PC running very slowly.

[EwellMan]

I installed some freeware the other day and since then my PC has been running so slowly I can barely use it. I'm concerned spyware might have been installed that my antivirus hasn't picked up on.

Thanks in advance.

Here is the FRST log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.07.2018
Ran by User (administrator) on USER-PC (30-07-2018 11:32:09)
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardCore.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardFileScanner.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardFiltering.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardFirewall.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardSentry.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
(Avid Technology, Inc.) C:\Program Files (x86)\Avid\Pro Tools\MMERefresh.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardTray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe
() C:\Program Files\Audient\USBAudioDriver\iD.exe
() C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
(GOG.com) C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe
(GOG.com) C:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe
(GOG.com) C:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe
(GOG.com) C:\Program Files (x86)\GOG Galaxy\GOG Galaxy Notifications Renderer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BullGuard] => C:\Program Files\BullGuard Ltd\BullGuard\BullGuardTray.exe [201064 2018-07-17] (BullGuard Ltd.)
HKLM-x32\...\Run: [DigidesignMMERefresh] => C:\Program Files (x86)\Avid\Pro Tools\MMERefresh.exe [81920 2017-03-10] (Avid Technology, Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [456320 2017-06-07] (Power Software Ltd)
HKU\S-1-5-21-4088020178-4125591875-2159771896-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3205408 2018-07-24] (Valve Corporation)
HKU\S-1-5-21-4088020178-4125591875-2159771896-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-03] (Piriform Ltd)
HKU\S-1-5-21-4088020178-4125591875-2159771896-1000\...\Run: [GalaxyClient] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [6881864 2018-07-11] (GOG.com)
HKU\S-1-5-21-4088020178-4125591875-2159771896-1000\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [49654728 2018-06-26] (Skype Technologies S.A.)
HKU\S-1-5-21-4088020178-4125591875-2159771896-1000\...\Run: [Spotify Web Helper] => C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe [782736 2018-06-04] (Spotify Ltd)
HKU\S-1-5-21-4088020178-4125591875-2159771896-1000\...\MountPoints2: {51a241c1-08aa-11e7-80a4-74d435d74a2b} - E:\setup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iD Autostart.lnk [2017-03-14]
ShortcutTarget: iD Autostart.lnk -> C:\Program Files\Audient\USBAudioDriver\iD.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2017-03-10]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{03728852-DDBB-42B5-B42A-BBD1216E3BB9}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{D1BC7903-255E-4DD6-9D24-E0F716868310}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-4088020178-4125591875-2159771896-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: 86d5ykwz.default
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\86d5ykwz.default [2018-07-30]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> about:blank
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2018-07-30]
CHR Extension: (Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-09]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-09]
CHR Extension: (Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-09]
CHR Extension: (AdBlock) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-07-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Cold Turkey) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pganeibhckoanndahmnfggfoeofncnii [2018-03-23]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-15]
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4088020178-4125591875-2159771896-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4088020178-4125591875-2159771896-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BsBackup; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBackup.exe [1639272 2018-07-17] (BullGuard Ltd.)
R2 BsFileScan; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardFileScanner.exe [578920 2018-07-17] (BullGuard Ltd.)
R2 BsMailProxy; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardFiltering.exe [5896552 2018-07-17] (BullGuard Ltd.)
R2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardCore.exe [1031528 2018-07-17] (BullGuard Ltd.)
R2 BsNet; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardFirewall.exe [810856 2018-07-17] (BullGuard Ltd.)
R2 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [306024 2018-07-17] (BullGuard Ltd.)
R2 BsSentry; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardSentry.exe [479592 2018-07-17] (BullGuard Ltd.)
R2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [507240 2018-07-17] (BullGuard Ltd.)
R2 DigiRefresh; C:\Program Files (x86)\Avid\Pro Tools\MMERefresh.exe [81920 2017-03-10] (Avid Technology, Inc.) [File not signed]
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [686664 2018-07-11] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [8942664 2018-07-11] (GOG.com)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [296432 2014-04-09] (Intel Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-11] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-11] (NVIDIA Corporation)
R2 PaceLicenseDServices; C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2938880 2012-05-18] (PACE Anti-Piracy, Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
U4 BsCache; C:\Program Files\BullGuard Ltd\BullGuard\BsCache.dll [X]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 audientusbaudio; C:\Windows\System32\DRIVERS\audientusbaudio_x64.sys [288328 2015-12-08] ()
R3 audientusbaudioks; C:\Windows\System32\DRIVERS\audientusbaudioks_x64.sys [56904 2015-12-08] ()
R1 BdAgent; C:\Windows\System32\DRIVERS\BdAgent.sys [174744 2016-08-31] (BullGuard Ltd.)
R0 BdNet; C:\Windows\System32\DRIVERS\BdNet.sys [152664 2017-06-28] (BullGuard Ltd.)
R1 BdSentry; C:\Windows\System32\DRIVERS\BdSentry.sys [84264 2018-04-26] (BullGuard Ltd.)
R1 BdSpy; C:\Windows\System32\DRIVERS\BdSpy.sys [76728 2016-01-13] (BullGuard Ltd.)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-06-14] (Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-06-14] (Disc Soft Ltd)
S3 dtultrascsibus; C:\Windows\System32\DRIVERS\dtultrascsibus.sys [30264 2017-03-14] (Disc Soft Ltd)
S3 dtultrausbbus; C:\Windows\System32\DRIVERS\dtultrausbbus.sys [47672 2017-03-14] (Disc Soft Ltd)
R3 NIWinCDEmu; C:\Windows\System32\DRIVERS\NIWinCDEmu.sys [112408 2016-09-07] ()
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-10-11] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50624 2017-10-11] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57792 2017-09-19] (NVIDIA Corporation)
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [442848 2018-04-23] (BitDefender S.R.L.)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [225792 2013-09-25] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [296960 2013-09-25] (VIA Technologies, Inc.)
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-07-30 11:32 - 2018-07-30 11:35 - 000017334 _____ C:\Users\User\Downloads\FRST.txt
2018-07-30 11:28 - 2018-07-30 11:28 - 002412544 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2018-07-25 19:54 - 2018-07-25 18:29 - 168093019 ____N C:\Users\User\Desktop\20180725_182743.mp4
2018-07-25 11:59 - 2018-07-25 12:07 - 000152580 _____ C:\Users\User\Desktop\Uncertainty Document.odt
2018-07-23 20:35 - 2018-07-23 20:35 - 000007785 _____ C:\Users\User\Downloads\transcript.txt
2018-07-23 16:39 - 2018-07-23 16:39 - 022107531 _____ C:\Users\User\Downloads\xhamster.com_8508261_teen_boy_sexy_bubble_ass_tasty_and_ready_to_fuck_720p.mp4
2018-07-23 16:38 - 2018-07-23 16:38 - 001045592 _____ C:\Users\User\Downloads\xhamster.com_9054628_showing_my_teen_boy_butthole_480p.mp4
2018-07-23 16:36 - 2018-07-23 16:36 - 005904777 _____ C:\Users\User\Downloads\xhamster.com_9719526_emo_teen_boy_spreading_ass_720p.mp4
2018-07-23 15:55 - 2018-07-23 15:55 - 000009711 _____ C:\Users\User\AppData\Local\recently-used.xbel
2018-07-23 12:57 - 2018-07-23 12:57 - 015876044 ____T C:\Users\User\Desktop\Metro City Mix 4.wav
2018-07-20 15:37 - 2018-07-20 15:37 - 002305655 _____ C:\Users\User\Downloads\20170903-225003.m4a
2018-07-20 14:41 - 2018-07-20 14:41 - 000000000 ____D C:\ProgramData\Toontrack
2018-07-19 14:04 - 2018-07-19 14:04 - 035353544 ____T C:\Users\User\Desktop\Final Fight Hong Kong Mix 4.wav
2018-07-18 14:35 - 2018-07-18 14:35 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2018-07-18 14:35 - 2018-07-18 14:35 - 000000000 ____D C:\Program Files (x86)\ASIO4ALL v2
2018-07-18 14:25 - 2018-07-25 12:13 - 000000000 ____D C:\Users\User\Documents\CBT
2018-07-18 14:16 - 2018-07-18 14:18 - 708802072 _____ (Image-Line) C:\Users\User\Downloads\flstudio_win_20.0.3.532.exe
2018-07-17 13:04 - 2018-07-17 13:04 - 000181216 _____ (BullGuard Ltd.) C:\Windows\system32\BgGamingMonitor.dll
2018-07-17 13:04 - 2018-07-17 13:04 - 000164688 _____ (BullGuard Ltd.) C:\Windows\SysWOW64\BgGamingMonitor.dll
2018-07-16 21:30 - 2018-07-18 11:17 - 000000136 _____ C:\Users\User\Desktop\Tasks.txt
2018-07-11 12:22 - 2018-06-21 01:58 - 000398376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-07-11 12:22 - 2018-06-21 01:00 - 000348824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-07-11 12:22 - 2018-06-16 18:07 - 025743872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-07-11 12:22 - 2018-06-16 17:46 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-07-11 12:22 - 2018-06-16 17:46 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-07-11 12:22 - 2018-06-16 17:36 - 020286464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-07-11 12:22 - 2018-06-16 17:33 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-07-11 12:22 - 2018-06-16 17:32 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-07-11 12:22 - 2018-06-16 17:31 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-07-11 12:22 - 2018-06-16 17:31 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-07-11 12:22 - 2018-06-16 17:31 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-07-11 12:22 - 2018-06-16 17:30 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-07-11 12:22 - 2018-06-16 17:27 - 005779968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-07-11 12:22 - 2018-06-16 17:24 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-07-11 12:22 - 2018-06-16 17:23 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-07-11 12:22 - 2018-06-16 17:20 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-07-11 12:22 - 2018-06-16 17:19 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-07-11 12:22 - 2018-06-16 17:19 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-07-11 12:22 - 2018-06-16 17:19 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-07-11 12:22 - 2018-06-16 17:19 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-07-11 12:22 - 2018-06-16 17:19 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-07-11 12:22 - 2018-06-16 17:12 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-07-11 12:22 - 2018-06-16 17:08 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-07-11 12:22 - 2018-06-16 17:06 - 000498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-07-11 12:22 - 2018-06-16 17:06 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-07-11 12:22 - 2018-06-16 17:05 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-07-11 12:22 - 2018-06-16 17:05 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-07-11 12:22 - 2018-06-16 17:04 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-07-11 12:22 - 2018-06-16 17:02 - 002295296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-07-11 12:22 - 2018-06-16 17:02 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-07-11 12:22 - 2018-06-16 17:02 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-07-11 12:22 - 2018-06-16 17:01 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-07-11 12:22 - 2018-06-16 16:59 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-07-11 12:22 - 2018-06-16 16:59 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-07-11 12:22 - 2018-06-16 16:58 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-07-11 12:22 - 2018-06-16 16:57 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-07-11 12:22 - 2018-06-16 16:57 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-07-11 12:22 - 2018-06-16 16:56 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-07-11 12:22 - 2018-06-16 16:56 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-07-11 12:22 - 2018-06-16 16:55 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-07-11 12:22 - 2018-06-16 