244-4144708379-2675172571-500\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP Backgrounds\backgroundDefault.jpg
    DNS Servers: -
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Prompt)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    HKLM\...\StartupApproved\Run: => "Eraser"
    HKLM\...\StartupApproved\Run: => "iTunesHelper"
    HKLM\...\StartupApproved\Run32: => "HPMessageService"
    HKLM\...\StartupApproved\Run32: => "HPMSGSVC"
    HKU\S-1-5-21-3840204244-4144708379-2675172571-1000\...\StartupApproved\Run: => "OneDriveSetup"
    HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
    HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\StartupApproved\Run: => "SandboxieControl"
    HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\StartupApproved\Run: => "Amazon Drive"
    HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\StartupApproved\Run: => "OneDrive"
    HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"
    HKU\S-1-5-21-3840204244-4144708379-2675172571-500\...\StartupApproved\Run: => "OneDriveSetup"
    HKU\S-1-5-21-3840204244-4144708379-2675172571-500\...\StartupApproved\Run: => "OneDrive"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{616AAE34-66E6-4D3F-9671-E6BBBC901AA7}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{6163E124-9704-4345-8E66-B486DC6BADC9}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    FirewallRules: [{BC577CB6-D79E-479C-9429-7AFF2F9D9D8A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{1C59079D-90CA-4A83-BF36-209D5A26F687}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{7DDBF716-B86E-4569-924A-40CEB67B298D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{23C37057-22E9-42BA-9AE1-2A43143A9244}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{059B33D9-2345-4255-B60E-03648122A18F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    FirewallRules: [{8A41E128-5ABD-4BFB-9BB5-6A7012C2AA0C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{0BD43C16-008A-4BAE-AC23-B77191F113AA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{D30D3921-F93E-4786-8E4C-86584FB31C0E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
    FirewallRules: [{F74EE6F2-AF91-43FC-B43A-5E21EDD75349}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
    FirewallRules: [{7F1F6D0D-CE29-4783-93B9-E0CEFD3F67DA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
    FirewallRules: [{4590D767-3B45-4EE0-B933-7A7BF5A196DE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
    FirewallRules: [{8C91E137-BDB9-4EE4-8EF8-0DA9BE0250D0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
    FirewallRules: [{4EB4978A-6186-42F1-A738-D36A5857040B}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
    FirewallRules: [{D40E4E5A-7AAC-43FB-8ED8-77F955A4571B}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{FF0B1C64-6A6C-45F6-A86A-B64B88CFA872}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{99F1C6F5-BE9F-472D-BA46-D45B579851B2}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{461402B0-779E-454B-B702-3C075BC449C2}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{C396FB9C-B792-4F3F-AF6C-9526D4BF5F04}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{30170DAF-20E6-4162-B4A4-F4A6969CDEC2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
    FirewallRules: [{373D32D1-656A-4AFA-ADEA-0678E7CCE71C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
    FirewallRules: [{AD58AAAE-E1E5-4E19-AFB9-4A52040E4CBD}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
    FirewallRules: [{F437CFE9-49D0-4965-9343-F8D170E1406F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
    FirewallRules: [{DD2F27A1-16BA-4030-9352-96CB1263990A}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
    FirewallRules: [{DA33494D-575C-4D8A-AF3D-F8206169DD39}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
    FirewallRules: [{24D6F391-35CE-4115-BBE7-32B2B3ED7D95}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{93EC22F0-452E-41A5-8F9E-CCC1C18C94DF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{EE6EE4D7-8DAF-40D4-A595-364F61E183BC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{A8298A6E-5CAA-4239-930D-095DE75D32A6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{2D89F9EC-BAC6-4C1C-A780-AC0F06474150}] => (Block) LPort=445
    FirewallRules: [{685DA9E5-CDA8-4D6B-B7C0-6E8AF36F93DC}] => (Block) LPort=445
    FirewallRules: [{4F1BE023-43BF-4FAE-886A-30C5BC6BA4CA}] => (Allow) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe
    FirewallRules: [{79E551F1-0ACE-4683-975D-804191D7DCBB}] => (Allow) LPort=13148
    FirewallRules: [{E61E6FD2-B88B-4ADA-A638-E7942902985C}] => (Allow) LPort=81
    FirewallRules: [{7084ECB8-6F0F-4EC3-B976-2F7312E35EEE}] => (Allow) LPort=81
    FirewallRules: [{4142A306-789E-4A9E-A329-FC9F5FB6A954}] => (Allow) LPort=82
    FirewallRules: [{9B96C534-5E8E-4E3F-8434-8D893B6AB7DC}] => (Allow) LPort=82
    FirewallRules: [{22C64A09-9EB0-42BC-BBDA-807683E70B59}] => (Allow) LPort=9524
    FirewallRules: [{41F66F48-1A78-4DF4-96E7-18C977766271}] => (Allow) LPort=9524
    FirewallRules: [{BC712F90-4919-4B88-9D7D-5C93DA72EDC4}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
    FirewallRules: [{3FB8784B-A635-4741-92F5-16CEF17BB0C1}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
    FirewallRules: [{640730CB-4560-421C-A661-379016C8A9A2}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    FirewallRules: [{23229D88-D72F-4A51-8645-386168A7DB2A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
    FirewallRules: [{A15A5DEA-D422-46D6-97DD-86D08937731F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Restore Points =========================

