Solved Computer has slowed and wakes up from sleep with no input.

S

Shura

Posts: 13   +0
Just want to make sure I'm safe. Thanks for any help you can give.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.10.2018
Ran by Drew (administrator) on DREW (22-10-2018 18:42:46)
Running from C:\Users\Drew\Downloads
Loaded Profiles: Drew (Available Profiles: Drew)
Platform: Windows 10 Home Version 1803 17134.345 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\DriverStore\FileRepository\c0323831.inf_amd64_1212be4b9fe2386c\atiesrxx.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1809.2-0\MsMpEng.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1809.2-0\NisSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(SoundSwitch) C:\Program Files\SoundSwitch\SoundSwitch.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaConverter.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaRenderer.exe
() C:\Program Files (x86)\qBittorrent\qbittorrent.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11809.1001.8.0_x64__8wekyb3d8bbwe\WinStore.App.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1809.2731.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2017-03-29] (Logitech Inc.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2017-04-10] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2670056 2018-09-10] (Adobe Systems, Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9228800 2017-06-29] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2867712 2017-01-09] (Dominik Reichl)
HKLM-x32\...\Run: [Google Japanese Input Prelauncher] => C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaBroker32.exe [1806800 2018-05-22] (Google Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKU\S-1-5-21-619396438-2450706291-207795060-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3208992 2018-10-12] (Valve Corporation)
HKU\S-1-5-21-619396438-2450706291-207795060-1001\...\Run: [SoundSwitch] => C:\Program Files\SoundSwitch\SoundSwitch.exe [1816768 2018-06-08] (SoundSwitch)
HKU\S-1-5-21-619396438-2450706291-207795060-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18594760 2018-09-19] (Piriform Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{02909200-05bf-4fe3-8eb4-a2f653214056}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{b3510a2e-45aa-4320-bdc2-1b4e6659b452}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-619396438-2450706291-207795060-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?ocid=U220DHP&pc=U220
HKU\S-1-5-21-619396438-2450706291-207795060-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ca/?ocid=iehp
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-14] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-14] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: dsgdew9w.default-1522896207997
FF DefaultProfile: 7j0vtojg.default
FF ProfilePath: C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\dsgdew9w.default-1522896207997 [2018-10-22]
FF Homepage: Mozilla\Firefox\Profiles\dsgdew9w.default-1522896207997 -> about:home
FF Extension: (Nimbus Screen Capture: Screenshots, Annotate) - C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\dsgdew9w.default-1522896207997\Extensions\nimbusscreencaptureff@everhelper.me.xpi [2018-10-09]
FF Extension: (S3.Translator) - C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\dsgdew9w.default-1522896207997\Extensions\s3google@translator.xpi [2018-10-10]
FF Extension: (uBlock Origin) - C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\dsgdew9w.default-1522896207997\Extensions\uBlock0@raymondhill.net.xpi [2018-10-18]
FF Extension: (Youtube Checker) - C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\dsgdew9w.default-1522896207997\Extensions\youtube-subscription-checker@xrxr.xpi [2018-09-18]
FF Extension: (NoScript) - C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\dsgdew9w.default-1522896207997\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2018-10-16]
FF Extension: (Greasemonkey) - C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\dsgdew9w.default-1522896207997\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2018-08-28]
FF Extension: (Telemetry coverage) - C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\dsgdew9w.default-1522896207997\features\{56895a34-384c-4d13-8c09-7863ac197743}\telemetry-coverage-bug1487578@mozilla.org.xpi [2018-10-11] [Legacy]
FF ProfilePath: C:\Users\Drew\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\7j0vtojg.default [2018-10-21]
FF Homepage: Moonchild Productions\Pale Moon\Profiles\7j0vtojg.default -> hxxps://boards.4chan.org/toy/
hxxps://twitter.com/
hxxps://www.youtube.com/?hl=en&gl=CA
FF Extension: (Dark Moon) - C:\Users\Drew\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\7j0vtojg.default\Extensions\darkmoon@lootyhoof-pm.xpi [2018-02-12] [Legacy] [not signed]
FF Extension: (Greasemonkey for Pale Moon) - C:\Users\Drew\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\7j0vtojg.default\Extensions\greasemonkeyforpm@janekptacijarabaci.xpi [2018-03-05] [Legacy] [not signed]
FF Extension: (uBlock Origin) - C:\Users\Drew\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\7j0vtojg.default\Extensions\uBlock0@raymondhill.net.xpi [2018-02-12] [Legacy] [not signed]
FF Extension: (DarkPitch) - C:\Users\Drew\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\7j0vtojg.default\Extensions\{4b13c0da-55d5-44ce-b98e-98e62085837f}.xpi [2018-02-12] [Legacy] [not signed]
FF Extension: (Theme Font & Size Changer (no expire)) - C:\Users\Drew\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\7j0vtojg.default\Extensions\{6e5104b6-3c42-11e7-a919-92ebcb67fe33}.xpi [2018-02-12] [Legacy]
FF Extension: (NoScript) - C:\Users\Drew\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\7j0vtojg.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2018-02-12] [Legacy]
FF Extension: (In The Dark) - C:\Users\Drew\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\7j0vtojg.default\Extensions\{86FA6F53-95FE-7A69-D8C3-E1454281F8B6}.xpi [2018-03-26] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_31_0_0_122.dll [2018-10-10] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll [2012-04-11] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_122.dll [2018-10-10] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-14] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll [2012-04-11] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [No File]
FF Plugin HKU\S-1-5-21-619396438-2450706291-207795060-1001: SkypePlugin -> C:\Users\Drew\AppData\Local\SkypePlugin\7.32.6.278\npGatewayNpapi.dll [2017-04-18] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-619396438-2450706291-207795060-1001: SkypePlugin64 -> C:\Users\Drew\AppData\Local\SkypePlugin\7.32.6.278\npGatewayNpapi-x64.dll [2017-04-18] (Skype Technologies S.A.)