16:55 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-07-11 12:22 - 2018-06-16 16:53 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-07-11 12:22 - 2018-06-16 16:47 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-07-11 12:22 - 2018-06-16 16:46 - 015283200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-07-11 12:22 - 2018-06-16 16:44 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-07-11 12:22 - 2018-06-16 16:42 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-07-11 12:22 - 2018-06-16 16:42 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-07-11 12:22 - 2018-06-16 16:42 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-07-11 12:22 - 2018-06-16 16:42 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-07-11 12:22 - 2018-06-16 16:41 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-07-11 12:22 - 2018-06-16 16:40 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-07-11 12:22 - 2018-06-16 16:39 - 002135552 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-07-11 12:22 - 2018-06-16 16:39 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-07-11 12:22 - 2018-06-16 16:38 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-07-11 12:22 - 2018-06-16 16:37 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-07-11 12:22 - 2018-06-16 16:36 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-07-11 12:22 - 2018-06-16 16:34 - 004496384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-07-11 12:22 - 2018-06-16 16:32 - 013680128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-07-11 12:22 - 2018-06-16 16:30 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-07-11 12:22 - 2018-06-16 16:29 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-07-11 12:22 - 2018-06-16 16:28 - 002060288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-07-11 12:22 - 2018-06-16 16:27 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-07-11 12:22 - 2018-06-16 16:27 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-07-11 12:22 - 2018-06-16 16:16 - 001545216 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-07-11 12:22 - 2018-06-16 16:08 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-07-11 12:22 - 2018-06-16 16:05 - 001313792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-07-11 12:22 - 2018-06-16 16:04 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-07-11 12:22 - 2018-06-16 16:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-07-11 12:22 - 2018-06-13 17:20 - 014185984 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-07-11 12:22 - 2018-06-13 17:19 - 001867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2018-07-11 12:22 - 2018-06-13 16:55 - 012880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2018-07-11 12:22 - 2018-06-13 16:54 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2018-07-11 12:22 - 2018-06-13 16:40 - 003226112 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-07-11 12:22 - 2018-06-08 17:27 - 005577408 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-07-11 12:22 - 2018-06-08 17:27 - 000708288 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-07-11 12:22 - 2018-06-08 17:27 - 000262336 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-07-11 12:22 - 2018-06-08 17:27 - 000154816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-07-11 12:22 - 2018-06-08 17:27 - 000095424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-07-11 12:22 - 2018-06-08 17:23 - 000631640 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-07-11 12:22 - 2018-06-08 17:22 - 001665344 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-07-11 12:22 - 2018-06-08 17:21 - 000369664 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
2018-07-11 12:22 - 2018-06-08 17:21 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-07-11 12:22 - 2018-06-08 17:21 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-07-11 12:22 - 2018-06-08 17:21 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-07-11 12:22 - 2018-06-08 17:21 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-07-11 12:22 - 2018-06-08 17:21 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-07-11 12:22 - 2018-06-08 17:20 - 002066432 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-07-11 12:22 - 2018-06-08 17:20 - 001461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-07-11 12:22 - 2018-06-08 17:20 - 001211904 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-07-11 12:22 - 2018-06-08 17:20 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-07-11 12:22 - 2018-06-08 17:20 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-07-11 12:22 - 2018-06-08 17:20 - 000512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-07-11 12:22 - 2018-06-08 17:20 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-07-11 12:22 - 2018-06-08 17:20 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-07-11 12:22 - 2018-06-08 17:20 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-07-11 12:22 - 2018-06-08 17:20 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-07-11 12:22 - 2018-06-08 17:20 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-07-11 12:22 - 2018-06-08 17:20 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-07-11 12:22 - 2018-06-08 17:20 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-07-11 12:22 - 2018-06-08 17:20 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-07-11 12:22 - 2018-06-08 17:20 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-07-11 12:22 - 2018-06-08 17:20 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-07-11 12:22 - 2018-06-08 17:20 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-07-11 12:22 - 2018-06-08 17:20 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-07-11 12:22 - 2018-06-08 17:20 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-07-11 12:22 - 2018-06-08 17:20 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-07-11 12:22 - 2018-06-08 17:20 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2018-07-11 12:22 - 2018-06-08 17:20 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-07-11 12:22 - 2018-06-08 17:19 - 000357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2018-07-11 12:22 - 2018-06-08 17:19 - 000182272 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2018-07-11 12:22 - 2018-06-08 17:19 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-07-11 12:22 - 2018-06-08 17:19 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-07-11 12:22 - 2018-06-08 17:19 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-07-11 12:22 - 2018-06-08 17:19 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2018-07-11 12:22 - 2018-06-08 17:18 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-07-11 12:22 - 2018-06-08 17:18 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-07-11 12:22 - 2018-06-08 17:18 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-07-11 12:22 - 2018-06-08 17:18 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-07-11 12:22 - 2018-06-08 17:18 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-07-11 12:22 - 2018-06-08 17:18 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-07-11 12:22 - 2018-06-08 17:18 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-07-11 12:22 - 2018-06-08 17:18 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-07-11 12:22 - 2018-06-08 17:18 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-07-11 12:22 - 2018-06-08 17:18 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-07-11 12:22 - 2018-06-08 17:18 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-07-11 12:22 - 2018-06-08 17:18 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-07-11 12:22 - 2018-06-08 17:18 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-07-11 12:22 - 2018-06-08 17:18 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-07-11 12:22 - 2018-06-08 17:18 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-07-11 12:22 - 2018-06-08 17:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-07-11 12:22 - 2018-06-08 17:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-07-11 12:22 - 2018-06-08 17:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-07-11 12:22 - 2018-06-08 17:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-07-11 12:22 - 2018-06-08 17:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-07-11 12:22 - 2018-06-08 17:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-07-11 12:22 - 2018-06-08 17:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-07-11 12:22 - 2018-06-08 17:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-07-11 12:22 - 2018-06-08 17:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-07-11 12:22 - 2018-06-08 17:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-07-11 12:22 - 2018-06-08 17:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-07-11 12:22 - 2018-06-08 17:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-07-11 12:22 - 2018-06-08 17:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-07-11 12:22 - 2018-06-08 17:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-07-11 12:22 - 2018-06-08 17:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-07-11 12:22 - 2018-06-08 17:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-07-11 12:22 - 2018-06-08 17:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-07-11 12:22 - 2018-06-08 17:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-07-11 12:22 - 2018-06-08 17:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-07-11 12:22 - 2018-06-08 17:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-07-11 12:22 - 2018-06-08 17:02 - 004050624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-07-11 12:22 - 2018-06-08 17:02 - 003962048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-07-11 12:22 - 2018-06-08 16:57 - 001314072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-07-11 12:22 - 2018-06-08 16:55 - 001417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2018-07-11 12:22 - 2018-06-08 16:55 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-07-11 12:22 - 2018-06-08 16:55 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-07-11 12:22 - 2018-06-08 16:55 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-07-11 12:22 - 2018-06-08 16:55 - 000330240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\zipfldr.dll
2018-07-11 12:22 - 2018-06-08 16:55 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-07-11 12:22 - 2018-06-08 16:55 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-07-11 12:22 - 2018-06-08 16:55 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-07-11 12:22 - 2018-06-08 16:55 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-07-11 12:22 - 2018-06-08 16:55 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-07-11 12:22 - 2018-06-08 16:55 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-07-11 12:22 - 2018-06-08 16:55 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-07-11 12:22 - 2018-06-08 16:55 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-07-11 12:22 - 2018-06-08 16:55 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-07-11 12:22 - 2018-06-08 16:55 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-07-11 12:22 - 2018-06-08 16:55 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-07-11 12:22 - 2018-06-08 16:55 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-07-11 12:22 - 2018-06-08 16:55 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2018-07-11 12:22 - 2018-06-08 16:55 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-07-11 12:22 - 2018-06-08 16:55 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-07-11 12:22 - 2018-06-08 16:54 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-07-11 12:22 - 2018-06-08 16:54 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-07-11 12:22 - 2018-06-08 16:54 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-07-11 12:22 - 2018-06-08 16:54 - 000269824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2018-07-11 12:22 - 2018-06-08 16:54 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-07-11 12:22 - 2018-06-08 16:54 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-07-11 12:22 - 2018-06-08 16:54 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-07-11 12:22 - 2018-06-08 16:54 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-07-11 12:22 - 2018-06-08 16:54 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-07-11 12:22 - 2018-06-08 16:54 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-07-11 12:22 - 2018-06-08 16:54 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-07-11 12:22 - 2018-06-08 16:54 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-07-11 12:22 - 2018-06-08 16:54 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-07-11 12:22 - 2018-06-08 16:54 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-07-11 12:22 - 2018-06-08 16:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-07-11 12:22 - 2018-06-08 16:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-07-11 12:22 - 2018-06-08 16:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-07-11 12:22 - 2018-06-08 16:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-07-11 12:22 - 2018-06-08 16:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-07-11 12:22 - 2018-06-08 16:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-07-11 12:22 - 2018-06-08 16:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-07-11 12:22 - 2018-06-08 16:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-07-11 12:22 - 2018-06-08 16:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-07-11 12:22 - 2018-06-08 16:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-07-11 12:22 - 2018-06-08 16:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-07-11 12:22 - 2018-06-08 16:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-07-11 12:22 - 2018-06-08 16:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-07-11 12:22 - 2018-06-08 16:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-07-11 12:22 - 2018-06-08 16:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-07-11 12:22 - 2018-06-08 16:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-07-11 12:22 - 2018-06-08 16:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-07-11 12:22 - 2018-06-08 16:44 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-07-11 12:22 - 2018-06-08 16:44 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-07-11 12:22 - 2018-06-08 16:44 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe
2018-07-11 12:22 - 2018-06-08 16:44 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-07-11 12:22 - 2018-06-08 16:43 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-07-11 12:22 - 2018-06-08 16:39 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-07-11 12:22 - 2018-06-08 16:38 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-07-11 12:22 - 2018-06-08 16:38 - 000129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-07-11 12:22 - 2018-06-08 16:34 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-07-11 12:22 - 2018-06-08 16:34 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-07-11 12:22 - 2018-06-08 16:34 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-07-11 12:22 - 2018-06-08 16:33 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-07-11 12:22 - 2018-06-08 16:33 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-07-11 12:22 - 2018-06-08 16:29 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2018-07-11 12:22 - 2018-06-08 16:28 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnscacheugc.exe
2018-07-11 12:22 - 2018-06-08 16:27 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-07-11 12:22 - 2018-06-08 16:21 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-07-11 12:22 - 2018-06-08 16:21 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-07-11 12:22 - 2018-06-08 16:21 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-07-11 12:22 - 2018-06-08 16:21 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-07-11 12:22 - 2018-06-08 16:19 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-07-11 12:22 - 2018-06-08 16:19 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-07-11 12:22 - 2018-06-08 16:19 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-07-11 12:22 - 2018-06-08 16:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-07-11 12:22 - 2018-06-08 16:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-07-11 12:22 - 2018-06-07 17:20 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2018-07-11 12:22 - 2018-06-07 17:19 - 000828928 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2018-07-11 12:22 - 2018-06-07 17:19 - 000749568 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2018-07-11 12:22 - 2018-06-07 17:19 - 000108544 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
2018-07-11 12:22 - 2018-06-07 16:57 - 000463360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2018-07-11 12:22 - 2018-06-07 16:49 - 000077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2018-07-11 12:22 - 2018-06-07 16:34 - 000018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfapigp.dll
2018-07-11 12:22 - 2018-05-31 17:28 - 001893568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-07-11 12:22 - 2018-05-31 17:28 - 000377024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2018-07-11 12:22 - 2018-05-31 17:28 - 000287936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2018-07-11 12:22 - 2018-05-02 16:32 - 000344064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2018-07-11 12:22 - 2018-05-02 16:32 - 000325632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2018-07-11 12:22 - 2018-05-02 16:32 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2018-07-11 12:22 - 2018-05-02 16:32 - 000056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2018-07-11 12:22 - 2018-05-02 16:32 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2018-07-11 12:22 - 2018-05-02 16:32 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2018-07-11 12:22 - 2018-05-02 16:32 - 000007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2018-07-11 12:22 - 2018-04-26 14:05 - 000998912 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-07-11 12:22 - 2018-04-26 14:05 - 000918296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2018-07-11 12:22 - 2018-04-26 14:05 - 000065880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2018-07-11 12:22 - 2018-04-26 14:05 - 000063832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2018-07-11 12:22 - 2018-04-26 14:05 - 000021848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2018-07-11 12:22 - 2018-04-26 14:05 - 000020824 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2018-07-11 12:22 - 2018-04-26 14:05 - 000019288 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-07-11 12:22 - 2018-04-26 14:05 - 000018776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2018-07-11 12:22 - 2018-04-26 14:05 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2018-07-11 12:22 - 2018-04-26 14:05 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-07-11 12:22 - 2018-04-26 14:05 - 000017240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2018-07-11 12:22 - 2018-04-26 14:05 - 000017240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2018-07-11 12:22 - 2018-04-26 14:05 - 000016216 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-07-11 12:22 - 2018-04-26 14:05 - 000015704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2018-07-11 12:22 - 2018-04-26 14:05 - 000015704 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-07-11 12:22 - 2018-04-26 14:05 - 000015192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2018-07-11 12:22 - 2018-04-26 14:05 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2018-07-11 12:22 - 2018-04-26 14:05 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2018-07-11 12:22 - 2018-04-26 14:05 - 000013656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2018-07-11 12:22 - 2018-04-26 14:05 - 000013656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2018-07-11 12:22 - 2018-04-26 14:05 - 000013656 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-07-11 12:22 - 2018-04-26 14:05 - 000013152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2018-07-11 12:22 - 2018-04-26 14:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-07-11 12:22 - 2018-04-26 14:05 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2018-07-11 12:22 - 2018-04-26 14:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2018-07-11 12:22 - 2018-04-26 14:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2018-07-11 12:22 - 2018-04-26 14:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-07-11 12:22 - 2018-04-26 14:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-07-11 12:22 - 2018-04-26 14:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-07-11 12:22 - 2018-04-26 14:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-07-11 12:22 - 2018-04-26 14:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2018-07-11 12:22 - 2018-04-26 14:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2018-07-11 12:22 - 2018-04-26 14:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2018-07-11 12:22 - 2018-04-26 14:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2018-07-11 12:22 - 2018-04-26 14:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2018-07-11 12:22 - 2018-04-26 14:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2018-07-11 12:22 - 2018-04-26 14:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2018-07-11 12:22 - 2018-04-26 14:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2018-07-11 12:22 - 2018-04-26 14:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2018-07-11 12:22 - 2018-04-26 14:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2018-07-11 12:22 - 2018-04-26 14:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2018-07-11 12:22 - 2018-04-26 14:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2018-07-11 12:22 - 2018-04-26 14:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2018-07-11 12:22 - 2018-04-26 14:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2018-07-11 12:22 - 2018-04-26 14:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2018-07-11 12:22 - 2018-04-26 14:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2018-07-11 12:22 - 2018-04-25 17:02 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\wkssvc.dll
2018-07-11 12:22 - 2018-04-25 16:18 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2018-07-11 12:10 - 2018-06-13 17:23 - 000140992 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-07-11 12:10 - 2018-06-13 17:18 - 000680960 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-07-11 12:10 - 2018-06-08 14:05 - 002860032 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-07-11 12:10 - 2018-06-08 14:05 - 001602048 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-07-11 12:10 - 2018-06-08 14:05 - 000783872 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-07-11 12:10 - 2018-06-08 14:05 - 000612352 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-07-11 12:10 - 2018-06-08 14:05 - 000470016 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-07-11 12:10 - 2018-06-08 14:05 - 000443392 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-07-11 12:10 - 2018-06-08 14:05 - 000301056 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-07-11 12:10 - 2018-06-08 14:05 - 000246272 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-07-10 14:37 - 2018-07-10 14:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jBridge
2018-07-10 14:37 - 2018-07-10 14:37 - 000000000 ____D C:\Program Files\JBridge
2018-07-10 14:36 - 2018-07-10 14:36 - 022113322 _____ C:\Users\User\Downloads\Mini_ErHu.zip
2018-07-10 14:34 - 2018-07-10 14:35 - 011243131 _____ C:\Users\User\Downloads\DSK_Asian_DreamZ.zip
2018-07-09 20:03 - 2018-07-09 20:03 - 000326733 _____ C:\Users\User\Downloads\unhelpfulthinking (1).pdf
2018-07-07 13:20 - 2018-07-07 13:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waves
2018-07-07 13:20 - 2007-11-21 04:34 - 000007744 _____ (Altiris) C:\Windows\SysWOW64\HookDll.dll
2018-07-07 13:20 - 2006-11-06 12:22 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2018-07-07 13:20 - 2006-11-06 12:22 - 000348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2018-07-07 13:20 - 2005-12-15 20:30 - 001060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC71.dll
2018-07-07 12:59 - 2011-07-01 11:31 - 002181120 _____ (Propellerhead Software AB) C:\Windows\system32\ReWire.dll
2018-07-07 12:59 - 2011-07-01 11:30 - 001431552 _____ (Propellerhead Software AB) C:\Windows\SysWOW64\ReWire.dll
2018-07-07 12:31 - 2018-07-10 14:40 - 000000000 ____D C:\Program Files\VSTPlugins
2018-07-06 15:19 - 2018-07-06 15:19 - 000346750 _____ C:\Users\User\Downloads\mkw_mk2_female.zip
2018-07-06 15:19 - 2018-07-06 15:19 - 000000000 ____D C:\Users\User\Downloads\mkw_mk2_female
2018-07-06 14:44 - 2018-07-23 01:26 - 000000000 ____D C:\Users\User\Desktop\Desktop 2
2018-07-05 22:01 - 2018-07-05 22:01 - 000000000 ____D C:\Users\User\Downloads\mkw_umk3_female
2018-07-05 22:00 - 2018-07-05 22:00 - 000583379 _____ C:\Users\User\Downloads\mkw_umk3_female.zip
2018-07-02 21:32 - 2018-07-26 21:45 - 000016976 _____ C:\Users\User\Desktop\model2worrydiaryworrytime.odt
2018-07-02 21:29 - 2018-07-02 21:29 - 000326733 _____ C:\Users\User\Downloads\unhelpfulthinking.pdf
2018-07-02 19:55 - 2018-07-02 19:59 - 000000000 ____D C:\Users\User\Downloads\hearts_ii_178310
2018-07-02 19:55 - 2018-07-02 19:55 - 003832286 _____ C:\Users\User\Downloads\hearts_ii_178310.zip
2018-07-01 12:37 - 2018-07-01 12:38 - 000000000 ____D C:\Users\User\Downloads\SFTM_Ryu_Beta_12914
2018-07-01 12:37 - 2018-07-01 12:37 - 000808160 _____ C:\Users\User\Downloads\SFTM_Ryu_Beta_12914.rar
2018-07-01 12:32 - 2018-07-01 12:34 - 510394158 _____ C:\Users\User\Downloads\MKPseason2.9patched-20112k17.rar