    26-03-2018 13:33:27 Removed Dropbox 25 GB

    ==================== Faulty Device Manager Devices =============

    Name: avast! SecureLine TAP Adapter v3
    Description: avast! SecureLine TAP Adapter v3
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: TAP-Windows Provider V9
    Service: aswTap
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    ==================== Event log errors: =========================

    Application errors:
    Error: (03/26/2018 01:30:54 PM) (Source: Perflib) (EventID: 1008) (User: )
    Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

    Error: (03/24/2018 03:02:25 AM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\WINDOWS\WinSxS\manifests\
    Component 2: C:\WINDOWS\WinSxS\manifests\

    Error: (03/24/2018 03:02:22 AM) (Source: ESENT) (EventID: 455) (User: )
    Description: taskhostw (6568,R,0) WebCacheLocal: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Users\david\AppData\Local\Microsoft\Windows\WebCache\V0100667.log.

    Error: (03/24/2018 02:59:59 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: SDScan.exe, version:, time stamp: 0x56efed8f
    Faulting module name: KERNELBASE.dll, version: 10.0.16299.309, time stamp: 0xd3aa915c
    Exception code: 0x0eedfade
    Fault offset: 0x001008f2
    Faulting process id: 0x2624
    Faulting application start time: 0x01d3c33db776ba9e
    Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
    Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
    Report Id: 728baf28-a5e6-4575-99a9-c5c569eb685d
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (03/24/2018 02:59:59 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: SDScan.exe, version:, time stamp: 0x56efed8f
    Faulting module name: KERNELBASE.dll, version: 10.0.16299.309, time stamp: 0xd3aa915c
    Exception code: 0x0eedfade
    Fault offset: 0x001008f2
    Faulting process id: 0xb74
    Faulting application start time: 0x01d3c33db829c7e2
    Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
    Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
    Report Id: 2b92bfa7-8624-4e17-95c2-cba1dd718c2f
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (03/24/2018 02:59:59 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: SDScan.exe, version:, time stamp: 0x56efed8f
    Faulting module name: KERNELBASE.dll, version: 10.0.16299.309, time stamp: 0xd3aa915c
    Exception code: 0x0eedfade
    Fault offset: 0x001008f2
    Faulting process id: 0xb8
    Faulting application start time: 0x01d3c33db8d18b07
    Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
    Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
    Report Id: 831df313-7732-4048-9952-899f44212c81
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (03/24/2018 02:55:24 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: SDScan.exe, version:, time stamp: 0x56efed8f
    Faulting module name: KERNELBASE.dll, version: 10.0.16299.309, time stamp: 0xd3aa915c
    Exception code: 0x0eedfade
    Fault offset: 0x001008f2
    Faulting process id: 0x2458
    Faulting application start time: 0x01d3c33d14f3b4c6
    Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
    Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
    Report Id: 6dab7d62-5d75-4dfa-8bcf-f90253859e07
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (03/24/2018 02:55:24 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: SDScan.exe, version:, time stamp: 0x56efed8f
    Faulting module name: KERNELBASE.dll, version: 10.0.16299.309, time stamp: 0xd3aa915c
    Exception code: 0x0eedfade
    Fault offset: 0x001008f2
    Faulting process id: 0x3150
    Faulting application start time: 0x01d3c33d139aa0aa
    Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
    Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
    Report Id: bb23eb75-0ed1-4470-8f3c-117842d633be
    Faulting package full name:
    Faulting package-relative application ID:

    System errors:
    Error: (03/26/2018 02:37:13 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-7F1R3BQ)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    and APPID
    to the user DESKTOP-7F1R3BQ\david SID (S-1-5-21-3840204244-4144708379-2675172571-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (03/26/2018 02:37:03 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-7F1R3BQ)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    and APPID
    to the user DESKTOP-7F1R3BQ\david SID (S-1-5-21-3840204244-4144708379-2675172571-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (03/26/2018 02:34:52 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-7F1R3BQ)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    and APPID
    to the user DESKTOP-7F1R3BQ\david SID (S-1-5-21-3840204244-4144708379-2675172571-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (03/26/2018 02:19:24 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-7F1R3BQ)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    and APPID
    to the user DESKTOP-7F1R3BQ\david SID (S-1-5-21-3840204244-4144708379-2675172571-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (03/26/2018 02:18:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The NVIDIA Display Container LS service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

    Error: (03/26/2018 02:18:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Avast Cleanup Premium service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

    Error: (03/26/2018 02:18:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Spybot-S&D 2 Updating Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    Error: (03/26/2018 02:16:14 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-7F1R3BQ)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    and APPID
    to the user DESKTOP-7F1R3BQ\david SID (S-1-5-21-3840204244-4144708379-2675172571-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


    Date: 2018-03-26 14:44:18.320
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2018-03-26 14:44:18.318
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2018-03-26 14:44:18.306
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2018-03-26 14:44:18.304
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2018-03-26 14:14:18.539
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2018-03-26 14:14:18.536
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2018-03-26 14:13:45.799
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2018-03-26 14:13:45.797
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-7700K CPU @ 4.20GHz
    Percentage of memory in use: 8%
    Total physical RAM: 65471.72 MB
    Available physical RAM: 59774.3 MB
    Total Virtual: 135103.72 MB
    Available Virtual: 129214.74 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:475.71 GB) (Free:296.3 GB) NTFS
    Drive d: (DATA) (Fixed) (Total:2784.39 GB) (Free:2434.62 GB) NTFS
    Drive e: (RECOVERY) (Fixed) (Total:10.12 GB) (Free:1.03 GB) NTFS ==>[system with boot components (obtained from drive)]

    \\?\Volume{333cf284-ea3c-4ac8-ac3f-87319045c9aa}\ () (Fixed) (Total:0.25 GB) (Free:0.17 GB) FAT32
    \\?\Volume{6fcab8a2-07f2-4671-84ea-508f5c56ae80}\ () (Fixed) (Total:0 GB) (Free:0 GB)

    ==================== MBR & Partition Table ==================

    Disk: 0 (Size: 476.9 GB) (Disk ID: 318C0D81)

    Partition: GPT.

    Disk: 1 (Size: 2794.5 GB) (Disk ID: 99C170A3)

    Partition: GPT.

    ==================== End of Addition.txt ============================

    The above error message might have occurred due to user-mode graphic drivers
    when watching videos, it's just a thought

    You also have Avast Cleanup Premium installed. The use of such registry cleaners, tuneup utilities, and system optimizers is NOTt recommended. Please see this link and this link for more information.

    If you have problems using the below fix, please disable your antivirus temporarily.