Chrome:
=======
CHR Profile: C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default [2018-10-21]
CHR Extension: (Slides) - C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-11]
CHR Extension: (Docs) - C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-11]
CHR Extension: (Google Drive) - C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-02]
CHR Extension: (Skype Calling) - C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2017-05-23]
CHR Extension: (YouTube) - C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-02]
CHR Extension: (Sheets) - C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-11]
CHR Extension: (Google Docs Offline) - C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-30]
CHR Extension: (Manual Geolocation) - C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpiefjlgcjmciajdcinaejedejjfjgki [2018-01-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-17]
CHR Extension: (Gmail) - C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-02]
CHR Extension: (Chrome Media Router) - C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-22]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2910696 2018-09-10] (Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2704872 2018-09-10] (Adobe Systems, Incorporated)
R2 AMD External Events Utility; C:\WINDOWS\System32\DriverStore\FileRepository\c0323831.inf_amd64_1212be4b9fe2386c\atiesrxx.exe [481144 2018-02-06] (AMD)
R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2016-08-26] (Advanced Micro Devices) [File not signed]
R2 GoogleIMEJaCacheService; C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe [994256 2018-05-22] (Google Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1809.2-0\NisSrv.exe [3847376 2018-09-25] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1809.2-0\MsMpEng.exe [114200 2018-09-25] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 amdacpksd; C:\WINDOWS\system32\drivers\amdacpksd.sys [313760 2016-08-26] (Advanced Micro Devices)
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-11-05] (Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0323831.inf_amd64_1212be4b9fe2386c\atikmdag.sys [41578872 2018-02-06] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0323831.inf_amd64_1212be4b9fe2386c\atikmpag.sys [545656 2018-02-06] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [111112 2017-11-21] (Advanced Micro Devices)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152688 2018-09-11] (Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [200232 2018-10-13] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [118584 2018-10-22] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [58400 2018-10-22] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [260384 2018-10-22] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [110424 2018-10-22] (Malwarebytes)
R3 Microsoft_Bluetooth_AvrcpTransport; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.AvrcpTransport.sys [46592 2018-04-11] (Microsoft Corporation)
S3 NPF; C:\WINDOWS\System32\drivers\NPF.sys [35344 2011-02-11] (CACE Technologies, Inc.)
S3 qcusbser; C:\WINDOWS\system32\DRIVERS\qcusbser.sys [254520 2017-03-15] (QUALCOMM Incorporated)
S3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2017-04-10] (Scarlet.Crush Productions)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46184 2018-09-25] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [352424 2018-09-25] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60584 2018-09-25] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-22 18:42 - 2018-10-22 18:43 - 000017626 _____ C:\Users\Drew\Downloads\FRST.txt
2018-10-22 18:41 - 2018-10-22 18:42 - 000000000 ____D C:\FRST
2018-10-22 18:41 - 2018-10-22 18:41 - 002414592 _____ (Farbar) C:\Users\Drew\Desktop\FRST64.exe
2018-10-22 18:41 - 2018-10-22 18:41 - 000000000 ____D C:\Users\Drew\Downloads\FRST-OlderVersion
2018-10-22 07:48 - 2018-10-22 15:55 - 000110424 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-10-22 07:48 - 2018-10-22 07:48 - 000260384 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-10-22 07:48 - 2018-10-22 07:48 - 000118584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-10-22 07:48 - 2018-10-22 07:48 - 000058400 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-10-22 07:47 - 2018-09-04 18:36 - 001476904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2018-10-22 07:41 - 2018-10-22 07:41 - 007592144 _____ (Malwarebytes) C:\Users\Drew\Downloads\adwcleaner_7.2.4.0.exe
2018-10-21 21:54 - 2018-10-22 07:48 - 000000000 ____D C:\Users\Drew\AppData\Local\CrashDumps
2018-10-21 21:51 - 2018-10-21 21:51 - 000004032 _____ C:\WINDOWS\system32\cc_20181021_215136.reg
2018-10-21 21:50 - 2018-10-21 21:50 - 000051180 _____ C:\WINDOWS\system32\cc_20181021_215041.reg
2018-10-21 21:44 - 2018-10-21 21:54 - 000000000 ____D C:\Users\Drew\AppData\Local\AVAST Software
2018-10-21 21:44 - 2018-10-21 21:44 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2018-10-21 21:43 - 2018-10-21 21:43 - 016796856 _____ (Piriform Ltd) C:\Users\Drew\Downloads\ccsetup547.exe
2018-10-21 21:31 - 2018-10-21 21:31 - 000000000 ____D C:\Users\Drew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nexon
2018-10-21 21:11 - 2018-10-21 21:11 - 000000000 ____D C:\Users\Drew\AppData\Roaming\Nexon Launcher
2018-10-21 21:10 - 2018-10-21 21:42 - 000000000 ____D C:\Users\Drew\AppData\Roaming\NexonLauncher
2018-10-21 21:10 - 2018-10-21 21:10 - 011765112 _____ C:\Users\Drew\Downloads\NexonLauncherSetup.exe
2018-10-21 21:10 - 2018-10-21 21:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
2018-10-21 21:10 - 2018-10-21 21:10 - 000000000 ____D C:\Program Files (x86)\Nexon
2018-10-20 14:21 - 2018-10-20 14:21 - 000000000 ____D C:\Users\Drew\AppData\Local\PlaceholderTileLogoFolder
2018-10-18 22:15 - 2018-10-18 22:16 - 000000000 ____D C:\Users\Drew\Downloads\Marshmallow Maximus
2018-10-18 22:15 - 2018-10-18 22:15 - 551984876 _____ C:\Users\Drew\Downloads\Marshmallow Maximus.zip
2018-10-13 16:49 - 2018-10-13 16:49 - 000000000 ____D C:\Users\Drew\AppData\Local\mbam
2018-10-13 16:48 - 2018-10-13 16:48 - 000200232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-10-13 16:48 - 2018-10-13 16:48 - 000000000 ____D C:\Users\Drew\AppData\Local\mbamtray
2018-10-13 16:48 - 2018-10-13 16:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-10-13 16:48 - 2018-09-11 13:18 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-10-12 14:53 - 2018-10-12 14:53 - 000041396 _____ C:\Users\Drew\Downloads\[VentoFisso] JoJos Bizarre Adventure - Golden Wind 02.***
2018-10-10 23:21 - 2018-10-10 23:21 - 000000000 ____D C:\Users\Drew\AppData\Roaming\ImageGlass
2018-10-10 00:41 - 2018-09-21 05:18 - 021386888 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-10-10 00:41 - 2018-09-20 00:29 - 006569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-10-10 00:41 - 2018-09-20 00:21 - 022013440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-10-10 00:41 - 2018-09-20 00:09 - 009089848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-10-10 00:41 - 2018-09-20 00:09 - 007520096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-10-10 00:41 - 2018-09-20 00:09 - 007432136 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-10-10 00:41 - 2018-09-20 00:08 - 004191232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-10-10 00:41 - 2018-09-19 23:53 - 025851392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-10-10 00:41 - 2018-09-19 23:46 - 022715392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-10-10 00:41 - 2018-09-19 23:37 - 004615680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-10-10 00:40 - 2018-09-21 05:01 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2018-10-10 00:40 - 2018-09-21 04:22 - 020381784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-10-10 00:40 - 2018-09-21 04:12 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2018-10-10 00:40 - 2018-09-21 00:14 - 000661056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2018-10-10 00:40 - 2018-09-21 00:13 - 000480568 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-10-10 00:40 - 2018-09-21 00:12 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-10-10 00:40 - 2018-09-21 00:11 - 000753056 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2018-10-10 00:40 - 2018-09-21 00:09 - 004790160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-10-10 00:40 - 2018-09-21 00:09 - 002253696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-10-10 00:40 - 2018-09-21 00:09 - 001427968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2018-10-10 00:40 - 2018-09-21 00:09 - 001062920 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-10-10 00:40 - 2018-09-21 00:09 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-10-10 00:40 - 2018-09-21 00:08 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-10-10 00:40 - 2018-09-21 00:08 - 002765344 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-10-10 00:40 - 2018-09-21 00:08 - 001566720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2018-10-10 00:40 - 2018-09-21 00:08 - 001456720 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-10-10 00:40 - 2018-09-21 00:08 - 001257864 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-10-10 00:40 - 2018-09-21 00:08 - 001140672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-10-10 00:40 - 2018-09-21 00:08 - 000982600 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-10-10 00:40 - 2018-09-21 00:08 - 000709936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-10-10 00:40 - 2018-09-21 00:08 - 000261008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-10-10 00:40 - 2018-09-21 00:08 - 000170808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-10-10 00:40 - 2018-09-21 00:07 - 000604664 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-10-10 00:40 - 2018-09-20 23:58 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2018-10-10 00:40 - 2018-09-20 23:57 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-10-10 00:40 - 2018-09-20 23:57 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-10-10 00:40 - 2018-09-20 23:56 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-10-10 00:40 - 2018-09-20 23:54 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-10-10 00:40 - 2018-09-20 23:53 - 001006080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2018-10-10 00:40 - 2018-09-20 23:43 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2018-10-10 00:40 - 2018-09-20 23:42 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-10-10 00:40 - 2018-09-20 23:41 - 003396096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-10-10 00:40 - 2018-09-20 23:40 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-10-10 00:40 - 2018-09-20 23:39 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-10-10 00:40 - 2018-09-20 23:39 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-10-10 00:40 - 2018-09-20 23:39 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-10-10 00:40 - 2018-09-20 23:39 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-10-10 00:40 - 2018-09-20 23:38 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-10-10 00:40 - 2018-09-20 23:38 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-10-10 00:40 - 2018-09-20 23:37 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-10-10 00:40 - 2018-09-20 23:37 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-10-10 00:40 - 2018-09-20 23:37 - 001211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2018-10-10 00:40 - 2018-09-20 23:37 - 000604160 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-10-10 00:40 - 2018-09-20 23:36 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-10-10 00:40 - 2018-09-20 23:36 - 001034240 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-10-10 00:40 - 2018-09-20 23:36 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-10-10 00:40 - 2018-09-20 23:36 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-10-10 00:40 - 2018-09-20 23:36 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-10-10 00:40 - 2018-09-20 05:40 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-10-10 00:40 - 2018-09-20 05:37 - 001634944 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-10-10 00:40 - 2018-09-20 05:23 - 006602240 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-10-10 00:40 - 2018-09-20 05:22 - 013572096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-10-10 00:40 - 2018-09-20 05:19 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2018-10-10 00:40 - 2018-09-20 05:18 - 003649024 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-10-10 00:40 - 2018-09-20 05:18 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-10-10 00:40 - 2018-09-20 05:17 - 002874368 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2018-10-10 00:40 - 2018-09-20 05:17 - 001856000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-10-10 00:40 - 2018-09-20 05:17 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-10-10 00:40 - 2018-09-20 05:16 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpshell.dll
2018-10-10 00:40 - 2018-09-20 04:46 - 001454440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-10-10 00:40 - 2018-09-20 04:35 - 005669888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-10-10 00:40 - 2018-09-20 04:34 - 012500992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-10-10 00:40 - 2018-09-20 04:30 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-10-10 00:40 - 2018-09-20 04:29 - 002891776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-10-10 00:40 - 2018-09-20 04:29 - 002824704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2018-10-10 00:40 - 2018-09-20 04:29 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-10-10 00:40 - 2018-09-20 04:28 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpshell.dll
2018-10-10 00:40 - 2018-09-20 02:43 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-10-10 00:40 - 2018-09-20 01:52 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-10-10 00:40 - 2018-09-20 00:29 - 006039368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-10-10 00:40 - 2018-09-20 00:29 - 001989232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-10-10 00:40 - 2018-09-20 00:29 - 001513032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2018-10-10 00:40 - 2018-09-20 00:29 - 000357056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-10-10 00:40 - 2018-09-20 00:28 - 001129544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-10-10 00:40 - 2018-09-20 00:28 - 000581792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-10-10 00:40 - 2018-09-20 00:28 - 000567256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-10-10 00:40 - 2018-09-20 00:17 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-10-10 00:40 - 2018-09-20 00:15 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-10-10 00:40 - 2018-09-20 00:13 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-10-10 00:40 - 2018-09-20 00:12 - 000272200 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-10-10 00:40 - 2018-09-20 00:12 - 000269128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-10-10 00:40 - 2018-09-20 00:11 - 005777920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-10-10 00:40 - 2018-09-20 00:11 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-10-10 00:40 - 2018-09-20 00:11 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-10-10 00:40 - 2018-09-20 00:11 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-10-10 00:40 - 2018-09-20 00:11 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2018-10-10 00:40 - 2018-09-20 00:10 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-10-10 00:40 - 2018-09-20 00:10 - 001221128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-10-10 00:40 - 2018-09-20 00:10 - 001029432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-10-10 00:40 - 2018-09-20 00:10 - 000566800 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-10-10 00:40 - 2018-09-20 00:10 - 000500536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2018-10-10 00:40 - 2018-09-20 00:10 - 000355840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2018-10-10 00:40 - 2018-09-20 00:10 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-10-10 00:40 - 2018-09-20 00:10 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-10-10 00:40 - 2018-09-20 00:09 - 002825232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-10-10 00:40 - 2018-09-20 00:09 - 002462888 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-10-10 00:40 - 2018-09-20 00:09 - 002421248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-10-10 00:40 - 2018-09-20 00:09 - 001767096 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2018-10-10 00:40 - 2018-09-20 00:09 - 001540096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2018-10-10 00:40 - 2018-09-20 00:09 - 001097744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-10-10 00:40 - 2018-09-20 00:09 - 000885952 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-10-10 00:40 - 2018-09-20 00:09 - 000793088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-10-10 00:40 - 2018-09-20 00:09 - 000713472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-10-10 00:40 - 2018-09-20 00:09 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-10-10 00:40 - 2018-09-20 00:08 - 001627648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-10-10 00:40 - 2018-09-19 23:44 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-10-10 00:40 - 2018-09-19 23:44 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-10-10 00:40 - 2018-09-19 23:43 - 000052736 _____ C:\WINDOWS\system32\runexehelper.exe