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-07-30 11:35 - 2017-03-10 17:06 - 000000000 ____D C:\ProgramData\BullGuard
2018-07-30 11:32 - 2017-01-31 19:28 - 000000000 ____D C:\FRST
2018-07-30 11:06 - 2009-07-14 05:45 - 000021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-07-30 11:06 - 2009-07-14 05:45 - 000021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-07-30 10:50 - 2017-03-09 12:39 - 000003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{35FB64CC-450A-4920-B6BA-C4B5F1E0ABD5}
2018-07-30 10:43 - 2017-03-09 12:57 - 000000000 ____D C:\ProgramData\NVIDIA
2018-07-30 10:34 - 2017-03-10 18:54 - 000000000 ____D C:\Program Files (x86)\Steam
2018-07-30 10:31 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-07-27 08:11 - 2009-07-14 06:13 - 000782010 _____ C:\Windows\system32\PerfStringBackup.INI
2018-07-27 08:11 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-07-26 21:41 - 2017-03-11 00:16 - 000000000 ____D C:\Users\User\AppData\Local\CrashDumps
2018-07-24 23:59 - 2017-03-09 15:16 - 000765876 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-07-23 15:55 - 2017-06-28 13:56 - 000000000 ____D C:\Users\User\AppData\Local\gtk-2.0
2018-07-23 15:55 - 2015-02-13 08:52 - 000000000 ____D C:\Users\User\.gimp-2.8
2018-07-22 11:27 - 2014-11-30 19:08 - 000000000 ____D C:\Users\User\Documents\Amnesia
2018-07-21 20:31 - 2017-03-14 01:21 - 000000000 ____D C:\Program Files (x86)\VSTPlugIns
2018-07-21 20:28 - 2018-04-16 17:41 - 000000000 ____D C:\Program Files\Common Files\VST2
2018-07-20 15:30 - 2015-11-12 23:26 - 000000000 ____D C:\Users\User\AvidLogFiles
2018-07-19 14:07 - 2017-04-09 18:14 - 000000000 ____D C:\Users\User\AppData\Roaming\audacity
2018-07-18 23:30 - 2017-03-14 01:27 - 000000000 ____D C:\Users\User\AppData\Roaming\Waves Audio
2018-07-18 14:33 - 2018-04-16 17:39 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2018-07-18 14:33 - 2018-04-16 17:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
2018-07-18 14:20 - 2018-04-16 17:33 - 000000000 ____D C:\Program Files (x86)\Image-Line
2018-07-17 13:21 - 2018-05-10 13:14 - 000000000 ___RD C:\Users\User\Desktop\GF's GF Project
2018-07-16 23:02 - 2010-11-21 04:27 - 000563832 _____ (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2018-07-12 19:06 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\rescache
2018-07-12 11:11 - 2017-06-17 18:01 - 000000000 ____D C:\Program Files (x86)\GOG Galaxy
2018-07-12 11:05 - 2009-07-14 05:45 - 000308768 _____ C:\Windows\system32\FNTCACHE.DAT
2018-07-12 11:02 - 2017-03-15 13:11 - 000000000 ____D C:\Windows\system32\appraiser
2018-07-12 01:23 - 2017-03-09 16:11 - 000000000 ____D C:\Windows\system32\MRT
2018-07-12 01:20 - 2017-03-09 16:11 - 134675576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-07-11 00:59 - 2018-05-26 12:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2018-07-10 21:02 - 2017-03-09 16:07 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-07-10 21:01 - 2017-03-09 13:26 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-07-10 20:15 - 2018-02-12 01:08 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-07-10 20:15 - 2018-02-12 01:08 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-07-10 20:15 - 2018-02-12 01:08 - 000004470 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-07-10 20:15 - 2018-02-12 01:08 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-07-10 20:15 - 2018-02-12 01:08 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-07-10 20:15 - 2018-02-12 01:08 - 000000000 ____D C:\Windows\system32\Macromed
2018-07-07 13:30 - 2017-03-14 01:21 - 000000000 ____D C:\Program Files (x86)\Waves
2018-07-07 13:20 - 2017-03-14 01:21 - 000000000 ____D C:\Program Files\Common Files\VST3
2018-07-02 19:59 - 2017-06-28 13:50 - 000000000 ____D C:\Program Files\GIMP 2