    Start Farbar Recovery Scan Tool with Administrator privileges
    (Right click on the FRST icon and select Run as administrator)

    highlight on the text below and select Copy.
    beginning with Start:: and finishing with End::

    HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
    SearchScopes: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://{searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
    SearchScopes: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://{searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
    SearchScopes: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001 -> {518b33ae-375d-712d-6742-d1fe0400268d} URL =
    2018-03-26 13:45 - 2018-03-26 13:45 - 002183680 _____ (Opera Software) C:\Users\david\AppData\Local\Temp\Opera_installer_180326174532829.dll
    2018-03-26 13:45 - 2018-03-26 13:45 - 002183680 _____ (Opera Software) C:\Users\david\AppData\Local\Temp\Opera_installer_180326174532985.dll
    2018-03-26 13:45 - 2018-03-26 13:45 - 002183680 _____ (Opera Software) C:\Users\david\AppData\Local\Temp\Opera_installer_180326174533423.dll
    2018-03-26 13:45 - 2018-03-26 13:45 - 002183680 _____ (Opera Software) C:\Users\david\AppData\Local\Temp\Opera_installer_180326174538083.dll
    Task: {FF82D779-C88D-4E52-A92A-A206B84FD034} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    AlternateDataStreams: C:\Users\david\Documents\Amazon [177]
    AlternateDataStreams: C:\Users\david\Documents\Amazon [42]

    Press the Fix button.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


    • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
    • Once done, move the executable file to your Desktop, right-click on it and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
    • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
    • Wait for the scan to complete
    • On completion, the results will be displayed
    • Check every single entry (threat found), and click on the Remove Selected button
    • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
    • This will open the report in Notepad. Copy/paste its content in your next reply

    AdwCleaner - Fix Mode
    • Download AdwCleaner and move it to your Desktop
    • Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
    • Accept the EULA (I accept), then click on Scan
    • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
    • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
    • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

    Your next reply(ies) should therefore contain:
    • Copy/pasted Fixlog.txt
    • Copy/pasted RogueKiller clean log
    • Copy/pasted AdwCleaner clean log
    Question Am I to paste the text you mention in FRST somewhere before I press the FIX button?

    Am I to paste the text you mention in FRST somewhere before I press the FIX button? Where?

    Quote Originally Posted by Juliet View Post
    The above error message might have occurred due to user-mode graphic drivers
    when watching videos, it's just a thought

    You also have Avast Cleanup Premium installed. The use of such registry cleaners, tuneup utilities, and system optimizers is NOTt recommended. Please see this link and this link for more information.

    If you have problems using the below fix, please disable your antivirus temporarily.

    Start Farbar Recovery Scan Tool with Administrator privileges
    (Right click on the FRST icon and select Run as administrator)

    highlight on the text below and select Copy.
    beginning with Start:: and finishing with End::

    HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
    SearchScopes: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://{searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
    SearchScopes: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://{searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
    SearchScopes: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001 -> {518b33ae-375d-712d-6742-d1fe0400268d} URL =
    2018-03-26 13:45 - 2018-03-26 13:45 - 002183680 _____ (Opera Software) C:\Users\david\AppData\Local\Temp\Opera_installer_180326174532829.dll
    2018-03-26 13:45 - 2018-03-26 13:45 - 002183680 _____ (Opera Software) C:\Users\david\AppData\Local\Temp\Opera_installer_180326174532985.dll
    2018-03-26 13:45 - 2018-03-26 13:45 - 002183680 _____ (Opera Software) C:\Users\david\AppData\Local\Temp\Opera_installer_180326174533423.dll
    2018-03-26 13:45 - 2018-03-26 13:45 - 002183680 _____ (Opera Software) C:\Users\david\AppData\Local\Temp\Opera_installer_180326174538083.dll
    Task: {FF82D779-C88D-4E52-A92A-A206B84FD034} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    AlternateDataStreams: C:\Users\david\Documents\Amazon [177]
    AlternateDataStreams: C:\Users\david\Documents\Amazon [42]

    Press the Fix button.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


    • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
    • Once done, move the executable file to your Desktop, right-click on it and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
    • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
    • Wait for the scan to complete
    • On completion, the results will be displayed
    • Check every single entry (threat found), and click on the Remove Selected button
    • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
    • This will open the report in Notepad. Copy/paste its content in your next reply

    AdwCleaner - Fix Mode
    • Download AdwCleaner and move it to your Desktop
    • Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
    • Accept the EULA (I accept), then click on Scan
    • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
    • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
    • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

    created by Aura

    Your next reply(ies) should therefore contain:
    • Copy/pasted Fixlog.txt
    • Copy/pasted RogueKiller clean log
    • Copy/pasted AdwCleaner clean log