2018-10-10 00:40 - 2018-09-19 23:42 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-10-10 00:40 - 2018-09-19 23:42 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-10-10 00:40 - 2018-09-19 23:42 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2018-10-10 00:40 - 2018-09-19 23:41 - 007577088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-10-10 00:40 - 2018-09-19 23:41 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-10-10 00:40 - 2018-09-19 23:41 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-10-10 00:40 - 2018-09-19 23:41 - 000319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-10-10 00:40 - 2018-09-19 23:41 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-10-10 00:40 - 2018-09-19 23:40 - 003090432 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-10-10 00:40 - 2018-09-19 23:40 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-10-10 00:40 - 2018-09-19 23:40 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-10-10 00:40 - 2018-09-19 23:38 - 001724416 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-10-10 00:40 - 2018-09-19 23:38 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2018-10-10 00:40 - 2018-09-19 23:37 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-10-10 00:40 - 2018-09-19 23:36 - 001375232 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-10-10 00:40 - 2018-09-19 22:21 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2018-10-10 00:40 - 2018-09-19 21:28 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2018-10-10 00:40 - 2018-09-08 04:12 - 000452112 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-10-10 00:40 - 2018-09-08 04:07 - 002868536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-10-10 00:40 - 2018-09-08 04:07 - 001610552 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-10-10 00:40 - 2018-09-08 04:07 - 000792376 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-10-10 00:40 - 2018-09-08 04:07 - 000689464 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-10-10 00:40 - 2018-09-08 04:07 - 000612360 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-10-10 00:40 - 2018-09-08 04:07 - 000309560 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-10-10 00:40 - 2018-09-08 04:07 - 000144696 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-10-10 00:40 - 2018-09-08 04:07 - 000069944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-10-10 00:40 - 2018-09-08 04:02 - 000645112 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-10-10 00:40 - 2018-09-08 04:02 - 000540984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-10-10 00:40 - 2018-09-08 03:58 - 001639352 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2018-10-10 00:40 - 2018-09-08 03:58 - 001520744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-10-10 00:40 - 2018-09-08 03:57 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2018-10-10 00:40 - 2018-09-08 03:44 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdBth.dll
2018-10-10 00:40 - 2018-09-08 03:43 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\INETRES.dll
2018-10-10 00:40 - 2018-09-08 03:43 - 000047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardBi.dll
2018-10-10 00:40 - 2018-09-08 03:42 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2018-10-10 00:40 - 2018-09-08 03:42 - 000188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2018-10-10 00:40 - 2018-09-08 03:42 - 000169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.XamlHost.dll
2018-10-10 00:40 - 2018-09-08 03:42 - 000114176 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthci.dll
2018-10-10 00:40 - 2018-09-08 03:41 - 000258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2018-10-10 00:40 - 2018-09-08 03:40 - 001724928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2018-10-10 00:40 - 2018-09-08 03:40 - 000677888 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-10-10 00:40 - 2018-09-08 03:40 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2018-10-10 00:40 - 2018-09-08 03:40 - 000522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2018-10-10 00:40 - 2018-09-08 03:40 - 000402944 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2018-10-10 00:40 - 2018-09-08 03:40 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl
2018-10-10 00:40 - 2018-09-08 03:39 - 005505024 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2018-10-10 00:40 - 2018-09-08 03:39 - 002052096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2018-10-10 00:40 - 2018-09-08 03:39 - 001787904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2018-10-10 00:40 - 2018-09-08 03:39 - 000615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2018-10-10 00:40 - 2018-09-08 03:38 - 001288192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-10-10 00:40 - 2018-09-08 03:38 - 001004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2018-10-10 00:40 - 2018-09-08 03:38 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-10-10 00:40 - 2018-09-08 03:38 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2018-10-10 00:40 - 2018-09-08 03:38 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2018-10-10 00:40 - 2018-09-08 03:37 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2018-10-10 00:40 - 2018-09-08 03:16 - 000482080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2018-10-10 00:40 - 2018-09-08 03:14 - 001328056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-10-10 00:40 - 2018-09-08 03:13 - 001626656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2018-10-10 00:40 - 2018-09-08 03:13 - 000181288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2018-10-10 00:40 - 2018-09-08 03:03 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\INETRES.dll
2018-10-10 00:40 - 2018-09-08 03:03 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdBth.dll
2018-10-10 00:40 - 2018-09-08 03:02 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2018-10-10 00:40 - 2018-09-08 03:00 - 000548864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2018-10-10 00:40 - 2018-09-08 02:59 - 001530368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2018-10-10 00:40 - 2018-09-08 02:59 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2018-10-10 00:40 - 2018-09-08 02:59 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2018-10-10 00:40 - 2018-09-08 02:59 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.XamlHost.dll
2018-10-10 00:40 - 2018-09-08 02:58 - 001308672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2018-10-10 00:40 - 2018-09-08 02:58 - 000897536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-10-10 00:40 - 2018-09-08 02:58 - 000775680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2018-10-10 00:40 - 2018-09-08 02:57 - 005391360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2018-10-10 00:40 - 2018-09-08 02:57 - 000625664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2018-10-10 00:40 - 2018-09-08 02:57 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2018-10-10 00:40 - 2018-09-08 02:57 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl
2018-10-10 00:40 - 2018-09-08 02:56 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2018-10-10 00:40 - 2018-09-08 00:08 - 000462880 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-10-10 00:40 - 2018-09-07 23:59 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-10-10 00:40 - 2018-09-07 23:59 - 000361544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2018-10-10 00:40 - 2018-09-07 23:58 - 000744976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-10-10 00:40 - 2018-09-07 23:58 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2018-10-10 00:40 - 2018-09-07 23:58 - 000368440 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2018-10-10 00:40 - 2018-09-07 23:57 - 002571128 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-10-10 00:40 - 2018-09-07 23:57 - 001016984 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-10-10 00:40 - 2018-09-07 23:57 - 000930616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-10-10 00:40 - 2018-09-07 23:57 - 000482384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-10-10 00:40 - 2018-09-07 23:57 - 000368448 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2018-10-10 00:40 - 2018-09-07 23:57 - 000267576 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-10-10 00:40 - 2018-09-07 23:51 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-10-10 00:40 - 2018-09-07 23:45 - 000295416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2018-10-10 00:40 - 2018-09-07 23:45 - 000286824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2018-10-10 00:40 - 2018-09-07 23:44 - 001980984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-10-10 00:40 - 2018-09-07 23:44 - 000829752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-10-10 00:40 - 2018-09-07 23:43 - 001174448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-10-10 00:40 - 2018-09-07 23:43 - 000269104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2018-10-10 00:40 - 2018-09-07 23:32 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2018-10-10 00:40 - 2018-09-07 23:31 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2018-10-10 00:40 - 2018-09-07 23:31 - 000272384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Proxy.dll
2018-10-10 00:40 - 2018-09-07 23:30 - 003601920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dll
2018-10-10 00:40 - 2018-09-07 23:30 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2018-10-10 00:40 - 2018-09-07 23:30 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2018-10-10 00:40 - 2018-09-07 23:30 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2018-10-10 00:40 - 2018-09-07 23:30 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2018-10-10 00:40 - 2018-09-07 23:29 - 004771840 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-10-10 00:40 - 2018-09-07 23:29 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2018-10-10 00:40 - 2018-09-07 23:29 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2018-10-10 00:40 - 2018-09-07 23:29 - 000183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2018-10-10 00:40 - 2018-09-07 23:29 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2018-10-10 00:40 - 2018-09-07 23:28 - 000481280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2018-10-10 00:40 - 2018-09-07 23:28 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2018-10-10 00:40 - 2018-09-07 23:28 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2018-10-10 00:40 - 2018-09-07 23:28 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-10-10 00:40 - 2018-09-07 23:28 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Bluetooth.Proxy.dll
2018-10-10 00:40 - 2018-09-07 23:27 - 003348992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2018-10-10 00:40 - 2018-09-07 23:27 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2018-10-10 00:40 - 2018-09-07 23:27 - 000596992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-10-10 00:40 - 2018-09-07 23:27 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\winipcfile.dll
2018-10-10 00:40 - 2018-09-07 23:27 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
2018-10-10 00:40 - 2018-09-07 23:27 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2018-10-10 00:40 - 2018-09-07 23:26 - 002328064 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmsipc.dll
2018-10-10 00:40 - 2018-09-07 23:26 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-10-10 00:40 - 2018-09-07 23:26 - 000784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2018-10-10 00:40 - 2018-09-07 23:26 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2018-10-10 00:40 - 2018-09-07 23:26 - 000387584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2018-10-10 00:40 - 2018-09-07 23:26 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-10-10 00:40 - 2018-09-07 23:26 - 000359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winipcfile.dll
2018-10-10 00:40 - 2018-09-07 23:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2018-10-10 00:40 - 2018-09-07 23:25 - 003553792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2018-10-10 00:40 - 2018-09-07 23:25 - 002789376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2018-10-10 00:40 - 2018-09-07 23:25 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winipcsecproc.dll
2018-10-10 00:40 - 2018-09-07 23:25 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-10-10 00:40 - 2018-09-07 23:25 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2018-10-10 00:40 - 2018-09-07 23:25 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Proximity.dll
2018-10-10 00:40 - 2018-09-07 23:24 - 001457664 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2018-10-10 00:40 - 2018-09-07 23:24 - 001096704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-10-10 00:40 - 2018-09-07 23:24 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2018-10-10 00:40 - 2018-09-07 23:24 - 000845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2018-10-10 00:40 - 2018-09-07 23:24 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\das.dll
2018-10-10 00:40 - 2018-09-07 23:23 - 001655296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmsipc.dll
2018-10-10 00:40 - 2018-09-07 23:23 - 000807936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winipcsecproc.dll
2018-10-10 00:40 - 2018-09-07 23:23 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll
2018-10-10 00:40 - 2018-09-07 23:23 - 000314368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Proximity.dll
2018-10-10 00:40 - 2018-09-07 23:22 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2018-10-10 00:40 - 2018-08-02 23:38 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2018-10-09 23:49 - 2018-10-09 23:49 - 000896492 _____ C:\Users\Drew\Downloads\akp23 (online-video-cutter.com).mp4
2018-10-09 23:27 - 2018-10-11 21:13 - 000000000 ____D C:\Users\Drew\Downloads\WebMConverter
2018-10-09 23:27 - 2018-10-09 23:27 - 011300249 _____ C:\Users\Drew\Downloads\WebMConverter.zip
2018-10-08 16:17 - 2018-10-08 16:17 - 001438086 _____ (Igor Pavlov) C:\Users\Drew\Downloads\7z1805-x64.exe
2018-10-08 16:17 - 2018-10-08 16:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2018-10-08 16:17 - 2018-10-08 16:17 - 000000000 ____D C:\Program Files\7-Zip
2018-10-07 23:03 - 2018-10-07 23:03 - 011728248 _____ C:\Users\Drew\Downloads\HandBrake-1.1.2-x86_64-Win_GUI.exe
2018-10-07 23:03 - 2018-10-07 23:03 - 000000000 ____D C:\Users\Drew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HandBrake
2018-10-07 22:34 - 2018-10-07 22:34 - 010424065 _____ C:\Users\Drew\Downloads\ffmpeg-4.0.2.tar.bz2
2018-10-07 22:34 - 2018-10-07 22:34 - 000000000 ____D C:\Users\Drew\Downloads\ffmpeg-4.0.2
2018-10-01 22:05 - 2018-10-01 22:05 - 160279961 _____ C:\Users\Drew\Downloads\tour-photos.zip
2018-09-22 15:58 - 2018-09-22 15:58 - 000398301 _____ C:\Users\Drew\Downloads\ResizedPhotos.0.zip
2018-09-22 14:51 - 2018-09-22 14:51 - 000424377 _____ C:\Users\Drew\Downloads\pyrochild.plugins.installer.2017-12-04.exe.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-22 18:37 - 2016-11-18 18:36 - 000000000 ____D C:\Users\Drew\AppData\LocalLow\Mozilla
2018-10-22 18:36 - 2016-05-30 00:28 - 000000000 ____D C:\Users\Drew\AppData\Roaming\qBittorrent
2018-10-22 18:29 - 2017-12-08 21:06 - 000000000 ____D C:\Users\Drew\AppData\Roaming\MusicBee
2018-10-22 18:29 - 2017-05-20 15:23 - 000000000 ____D C:\Users\Drew\AppData\Roaming\KeePass
2018-10-22 17:46 - 2018-09-07 01:11 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-10-22 08:09 - 2018-04-11 19:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-10-22 07:59 - 2018-09-07 01:16 - 000000000 ____D C:\Users\Drew\AppData\Local\D3DSCache
2018-10-22 07:55 - 2018-09-07 01:20 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-10-22 07:55 - 2018-04-11 19:36 - 000000000 ____D C:\WINDOWS\INF
2018-10-22 07:48 - 2018-09-07 01:16 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-10-22 07:48 - 2018-04-11 17:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-10-22 07:48 - 2016-11-22 23:19 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2018-10-22 07:47 - 2018-04-11 19:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-10-22 07:43 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-10-22 07:41 - 2017-06-24 16:16 - 000000000 ____D C:\AdwCleaner
2018-10-22 02:00 - 2016-05-22 17:50 - 000000000 ____D C:\Users\Drew\AppData\Local\Adobe
2018-10-22 00:35 - 2016-05-30 04:27 - 000000000 ____D C:\Users\Drew\AppData\Roaming\MPC-HC
2018-10-21 21:55 - 2018-04-11 17:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-10-21 21:54 - 2017-12-31 15:28 - 000000000 ____D C:\ProgramData\AVAST Software
2018-10-21 21:53 - 2018-09-07 01:12 - 000000000 ____D C:\Users\Drew
2018-10-21 21:49 - 2018-09-06 17:40 - 000000000 ___DC C:\WINDOWS\Panther
2018-10-21 21:44 - 2018-04-11 19:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-10-21 21:44 - 2017-09-22 20:36 - 000000000 ____D C:\ProgramData\Freemake
2018-10-21 21:43 - 2018-09-07 01:16 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-10-20 00:22 - 2018-09-07 01:16 - 000003350 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-619396438-2450706291-207795060-1001
2018-10-20 00:22 - 2018-09-07 01:12 - 000002360 _____ C:\Users\Drew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-10-20 00:22 - 2018-02-26 01:14 - 000000000 ___RD C:\Users\Drew\OneDrive
2018-10-19 05:07 - 2018-04-11 19:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-10-18 20:13 - 2016-05-20 20:48 - 000000000 ____D C:\Program Files (x86)\Steam
2018-10-16 18:11 - 2016-05-20 01:24 - 000559880 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-10-13 14:27 - 2018-04-04 22:40 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-10-13 14:27 - 2016-05-19 23:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-10-11 18:28 - 2017-11-30 08:38 - 000000000 ____D C:\Users\Drew\AppData\Roaming\audacity
2018-10-11 11:31 - 2018-04-04 22:40 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-10-10 04:07 - 2018-02-26 01:12 - 000000000 ___RD C:\Users\Drew\3D Objects
2018-10-10 04:07 - 2016-05-19 23:17 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-10-10 04:06 - 2018-09-07 01:11 - 000482880 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-10-10 04:06 - 2018-04-11 19:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-10-10 04:06 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-10-10 04:06 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2018-10-10 04:06 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-10-10 04:06 - 2018-04-11 19:38 - 000000000 ____D C:\Program Files\Windows Defender
2018-10-10 04:06 - 2018-04-11 19:38 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2018-10-10 01:32 - 2018-09-07 01:16 - 000004564 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-10-10 01:32 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-10-10 01:32 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-10-10 00:43 - 2016-05-20 03:30 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-10-10 00:42 - 2016-05-20 03:30 - 136745976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-10-08 10:58 - 2017-02-08 20:38 - 000000000 ____D C:\Users\Drew\AppData\Roaming\HandBrake
2018-10-07 23:03 - 2017-02-08 20:35 - 000000000 ____D C:\Program Files\HandBrake
2018-10-07 22:49 - 2017-02-08 20:38 - 000000000 ____D C:\Users\Drew\AppData\Roaming\dvdcss
2018-10-07 21:54 - 2017-08-21 21:11 - 000000000 ____D C:\Users\Drew\AppData\Local\MKVCleaver
2018-10-07 21:54 - 2017-07-12 21:07 - 000000000 ____D C:\Users\Drew\AppData\Roaming\vlc
2018-10-04 17:10 - 2018-07-08 15:12 - 000000000 ____D C:\ProgramData\Packages
2018-10-02 16:13 - 2018-04-11 19:41 - 000835152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-10-02 16:13 - 2018-04-11 19:41 - 000179792 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-09-27 22:32 - 2016-08-07 19:03 - 000001104 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2018-09-27 22:32 - 2016-08-07 19:03 - 000000000 ____D C:\Program Files\paint.net
2018-09-25 22:00 - 2018-02-26 16:34 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd

==================== Files in the root of some directories =======

2017-10-16 02:44 - 2017-10-16 02:44 - 008250832 _____ (Malwarebytes) C:\Users\Drew\adwcleaner_7.0.3.1.exe
2016-06-11 13:50 - 2016-06-11 13:51 - 000023170 _____ () C:\Users\Drew\AppData\Roaming\Requiem.log
2017-11-24 01:07 - 2017-11-25 16:52 - 000001456 _____ () C:\Users\Drew\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-05-30 04:27 - 2018-01-01 03:26 - 000024064 _____ () C:\Users\Drew\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-09-29 17:38 - 2018-09-29 17:38 - 000000000 _____ () C:\Users\Drew\AppData\Local\oobelibMkey.log
2018-08-04 21:56 - 2018-08-04 21:56 - 000001465 _____ () C:\Users\Drew\AppData\Local\recently-used.xbel
2017-12-08 20:27 - 2017-12-08 20:27 - 000007606 _____ () C:\Users\Drew\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-09-07 01:11

==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10.10.2018
Ran by Drew (22-10-2018 18:43:13)
Running from C:\Users\Drew\Downloads
Windows 10 Home Version 1803 17134.345 (X64) (2018-09-07 05:16:24)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-619396438-2450706291-207795060-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-619396438-2450706291-207795060-503 - Limited - Disabled)
Drew (S-1-5-21-619396438-2450706291-207795060-1001 - Administrator - Enabled) => C:\Users\Drew
Guest (S-1-5-21-619396438-2450706291-207795060-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-619396438-2450706291-207795060-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
ACP Application (HKLM\...\{F6191048-C738-9336-04C8-968455D82C31}) (Version: 2016.0718.1650.38 - Advanced Micro Devices, Inc.) Hidden
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.122 - Adobe Systems Incorporated)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 18.2.1 - Advanced Micro Devices, Inc.)
Audacity 2.2.0 (HKLM-x32\...\Audacity_is1) (Version: 2.2.0 - Audacity Team)
AviSynth 2.6 (HKLM-x32\...\AviSynth) (Version: 2.6.0.6 - GPL Public release.)
Bulk Rename Utility 3.0.0.1 (64-bit) (HKLM\...\Bulk Rename Utility Installation_is1) (Version: - TGRMN Software)
Catalyst Control Center Next Localization BR (HKLM\...\{118C2119-84B6-E32C-63E2-B56DBCF41CE5}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{3E245378-BF77-6946-C6F6-096DBE5EAB82}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{51F85784-6799-5CA3-97B2-2E5904FC3E58}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{55A4D3AB-C8DF-26B2-89A8-7E16E1E40700}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{A16E186C-58C4-3BDC-5CCE-714EFEF5F27F}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{E7AA1A02-575C-14C6-FBEF-4BE6D46A5B74}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{365AEAB2-4CF3-7CBB-0DAC-E9E14B688E65}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{45907537-804A-514F-5280-5F4F12A6DCBC}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{5A083A57-10D6-D4E5-292C-F274870E73A4}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{8E6F5592-ED7E-9C50-74AC-BF417B1FE291}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{E42911E5-48F8-8557-ED20-D72AD1907D25}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{EB6C44F1-0F78-FE10-BC63-90BA50AB0CE9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{7ABC6D83-816E-6D48-E65D-B0CEDD294E4E}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{962364E4-08BB-347D-32E7-2B789F37BF8A}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{AD28960A-6190-C991-C964-308B86EAA2E2}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B26D75B8-FAB7-6F8B-767F-BAF975383D91}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B4C30EF4-B2C5-1395-B534-7B63BCB6E8E4}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{DF0D7C1C-72B6-9FFB-DF66-B3720237BB80}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{238F6F6F-2544-86CF-3AB6-2CDADAB58CF0}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{36EDC500-E4C0-371C-9865-08450415C1E9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{62098A5F-E03B-31A3-5F9C-51A7F7D25744}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{84C3F2C5-F7B2-2F08-CDF4-79EF7CC55D74}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{A0407E39-2AA4-60B3-885F-3C5347B6909E}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{C3EE628C-7394-FE2C-0C90-C05284EB528D}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{0989D0EA-AFF3-5F9A-3D25-20EE133E409B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{0E8A3B17-D603-B1B6-C205-1685EBDD23E9}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{1757AD9B-0E3C-05F9-FE43-4343BED7DA85}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{2F544F46-5F6E-97BB-3550-A0242A3C5754}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{4C2FB7FD-89FD-BA5C-585A-3811F326AD34}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{EC688BD0-240D-AE40-55F3-234E54919AE6}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{1E7D3072-1D28-E33A-99DF-85D9F7ECD06E}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{66B06F29-EE4F-9130-D96A-754826093FEA}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{A8689A0F-5928-7300-B82B-C5E85131B7BA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{D74218A3-C503-57EF-AC9F-2220082E7ADE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{E27224E3-7913-DA1E-5B08-9BEEC8FEE3D1}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{FC4086D6-E345-5F43-08BB-280FB57DAF49}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{76AAF56B-93D8-161D-809A-EC05F3B913DA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{821D0A0E-F246-BE40-0D68-93883C14C410}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{95A52FC1-C728-841D-1BFC-CC793B77B0A4}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{BA26B70C-3D8C-2D14-4122-211FB3E6F691}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{DA433FCF-90A1-19A5-65A7-FDF82DE4826D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{F8EBE530-A4D5-BF51-F623-3787E6B8A878}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{063CED74-F5F0-870E-DC9C-2D78FDEDA3EE}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{42FBD43F-DE53-6D4D-5134-E3C93B45CBEF}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{5FEACE78-C338-9AED-FF05-7DE7E273C774}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{88BD74C4-23AB-4554-915C-6E1F0C81F6CD}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{949F125B-A6CC-5A5E-EEE7-4AC50305C1FA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{A22CDEBA-6DB5-12CD-F6CE-6238C2D78363}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{13BB60AA-88F7-4B1F-2DEC-D81EEDE8B3AA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{20D46801-147B-30AD-7C5A-AC4560A79096}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{A3795528-F572-6314-C4E3-EE9DAF0FBF02}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{A48E2AB0-0866-7783-9657-E1709EB18D02}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{AC85CF50-9A55-0103-ADBF-365C37603AA4}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{C0BFC67D-E447-02C8-6046-C078DFE9EC97}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{22C39711-2747-D264-319A-1550BEEAAEC6}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{37AA6227-FF2C-95AC-87C0-45DCC0BB87DA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{4853A56D-7931-A08B-5BA7-8E2D61043DF9}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{94C72EBE-2908-F0AC-62DA-D61951830F8F}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{B349892D-B015-033C-4CA8-3635E6B655D7}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{E61CEF9A-BAC3-EAEE-F735-E257D2354DF2}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{1DBACFDB-5E43-7882-36BD-53526D34BD22}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{5B987681-3652-492B-6A11-E02AC0FE5959}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{B28CF677-E2C8-12CA-52BB-19B6F066D36A}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{BE8D6AB1-3049-2F0C-67FA-00C0A5D321A3}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{DA0326BB-657D-AAFC-752C-363E8FA33755}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{EB328356-1DF0-1CCE-3607-6361DD329219}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{26567561-DFB2-2B63-9BA8-6A490ED37016}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{43F6D22B-E0E9-EE90-9B62-1C5FC5D15A55}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{86BFE5B4-1FCE-3C02-6373-92B1AE6431E8}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{87E6EC29-AEC5-28CB-F773-93EB6C1B8A2B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{A91FC4BF-C1EC-ADCA-79D1-F4F0671F1D60}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{B873A1FB-5EA0-EE5F-A861-1E38880AD08E}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{0742432E-42D9-2240-4CA1-8595CCCBAA77}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{0809FEC1-EF86-51E9-8210-DC1B1BDB6745}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{CA55697D-BD74-3ED8-6B21-D7EDAD3B7D02}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{D4490E0F-8E7B-1097-B56A-7643C75F1C28}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{EC9DF9FF-9D75-4CDD-1D58-A2E887B0A42E}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED75A775-03A7-F214-868D-497748707968}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{07BFBD5C-2F63-6828-1B61-B41A44113F3B}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{5FD706FF-6AD8-E372-A35A-879409982655}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{7ABACA7E-6E59-0EF9-8FA3-6B32E5F58127}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{CFC860C8-4F51-E08C-A74C-2E444ED06160}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{DAB44116-0266-C65B-B643-AC11217C3041}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{EAEAA839-44F4-22DF-D1CC-88C3B2A3D4B1}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{3AF70346-52C7-0334-606F-118D1C1CB7A2}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{3E196AAF-F81C-B384-E2AB-28EE2398FE5F}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{9338D693-38B7-1ED4-9B42-BFA1D5600CCB}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{A3973655-E448-4A1B-477C-988A79D132D9}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{A4E7CA0C-84EB-5E29-2F04-06C4E4790C2F}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{E6038D3E-5D87-8DF7-6D05-BE7532C3E73E}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{53AE8AC7-5213-67AF-0DC0-CED696B77643}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{59D2664C-949B-7FA7-9880-ECB993B6616A}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{6DC92550-D065-4B36-C4D3-D8D7A702A7A7}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{C971C145-258D-6650-7088-13DDB161327A}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DAEFFE0C-CD05-1355-6AFC-7B3D4106A820}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DFAD9DAC-4768-C8BB-4E0E-5239605A9BEA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{970A40CA-46AB-986C-1798-976ED0EA00FA}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{B2A83706-3F14-1532-20CD-B4EE715A8945}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{DC9DFCBF-87DA-892C-6151-99CC9EF46E3E}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{E392A425-53A7-DF90-96A0-E287A75DD3B2}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{EBA09DAF-14B4-7BE7-676E-6E2FB21EDBDD}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{FFBFBD1F-B160-A119-7C43-8584FA2E5665}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{44ED2CDA-4197-E9E9-B328-26E1FB749116}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4707CBFC-8ED4-463E-0FF9-DE86F4A743E9}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4D1D5407-9B69-6422-629C-8518A26004A4}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{9AA4DD93-94BF-22EA-C9D2-7084F304A31B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{C1EFF2A2-DF4A-F6D1-B99C-1ED194AE9E78}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{D6F47BB4-700A-F612-0671-5F69EA311BB7}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{01FD9A26-3F61-9236-B360-BE5D043D82C0}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{3450566C-4561-0EE8-B1AB-D5C79CCE8D2C}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{379D900B-A785-6DB0-012E-434356A365B3}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{46EB68BE-8AAC-8C2B-7284-8DEDE6B5CD2A}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{A8379BAB-59A9-C0A3-8BCC-4852EA403692}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{C14A3A5B-8A86-C239-37D7-158211778C54}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{24DF617A-CD23-6E6A-126B-23630D2781CE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{366C4FB5-CF6E-258B-418D-E6D29549A278}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{64D4CCC3-63DF-252D-D29D-03491670225D}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{7A6E431B-CF43-EC3E-FD7E-0A0AAB1B25FC}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{A50C89BC-8D8E-8828-824A-7171F6D583D5}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{FCE8438C-3272-D63F-479F-670F082B294B}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{0B5633F0-C415-2F08-671E-4C9E2FAACD45}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{25D1751E-7CA2-5F6D-0125-0A16E47AF9FE}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{83DDDFD8-AD42-72F9-E4F1-5456FDB304C9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{89A1F076-19B8-A2B1-D5A3-E8247EFAF157}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{8DF90937-B869-9F76-5D45-5A8BDA0A33B6}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{B10089DE-934F-6E0F-683A-B788F89348DF}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.47 - Piriform)
FFmpeg (Windows) for Audacity version 2.2.2 (HKLM-x32\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 69.0.3497.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google 日本語入力 (HKLM\...\{DD4E0E70-C0D8-4B20-947D-AF1BD276AFAC}) (Version: 2.24.3250.0 - Google Inc.)
HandBrake 1.1.2 (HKLM-x32\...\HandBrake) (Version: 1.1.2 - )
HexChat (HKLM\...\HexChat_is1) (Version: 2.12.4 - HexChat)
HP Deskjet 2540 series Basic Device Software (HKLM\...\{6A79CD11-0C1C-4E24-A8C6-46A02F680346}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
ImageGlass (HKLM\...\{D539FBEF-4AA8-4415-B66F-6367DA5D0186}_is1) (Version: 4.5.11.27 - Duong Dieu Phap)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.42 - Irfan Skiljan)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
KeePass Password Safe 2.35 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.35 - Dominik Reichl)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LAV Filters 0.70.2 (HKLM-x32\...\lavfilters_is1) (Version: 0.70.2 - Hendrik Leppkes)
LibreOffice 5.2.0.4 (HKLM-x32\...\{8FA59B7B-1D26-408F-A798-BD11A65A68B9}) (Version: 5.2.0.4 - The Document Foundation)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-619396438-2450706291-207795060-1001\...\OneDriveSetup.exe) (Version: 18.172.0826.0010 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25017 (HKLM-x32\...\{e9d78d68-c26c-4da7-9158-99355d8ef3ad}) (Version: 14.10.25017.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
MKVCleaver x64 (HKLM\...\{EE4FBCD4-BAB6-405A-8AFF-5FEF41B841B4}) (Version: 7.0.2 - Ilia Bakhmoutski)
MKVToolNix 15.0.0 (64-bit) (HKLM-x32\...\MKVToolNix) (Version: 15.0.0 - Moritz Bunkus)
Mozilla Firefox 62.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 62.0.3 (x64 en-US)) (Version: 62.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.2 - Mozilla)
Mozilla Thunderbird 52.9.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.9.1 (x86 en-US)) (Version: 52.9.1 - Mozilla)
Mp3tag v2.85 (HKLM-x32\...\Mp3tag) (Version: 2.85 - Florian Heidenreich)
MPC-HC 1.7.11 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.11 - MPC-HC Team)
MusicBee 3.1 (HKLM-x32\...\MusicBee) (Version: 3.1 - Steven Mayall)
Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 2.0.0 - Nexon)
Npackd (HKLM\...\{A130D596-676C-4ADA-8CA6-A8A82DC5113A}) (Version: 1.22.2 - Npackd)
paint.net (HKLM\...\{36C264F3-0458-42D9-A091-807B5CEB0FA8}) (Version: 4.1.1 - dotPDN LLC)
Python 3.5.2 (32-bit) (HKU\S-1-5-21-619396438-2450706291-207795060-1001\...\{cf72a2ab-2f1d-49fd-a0d7-1065e6357e1e}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 Core Interpreter (32-bit) (HKLM-x32\...\{EB0611B2-7F10-4D97-BCF2-DCAAB1199498}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (32-bit) (HKLM-x32\...\{5DB2183B-62D3-407F-BBC1-EAD2F36283FA}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Documentation (32-bit) (HKLM-x32\...\{1FBA5182-78DD-4940-9F06-96E5042B7061}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (32-bit) (HKLM-x32\...\{33B10015-A9B1-4210-B50A-26C6443979B0}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 pip Bootstrap (32-bit) (HKLM-x32\...\{9ADF9987-3327-48C6-91B3-B10900366491}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (32-bit) (HKLM-x32\...\{FCBB04F4-D2CF-4F55-BE92-B3898696B318}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (32-bit) (HKLM-x32\...\{C1153533-FDC4-4922-892D-B71810F69566}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (32-bit) (HKLM-x32\...\{9D50A6D7-410A-4469-87B7-35FA84CBD479}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Utility Scripts (32-bit) (HKLM-x32\...\{E6DEBF43-7ACF-4E88-9BBF-9B5945683281}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{963ECCDD-F09F-4C24-9367-8B5D748AA7C8}) (Version: 3.5.2121.0 - Python Software Foundation)
qBittorrent 4.0.4 (HKLM-x32\...\qBittorrent) (Version: 4.0.4 - The qBittorrent project)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.)
Skype Web Plugin (HKLM-x32\...\{EB96DF8B-65A7-4E72-BFB1-38DB36870D16}) (Version: 7.32.6.278 - Skype Technologies S.A.)
SoundSwitch 4.9.6733.39597 (HKLM\...\SoundSwitch_is1) (Version: 4.9.6733.39597 - Antoine Aflalo)
Spybot Anti-Beacon (HKLM-x32\...\{419A7FCF-93E1-474D-BFE9-987CF3F90C88}_is1) (Version: 1.5 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.1 - Krzysztof Kowalczyk)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F94A5095-E4DD-4ED8-AB0B-BFAC62176F8C}) (Version: 2.49.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.0.0 - Elaborate Bytes)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22350 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
YGOPro DevPro Launcher (HKLM-x32\...\{043FE158-FD1B-41AE-8139-5592C944D237}) (Version: 2.0.15 - DevPro, LLC)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-619396438-2450706291-207795060-1001_Classes\CLSID\{41052F6E-3662-4584-BCD3-77BCCAAE8470}\InprocServer32 -> C:\Users\Drew\AppData\Local\SkypePlugin\7.32.6.278\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-619396438-2450706291-207795060-1001_Classes\CLSID\{60813F68-E9F7-4B3C-80B4-A76A66211660}\localserver32 -> C:\Users\Drew\AppData\Local\SkypePlugin\7.32.6.278\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-619396438-2450706291-207795060-1001_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Drew\AppData\Local\SkypePlugin\7.32.6.278\EdgeCalling.exe (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ContextMenuHandlers1: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files\Bulk Rename Utility\BRUhere64.dll [2017-01-28] (Bulk Rename Utility)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-10-25] (Florian Heidenreich)
ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers2: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files\Bulk Rename Utility\BRUhere64.dll [2017-01-28] (Bulk Rename Utility)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-10-25] (Florian Heidenreich)
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers4: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files\Bulk Rename Utility\BRUhere64.dll [2017-01-28] (Bulk Rename Utility)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-10-25] (Florian Heidenreich)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-01-31] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {25F80D4D-B447-4381-9EC3-FDF2DC7D9204} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_122_Plugin.exe [2018-10-10] (Adobe Systems Incorporated)
Task: {273BFDF3-7801-44E3-B760-B128EDB5E4E0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-02] (Google Inc.)
Task: {5A2C4CD9-261F-4760-8640-296AF82ADD9D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-10-10] (Adobe Systems Incorporated)
Task: {5B37FED0-E272-405D-AAB3-0D1A50F2495B} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {7974EC30-D88B-44FD-A70D-594A84F40A46} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe
Task: {7A7EA1C1-8326-45A6-BCD4-C6F8EF9A2E31} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe [2018-01-31] (Advanced Micro Devices, Inc.)
Task: {818DD7E9-90FC-4956-8608-07B806B20AB2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-09-19] (Piriform Ltd)
Task: {826180B1-AC4A-4D8A-B441-95A888B06BC2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-02] (Google Inc.)
Task: {8AA61235-0D32-492D-BC07-607C28F6905D} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-09-19] (Piriform Ltd)
Task: {9229364E-A384-45F0-9639-21C36C50CCE2} - System32\Tasks\AdobeAAMUpdater-1.0-DREW-Drew => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {9ADA0981-0D20-48F6-893A-9B1F5B24D631} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1809.2-0\MpCmdRun.exe [2018-09-25] (Microsoft Corporation)
Task: {AEA3F1AF-28D8-43D2-8487-E404E7B0FBD9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1809.2-0\MpCmdRun.exe [2018-09-25] (Microsoft Corporation)
Task: {B5D28C8A-2CEF-449B-A9FF-EE8716838557} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1809.2-0\MpCmdRun.exe [2018-09-25] (Microsoft Corporation)
Task: {C6040191-C801-4110-AC29-B065E723C1AA} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-10-21] (AVAST Software)
Task: {D459E231-D3D9-4027-8354-8C53A0FB6D5C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1809.2-0\MpCmdRun.exe [2018-09-25] (Microsoft Corporation)
Task: {E1BFC0EE-5BB6-4A85-9B1F-BB96C407C507} - System32\Tasks\Safer-Networking\Spybot Anti-Beacon\Refresh Anti-Beacon immunization => C:\Program Files (x86)\Spybot Anti-Beacon\SDAntiBeacon.exe [2015-10-19] (Safer-Networking Ltd.)
Task: {ECF6A086-C9A1-4E7A-B0CE-824698CE536C} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-09-22] (Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-10-13 16:48 - 2018-09-12 11:35 - 002701064 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-10-13 16:48 - 2018-09-12 17:57 - 002785784 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-04-11 19:34 - 2018-04-11 19:34 - 000491744 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-04-11 19:34 - 2018-04-11 19:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 19:34 - 2018-04-11 19:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2017-09-26 03:52 - 2017-09-26 03:52 - 000491600 _____ () C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
2018-10-10 00:40 - 2018-09-19 23:38 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-07-12 14:22 - 2017-07-12 14:22 - 000015360 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2017-07-12 14:22 - 2017-07-12 14:22 - 002519040 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2018-02-15 19:43 - 2018-02-15 19:43 - 017831424 _____ () C:\Program Files (x86)\qBittorrent\qbittorrent.exe
2018-09-25 21:28 - 2018-09-25 21:28 - 000479232 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2018-09-25 21:28 - 2018-09-25 21:28 - 069128192 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2018-02-26 02:53 - 2018-02-26 02:54 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2018-08-30 17:34 - 2018-08-30 17:34 - 003699200 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2018-09-25 21:28 - 2018-09-25 21:28 - 000010752 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2018-05-03 13:29 - 2018-05-03 13:30 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\ImagePipelineNative.dll
2018-08-30 17:34 - 2018-08-30 17:34 - 000035328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
2018-08-21 17:34 - 2018-08-21 17:34 - 002480640 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\opencv_imgproc320.dll
2018-08-21 17:34 - 2018-08-21 17:34 - 002280960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\opencv_core320.dll
2018-04-05 13:23 - 2018-04-05 13:23 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2018-09-25 21:28 - 2018-09-25 21:28 - 014171648 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-08-30 17:34 - 2018-08-30 17:34 - 003544576 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2018-09-25 21:28 - 2018-09-25 21:28 - 002866176 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-08-30 17:34 - 2018-08-30 17:34 - 000973312 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-07-26 17:54 - 2018-07-26 17:54 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-09-25 21:28 - 2018-09-25 21:28 - 000145920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\SKU.dll
2018-09-25 21:28 - 2018-09-25 21:28 - 000094720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\MediaEngineVideoDataProvider.UWP.dll
2018-09-25 21:28 - 2018-09-25 21:28 - 000048128 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\ImageDecoding.dll
2018-10-05 20:44 - 2018-10-05 20:44 - 000194048 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11809.1001.8.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-07-30 18:17 - 2018-07-30 18:17 - 002447072 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11809.1001.8.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-10-05 20:44 - 2018-10-05 20:44 - 001689088 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11809.1001.8.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.dll
2018-10-16 18:09 - 2018-10-16 18:09 - 004183040 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1809.2731.0_x64__8wekyb3d8bbwe\Calculator.exe
2018-09-25 21:28 - 2018-09-25 21:28 - 004472952 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1809.2731.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
 
Welcome aboard
p22002758.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

============================================

It looks like the last part of the second log is still missing.
 
2018-08-21 17:34 - 2018-08-21 17:34 - 002280960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\opencv_core320.dll
2018-04-05 13:23 - 2018-04-05 13:23 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2018-09-25 21:28 - 2018-09-25 21:28 - 014171648 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-08-30 17:34 - 2018-08-30 17:34 - 003544576 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2018-09-25 21:28 - 2018-09-25 21:28 - 002866176 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-08-30 17:34 - 2018-08-30 17:34 - 000973312 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-07-26 17:54 - 2018-07-26 17:54 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-09-25 21:28 - 2018-09-25 21:28 - 000145920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\SKU.dll
2018-09-25 21:28 - 2018-09-25 21:28 - 000094720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\MediaEngineVideoDataProvider.UWP.dll
2018-09-25 21:28 - 2018-09-25 21:28 - 000048128 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\ImageDecoding.dll
2018-10-05 20:44 - 2018-10-05 20:44 - 000194048 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11809.1001.8.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-07-30 18:17 - 2018-07-30 18:17 - 002447072 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11809.1001.8.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-10-05 20:44 - 2018-10-05 20:44 - 001689088 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11809.1001.8.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.dll
2018-10-16 18:09 - 2018-10-16 18:09 - 004183040 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1809.2731.0_x64__8wekyb3d8bbwe\Calculator.exe
2018-09-25 21:28 - 2018-09-25 21:28 - 004472952 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1809.2731.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\py.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\pyw.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpreference.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DelayAPO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DevManagerCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LogiDPP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LogiDPPApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lvco1380853.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lvcod64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LVUI64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LVUIRC64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SET1CBA.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SET4192.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SET41B3.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SET8A3.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SETA106.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SETABC9.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SETC55B.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SETC60B.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SETC7CB.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SETC86C.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SETD3A1.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SETD58A.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SETD85B.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SETD909.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SETE3CC.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SETEF5C.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SETF00C.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SETFB67.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SETFB88.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SETFC38.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WmJoyFrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevManagerCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LogiDPP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LogiDPPApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\lvcodec2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LVUI2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LVUI2RC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SET60B.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SETAF2A.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SETB24B.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SETB50C.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SETC717.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SETD0D8.tmp:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SETD195.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SETD234.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SETDE30.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SETEBB6.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SETF119.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SETFD54.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SETFFEE.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WmJoyF32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\amdacpksd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\amdkmafd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\htcnprot.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\lvrs64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\lvuvc64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ScpVBus.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\SET588.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\SET599.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\SET9F8B.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\SETC529.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\SETC594.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\SETC6.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\SETD73E.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\SETEF2A.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\SETFB45.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\SETFEAF.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WmBEnum.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WmFilter.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WmXlCore.sys:$CmdTcID [64]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 03:24 - 2018-10-22 07:53 - 000004750 _____ C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.0 choice.microsoft.com
0.0.0.0 choice.microsoft.com.nstac.net
0.0.0.0 df.telemetry.microsoft.com
0.0.0.0 oca.telemetry.microsoft.com
0.0.0.0 oca.telemetry.microsoft.com.nsatc.net
0.0.0.0 redir.metaservices.microsoft.com
0.0.0.0 reports.wes.df.telemetry.microsoft.com
0.0.0.0 services.wes.df.telemetry.microsoft.com
0.0.0.0 settings-sandbox.data.microsoft.com
0.0.0.0 settings-win.data.microsoft.com
0.0.0.0 sqm.df.telemetry.microsoft.com
0.0.0.0 sqm.telemetry.microsoft.com
0.0.0.0 sqm.telemetry.microsoft.com.nsatc.net
0.0.0.0 telecommand.telemetry.microsoft.com
0.0.0.0 telecommand.telemetry.microsoft.com.nsatc.net
0.0.0.0 telemetry.appex.bing.net
0.0.0.0 telemetry.microsoft.com
0.0.0.0 telemetry.urs.microsoft.com
0.0.0.0 vortex-sandbox.data.microsoft.com
0.0.0.0 vortex-win.data.microsoft.com
0.0.0.0 vortex.data.microsoft.com
0.0.0.0 watson.telemetry.microsoft.com
0.0.0.0 watson.telemetry.microsoft.com.nsatc.net
0.0.0.0 watson.ppe.telemetry.microsoft.com
0.0.0.0 wes.df.telemetry.microsoft.com
0.0.0.0 vortex-bn2.metron.live.com.nsatc.net
0.0.0.0 vortex-cy2.metron.live.com.nsatc.net
0.0.0.0 watson.live.com
0.0.0.0 watson.microsoft.com
0.0.0.0 feedback.search.microsoft.com