==================== Files in the root of some directories =======

2014-01-08 16:00 - 2014-01-08 16:00 - 001732608 _____ (Waves Audio Ltd.) C:\Program Files (x86)\WaveShell-VST 9.2.dll
2018-04-20 17:51 - 2018-04-20 17:51 - 000171438 _____ () C:\Users\User\AppData\Roaming\VideoPad.dmp
2018-07-23 15:55 - 2018-07-23 15:55 - 000009711 _____ () C:\Users\User\AppData\Local\recently-used.xbel

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-07-17 15:35

==================== End of FRST.txt ============================

The Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21.07.2018
Ran by User (30-07-2018 11:40:56)
Running from C:\Users\User\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2017-03-08 16:58:46)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

3AACC6B7BD424F058228 (S-1-5-21-4088020178-4125591875-2159771896-1003 - Limited - Enabled)
Administrator (S-1-5-21-4088020178-4125591875-2159771896-500 - Administrator - Disabled)
Guest (S-1-5-21-4088020178-4125591875-2159771896-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4088020178-4125591875-2159771896-1002 - Limited - Enabled)
User (S-1-5-21-4088020178-4125591875-2159771896-1000 - Administrator - Enabled) => C:\Users\User

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: BullGuard Antivirus (Enabled - Up to date) {13E9CAA5-762A-794E-2DA9-245D5622A105}
AS: BullGuard Antispyware (Enabled - Up to date) {A8882B41-5010-76C0-1719-1F2F2DA5EBB8}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: BullGuard Firewall (Disabled) {2BD24B80-3C45-7816-06F6-8D68A8F1E67E}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3D Pinball (HKLM-x32\...\{C342E30B-52F9-4657-96B6-32E399B9DEB2}) (Version: 5.1.2600.5512 - Microsoft Coprporation)
Ableton Live 9 Suite (HKLM\...\{A7C273D4-3F82-4A08-94DC-7492FC151F15}) (Version: 9.0.0.0 - Ableton)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20055 - Adobe Systems Incorporated)
Adobe Flash Player 30 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
AGEIA PhysX v7.09.13 (HKLM-x32\...\{45235788-142C-44BE-8A4D-DDE9A84492E5}) (Version: 7.09.13 - AGEIA Technologies, Inc.)
ARIA Engine v1.9.1.6 (HKLM\...\ARIA Engine_is1) (Version: v1.9.1.6 - Plogue Art et Technologie, Inc)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
Audient USB Audio Driver v3.2.0 (HKLM-x32\...\Software_Audient_audientusbaudio_Setup) (Version: 3.2.0 - Audient)
Avid Effects (HKLM-x32\...\{A86F1158-A7F7-4E8C-98E3-88F4996E85EB}) (Version: 10.3.2 - Avid Technology, Inc.)
Avid HD Driver (x64) (HKLM\...\{658E112A-8776-4430-A275-D9248732DFB9}) (Version: 10.3.2 - Avid Technology, Inc.)
Avid Pro Tools (HKLM-x32\...\{8E60BB71-7EF3-42ED-9F10-AA041F25841A}) (Version: 10.3.2 - Avid Technology, Inc.)
BullGuard Internet Security (HKLM\...\BullGuard) (Version: 18.1 - BullGuard Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 4.04 - NCH Software)
Defcon (HKLM-x32\...\1207659075_is1) (Version: 2.1.0.9 - GOG.com)
E-License Manager (HKLM\...\{6C169D27-4A5B-41AB-815B-3B5CADD10D6F}) (Version: 1.4.0.0 - Magix) Hidden
E-License Manager (HKLM-x32\...\E-License Manager) (Version: 1.4.0.0 - Best Service)
Engine 2 (HKLM\...\{A8094CE2-D2C8-456D-84B0-47A878D44FE0}) (Version: 2.5.0.100 - Best Service) Hidden
Engine 2 (HKLM-x32\...\Engine 2) (Version: 2.5.0.100 - Best Service)
Express Burn Disc Burning Software (HKLM-x32\...\ExpressBurn) (Version: 6.09 - NCH Software)
FL Studio 20 (HKLM-x32\...\FL Studio 20) (Version: - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line)
GIMP 2.8.18 (HKLM\...\GIMP-2_is1) (Version: 2.8.18 - The GIMP Team)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3540 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.16 - Intel Corporation)
JBridge (HKLM-x32\...\JBridge) (Version: - JBridge)
License Support (HKLM\...\{3165EA9B-36CC-499B-96FF-36FC30E10EF4}) (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.) Hidden
License Support (HKLM-x32\...\InstallShield_{3165EA9B-36CC-499B-96FF-36FC30E10EF4}) (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
MixPad Multitrack Recording Software (HKLM-x32\...\MixPad) (Version: 4.36 - NCH Software)
Movavi Video Converter 17 (HKLM-x32\...\Movavi Video Converter 17) (Version: 17.3.0 - Movavi)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MusicLab RealEight (32-bit) (HKLM-x32\...\{3042FDC5-4F33-4FB6-9031-562EDB952972}) (Version: 1.0.0.7183 - MusicLab, Inc.) Hidden
MusicLab RealEight (64-bit) (HKLM\...\{4B9D32BC-76E6-4E27-8E7F-1EC5510E4A7C}) (Version: 1.0.0.7183 - MusicLab, Inc.) Hidden
MusicLab RealEight (HKLM-x32\...\{550309f3-2bc9-43a7-8091-faaf92edb69f}) (Version: 1.0.0.7183 - MusicLab, Inc.)
MusicLab RealEight Sound Bank (HKLM-x32\...\{ECE7A222-3A89-48A7-818D-20127025D4BE}) (Version: 1.0.0.7183 - MusicLab, Inc.) Hidden
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: - Native Instruments)
Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version: - Native Instruments)
Native Instruments Guitar Rig Mobile I/O (HKLM-x32\...\Native Instruments Guitar Rig Mobile I/O) (Version: - Native Instruments)
Native Instruments Guitar Rig Session I/O (HKLM-x32\...\Native Instruments Guitar Rig Session I/O) (Version: - Native Instruments)
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.6.8.25 - Native Instruments)
Native Instruments Kontakt Factory Selection (HKLM-x32\...\Native Instruments Kontakt Factory Selection) (Version: 1.4.0.4 - Native Instruments)
Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version: - Native Instruments)
Native Instruments Native Access (HKLM-x32\...\Native Instruments Native Access) (Version: 1.1.3.50 - Native Instruments)
Native Instruments Rig Kontrol 3 (HKLM-x32\...\Native Instruments Rig Kontrol 3) (Version: - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: - Native Instruments)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.14 - Black Tree Gaming)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.13 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.10.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.10.0.95 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.13 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
OpenOffice 4.1.3 (HKLM-x32\...\{747C5547-7483-4605-8B2F-A9696610A7FA}) (Version: 4.13.9783 - Apache Software Foundation)
Patch Avid Pro Tools 10.3.4 To Audioz (HKLM-x32\...\Patch Avid Pro Tools 10.3.4 To Audioz) (Version: - )
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.9 - Power Software Ltd)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.82.317.2014 - Realtek)
Revo Uninstaller Pro 3.2.1 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.2.1 - VS Revo Group, Ltd.)
Skype version 8.25 (HKLM-x32\...\Skype_is1) (Version: 8.25 - Skype Technologies S.A.)
Snap (remove only) (HKLM-x32\...\Snap) (Version: - )
Spotify (HKU\S-1-5-21-4088020178-4125591875-2159771896-1000\...\Spotify) (Version: 1.0.80.474.gef6b503e - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TP-LINK Archer T2U_T2UH Driver (HKLM-x32\...\{F2496892-5295-4208-AB93-21F1AFD07C97}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 5.03 - NCH Software)
Visual C++ 64-bit Redistributables (HKLM-x32\...\InstallShield_{FB03650C-B373-4B20-ACA5-B7BA1A8EEE33}) (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.)
Visual C++ Redistributables (HKLM-x32\...\InstallShield_{F03117FA-9270-46B0-9666-0B4BC2CDEBF5}) (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Waves Complete V9r15 (HKLM-x32\...\{91000001-C561-4E32-99EB-3C5AD3683A70}) (Version: 9.1.15 - Waves)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
WinX HD Video Converter Deluxe 5.12.1 (HKLM-x32\...\WinX HD Video Converter Deluxe_is1) (Version: - Digiarty Software, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKU\S-1-5-21-4088020178-4125591875-2159771896-1000\...\ChromeHTML: -> <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-4088020178-4125591875-2159771896-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-4088020178-4125591875-2159771896-1000_Classes\CLSID\{D82589D2-1B7D-7FF1-A355-87431E72C0B9}\InprocServer32 -> no filepath
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [BackupOverlayErr] -> {8749448C-D907-45BF-A842-4D3898894AC8} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2018-07-17] (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [BackupOverlayInProgress] -> {3FFBF330-7839-476B-BE14-2C8597CE11B6} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2018-07-17] (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [BackupOverlaySynced] -> {C62CF4DB-48CB-4B03-BFD0-30A29125FA49} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2018-07-17] (BullGuard Ltd.)
ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-23] (MagicISO, Inc.)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-06-07] (Power Software Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-23] (MagicISO, Inc.)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-06-07] (Power Software Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2014-03-31] (Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\Windows\system32\igfxOSP.dll [2014-03-31] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation)
ContextMenuHandlers6: [bgshellext] -> {F4BF1657-195F-4A0F-ACA2-9AE99D65BC0E} => C:\Program Files\BullGuard Ltd\BullGuard\BgShellExt.dll [2018-07-17] (BullGuard Ltd.)
ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-23] (MagicISO, Inc.)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-06-07] (Power Software Ltd)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2016-12-15] (VS Revo Group)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03B4FDCA-15B8-4FDF-A1A8-0A515B98CC12} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_pepper.exe [2018-07-10] (Adobe Systems Incorporated)
Task: {1EBC8E60-EF08-442F-A9EE-946194CD1CEE} - System32\Tasks\NCH Software\DebutDowngrade => C:\Program Files (x86)\NCH Software\Debut\Debut.exe [2017-06-28] (NCH Software)
Task: {48AF3A79-AE04-4A6A-921D-A3D26121AEF6} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-10-11] (NVIDIA Corporation)
Task: {5D58BB54-EA8C-4027-B9CC-B378B6607B0D} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-10-11] (NVIDIA Corporation)
Task: {60ADE184-1466-45CE-A908-17100E28DA51} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-10-11] (NVIDIA Corporation)
Task: {60C5D520-BE95-44EA-BD65-5D60790E751F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-07-10] (Adobe Systems Incorporated)
Task: {6CADB191-B175-4F8B-A736-7B219A95AC9F} - System32\Tasks\BullGuard\BullGuardUpdate2 => C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate2.exe [2018-07-17] (BullGuard Ltd.)
Task: {7E1BDD1C-0DFC-46B0-B2F3-95ADAF13C221} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
Task: {850711E3-8191-492B-B490-C9B3C7ABFE59} - System32\Tasks\Games\UpdateCheck_S-1-5-21-4088020178-4125591875-2159771896-1000
Task: {8933D887-CB08-446C-95C5-39259BAEBE19} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-09] (Google Inc.)
Task: {89A55B17-921A-499D-B3FF-2814E8575EA4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-09] (Google Inc.)
Task: {AD45EEDA-2E38-4943-B1DD-9D03A9604DC5} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-11] (NVIDIA Corporation)
Task: {AFBA2BC8-BA02-4275-AA3D-E9E8CD7305FC} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-10-11] (NVIDIA Corporation)
Task: {B61E8028-9213-4E80-B955-6069D304ABBB} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-11] (NVIDIA Corporation)
Task: {DC015ACC-4537-4CB7-8977-FFAB9262BEEC} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-11] (NVIDIA Corporation)
Task: {E2AF8967-797A-4775-8705-303DDFAD2165} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-11] (NVIDIA Corporation)
Task: {FC1F96F2-20AF-4EB1-9DB8-D8E13BBC7982} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-03] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\User\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm

==================== Loaded Modules (Whitelisted) ==============

2018-07-17 13:04 - 2018-07-17 13:04 - 000744296 _____ () C:\Program Files\BullGuard Ltd\BullGuard\SQLite.dll
2018-07-17 13:04 - 2018-07-17 13:04 - 000088936 _____ () C:\Program Files\BullGuard Ltd\BullGuard\zlib1.dll
2018-07-17 13:04 - 2018-07-17 13:04 - 000528744 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LibXml2.dll
2018-07-17 13:04 - 2018-07-17 13:04 - 000072552 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LIBBZ2.dll
2017-03-09 13:00 - 2017-10-11 02:05 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-03-14 00:55 - 2016-07-08 12:04 - 006779392 _____ () C:\Program Files\Audient\USBAudioDriver\iD.exe
2017-03-10 16:47 - 2014-08-08 16:00 - 000844800 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
2018-06-25 19:45 - 2018-06-22 20:15 - 004608856 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libglesv2.dll
2018-06-25 19:45 - 2018-06-22 20:15 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libegl.dll
2017-03-10 18:57 - 2018-07-21 22:07 - 000854304 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2017-03-10 18:57 - 2016-09-01 02:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2017-03-10 18:56 - 2016-09-01 02:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2017-03-10 18:56 - 2016-09-01 02:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2017-03-10 18:57 - 2018-07-24 20:37 - 002644256 _____ () C:\Program Files (x86)\Steam\video.dll
2017-12-15 13:59 - 2017-12-20 02:43 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll
2017-12-15 13:59 - 2017-12-20 02:43 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll
2017-12-15 13:59 - 2017-12-20 02:43 - 000695584 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll
2017-12-15 13:59 - 2017-12-20 02:43 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll
2017-12-15 13:59 - 2017-12-20 02:43 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll
2017-03-10 18:57 - 2018-07-24 20:37 - 001015072 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2017-03-10 18:56 - 2016-07-04 23:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2018-05-26 12:27 - 2018-06-26 20:39 - 001790592 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll
2018-07-11 00:59 - 2018-06-26 20:39 - 000097224 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keytar\build\Release\keytar.node
2018-07-11 00:59 - 2018-06-26 20:39 - 000219080 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\electron-ssid\build\Release\electron-ssid.node
2017-03-14 00:55 - 2015-12-08 16:20 - 000228352 _____ () C:\Program Files\Audient\USBAudioDriver\audientusbaudioapi.dll
2017-03-10 16:47 - 2014-08-08 16:02 - 001411072 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll
2017-03-10 16:47 - 2014-05-13 18:59 - 000195072 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll
2017-06-11 11:12 - 2018-07-21 22:07 - 000854304 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2017-03-10 18:59 - 2018-07-20 23:24 - 083524896 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-03-10 18:59 - 2018-07-20 23:24 - 003732256 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libglesv2.dll
2017-03-10 18:59 - 2018-07-20 23:24 - 000086304 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libegl.dll
2017-03-09 13:00 - 2017-10-11 02:05 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-05-26 12:27 - 2018-06-26 20:39 - 002723968 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libglesv2.dll
2018-05-26 12:27 - 2018-06-26 20:39 - 000031872 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libegl.dll
2018-07-11 00:59 - 2018-06-26 20:39 - 000409544 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\@paulcbetts\spellchecker\build\Release\spellchecker.node
2018-07-11 00:59 - 2018-06-26 20:39 - 000138696 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node
2018-07-11 00:59 - 2018-06-26 20:39 - 002295752 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\slimcore\bin\skypert.dll
2017-03-10 18:56 - 2018-07-03 22:58 - 000137504 _____ () C:\Program Files (x86)\Steam\winh264.dll
2017-06-17 18:01 - 2018-07-11 17:44 - 067919944 _____ () C:\Program Files (x86)\GOG Galaxy\libcef.dll
2017-06-17 18:01 - 2018-07-11 17:44 - 000503368 _____ () C:\Program Files (x86)\GOG Galaxy\PocoUtil.dll
2017-06-17 18:01 - 2018-07-11 17:44 - 000513608 _____ () C:\Program Files (x86)\GOG Galaxy\PocoXML.dll
2017-06-17 18:01 - 2018-07-11 17:43 - 000152648 _____ () C:\Program Files (x86)\GOG Galaxy\expat.dll
2017-06-17 18:01 - 2018-07-11 17:44 - 001656392 _____ () C:\Program Files (x86)\GOG Galaxy\PocoFoundation.dll
2017-06-17 18:01 - 2018-07-11 17:44 - 000426568 _____ () C:\Program Files (x86)\GOG Galaxy\pcre.dll
2017-06-17 18:01 - 2018-07-11 17:44 - 000104008 _____ () C:\Program Files (x86)\GOG Galaxy\zlib.dll
2017-06-17 18:01 - 2018-07-11 17:44 - 000327752 _____ () C:\Program Files (x86)\GOG Galaxy\PocoJSON.dll
2017-06-17 18:01 - 2018-07-11 17:44 - 001071176 _____ () C:\Program Files (x86)\GOG Galaxy\PocoNet.dll
2017-06-17 18:01 - 2018-07-11 17:44 - 001856072 _____ () C:\Program Files (x86)\GOG Galaxy\PocoData.dll
2017-06-17 18:01 - 2018-07-11 17:44 - 000387656 _____ () C:\Program Files (x86)\GOG Galaxy\PocoDataSQLite.dll
2017-06-17 18:01 - 2018-07-11 17:44 - 000681032 _____ () C:\Program Files (x86)\GOG Galaxy\sqlite.dll
2017-06-17 18:01 - 2018-07-11 17:44 - 000306248 _____ () C:\Program Files (x86)\GOG Galaxy\PocoNetSSL.dll
2017-06-17 18:01 - 2018-07-11 17:44 - 000157256 _____ () C:\Program Files (x86)\GOG Galaxy\PocoCrypto.dll
2017-06-21 22:10 - 2018-07-11 17:44 - 000130120 _____ () C:\Program Files (x86)\GOG Galaxy\xdelta3.dll
2017-06-17 18:01 - 2018-07-11 17:44 - 000270920 _____ () C:\Program Files (x86)\GOG Galaxy\PocoZip.dll
2017-06-17 18:01 - 2018-03-13 19:25 - 003176448 _____ () C:\Program Files (x86)\GOG Galaxy\libglesv2.dll
2017-06-17 18:01 - 2018-03-13 19:25 - 000079872 _____ () C:\Program Files (x86)\GOG Galaxy\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\User\AppData\Local\iBWHlJX8:hGJpPNmbjjWHPuDd38U [2474]
AlternateDataStreams: C:\Users\User\AppData\Local\JfzJRGueM46qZ:8TXUjmBilZyPptLEC [2190]
AlternateDataStreams: C:\Users\User\AppData\Local\Temp:b7qXxbqTbYWneAuCuejvU [2210]
AlternateDataStreams: C:\Users\User\AppData\Local\Temp:EyajXVarKQMW3gvXYTKRojrWv [2066]
AlternateDataStreams: C:\Users\User\AppData\Local\Temp:XxRF4J8zmz2AxOZoq6TYF [2442]
AlternateDataStreams: C:\Users\User\AppData\Local\Temporary Internet Files:9LnhNkWZ3aNuA1WxSVvJWgC [2404]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsUpdate => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2018-02-12 02:18 - 000000037 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4088020178-4125591875-2159771896-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Spotify => C:\Users\User\AppData\Roaming\Spotify\Spotify.exe --autostart