    Open Farbar Recovery Scan Tool (don't do anything with it I just want the tool open and ready to use)
    below I have created a script, highlight and copy it from where it says Start::

    HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
    SearchScopes: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://{searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
    SearchScopes: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://{searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
    SearchScopes: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001 -> {518b33ae-375d-712d-6742-d1fe0400268d} URL =
    2018-03-26 13:45 - 2018-03-26 13:45 - 002183680 _____ (Opera Software) C:\Users\david\AppData\Local\Temp\Opera_installer_180326174532829.dll
    2018-03-26 13:45 - 2018-03-26 13:45 - 002183680 _____ (Opera Software) C:\Users\david\AppData\Local\Temp\Opera_installer_180326174532985.dll
    2018-03-26 13:45 - 2018-03-26 13:45 - 002183680 _____ (Opera Software) C:\Users\david\AppData\Local\Temp\Opera_installer_180326174533423.dll
    2018-03-26 13:45 - 2018-03-26 13:45 - 002183680 _____ (Opera Software) C:\Users\david\AppData\Local\Temp\Opera_installer_180326174538083.dll
    Task: {FF82D779-C88D-4E52-A92A-A206B84FD034} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    AlternateDataStreams: C:\Users\david\Documents\Amazon [177]
    AlternateDataStreams: C:\Users\david\Documents\Amazon [42]

    Now, Look at the open Farbar Recovery Scan Tool, I think it's located at the bottom of the tool
    Press the Fix button.
    Default AdwCleaner could not finish; I pasted the other two logs

    I have pasted two logs for the programs that were able to finish. AdwCleaner could not complete. It said *** Caught unhandled unknown exception; terminated
    and then it froze up. I restarted in hopes it would then produce a log, but it did not. The items it did not or could not clean include Pup.Optional.AdvancedSystemCare, which showed up twice in the AdwCleaner results in C:\Users\david\AppData\roaming\IObit\AdvancedSystemCleaner

    Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
    Ran by david (27-03-2018 15:38:47) Run:1
    Running from C:\Users\david\Desktop
    Loaded Profiles: defaultuser0 & david & Administrator (Available Profiles: defaultuser0 & david & Administrator)
    Boot Mode: Normal

    fixlist content:
    HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
    SearchScopes: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://{searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
    SearchScopes: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://{searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
    SearchScopes: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001 -> {518b33ae-375d-712d-6742-d1fe0400268d} URL =
    2018-03-26 13:45 - 2018-03-26 13:45 - 002183680 _____ (Opera Software) C:\Users\david\AppData\Local\Temp\Opera_installer_180326174532829.dll
    2018-03-26 13:45 - 2018-03-26 13:45 - 002183680 _____ (Opera Software) C:\Users\david\AppData\Local\Temp\Opera_installer_180326174532985.dll
    2018-03-26 13:45 - 2018-03-26 13:45 - 002183680 _____ (Opera Software) C:\Users\david\AppData\Local\Temp\Opera_installer_180326174533423.dll
    2018-03-26 13:45 - 2018-03-26 13:45 - 002183680 _____ (Opera Software) C:\Users\david\AppData\Local\Temp\Opera_installer_180326174538083.dll
    Task: {FF82D779-C88D-4E52-A92A-A206B84FD034} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    AlternateDataStreams: C:\Users\david\Documents\Amazon [177]
    AlternateDataStreams: C:\Users\david\Documents\Amazon [42]


    Processes closed successfully.
    Restore point was successfully created.
    HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
    "HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
    "HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully
    HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
    "HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{518b33ae-375d-712d-6742-d1fe0400268d}" => removed successfully
    HKLM\Software\Classes\CLSID\{518b33ae-375d-712d-6742-d1fe0400268d} => not found
    C:\Users\david\AppData\Local\Temp\Opera_installer_180326174532829.dll => moved successfully
    C:\Users\david\AppData\Local\Temp\Opera_installer_180326174532985.dll => moved successfully
    C:\Users\david\AppData\Local\Temp\Opera_installer_180326174533423.dll => moved successfully
    C:\Users\david\AppData\Local\Temp\Opera_installer_180326174538083.dll => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FF82D779-C88D-4E52-A92A-A206B84FD034}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF82D779-C88D-4E52-A92A-A206B84FD034}" => removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.
    C:\Users\david\Documents\Amazon Drive => "" ADS removed successfully
    C:\Users\david\Documents\Amazon Drive => "" ADS removed successfully