There are 78 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-619396438-2450706291-207795060-1001\Control Panel\Desktop\\Wallpaper -> P:\Pictures\Wallpapers\test 4.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "StartCN"
HKLM\...\StartupApproved\Run: => "COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "Start WingMan Profiler"
HKLM\...\StartupApproved\Run: => "XboxStat"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "IseUI"
HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive"
HKU\S-1-5-21-619396438-2450706291-207795060-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-619396438-2450706291-207795060-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-619396438-2450706291-207795060-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-619396438-2450706291-207795060-1001\...\StartupApproved\Run: => "WiinUSoft"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{EFF2AE61-67E1-4578-A949-B7DD2E18726A}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{65A2979C-416B-4DC9-AC66-5B8D6E9296A4}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{5D0FDB27-2F85-4967-AA4C-6BDA72CEE6BB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{FED24DE9-41D1-4256-BDCC-19C1E037A605}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{6DE857FF-6804-4105-A2AA-1B6594DDD778}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Maniac Mansion\ScummVM\scummvm.exe
FirewallRules: [{7F5149FB-1A79-47F4-AA84-46648C86A2FC}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Maniac Mansion\ScummVM\scummvm.exe
FirewallRules: [{40316834-FE4C-40A2-940C-24DC2AD75254}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F1ADC47A-CD34-48BD-89FC-0196A2E17286}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E352BD23-8636-4572-8EE2-9537F2A88C55}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{0620254D-0429-4D27-8E6F-98965EBB7A7A}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{34404FEB-D884-4F29-B0A5-D92BCBFFD245}C:\users\drew\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\drew\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [UDP Query User{5E513217-4074-4304-8FF0-0C4EAE2D98D4}C:\users\drew\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\drew\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [{F7069DA2-43C7-450A-96B6-3ABB5C87D2AD}] => (Block) C:\users\drew\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [{AC4C6954-FAB6-4457-BBAC-BDC703B48903}] => (Block) C:\users\drew\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [{8EE5717C-1B0C-4B2C-AD4D-66E2DDB494AD}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe
FirewallRules: [{D2125358-855C-4907-8015-3BCD54552F91}] => (Allow) LPort=5357
FirewallRules: [{805754EB-7449-4C80-8FBB-4930B9426E23}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{CC9EF392-8F7D-4F86-A114-8ABFA3F8F468}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Braid\braid.exe
FirewallRules: [{AF59F457-086E-4DF6-B912-2B8A4110341F}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Braid\braid.exe
FirewallRules: [{55F48E0F-F68B-45DA-8DCC-8207E5BAA538}] => (Allow) P:\Games\SteamLibrary\steamapps\common\The Witness\witness_d3d11.exe
FirewallRules: [{C5F6E9FB-0725-4058-8032-2BFE0587CFA8}] => (Allow) P:\Games\SteamLibrary\steamapps\common\The Witness\witness_d3d11.exe
FirewallRules: [{232084D6-B892-4DF0-874B-BE2A6CA444BE}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{9415C73D-F28F-405D-A615-76EDACACCACB}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{EC6EFEB5-EB58-44F0-86E1-72308DD5B957}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Cuphead\Cuphead.exe
FirewallRules: [{261E22B4-71CC-4180-AD56-74BE1A32CD6B}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Cuphead\Cuphead.exe
FirewallRules: [{C653F0CD-B5D6-431D-8C9A-42F3A2FA75CF}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe
FirewallRules: [{71D3C72A-C5D6-4B80-A9D6-20F105C85127}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe
FirewallRules: [{2CE3D13E-815A-4D12-9ECD-8EFDE624A762}] => (Allow) P:\Games\SteamLibrary\steamapps\common\NieRAutomata\NieRAutomata.exe
FirewallRules: [{8E35372F-2BD9-4DFB-8BCA-E31EFA460833}] => (Allow) P:\Games\SteamLibrary\steamapps\common\NieRAutomata\NieRAutomata.exe
FirewallRules: [{486070CC-AF11-4F6B-9CC2-9D829FD22933}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Sonic Mania\SonicMania.exe
FirewallRules: [{FF814388-0F3A-424E-A14F-B67B6B51E7D5}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Sonic Mania\SonicMania.exe
FirewallRules: [{AE473788-4E2A-4B47-B3A4-E2458DDDE0D2}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Little Nightmares\Atlas\Binaries\Win64\LittleNightmares.exe
FirewallRules: [{B1642CE5-B46D-44FB-8E2F-57A79C799018}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Little Nightmares\Atlas\Binaries\Win64\LittleNightmares.exe
FirewallRules: [{F13BDD89-1FDA-4B2F-A343-24C457307976}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Ultimate Doom\base\dosbox.exe
FirewallRules: [{95B6FCD5-1874-44CB-BB3E-B305E7DB6B07}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Ultimate Doom\base\dosbox.exe
FirewallRules: [{D863ECA4-76AA-42D6-976B-B2BEC1581548}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Final Doom\base\dosbox.exe
FirewallRules: [{FB61CBCF-5B92-4AB4-97F4-4C7CEE362291}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Final Doom\base\dosbox.exe
FirewallRules: [{9E5434EE-F59B-4C33-ABFD-AAE19430C07D}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Master Levels of Doom\dosbox.exe
FirewallRules: [{C1CA8531-7065-4A23-BE02-E2A060BE98E2}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Master Levels of Doom\dosbox.exe
FirewallRules: [{B9FDA0C9-6E49-4F24-95D3-016B97C9111D}] => (Allow) P:\Games\SteamLibrary\steamapps\common\DOOM\DOOMx64.exe
FirewallRules: [{ED201F08-B210-4FC8-AEF7-AB1956F97149}] => (Allow) P:\Games\SteamLibrary\steamapps\common\DOOM\DOOMx64.exe
FirewallRules: [{46EC4E34-FBDD-4C7C-A375-B977EAE9BD98}] => (Allow) P:\Games\SteamLibrary\steamapps\common\NEKOPARA Vol. 3\NEKOPARAvol3.exe
FirewallRules: [{6A5F8E78-1999-488D-9055-FA9A79C54B9E}] => (Allow) P:\Games\SteamLibrary\steamapps\common\NEKOPARA Vol. 3\NEKOPARAvol3.exe
FirewallRules: [{6F6FCBF3-328C-4E15-A5FB-341CF332B8CB}] => (Allow) P:\Games\SteamLibrary\steamapps\common\NEKOPARA Vol. 0\nekopara_vol0.exe
FirewallRules: [{74C5A92E-6E57-4118-A792-B7AD99D8858E}] => (Allow) P:\Games\SteamLibrary\steamapps\common\NEKOPARA Vol. 0\nekopara_vol0.exe
FirewallRules: [{A08C568F-9430-48CB-85A0-C6F98315FB99}] => (Allow) P:\Games\SteamLibrary\steamapps\common\NEKOPARA Vol. 1\nekopara_vol1.exe
FirewallRules: [{279AD974-C5D2-4CB9-9DC1-22ACDAB74601}] => (Allow) P:\Games\SteamLibrary\steamapps\common\NEKOPARA Vol. 1\nekopara_vol1.exe
FirewallRules: [{AF5C7F66-7339-479B-AB5A-D9426EAA08BB}] => (Allow) P:\Games\SteamLibrary\steamapps\common\NEKOPARA Vol. 2\nekopara_vol2.exe
FirewallRules: [{C8380E89-A8DB-4042-AAD5-364E000C0845}] => (Allow) P:\Games\SteamLibrary\steamapps\common\NEKOPARA Vol. 2\nekopara_vol2.exe
FirewallRules: [{BCE81B4D-6DC9-4520-BE51-B8FC555C24E5}] => (Allow) P:\Games\SteamLibrary\steamapps\common\vvvvvv\VVVVVV.exe
FirewallRules: [{EFA88763-6F86-4335-B49E-0C99B6082E6E}] => (Allow) P:\Games\SteamLibrary\steamapps\common\vvvvvv\VVVVVV.exe
FirewallRules: [{41A70446-41BF-44E3-B21E-E3A07010BDAA}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{5B98E461-4B7F-4632-98C2-70C40ECBEF0D}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{6C6D9FE8-A288-427E-A895-18A7BF7A9972}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{EA1F89ED-CEBF-4299-B919-3ED71BDED188}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{221B9ADB-2ABD-4E29-9BD2-1413F0C5673C}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Stacking\Stack.exe
FirewallRules: [{5D964FF0-E029-4825-B03C-508CDBB95723}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Stacking\Stack.exe
FirewallRules: [{2315B3E4-A4DA-4353-AAEC-1361808888BD}] => (Allow) P:\Games\SteamLibrary\steamapps\common\SpacebaseDF9\Space.exe
FirewallRules: [{EFCDAF22-80EE-4961-A0C8-0612CDEDB911}] => (Allow) P:\Games\SteamLibrary\steamapps\common\SpacebaseDF9\Space.exe
FirewallRules: [{007397EB-730E-4D23-A4DE-4C064DA13550}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Psychonauts\Psychonauts.exe
FirewallRules: [{34C60104-674F-4C8B-AB76-67255C01A63B}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Psychonauts\Psychonauts.exe
FirewallRules: [{96C69306-67B3-4E70-BEE4-9B49FDD3DF03}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Octodad Dadliest Catch\OctodadDadliestCatch.exe
FirewallRules: [{4217261F-436D-4E46-89D1-09E8DC7FF893}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Octodad Dadliest Catch\OctodadDadliestCatch.exe
FirewallRules: [{7E7105A0-78F8-46EE-A600-4B4B2BBB1F56}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Massive Chalice\MC.exe
FirewallRules: [{1B86C50B-6EF1-4F01-8325-0E08D33FEBAD}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Massive Chalice\MC.exe
FirewallRules: [{72756E17-F475-4D0C-BB43-469753F29B7B}] => (Allow) P:\Games\SteamLibrary\steamapps\common\ironbrigade\IronBrigade.exe
FirewallRules: [{F731D348-F5D3-435D-AEB0-303FDDA56830}] => (Allow) P:\Games\SteamLibrary\steamapps\common\ironbrigade\IronBrigade.exe
FirewallRules: [{35D481D9-AFDD-4622-9657-EBBDD162F0D9}] => (Allow) P:\Games\SteamLibrary\steamapps\common\HacknSlash\Hack.exe
FirewallRules: [{6850BD8C-619A-4BC0-8194-033099EC7A3A}] => (Allow) P:\Games\SteamLibrary\steamapps\common\HacknSlash\Hack.exe
FirewallRules: [{37FEC300-A294-49BF-AD2A-811069348135}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Grim Fandango Remastered\GrimFandango.exe
FirewallRules: [{FC3677DA-AC7B-4A6C-93AB-22D2ABF8321F}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Grim Fandango Remastered\GrimFandango.exe
FirewallRules: [{4DA587CF-B6F0-444B-AC42-56D561C6B888}] => (Allow) P:\Games\SteamLibrary\steamapps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{8D4000DA-D41D-4695-A463-03B22A5CF895}] => (Allow) P:\Games\SteamLibrary\steamapps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{3632C54D-9340-42C9-BFBB-3D282809D052}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Full Throttle Remastered\Throttle.exe
FirewallRules: [{7BE03010-4A76-4C6F-BFA5-CD4272077A06}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Full Throttle Remastered\Throttle.exe
FirewallRules: [{962260BC-748B-455A-BFF5-679D3617C8D1}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Five Nights at Freddy's\FiveNightsatFreddys.exe
FirewallRules: [{7ABB87CF-3FA9-44D2-A6C8-55F4C33360C5}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Five Nights at Freddy's\FiveNightsatFreddys.exe
FirewallRules: [{A84F6EB8-230F-46F4-AE33-03ACA0F1C209}] => (Allow) P:\Games\SteamLibrary\steamapps\common\DLC Quest\DLC.exe
FirewallRules: [{3E223811-D944-450C-AF43-F8F1621CD4C6}] => (Allow) P:\Games\SteamLibrary\steamapps\common\DLC Quest\DLC.exe
FirewallRules: [{AABECDD7-103B-40BA-BA08-C99F4FE16C88}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Day of the Tentacle Remastered\Dott.exe
FirewallRules: [{8972045F-B560-4C1B-95EF-908E056F3E54}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Day of the Tentacle Remastered\Dott.exe
FirewallRules: [{78650000-534B-423F-914B-0EE29DA510CE}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Costume Quest\Cq.exe
FirewallRules: [{A2B10B68-DF79-4770-B8F9-86EAEA50C4FD}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Costume Quest\Cq.exe
FirewallRules: [{830B35F3-4934-43BD-9416-08F076F955B7}] => (Allow) P:\Games\SteamLibrary\steamapps\common\BrutalLegend\BrutalLegend.exe
FirewallRules: [{01AC71A7-A467-4D06-AA61-7C920D46778D}] => (Allow) P:\Games\SteamLibrary\steamapps\common\BrutalLegend\BrutalLegend.exe
FirewallRules: [{8288FE0A-3C1A-4107-AC2E-652D4D36FC37}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Broken Age\BrokenAge.exe
FirewallRules: [{8F0D407A-1027-494B-883D-9918D86BF31B}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Broken Age\BrokenAge.exe
FirewallRules: [TCP Query User{31820DDF-211A-4E85-8790-2590C80CCC67}C:\users\drew\appdata\local\jdownloader v2.0\jdownloader2.exe] => (Allow) C:\users\drew\appdata\local\jdownloader v2.0\jdownloader2.exe
FirewallRules: [UDP Query User{068EC1E6-474C-48F7-B030-E495E9ECC684}C:\users\drew\appdata\local\jdownloader v2.0\jdownloader2.exe] => (Allow) C:\users\drew\appdata\local\jdownloader v2.0\jdownloader2.exe
FirewallRules: [{62F4E565-0DB6-4E32-B00C-997583EECA42}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Gone Home\GoneHome.exe
FirewallRules: [{C26E55D2-4501-46EA-84CC-07635AF1D209}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Gone Home\GoneHome.exe
FirewallRules: [{9C75992F-F5FF-49B3-8C54-5EBDF5E7C7D1}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Ori DE\oriDE.exe
FirewallRules: [{8D6F6D66-3490-4E20-8286-F019F800532F}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Ori DE\oriDE.exe
FirewallRules: [{B154FE44-B2C2-479D-8167-A9724B5E1330}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Ori\ori.exe
FirewallRules: [{1E089C34-8761-469B-AED6-EB315E2E9F21}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Ori\ori.exe
FirewallRules: [{8F0C69F6-CB90-4D92-A1E9-DD83A7A65B5C}] => (Allow) P:\Games\SteamLibrary\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{428D498D-359E-4A13-B680-8DFCE16A39EC}] => (Allow) P:\Games\SteamLibrary\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{D4B81699-9F39-4269-AADA-4E277E8E54B5}] => (Allow) P:\Games\SteamLibrary\steamapps\common\EdithFinch\FinchGame\Binaries\Win64\FinchGame.exe
FirewallRules: [{D597C208-3AD4-46DB-8FE1-9A4C72700161}] => (Allow) P:\Games\SteamLibrary\steamapps\common\EdithFinch\FinchGame\Binaries\Win64\FinchGame.exe
FirewallRules: [{C9CFA061-ED86-4D96-957E-DD55E16D6E34}] => (Allow) P:\Games\SteamLibrary\steamapps\common\DDDA\DDDA.exe
FirewallRules: [{771E25A4-F3CC-4B04-AB6C-64EB08392E55}] => (Allow) P:\Games\SteamLibrary\steamapps\common\DDDA\DDDA.exe
FirewallRules: [{5B0FED64-FD52-4FAB-B416-23C8AC81648A}] => (Allow) P:\Games\SteamLibrary\steamapps\common\LISA\mkxp\lisa.exe
FirewallRules: [{22C42AE4-10A2-4ED0-A898-2D5272A99ABF}] => (Allow) P:\Games\SteamLibrary\steamapps\common\LISA\mkxp\lisa.exe
FirewallRules: [{2029A111-3F33-4E69-B9CC-25DB13193F1F}] => (Allow) P:\Games\SteamLibrary\steamapps\common\LISA\Game.exe
FirewallRules: [{751CD463-B961-414C-90F0-4EF409C5CD6C}] => (Allow) P:\Games\SteamLibrary\steamapps\common\LISA\Game.exe
FirewallRules: [{ED53C954-5CD3-4211-8602-5B373747B68F}] => (Allow) P:\Games\SteamLibrary\steamapps\common\LISA\mkxp\lisa.exe
FirewallRules: [{C7CCBCDF-BF2B-445A-8D76-1E16A8B31105}] => (Allow) P:\Games\SteamLibrary\steamapps\common\LISA\mkxp\lisa.exe
FirewallRules: [{B5DAD1C3-8D7B-45B3-9EA8-F595CF37989E}] => (Allow) P:\Games\SteamLibrary\steamapps\common\LISA\JOYFUL\Game.exe
FirewallRules: [{FE7921A1-79E0-4017-9B48-6E3DF2CA336E}] => (Allow) P:\Games\SteamLibrary\steamapps\common\LISA\JOYFUL\Game.exe
FirewallRules: [{E7089F1B-6C8A-415F-A942-7D39B62439D4}] => (Allow) P:\Games\SteamLibrary\steamapps\common\RESIDENT EVIL 7 biohazard\re7.exe
FirewallRules: [{BF53FF50-3AD9-46D6-B0DF-DF76531A8CA6}] => (Allow) P:\Games\SteamLibrary\steamapps\common\RESIDENT EVIL 7 biohazard\re7.exe
FirewallRules: [{C6C8C192-2B48-4F25-823D-145107CFB614}] => (Allow) P:\Games\SteamLibrary\steamapps\common\SOMA\Soma.exe
FirewallRules: [{BA5276B1-D52B-4230-9E58-1D062814A49C}] => (Allow) P:\Games\SteamLibrary\steamapps\common\SOMA\Soma.exe
FirewallRules: [{56B6BBBE-675A-43B5-BD6F-0D15294B6D6A}] => (Allow) P:\Games\SteamLibrary\steamapps\common\SOMA\ModLauncher.exe
FirewallRules: [{708C5BAF-18E8-48F6-BB05-926ACD12BAF7}] => (Allow) P:\Games\SteamLibrary\steamapps\common\SOMA\ModLauncher.exe
FirewallRules: [{F87FD22F-DC5C-4570-8D08-9133973F56C6}] => (Allow) P:\Games\SteamLibrary\steamapps\common\VA-11 HALL-A\VA-11 Hall A.exe
FirewallRules: [{3978629E-8FDD-4189-820E-B533F92F9CC7}] => (Allow) P:\Games\SteamLibrary\steamapps\common\VA-11 HALL-A\VA-11 Hall A.exe
FirewallRules: [{545FA10A-42F6-4F5D-A531-C6296515FABF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{4F7388BA-895A-49CE-BFF3-F883864ACCAB}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Special Edition\DevilMayCry4SpecialEdition.exe
FirewallRules: [{77027D18-5604-49F3-AB43-9D599C13DE8D}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Special Edition\DevilMayCry4SpecialEdition.exe
FirewallRules: [{5DE3311C-744F-4E96-9168-0D6F37978B18}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Devil May Cry HD Collection\dmcLauncher.exe
FirewallRules: [{F0BE4B21-3348-45E6-ADA4-DFADFC9A346B}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Devil May Cry HD Collection\dmcLauncher.exe
FirewallRules: [{D81AD678-3759-4D8A-81D2-F03DBBAA1F43}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [{78811B3F-E71E-4D60-B5D5-45D98D92F1E8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [{99EBD55C-7493-485B-BAAC-5C3CA99C2C68}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{D1A71545-EEE5-44D9-9AE5-B8724B4F4AD9}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{52A9F1F7-D528-4BE6-A0BD-1E45145DE2B2}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{F3FC2F42-0781-417D-A9FC-5656AF8632A8}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe

==================== Restore Points =========================

14-10-2018 16:40:12 Windows Modules Installer
15-10-2018 18:28:31 Windows Modules Installer
16-10-2018 20:29:03 Windows Modules Installer
17-10-2018 22:27:27 Windows Modules Installer
19-10-2018 00:29:35 Windows Modules Installer
20-10-2018 02:29:36 Windows Modules Installer
21-10-2018 04:16:41 Windows Modules Installer

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/22/2018 07:48:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ATKEX_cmd.exe, version: 0.0.0.0, time stamp: 0x00000000
Faulting module name: KERNELBASE.dll, version: 10.0.17134.319, time stamp: 0x5ea0e53d
Exception code: 0x0eedfade
Fault offset: 0x001117d2
Faulting process id: 0x25a8
Faulting application start time: 0x01d469fd2d99ad02
Faulting application path: C:\Program Files\Realtek\Audio\HDA\ATKEX_cmd.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: d2d9d837-6aa0-41d7-9023-ec764a7dbed9
Faulting package full name:
Faulting package-relative application ID:

Error: (10/22/2018 07:48:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ATKEX_cmd.exe, version: 0.0.0.0, time stamp: 0x00000000
Faulting module name: KERNELBASE.dll, version: 10.0.17134.319, time stamp: 0x5ea0e53d
Exception code: 0x0eedfade
Fault offset: 0x001117d2
Faulting process id: 0x25a8
Faulting application start time: 0x01d469fd2d99ad02
Faulting application path: C:\Program Files\Realtek\Audio\HDA\ATKEX_cmd.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 6bd098fa-7aa5-4c63-8277-660ef549bdc9
Faulting package full name:
Faulting package-relative application ID:

Error: (10/22/2018 07:48:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ATKEX_cmd.exe, version: 0.0.0.0, time stamp: 0x00000000
Faulting module name: KERNELBASE.dll, version: 10.0.17134.319, time stamp: 0x5ea0e53d
Exception code: 0x0eedfade
Fault offset: 0x001117d2
Faulting process id: 0x2418
Faulting application start time: 0x01d469fd2cb84355
Faulting application path: C:\Program Files\Realtek\Audio\HDA\ATKEX_cmd.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 7ebc6a5e-ac37-4828-9661-33b6166c726f
Faulting package full name:
Faulting package-relative application ID:

Error: (10/22/2018 07:48:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ATKEX_cmd.exe, version: 0.0.0.0, time stamp: 0x00000000
Faulting module name: KERNELBASE.dll, version: 10.0.17134.319, time stamp: 0x5ea0e53d
Exception code: 0x0eedfade
Fault offset: 0x001117d2
Faulting process id: 0x2418
Faulting application start time: 0x01d469fd2cb84355
Faulting application path: C:\Program Files\Realtek\Audio\HDA\ATKEX_cmd.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 555db94d-efac-4f86-968e-1e3e5dbec274
Faulting package full name:
Faulting package-relative application ID:

Error: (10/22/2018 07:48:24 AM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: Event-ID 0

Error: (10/22/2018 07:43:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ATKEX_cmd.exe, version: 0.0.0.0, time stamp: 0x00000000
Faulting module name: KERNELBASE.dll, version: 10.0.17134.319, time stamp: 0x5ea0e53d
Exception code: 0x0eedfade
Fault offset: 0x001117d2
Faulting process id: 0x26b0
Faulting application start time: 0x01d469fc747900be
Faulting application path: C:\Program Files\Realtek\Audio\HDA\ATKEX_cmd.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 33f5719d-006f-4f88-be78-d2e19be3585f
Faulting package full name:
Faulting package-relative application ID:

Error: (10/22/2018 07:43:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ATKEX_cmd.exe, version: 0.0.0.0, time stamp: 0x00000000
Faulting module name: KERNELBASE.dll, version: 10.0.17134.319, time stamp: 0x5ea0e53d
Exception code: 0x0eedfade
Fault offset: 0x001117d2
Faulting process id: 0x26b0
Faulting application start time: 0x01d469fc747900be
Faulting application path: C:\Program Files\Realtek\Audio\HDA\ATKEX_cmd.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 2150cddd-eae6-4251-9ab9-e16b2860052a
Faulting package full name:
Faulting package-relative application ID:

Error: (10/22/2018 07:43:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ATKEX_cmd.exe, version: 0.0.0.0, time stamp: 0x00000000
Faulting module name: KERNELBASE.dll, version: 10.0.17134.319, time stamp: 0x5ea0e53d
Exception code: 0x0eedfade
Fault offset: 0x001117d2
Faulting process id: 0x3ac
Faulting application start time: 0x01d469fc7388c3ed
Faulting application path: C:\Program Files\Realtek\Audio\HDA\ATKEX_cmd.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: ce9821fa-0685-4093-9ef6-e5d1347a68d2
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (10/22/2018 07:48:46 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscDataProtection
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/22/2018 07:48:46 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/22/2018 07:48:26 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/22/2018 07:48:26 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/22/2018 07:47:54 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Update Orchestrator Service service terminated with the following error:
This operation returned because the timeout period expired.

Error: (10/22/2018 07:43:34 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscDataProtection
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/22/2018 07:43:34 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/22/2018 07:43:14 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2018-10-21 21:55:09.453
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {D4FC09C8-C8CA-4DA0-943D-150F5905E88A}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-10-21 21:42:44.160
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {9F5439CD-37D1-49F1-B06D-30B0F585D2CF}
Scan Type: Antimalware
Scan Parameters: Full Scan

Date: 2018-10-21 02:17:20.412
Description:
Windows Defender Antivirus has detected a suspicious behavior.
Name: Informational:Behavior/ModifiedKernel
ID: 435840862
Severity: Low
Category: Suspicious Behavior
Path Found: process:_0
Detection Origin: Unknown
Detection Type: Suspicious
Detection Source: Real-Time Protection
Status: Executing
Process Name: Unknown
Signature ID: 717259538435
Signature Version: AV: 1.279.182.0, AS: 1.279.182.0
Engine Version: 1.1.15400.4
Fidelity Label: Medium
Target File Name: c:\windows\\system32\drivers\ndis.sys

Date: 2018-10-13 20:10:32.845
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {E4E33B83-D18C-459B-AF06-A2DF24EE7374}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-10-13 16:00:40.620
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {40BA2F3F-C07A-4B32-AF0C-80902B0201C0}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-10-21 21:55:59.566
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80508023
Error description: The program could not find the malware and other potentially unwanted software on this device.
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-6600 CPU @ 3.30GHz
Percentage of memory in use: 36%
Total physical RAM: 16298.85 MB
Available physical RAM: 10385.44 MB
Total Virtual: 29625.9 MB
Available Virtual: 3596.22 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:231.93 GB) (Free:138.7 GB) NTFS
Drive p: (Pictures) (Fixed) (Total:931.51 GB) (Free:212.93 GB) NTFS
Drive s: (Storage) (Fixed) (Total:1862.89 GB) (Free:18.15 GB) NTFS

\\?\Volume{73dc8a39-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.46 GB) NTFS
\\?\Volume{73dc8a39-0000-0000-0000-c01a3a000000}\ () (Fixed) (Total:0.47 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 73DC8A39)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=231.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=477 MB) - (Type=27)

========================================================
Disk: 1 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: A8118AC1)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 
RogueKiller V12.13.6.0 (x64) [Oct 22 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.17134) 64 bits version
Started in : Normal mode
User : Drew [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 10/22/2018 21:40:09 (Duration : 00:19:46)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{31820DDF-211A-4E85-8790-2590C80CCC67}C:\users\drew\appdata\local\jdownloader v2.0\jdownloader2.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\drew\appdata\local\jdownloader v2.0\jdownloader2.exe|Name=JDownloader 2 Launcher|Desc=JDownloader 2 Launcher|Defer=User| [7] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{068EC1E6-474C-48F7-B030-E495E9ECC684}C:\users\drew\appdata\local\jdownloader v2.0\jdownloader2.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\drew\appdata\local\jdownloader v2.0\jdownloader2.exe|Name=JDownloader 2 Launcher|Desc=JDownloader 2 Launcher|Defer=User| [7] -> Deleted
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-619396438-2450706291-207795060-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-619396438-2450706291-207795060-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Replaced (1)

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Samsung SSD 850 EVO 250GB +++++
--- User ---
[MBR] 3fa79d25532a103e84098d5d9147255b
[BSP] e373a50e6d0d2107760b6188f9ffbfac : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 500 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1026048 | Size: 237494 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 487415808 | Size: 477 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD2003FZEX-00SRLA0 +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - Microsoft reserved partition | Offset (sectors): 34 | Size: 128 MB
1 - Basic data partition | Offset (sectors): 264192 | Size: 1907600 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: TOSHIBA MK1059GSM +++++
--- User ---
[MBR] 7d2824efe20e60fb1fe32c70b7e85623
[BSP] e43ffe2685900ba161fce3ccc6069de8 : Empty|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive3: Generic- USB3.0 CRW -SD USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic- USB3.0 CRW -SD USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 10/22/18
Scan Time: 10:04 PM
Log File: 09016508-d668-11e8-948c-d017c28768e4.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.463
Update Package Version: 1.0.7477
License: Trial

-System Information-
OS: Windows 10 (Build 17134.345)
CPU: x64
File System: NTFS
User: DREW\Drew

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 321972
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 0 min, 43 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build: 09-25-2018
# Database: 2018-10-22.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 10-22-2018
# Duration: 00:00:07
# OS: Windows 10 Home
# Scanned: 31969
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.