MSCONFIG\startupreg: Spotify Web Helper => C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{19AB83BE-F3EB-4F9A-8040-73646C8806C8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{743D9F54-7C0C-46E7-A0F6-66684B8FF253}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{9E4A24C8-8418-4D9C-B21E-97EAFFCA310E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{95CFD7A2-9884-4A55-94ED-C821E06063A6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D765943C-4AA3-4563-B63E-6F03DE792CC6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{317D88C5-5817-40BB-9A26-76E6BB82DD41}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C9137725-F1FA-4FF9-B8C6-CC4A6F496F2B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3DF6E425-E5DE-41F9-BF79-F4E9B29AFFB8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{6036C7FD-8B5A-427C-9520-30AB79A2BF6E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{699C5D0F-85FA-46C6-A53C-EFB26EB54CBC}C:\program files (x86)\steam\steamapps\common\doom\doomx64vk.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\doom\doomx64vk.exe
FirewallRules: [UDP Query User{56215C67-6208-407C-85C8-3956813951B0}C:\program files (x86)\steam\steamapps\common\doom\doomx64vk.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\doom\doomx64vk.exe
FirewallRules: [{94A8A751-4610-4F10-9E49-A636680C3BF9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{71B2C506-56A8-46A3-AF42-C701469CA0AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{7C8A074A-FC11-4FD2-87FB-9FB3040712B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{C16109FC-8080-4A3A-A291-EA156FDCE95A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [TCP Query User{A4327B94-761E-412B-8329-EBF16F8C7278}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{7EAD699E-AD7F-4F08-B126-90576DF92CA4}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{C27CE04B-1C5D-4A45-BB84-9F51ACB2B6A0}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{20A66BE6-6015-49F2-B062-DEFCBDA98161}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [{6F1FB56D-AC48-4399-8DB8-7B7767E727FC}] => (Allow) C:\Users\User\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [TCP Query User{17E6AA36-FD7E-40F2-A310-7D31E4615C3C}C:\gog games\defcon\defcon.exe] => (Allow) C:\gog games\defcon\defcon.exe
FirewallRules: [UDP Query User{D38DE8AF-F48C-486D-8FD0-F2F0BC82624F}C:\gog games\defcon\defcon.exe] => (Allow) C:\gog games\defcon\defcon.exe
FirewallRules: [TCP Query User{8DA1867B-090E-409F-AB72-D8E6C9A15B70}C:\gog games\defcon\defcon_offline.exe] => (Allow) C:\gog games\defcon\defcon_offline.exe
FirewallRules: [UDP Query User{49374042-B338-4733-B406-7E755BDCBAAE}C:\gog games\defcon\defcon_offline.exe] => (Allow) C:\gog games\defcon\defcon_offline.exe
FirewallRules: [TCP Query User{89D77982-E3DD-4CED-B819-DB3EFB9FF9BF}C:\program files (x86)\gog galaxy\games\defcon\defcon_offline.exe] => (Block) C:\program files (x86)\gog galaxy\games\defcon\defcon_offline.exe
FirewallRules: [UDP Query User{109CF4C3-2850-4BD2-B151-2DCACFFCA8E8}C:\program files (x86)\gog galaxy\games\defcon\defcon_offline.exe] => (Block) C:\program files (x86)\gog galaxy\games\defcon\defcon_offline.exe
FirewallRules: [TCP Query User{B53A4940-8C5D-4208-BEB5-DD197AC8430E}C:\program files (x86)\gog galaxy\games\defcon\defcon.exe] => (Block) C:\program files (x86)\gog galaxy\games\defcon\defcon.exe
FirewallRules: [UDP Query User{EDAAA467-3019-462E-B99F-CE0A3053FF26}C:\program files (x86)\gog galaxy\games\defcon\defcon.exe] => (Block) C:\program files (x86)\gog galaxy\games\defcon\defcon.exe
FirewallRules: [{5B45BDDE-89C5-4018-94BF-F2499F2A02A8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{6397D4AF-6C33-47D1-9F46-AD5BC1AA9CE3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{E8E631FE-C243-4021-81FB-259752C843F5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8DBCFB39-D6F7-48A3-BB74-DDAB76F90E8F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E3097B98-DD0D-4F2C-A390-0A6F14965F73}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{5545004D-E564-4F1A-A518-0904AEF5FBC2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{07DDF628-E8B6-48FA-B759-7650DEB2FB2A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird.exe
FirewallRules: [{27422CE4-153D-4D47-803E-9CA12F6BC676}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird.exe
FirewallRules: [{094C5F5D-8843-4EC8-9695-F43B22904437}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird_DX11.exe
FirewallRules: [{32BC00B0-026B-4A21-BD07-280B60964CFB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird_DX11.exe
FirewallRules: [{3CE70EC5-C0B8-48B9-A6CA-9BE6A767F677}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{D021CD1A-71B6-45D4-A0DF-2E5875AC8009}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{E6CA2539-3E5E-4163-A089-04CFFDFFC5AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{F1330134-C7EE-4BA9-9287-77E6F6CEB12D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{C22CFC46-2B40-41BF-8F8A-1088A4A0386D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\skse_steam_boot.exe
FirewallRules: [{0807577A-F0B2-4CE7-9EB4-F24AD55C2CAB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\skse_steam_boot.exe
FirewallRules: [{9BD37A81-2089-4BDD-A520-3EE4C3E3A000}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{473E1478-F0F5-45AC-B178-C31D71D46F7D}] => (Allow) C:\Program Files\Cold Turkey\Cold Turkey Blocker.exe
FirewallRules: [{89359E7C-1B9B-41BF-907B-B9CCC7DAC197}] => (Allow) C:\Program Files\Cold Turkey\ServiceHub.Power.exe
FirewallRules: [{B7117819-B2A3-46BB-AD4F-A1B78C03C8D7}] => (Allow) C:\Program Files\Cold Turkey\Cold Turkey Blocker.exe
FirewallRules: [{A1FFB65B-3942-4CD5-BA1D-83D3494AE20E}] => (Allow) C:\Program Files\Cold Turkey\ServiceHub.Power.exe
FirewallRules: [{330362B3-9C4C-4D3E-9E1B-65887B535B0A}] => (Allow) C:\Program Files\Cold Turkey\Cold Turkey Blocker.exe
FirewallRules: [{3E5DC512-8559-41AA-87F6-C181EBF35AFC}] => (Allow) C:\Program Files\Cold Turkey\ServiceHub.Power.exe
FirewallRules: [{919E1A10-99B7-4F8B-ADAA-9B15006C9354}] => (Allow) C:\Program Files\Cold Turkey\Cold Turkey Blocker.exe
FirewallRules: [{18DDA1CC-03AC-4C01-9744-E028DAD94D7A}] => (Allow) C:\Program Files\Cold Turkey\ServiceHub.Power.exe
FirewallRules: [{F12CF32E-9CBD-48B2-9E3D-70716698718C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{673B86C8-CBFE-41F9-8DA9-6DBDB7723568}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{3E4CD73A-9197-4D59-A12A-0D4CB8AA8BB7}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{495E097C-63BF-4E7F-BAE1-5649088933A7}] => (Allow) H:\SteamLibrary\steamapps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{E4EC9805-596C-41DB-B6A5-4821EBFFFA27}] => (Allow) H:\SteamLibrary\steamapps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{CA9EFFEB-CA78-4F4F-B941-4E7FDADB43D1}] => (Allow) H:\SteamLibrary\steamapps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{704BF23C-5051-40AB-A664-BC9AF6BE5048}] => (Allow) H:\SteamLibrary\steamapps\common\Amnesia The Dark Descent\Launcher.exe