    =========== EmptyTemp: ==========

    BITS transfer queue => 10510336 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11818447 B
    Java, Flash, Steam htmlcache => 506 B
    Windows/system/drivers => 14043788 B
    Edge => 13593 B
    Chrome => 590952315 B
    Firefox => 6592100 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 6656 B
    Users => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 0 B
    systemprofile32 => 0 B
    LocalService => 0 B
    NetworkService => 0 B
    defaultuser0 => 0 B
    david => 121674660 B
    Administrator => 11560 B

    RecycleBin => 271051 B
    EmptyTemp: => 720.9 MB temporary data Removed.


    Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 27-03-2018 15:40:10)

    Result of scheduled keys to remove after reboot:

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.

    ==== End of Fixlog 15:40:10 ====

    RogueKiller V12.12.10.0 (x64) [Mar 26 2018] (Free) by Adlice Software
    mail :
    Feedback :
    Website :
    Blog :

    Operating System : Windows 10 (10.0.16299) 64 bits version
    Started in : Normal mode
    User : david [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Mode : Delete -- Date : 03/27/2018 15:45:47 (Duration : 00:14:33)

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 16 ¤¤¤
    [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-3840204244-4144708379-2675172571-1001\Software\ProductSetup -> Deleted
    [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-3840204244-4144708379-2675172571-1001\Software\ProductSetup -> Deleted
    [PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : -> Replaced (
    [PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : -> Replaced (
    [PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : -> Replaced (
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3840204244-4144708379-2675172571-1001\Software\Microsoft\Internet Explorer\Main | Start Page : -> Replaced (
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3840204244-4144708379-2675172571-1001\Software\Microsoft\Internet Explorer\Main | Start Page : -> Replaced (
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : -> Replaced (
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : -> Replaced (
    [PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : -> Replaced (
    [PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : -> Replaced (
    [PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : -> Replaced (
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3840204244-4144708379-2675172571-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : -> Replaced (
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3840204244-4144708379-2675172571-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : -> Replaced (
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : -> Replaced (
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : -> Replaced (

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ WMI : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

    ¤¤¤ Web browsers : 3 ¤¤¤
    [PUP.Gen0][Chrome:Addon] Default : Honey [bmnlcjabgnpnenekpadlanbbkooimhnj] -> Deleted
    [PUM.SearchEngine][Firefox:Config] m3cozkdk.default : user_pref("", "Yahoo! Powered Search"); -> Deleted
    [PUM.SearchEngine][Firefox:Config] m3cozkdk.default : user_pref("", "Yahoo! Powered Search"); -> Deleted

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: SanDisk SD8SB8U-512G-1006 +++++
    --- User ---
    [MBR] a24c96a3ee524f545f08fd6986cb1f85
    [BSP] a586ddf38dd5fab9f6cb403731de4bd6 : Empty|VT.Unknown MBR Code
    Partition table:
    0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB
    1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 534528 | Size: 16 MB
    2 - Basic data partition | Offset (sectors): 567296 | Size: 487124 MB
    3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 998197248 | Size: 980 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: ST3000DM001-1ER166 +++++
    --- User ---
    [MBR] 2c42c07e10669fbd94e123a15557bd45
    [BSP] e35de41c8d7b3af26b0f1574e64e059b : Empty|VT.Unknown MBR Code
    Partition table:
    0 - Basic data partition | Offset (sectors): 2048 | Size: 2851220 MB
    1 - [SYSTEM] Basic data partition | Offset (sectors): 5839300608 | Size: 10367 MB
    User = LL1 ... OK
    User = LL2 ... OK

    If those items above are not found by the following scans, we can attempt to go after them manually.