AdwCleaner[S00].txt - [1265 octets] - [22/10/2018 07:41:56]
AdwCleaner[C00].txt - [1411 octets] - [22/10/2018 07:42:25]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########
 
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.10.2018
Ran by Drew (administrator) on DREW (23-10-2018 17:45:08)
Running from C:\Users\Drew\Desktop
Loaded Profiles: Drew (Available Profiles: Drew)
Platform: Windows 10 Home Version 1803 17134.345 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\DriverStore\FileRepository\c0323831.inf_amd64_1212be4b9fe2386c\atiesrxx.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(SoundSwitch) C:\Program Files\SoundSwitch\SoundSwitch.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaConverter.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaRenderer.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11809.1001.8.0_x64__8wekyb3d8bbwe\WinStore.App.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1809.2731.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\MsMpEng.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2017-03-29] (Logitech Inc.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2017-04-10] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2670056 2018-09-10] (Adobe Systems, Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9228800 2017-06-29] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2867712 2017-01-09] (Dominik Reichl)
HKLM-x32\...\Run: [Google Japanese Input Prelauncher] => C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaBroker32.exe [1806800 2018-05-22] (Google Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKU\S-1-5-21-619396438-2450706291-207795060-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3208992 2018-10-12] (Valve Corporation)
HKU\S-1-5-21-619396438-2450706291-207795060-1001\...\Run: [SoundSwitch] => C:\Program Files\SoundSwitch\SoundSwitch.exe [1816768 2018-06-08] (SoundSwitch)
HKU\S-1-5-21-619396438-2450706291-207795060-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18594760 2018-09-19] (Piriform Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{02909200-05bf-4fe3-8eb4-a2f653214056}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{b3510a2e-45aa-4320-bdc2-1b4e6659b452}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-619396438-2450706291-207795060-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?ocid=U220DHP&pc=U220
HKU\S-1-5-21-619396438-2450706291-207795060-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ca/?ocid=iehp
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-14] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-14] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: dsgdew9w.default-1522896207997
FF DefaultProfile: 7j0vtojg.default
FF ProfilePath: C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\dsgdew9w.default-1522896207997 [2018-10-23]
FF Homepage: Mozilla\Firefox\Profiles\dsgdew9w.default-1522896207997 -> about:home
FF Extension: (Nimbus Screen Capture: Screenshots, Annotate) - C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\dsgdew9w.default-1522896207997\Extensions\nimbusscreencaptureff@everhelper.me.xpi [2018-10-09]
FF Extension: (S3.Translator) - C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\dsgdew9w.default-1522896207997\Extensions\s3google@translator.xpi [2018-10-10]
FF Extension: (uBlock Origin) - C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\dsgdew9w.default-1522896207997\Extensions\uBlock0@raymondhill.net.xpi [2018-10-18]
FF Extension: (Youtube Checker) - C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\dsgdew9w.default-1522896207997\Extensions\youtube-subscription-checker@xrxr.xpi [2018-09-18]
FF Extension: (NoScript) - C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\dsgdew9w.default-1522896207997\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2018-10-16]
FF Extension: (Greasemonkey) - C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\dsgdew9w.default-1522896207997\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2018-08-28]
FF Extension: (Telemetry coverage) - C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\dsgdew9w.default-1522896207997\features\{56895a34-384c-4d13-8c09-7863ac197743}\telemetry-coverage-bug1487578@mozilla.org.xpi [2018-10-11] [Legacy]
FF ProfilePath: C:\Users\Drew\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\7j0vtojg.default [2018-10-21]
FF Homepage: Moonchild Productions\Pale Moon\Profiles\7j0vtojg.default -> hxxps://boards.4chan.org/toy/
hxxps://twitter.com/
hxxps://www.youtube.com/?hl=en&gl=CA
FF Extension: (Dark Moon) - C:\Users\Drew\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\7j0vtojg.default\Extensions\darkmoon@lootyhoof-pm.xpi [2018-02-12] [Legacy] [not signed]
FF Extension: (Greasemonkey for Pale Moon) - C:\Users\Drew\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\7j0vtojg.default\Extensions\greasemonkeyforpm@janekptacijarabaci.xpi [2018-03-05] [Legacy] [not signed]
FF Extension: (uBlock Origin) - C:\Users\Drew\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\7j0vtojg.default\Extensions\uBlock0@raymondhill.net.xpi [2018-02-12] [Legacy] [not signed]
FF Extension: (DarkPitch) - C:\Users\Drew\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\7j0vtojg.default\Extensions\{4b13c0da-55d5-44ce-b98e-98e62085837f}.xpi [2018-02-12] [Legacy] [not signed]
FF Extension: (Theme Font & Size Changer (no expire)) - C:\Users\Drew\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\7j0vtojg.default\Extensions\{6e5104b6-3c42-11e7-a919-92ebcb67fe33}.xpi [2018-02-12] [Legacy]
FF Extension: (NoScript) - C:\Users\Drew\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\7j0vtojg.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2018-02-12] [Legacy]
FF Extension: (In The Dark) - C:\Users\Drew\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\7j0vtojg.default\Extensions\{86FA6F53-95FE-7A69-D8C3-E1454281F8B6}.xpi [2018-03-26] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_31_0_0_122.dll [2018-10-10] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll [2012-04-11] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_122.dll [2018-10-10] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-14] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll [2012-04-11] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [No File]
FF Plugin HKU\S-1-5-21-619396438-2450706291-207795060-1001: SkypePlugin -> C:\Users\Drew\AppData\Local\SkypePlugin\7.32.6.278\npGatewayNpapi.dll [2017-04-18] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-619396438-2450706291-207795060-1001: SkypePlugin64 -> C:\Users\Drew\AppData\Local\SkypePlugin\7.32.6.278\npGatewayNpapi-x64.dll [2017-04-18] (Skype Technologies S.A.)