==================== Restore Points =========================

07-07-2018 12:06:17 Configured Waves Complete V9r15
07-07-2018 12:09:48 Removed Waves Complete V9r15
07-07-2018 13:12:17 Removed Waves Complete V9r15
07-07-2018 13:20:20 Installed Waves Complete V9r15
10-07-2018 14:04:39 Windows Update
12-07-2018 01:19:28 Windows Update
17-07-2018 12:53:24 Windows Update
20-07-2018 14:16:00 Installed Superior Drummer 64-bit.
20-07-2018 14:40:19 Installed Superior Drummer 32-bit.
21-07-2018 20:23:34 Removed Superior Drummer 64-bit.
21-07-2018 20:28:53 Removed Superior Drummer 32-bit.
22-07-2018 16:09:02 Windows Update
24-07-2018 23:55:41 Windows Update
30-07-2018 10:57:52 Windows Update

==================== Faulty Device Manager Devices =============

Name: ZAM Helper Driver
Description: ZAM Helper Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: ZAM Guard Driver
Description: ZAM Guard Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM_Guard
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/30/2018 10:33:15 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/30/2018 10:33:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/27/2018 07:18:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/27/2018 07:18:10 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/26/2018 01:21:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/25/2018 08:29:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: auxhost.exe, version: 0.0.0.0, time stamp: 0x562984ee
Faulting module name: ntdll.dll, version: 6.1.7601.24168, time stamp: 0x5b1aa706
Exception code: 0xc0000005
Fault offset: 0x00037ebd
Faulting process id: 0x2598
Faulting application start time: 0x01d4244db7396a55
Faulting application path: C:\Program Files\JBridge\auxhost.exe
Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report Id: feb04410-9040-11e8-b1b8-74d435d74a2b

Error: (07/25/2018 11:04:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/24/2018 12:28:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (07/30/2018 10:40:38 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (07/30/2018 10:39:47 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (07/30/2018 10:39:17 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (07/27/2018 07:25:04 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (07/27/2018 07:24:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (07/27/2018 07:24:22 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (07/27/2018 07:16:39 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 22:09:22 on ‎26/‎07/‎2018 was unexpected.

Error: (07/26/2018 01:21:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Windows Defender:
===================================
Date: 2018-07-05 12:06:12.094
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:1.271.442.0
Previous Signature Version:1.269.1075.0
Update Source:Signature Update Folder
Signature Type:AntiSpyware
Update Typeelta
Current Engine Version:1.1.15000.2
Previous Engine Version:1.1.14901.4
Error code:0x80070666
Error description:Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

Date: 2018-07-05 12:06:12.093
Description:
Windows Defender has encountered an error trying to update the engine.
New Engine Version:1.1.15000.2
Previous Engine Version:1.1.14901.4
Update Source:Signature Update Folder
Error Code:0x80070666
Error description:Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

Date: 2018-07-05 12:01:04.643
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:1.271.442.0
Previous Signature Version:1.269.1075.0
Update Source:Signature Update Folder
Signature Type:AntiSpyware
Update Typeelta
Current Engine Version:1.1.15000.2
Previous Engine Version:1.1.14901.4
Error code:0x80070666
Error description:Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

Date: 2018-07-05 12:01:04.643
Description:
Windows Defender has encountered an error trying to update the engine.
New Engine Version:1.1.15000.2
Previous Engine Version:1.1.14901.4
Update Source:Signature Update Folder
Error Code:0x80070666
Error description:Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

Date: 2018-07-05 00:26:32.081
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:1.271.442.0
Previous Signature Version:1.269.1075.0
Update Source:Signature Update Folder
Signature Type:AntiSpyware
Update Typeelta
Current Engine Version:1.1.15000.2
Previous Engine Version:1.1.14901.4
Error code:0x80070666
Error description:Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 46%
Total physical RAM: 8053.92 MB
Available physical RAM: 4288.97 MB
Total Virtual: 16106 MB
Available Virtual: 11761.67 MB

==================== Drives ================================

Drive c: (OSDisk) (Fixed) (Total:931.02 GB) (Free:178.95 GB) NTFS
Drive h: (My Passport) (Fixed) (Total:1862.98 GB) (Free:1346.69 GB) NTFS

\\?\Volume{8596c1c3-041a-11e7-a38e-806e6f6e6963}\ (System) (Fixed) (Total:0.49 GB) (Free:0.44 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: BF4817BF)
Partition 1: (Active) - (Size=499 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 09A39BF8)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

And the aswMBR.txt:

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2018-07-30 12:16:04
-----------------------------
12:16:04.522 OS Version: Windows x64 6.1.7601 Service Pack 1
12:16:04.528 Number of processors: 4 586 0x3C03
12:16:04.542 ComputerName: USER-PC UserName: User
12:16:14.545 Initialize success
12:16:14.684 VM: initialized successfully
12:16:14.697 VM: Intel CPU supported
12:16:19.103 VM: disk I/O atapi.sys
12:34:59.513 AVAST engine defs: 17030301
12:35:04.658 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:35:04.696 Disk 0 Vendor: TOSHIBA_DT01ACA100 MS2OA750 Size: 953869MB BusType: 11
12:35:04.936 Disk 0 MBR read successfully
12:35:04.991 Disk 0 MBR scan
12:35:06.184 Disk 0 Windows 7 default MBR code
12:35:06.222 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 499 MB offset 2048
12:35:06.295 Disk 0 default boot code
12:35:06.412 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953368 MB offset 1024000
12:35:06.622 Disk 0 scanning C:\Windows\system32\drivers
12:36:23.811 Service scanning
12:39:01.997 Modules scanning
12:39:02.110 Disk 0 trace - called modules:
12:39:02.195 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
12:39:02.258 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007bba060]
12:39:02.319 3 CLASSPNP.SYS[fffff880018d843f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007908060]
12:39:10.651 AVAST engine scan C:\Windows
12:39:39.663 AVAST engine scan C:\Windows\system32
13:15:18.392 AVAST engine scan C:\Windows\system32\drivers
13:19:53.182 AVAST engine scan C:\Users\User
15:58:31.535 File: C:\Users\User\Documents\Sandisk\Not Mark\Downloads\dds.scr **INFECTED** Win32:Malware-gen
16:21:50.846 AVAST engine scan C:\ProgramData
16:58:53.106 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
16:58:54.402 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"

 

[Juliet]

Highlight the entire content of the quote box below and select Copy.

Start::
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-4088020178-4125591875-2159771896-1000\...\ChromeHTML: -> <==== ATTENTION
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
AlternateDataStreams: C:\Users\User\AppData\Local\iBWHlJX8:hGJpPNmbjjWHPuDd38U [2474]
AlternateDataStreams: C:\Users\User\AppData\Local\JfzJRGueM46qZ:8TXUjmBilZyPptLEC [2190]
AlternateDataStreams: C:\Users\User\AppData\Local\Temp:b7qXxbqTbYWneAuCuejvU [2210]
AlternateDataStreams: C:\Users\User\AppData\Local\Temp:EyajXVarKQMW3gvXYTKRojrWv [2066]
AlternateDataStreams: C:\Users\User\AppData\Local\Temp:XxRF4J8zmz2AxOZoq6TYF [2442]
AlternateDataStreams: C:\Users\User\AppData\Local\Temporary Internet Files:9LnhNkWZ3aNuA1WxSVvJWgC [2404]
Emptytemp:
End::

Start FRST (FRST64) with Administrator privileges
Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

AdwCleaner - Fix Mode

• Download AdwCleaner and move it to your Desktop
• Right-click on AdwCleaner.exe and select
  
  Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
• Accept the EULA (I accept), then click on Scan
• Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean & Repair button. This will kill all the active processes
• Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
• After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

RogueKiller

• Download the right version of RogueKiller for your Windows version (32 or 64-bit)
• Once done, move the executable file to your Desktop, right-click on it and select
  
  Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
• Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
• Wait for the scan to complete
• On completion, the results will be displayed
• Check every single entry (threat found), and click on the Remove Selected button
• On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
• This will open the report in Notepad. Copy/paste its content in your next reply

created by Aura

~~~~
Your next reply(ies) should therefore contain:

• Copy/pasted Fixlog.txt
• Copy/pasted AdwCleaner clean log
• Copy/pasted RogueKiller clean log