    Let's update and run a scan with Malwarebytes Anti-Malware

    Open Malwarebytes Anti-Malware, let it update (if it doesn't automatically let me know)

    • Under SETTINGS.....APPLICATIONS leave everything at default
    • Go to the Setting Tab
    • Under Setting go to Detection and Protection
    • Under PUP and PUM make sure both are set to show Treat Detections as Malware
    • Then on the Dashboard click on Scan
    • Make sure to select THREAT SCAN
    • Then click on Scan
    • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.
      If threats are detected, click the Apply Actions button.
      You will now be prompted to reboot. Click Yes.
      Upon completion of the scan (or after the reboot), click the Reports tab.
      Double-click the Scan Log.
      At the bottom click Export and choose Text file.

    Save the file to your desktop and include its content in your next reply.

    You can access the logs by going in the "Reports" tab, clicking on the latest "Scan" entry (the one with detection's), then clicking on the "Export" button in the bottom-left corner and select "Copy to clipboard". After that, all you have to do is paste it here


    Emsisoft Emergency Kit - Fix Mode
    Follow the instructions below to run a scan using the Emsisoft Emergency Kit.
    • Download the Emsisoft Emergency Kit and execute it. From there, click on the Install button to extract the program in the EEK folder;
    • Once the extraction is complete, the EEK folder will open. Right-click on start emergency kit scanner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
    • EEK will suggest that you run an online update before using the program. Click on Yes to launch it.
    • After the update, click on Malware Scan under 2. Scan and accept to let EEK detect PUPs (click on Yes).
    • Once the scan is complete, make sure that every item in the list is checked, and click on the Quarantine selected button;
    • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
    • After the restart, open EEK again (in the C:\EEK folder);
    • This time, click on Logs;
    • From there, go under the Quarantine Log tab, and click on the Export button;
    • Save the log on your desktop, then open it, and copy/paste its content in your next reply;

    Default Both logs pasted in


    -Log Details-
    Scan Date: 3/27/18
    Scan Time: 6:34 PM
    Log File: f52bd386-320e-11e8-bf1c-dcfe07d6b952.json
    Administrator: Yes

    -Software Information-
    Components Version: 1.0.322
    Update Package Version: 1.0.4514
    License: Premium

    -System Information-
    OS: Windows 10 (Build 16299.309)
    CPU: x64
    File System: NTFS
    User: DESKTOP-7F1R3BQ\david

    -Scan Summary-
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 373914
    Threats Detected: 0
    (No malicious items detected)
    Threats Quarantined: 0
    (No malicious items detected)
    Time Elapsed: 1 min, 18 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 0
    (No malicious items detected)

    Registry Value: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 0
    (No malicious items detected)

    File: 0
    (No malicious items detected)

    Physical Sector: 0
    (No malicious items detected)


    Emsisoft Emergency Kit 2017.12.0.8334 stable [en-us]
    OS: Windows 10 (Version 10.0, Build 16299, 64-bit Edition)

    Forensics log

    Date Component Action Details
    3/27/2018 6:45:07 PM User DESKTOP-7F1R3BQ\DAVID Infection quarantined Malware "Application.AppInstall (A)" in "software informer".
    3/27/2018 6:44:45 PM Scanner Scan finished Found 1 object , user to decide on further actions.
    3/27/2018 6:44:25 PM Scanner Detection PUP "Application.AppInstall (A)" in "software informer"
    3/27/2018 6:44:18 PM User DESKTOP-7F1R3BQ\david Scan started Malware Scan
    3/27/2018 6:43:55 PM User DESKTOP-7F1R3BQ\david Setting modified "Detect PUPs" has been changed to "Enabled".
    3/27/2018 6:41:21 PM User Update Downloaded and installed 125 files (22241 kb) (14 sec.).
    3/27/2018 6:41:07 PM Core Notification "Recommended Reading:13 mistakes to avoid when choosing antivirus software in 2018".
    3/27/2018 6:41:03 PM User Update Failed with error "Server returned error" (0 sec.).

    IObit left some items on your computer we can remove.

    Start Farbar Recovery Scan Tool with Administrator privileges
    (Right click on the FRST icon and select Run as administrator)

    highlight on the text below and select Copy.
    beginning with Start:: and finishing with End::


    Press the Fix button.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

    Post this log when finished,

    How is the computer now?