Chrome:
=======
CHR Profile: C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default [2018-10-21]
CHR Extension: (Slides) - C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-11]
CHR Extension: (Docs) - C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-11]
CHR Extension: (Google Drive) - C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-02]
CHR Extension: (Skype Calling) - C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2017-05-23]
CHR Extension: (YouTube) - C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-02]
CHR Extension: (Sheets) - C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-11]
CHR Extension: (Google Docs Offline) - C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-30]
CHR Extension: (Manual Geolocation) - C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpiefjlgcjmciajdcinaejedejjfjgki [2018-01-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-17]
CHR Extension: (Gmail) - C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-02]
CHR Extension: (Chrome Media Router) - C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-22]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2910696 2018-09-10] (Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2704872 2018-09-10] (Adobe Systems, Incorporated)
R2 AMD External Events Utility; C:\WINDOWS\System32\DriverStore\FileRepository\c0323831.inf_amd64_1212be4b9fe2386c\atiesrxx.exe [481144 2018-02-06] (AMD)
R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2016-08-26] (Advanced Micro Devices) [File not signed]
R2 GoogleIMEJaCacheService; C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe [994256 2018-05-22] (Google Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
S3 NGS; C:\WINDOWS\NGService.exe [2994248 2018-10-22] (NEXON Korea Corporation)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\NisSrv.exe [3917016 2018-10-23] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MsMpEng.exe [114208 2018-10-23] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 amdacpksd; C:\WINDOWS\system32\drivers\amdacpksd.sys [313760 2016-08-26] (Advanced Micro Devices)
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-11-05] (Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0323831.inf_amd64_1212be4b9fe2386c\atikmdag.sys [41578872 2018-02-06] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0323831.inf_amd64_1212be4b9fe2386c\atikmpag.sys [545656 2018-02-06] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [111112 2017-11-21] (Advanced Micro Devices)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152688 2018-09-11] (Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [200232 2018-10-13] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [118584 2018-10-22] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [58400 2018-10-22] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [260384 2018-10-22] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [110424 2018-10-23] (Malwarebytes)
R3 Microsoft_Bluetooth_AvrcpTransport; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.AvrcpTransport.sys [46592 2018-04-11] (Microsoft Corporation)
S3 NPF; C:\WINDOWS\System32\drivers\NPF.sys [35344 2011-02-11] (CACE Technologies, Inc.)
S3 qcusbser; C:\WINDOWS\system32\DRIVERS\qcusbser.sys [254520 2017-03-15] (QUALCOMM Incorporated)
S3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2017-04-10] (Scarlet.Crush Productions)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46184 2018-10-23] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [328696 2018-10-23] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60408 2018-10-23] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-22 22:06 - 2018-10-22 22:06 - 000001221 _____ C:\Users\Drew\Desktop\mbam.txt
2018-10-22 21:37 - 2018-10-22 21:40 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-10-22 21:37 - 2018-10-22 21:39 - 000000000 ____D C:\ProgramData\RogueKiller
2018-10-22 21:37 - 2018-10-22 21:37 - 000000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2018-10-22 21:37 - 2018-10-22 21:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-10-22 21:37 - 2018-10-22 21:37 - 000000000 ____D C:\Program Files\RogueKiller
2018-10-22 21:36 - 2018-10-22 21:36 - 037029072 _____ (Adlice Software ) C:\Users\Drew\Downloads\RogueKiller_setup_ref3.exe
2018-10-22 20:55 - 2018-10-22 20:55 - 002994248 _____ (NEXON Korea Corporation) C:\WINDOWS\NGService.exe
2018-10-22 20:55 - 2018-10-22 20:55 - 000000016 _____ C:\ProgramData\mntemp
2018-10-22 20:55 - 2018-10-22 20:55 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2018-10-22 20:54 - 2018-10-22 20:54 - 000000000 ____D C:\Users\Drew\AppData\Roaming\NexonLauncherSwapApp
2018-10-22 18:43 - 2018-10-22 18:43 - 000086998 _____ C:\Users\Drew\Desktop\Addition.txt
2018-10-22 18:42 - 2018-10-23 17:45 - 000017912 _____ C:\Users\Drew\Desktop\FRST.txt
2018-10-22 18:41 - 2018-10-23 17:45 - 000000000 ____D C:\FRST
2018-10-22 18:41 - 2018-10-22 18:41 - 002414592 _____ (Farbar) C:\Users\Drew\Desktop\FRST64.exe
2018-10-22 18:41 - 2018-10-22 18:41 - 000000000 ____D C:\Users\Drew\Downloads\FRST-OlderVersion
2018-10-22 07:48 - 2018-10-23 14:45 - 000110424 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-10-22 07:48 - 2018-10-22 07:48 - 000260384 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-10-22 07:48 - 2018-10-22 07:48 - 000118584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-10-22 07:48 - 2018-10-22 07:48 - 000058400 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-10-22 07:47 - 2018-09-04 18:36 - 001476904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2018-10-22 07:41 - 2018-10-22 07:41 - 007592144 _____ (Malwarebytes) C:\Users\Drew\Downloads\adwcleaner_7.2.4.0.exe
2018-10-21 21:54 - 2018-10-22 07:48 - 000000000 ____D C:\Users\Drew\AppData\Local\CrashDumps
2018-10-21 21:51 - 2018-10-21 21:51 - 000004032 _____ C:\WINDOWS\system32\cc_20181021_215136.reg
2018-10-21 21:50 - 2018-10-21 21:50 - 000051180 _____ C:\WINDOWS\system32\cc_20181021_215041.reg
2018-10-21 21:44 - 2018-10-21 21:54 - 000000000 ____D C:\Users\Drew\AppData\Local\AVAST Software
2018-10-21 21:44 - 2018-10-21 21:44 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2018-10-21 21:43 - 2018-10-21 21:43 - 016796856 _____ (Piriform Ltd) C:\Users\Drew\Downloads\ccsetup547.exe
2018-10-21 21:31 - 2018-10-21 21:31 - 000000000 ____D C:\Users\Drew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nexon
2018-10-21 21:11 - 2018-10-21 21:11 - 000000000 ____D C:\Users\Drew\AppData\Roaming\Nexon Launcher
2018-10-21 21:10 - 2018-10-23 07:41 - 000000000 ____D C:\Users\Drew\AppData\Roaming\NexonLauncher
2018-10-21 21:10 - 2018-10-21 21:10 - 011765112 _____ C:\Users\Drew\Downloads\NexonLauncherSetup.exe
2018-10-21 21:10 - 2018-10-21 21:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
2018-10-21 21:10 - 2018-10-21 21:10 - 000000000 ____D C:\Program Files (x86)\Nexon
2018-10-20 14:21 - 2018-10-20 14:21 - 000000000 ____D C:\Users\Drew\AppData\Local\PlaceholderTileLogoFolder
2018-10-18 22:15 - 2018-10-18 22:16 - 000000000 ____D C:\Users\Drew\Downloads\Marshmallow Maximus
2018-10-18 22:15 - 2018-10-18 22:15 - 551984876 _____ C:\Users\Drew\Downloads\Marshmallow Maximus.zip
2018-10-13 16:49 - 2018-10-13 16:49 - 000000000 ____D C:\Users\Drew\AppData\Local\mbam
2018-10-13 16:48 - 2018-10-13 16:48 - 000200232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-10-13 16:48 - 2018-10-13 16:48 - 000000000 ____D C:\Users\Drew\AppData\Local\mbamtray
2018-10-13 16:48 - 2018-10-13 16:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-10-13 16:48 - 2018-09-11 13:18 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-10-12 14:53 - 2018-10-12 14:53 - 000041396 _____ C:\Users\Drew\Downloads\[VentoFisso] JoJos Bizarre Adventure - Golden Wind 02.***
2018-10-10 23:21 - 2018-10-10 23:21 - 000000000 ____D C:\Users\Drew\AppData\Roaming\ImageGlass
2018-10-10 00:41 - 2018-09-21 05:18 - 021386888 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-10-10 00:41 - 2018-09-20 00:29 - 006569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-10-10 00:41 - 2018-09-20 00:21 - 022013440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-10-10 00:41 - 2018-09-20 00:09 - 009089848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-10-10 00:41 - 2018-09-20 00:09 - 007520096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-10-10 00:41 - 2018-09-20 00:09 - 007432136 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-10-10 00:41 - 2018-09-20 00:08 - 004191232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-10-10 00:41 - 2018-09-19 23:53 - 025851392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-10-10 00:41 - 2018-09-19 23:46 - 022715392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-10-10 00:41 - 2018-09-19 23:37 - 004615680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-10-10 00:40 - 2018-09-21 05:01 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2018-10-10 00:40 - 2018-09-21 04:22 - 020381784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-10-10 00:40 - 2018-09-21 04:12 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2018-10-10 00:40 - 2018-09-21 00:14 - 000661056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2018-10-10 00:40 - 2018-09-21 00:13 - 000480568 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-10-10 00:40 - 2018-09-21 00:12 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-10-10 00:40 - 2018-09-21 00:11 - 000753056 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2018-10-10 00:40 - 2018-09-21 00:09 - 004790160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-10-10 00:40 - 2018-09-21 00:09 - 002253696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-10-10 00:40 - 2018-09-21 00:09 - 001427968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2018-10-10 00:40 - 2018-09-21 00:09 - 001062920 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-10-10 00:40 - 2018-09-21 00:09 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-10-10 00:40 - 2018-09-21 00:08 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-10-10 00:40 - 2018-09-21 00:08 - 002765344 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-10-10 00:40 - 2018-09-21 00:08 - 001566720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2018-10-10 00:40 - 2018-09-21 00:08 - 001456720 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-10-10 00:40 - 2018-09-21 00:08 - 001257864 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-10-10 00:40 - 2018-09-21 00:08 - 001140672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-10-10 00:40 - 2018-09-21 00:08 - 000982600 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-10-10 00:40 - 2018-09-21 00:08 - 000709936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-10-10 00:40 - 2018-09-21 00:08 - 000261008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-10-10 00:40 - 2018-09-21 00:08 - 000170808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-10-10 00:40 - 2018-09-21 00:07 - 000604664 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-10-10 00:40 - 2018-09-20 23:58 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2018-10-10 00:40 - 2018-09-20 23:57 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-10-10 00:40 - 2018-09-20 23:57 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-10-10 00:40 - 2018-09-20 23:56 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-10-10 00:40 - 2018-09-20 23:54 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-10-10 00:40 - 2018-09-20 23:53 - 001006080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2018-10-10 00:40 - 2018-09-20 23:43 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2018-10-10 00:40 - 2018-09-20 23:42 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-10-10 00:40 - 2018-09-20 23:41 - 003396096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-10-10 00:40 - 2018-09-20 23:40 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-10-10 00:40 - 2018-09-20 23:39 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-10-10 00:40 - 2018-09-20 23:39 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-10-10 00:40 - 2018-09-20 23:39 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-10-10 00:40 - 2018-09-20 23:39 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-10-10 00:40 - 2018-09-20 23:38 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-10-10 00:40 - 2018-09-20 23:38 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-10-10 00:40 - 2018-09-20 23:37 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-10-10 00:40 - 2018-09-20 23:37 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-10-10 00:40 - 2018-09-20 23:37 - 001211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2018-10-10 00:40 - 2018-09-20 23:37 - 000604160 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-10-10 00:40 - 2018-09-20 23:36 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-10-10 00:40 - 2018-09-20 23:36 - 001034240 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-10-10 00:40 - 2018-09-20 23:36 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-10-10 00:40 - 2018-09-20 23:36 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-10-10 00:40 - 2018-09-20 23:36 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-10-10 00:40 - 2018-09-20 05:40 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-10-10 00:40 - 2018-09-20 05:37 - 001634944 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-10-10 00:40 - 2018-09-20 05:23 - 006602240 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-10-10 00:40 - 2018-09-20 05:22 - 013572096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-10-10 00:40 - 2018-09-20 05:19 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2018-10-10 00:40 - 2018-09-20 05:18 - 003649024 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-10-10 00:40 - 2018-09-20 05:18 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-10-10 00:40 - 2018-09-20 05:17 - 002874368 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2018-10-10 00:40 - 2018-09-20 05:17 - 001856000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-10-10 00:40 - 2018-09-20 05:17 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-10-10 00:40 - 2018-09-20 05:16 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpshell.dll
2018-10-10 00:40 - 2018-09-20 04:46 - 001454440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-10-10 00:40 - 2018-09-20 04:35 - 005669888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-10-10 00:40 - 2018-09-20 04:34 - 012500992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-10-10 00:40 - 2018-09-20 04:30 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-10-10 00:40 - 2018-09-20 04:29 - 002891776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-10-10 00:40 - 2018-09-20 04:29 - 002824704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2018-10-10 00:40 - 2018-09-20 04:29 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-10-10 00:40 - 2018-09-20 04:28 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpshell.dll
2018-10-10 00:40 - 2018-09-20 02:43 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-10-10 00:40 - 2018-09-20 01:52 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-10-10 00:40 - 2018-09-20 00:29 - 006039368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-10-10 00:40 - 2018-09-20 00:29 - 001989232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-10-10 00:40 - 2018-09-20 00:29 - 001513032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2018-10-10 00:40 - 2018-09-20 00:29 - 000357056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-10-10 00:40 - 2018-09-20 00:28 - 001129544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-10-10 00:40 - 2018-09-20 00:28 - 000581792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-10-10 00:40 - 2018-09-20 00:28 - 000567256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-10-10 00:40 - 2018-09-20 00:17 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-10-10 00:40 - 2018-09-20 00:15 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-10-10 00:40 - 2018-09-20 00:13 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-10-10 00:40 - 2018-09-20 00:12 - 000272200 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-10-10 00:40 - 2018-09-20 00:12 - 000269128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-10-10 00:40 - 2018-09-20 00:11 - 005777920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-10-10 00:40 - 2018-09-20 00:11 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-10-10 00:40 - 2018-09-20 00:11 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-10-10 00:40 - 2018-09-20 00:11 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-10-10 00:40 - 2018-09-20 00:11 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2018-10-10 00:40 - 2018-09-20 00:10 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-10-10 00:40 - 2018-09-20 00:10 - 001221128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-10-10 00:40 - 2018-09-20 00:10 - 001029432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-10-10 00:40 - 2018-09-20 00:10 - 000566800 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-10-10 00:40 - 2018-09-20 00:10 - 000500536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2018-10-10 00:40 - 2018-09-20 00:10 - 000355840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2018-10-10 00:40 - 2018-09-20 00:10 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-10-10 00:40 - 2018-09-20 00:10 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-10-10 00:40 - 2018-09-20 00:09 - 002825232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-10-10 00:40 - 2018-09-20 00:09 - 002462888 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-10-10 00:40 - 2018-09-20 00:09 - 002421248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-10-10 00:40 - 2018-09-20 00:09 - 001767096 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2018-10-10 00:40 - 2018-09-20 00:09 - 001540096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2018-10-10 00:40 - 2018-09-20 00:09 - 001097744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-10-10 00:40 - 2018-09-20 00:09 - 000885952 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-10-10 00:40 - 2018-09-20 00:09 - 000793088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-10-10 00:40 - 2018-09-20 00:09 - 000713472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-10-10 00:40 - 2018-09-20 00:09 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-10-10 00:40 - 2018-09-20 00:08 - 001627648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-10-10 00:40 - 2018-09-19 23:44 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-10-10 00:40 - 2018-09-19 23:44 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-10-10 00:40 - 2018-09-19 23:43 - 000052736 _____ C:\WINDOWS\system32\runexehelper.exe
2018-10-10 00:40 - 2018-09-19 23:42 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-10-10 00:40 - 2018-09-19 23:42 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-10-10 00:40 - 2018-09-19 23:42 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2018-10-10 00:40 - 2018-09-19 23:41 - 007577088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-10-10 00:40 - 2018-09-19 23:41 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-10-10 00:40 - 2018-09-19 23:41 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-10-10 00:40 - 2018-09-19 23:41 - 000319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-10-10 00:40 - 2018-09-19 23:41 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-10-10 00:40 - 2018-09-19 23:40 - 003090432 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-10-10 00:40 - 2018-09-19 23:40 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-10-10 00:40 - 2018-09-19 23:40 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-10-10 00:40 - 2018-09-19 23:38 - 001724416 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-10-10 00:40 - 2018-09-19 23:38 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2018-10-10 00:40 - 2018-09-19 23:37 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-10-10 00:40 - 2018-09-19 23:36 - 001375232 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-10-10 00:40 - 2018-09-19 22:21 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2018-10-10 00:40 - 2018-09-19 21:28 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2018-10-10 00:40 - 2018-09-08 04:12 - 000452112 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-10-10 00:40 - 2018-09-08 04:07 - 002868536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-10-10 00:40 - 2018-09-08 04:07 - 001610552 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-10-10 00:40 - 2018-09-08 04:07 - 000792376 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-10-10 00:40 - 2018-09-08 04:07 - 000689464 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-10-10 00:40 - 2018-09-08 04:07 - 000612360 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-10-10 00:40 - 2018-09-08 04:07 - 000309560 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-10-10 00:40 - 2018-09-08 04:07 - 000144696 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-10-10 00:40 - 2018-09-08 04:07 - 000069944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-10-10 00:40 - 2018-09-08 04:02 - 000645112 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-10-10 00:40 - 2018-09-08 04:02 - 000540984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-10-10 00:40 - 2018-09-08 03:58 - 001639352 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2018-10-10 00:40 - 2018-09-08 03:58 - 001520744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-10-10 00:40 - 2018-09-08 03:57 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2018-10-10 00:40 - 2018-09-08 03:44 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdBth.dll
2018-10-10 00:40 - 2018-09-08 03:43 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\INETRES.dll
2018-10-10 00:40 - 2018-09-08 03:43 - 000047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardBi.dll
2018-10-10 00:40 - 2018-09-08 03:42 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2018-10-10 00:40 - 2018-09-08 03:42 - 000188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2018-10-10 00:40 - 2018-09-08 03:42 - 000169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.XamlHost.dll
2018-10-10 00:40 - 2018-09-08 03:42 - 000114176 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthci.dll
2018-10-10 00:40 - 2018-09-08 03:41 - 000258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2018-10-10 00:40 - 2018-09-08 03:40 - 001724928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2018-10-10 00:40 - 2018-09-08 03:40 - 000677888 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-10-10 00:40 - 2018-09-08 03:40 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2018-10-10 00:40 - 2018-09-08 03:40 - 000522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2018-10-10 00:40 - 2018-09-08 03:40 - 000402944 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2018-10-10 00:40 - 2018-09-08 03:40 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl
2018-10-10 00:40 - 2018-09-08 03:39 - 005505024 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2018-10-10 00:40 - 2018-09-08 03:39 - 002052096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2018-10-10 00:40 - 2018-09-08 03:39 - 001787904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2018-10-10 00:40 - 2018-09-08 03:39 - 000615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2018-10-10 00:40 - 2018-09-08 03:38 - 001288192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-10-10 00:40 - 2018-09-08 03:38 - 001004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2018-10-10 00:40 - 2018-09-08 03:38 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-10-10 00:40 - 2018-09-08 03:38 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2018-10-10 00:40 - 2018-09-08 03:38 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2018-10-10 00:40 - 2018-09-08 03:37 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2018-10-10 00:40 - 2018-09-08 03:16 - 000482080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2018-10-10 00:40 - 2018-09-08 03:14 - 001328056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-10-10 00:40 - 2018-09-08 03:13 - 001626656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2018-10-10 00:40 - 2018-09-08 03:13 - 000181288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2018-10-10 00:40 - 2018-09-08 03:03 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\INETRES.dll
2018-10-10 00:40 - 2018-09-08 03:03 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdBth.dll
2018-10-10 00:40 - 2018-09-08 03:02 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2018-10-10 00:40 - 2018-09-08 03:00 - 000548864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2018-10-10 00:40 - 2018-09-08 02:59 - 001530368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2018-10-10 00:40 - 2018-09-08 02:59 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2018-10-10 00:40 - 2018-09-08 02:59 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2018-10-10 00:40 - 2018-09-08 02:59 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.XamlHost.dll
2018-10-10 00:40 - 2018-09-08 02:58 - 001308672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2018-10-10 00:40 - 2018-09-08 02:58 - 000897536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-10-10 00:40 - 2018-09-08 02:58 - 000775680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2018-10-10 00:40 - 2018-09-08 02:57 - 005391360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2018-10-10 00:40 - 2018-09-08 02:57 - 000625664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2018-10-10 00:40 - 2018-09-08 02:57 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2018-10-10 00:40 - 2018-09-08 02:57 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl
2018-10-10 00:40 - 2018-09-08 02:56 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2018-10-10 00:40 - 2018-09-08 00:08 - 000462880 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-10-10 00:40 - 2018-09-07 23:59 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-10-10 00:40 - 2018-09-07 23:59 - 000361544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2018-10-10 00:40 - 2018-09-07 23:58 - 000744976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-10-10 00:40 - 2018-09-07 23:58 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2018-10-10 00:40 - 2018-09-07 23:58 - 000368440 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2018-10-10 00:40 - 2018-09-07 23:57 - 002571128 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-10-10 00:40 - 2018-09-07 23:57 - 001016984 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-10-10 00:40 - 2018-09-07 23:57 - 000930616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-10-10 00:40 - 2018-09-07 23:57 - 000482384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-10-10 00:40 - 2018-09-07 23:57 - 000368448 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2018-10-10 00:40 - 2018-09-07 23:57 - 000267576 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-10-10 00:40 - 2018-09-07 23:51 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-10-10 00:40 - 2018-09-07 23:45 - 000295416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2018-10-10 00:40 - 2018-09-07 23:45 - 000286824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2018-10-10 00:40 - 2018-09-07 23:44 - 001980984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-10-10 00:40 - 2018-09-07 23:44 - 000829752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-10-10 00:40 - 2018-09-07 23:43 - 001174448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-10-10 00:40 - 2018-09-07 23:43 - 000269104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2018-10-10 00:40 - 2018-09-07 23:32 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2018-10-10 00:40 - 2018-09-07 23:31 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2018-10-10 00:40 - 2018-09-07 23:31 - 000272384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Proxy.dll
2018-10-10 00:40 - 2018-09-07 23:30 - 003601920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dll
2018-10-10 00:40 - 2018-09-07 23:30 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2018-10-10 00:40 - 2018-09-07 23:30 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2018-10-10 00:40 - 2018-09-07 23:30 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2018-10-10 00:40 - 2018-09-07 23:30 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2018-10-10 00:40 - 2018-09-07 23:29 - 004771840 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-10-10 00:40 - 2018-09-07 23:29 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2018-10-10 00:40 - 2018-09-07 23:29 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2018-10-10 00:40 - 2018-09-07 23:29 - 000183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2018-10-10 00:40 - 2018-09-07 23:29 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2018-10-10 00:40 - 2018-09-07 23:28 - 000481280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2018-10-10 00:40 - 2018-09-07 23:28 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2018-10-10 00:40 - 2018-09-07 23:28 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2018-10-10 00:40 - 2018-09-07 23:28 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-10-10 00:40 - 2018-09-07 23:28 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Bluetooth.Proxy.dll
2018-10-10 00:40 - 2018-09-07 23:27 - 003348992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2018-10-10 00:40 - 2018-09-07 23:27 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2018-10-10 00:40 - 2018-09-07 23:27 - 000596992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-10-10 00:40 - 2018-09-07 23:27 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\winipcfile.dll
2018-10-10 00:40 - 2018-09-07 23:27 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
2018-10-10 00:40 - 2018-09-07 23:27 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2018-10-10 00:40 - 2018-09-07 23:26 - 002328064 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmsipc.dll
2018-10-10 00:40 - 2018-09-07 23:26 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-10-10 00:40 - 2018-09-07 23:26 - 000784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2018-10-10 00:40 - 2018-09-07 23:26 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
 
2018-10-10 00:40 - 2018-09-07 23:26 - 000387584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2018-10-10 00:40 - 2018-09-07 23:26 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-10-10 00:40 - 2018-09-07 23:26 - 000359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winipcfile.dll
2018-10-10 00:40 - 2018-09-07 23:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2018-10-10 00:40 - 2018-09-07 23:25 - 003553792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2018-10-10 00:40 - 2018-09-07 23:25 - 002789376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2018-10-10 00:40 - 2018-09-07 23:25 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winipcsecproc.dll
2018-10-10 00:40 - 2018-09-07 23:25 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-10-10 00:40 - 2018-09-07 23:25 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2018-10-10 00:40 - 2018-09-07 23:25 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Proximity.dll
2018-10-10 00:40 - 2018-09-07 23:24 - 001457664 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2018-10-10 00:40 - 2018-09-07 23:24 - 001096704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-10-10 00:40 - 2018-09-07 23:24 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2018-10-10 00:40 - 2018-09-07 23:24 - 000845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2018-10-10 00:40 - 2018-09-07 23:24 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\das.dll
2018-10-10 00:40 - 2018-09-07 23:23 - 001655296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmsipc.dll
2018-10-10 00:40 - 2018-09-07 23:23 - 000807936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winipcsecproc.dll
2018-10-10 00:40 - 2018-09-07 23:23 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll
2018-10-10 00:40 - 2018-09-07 23:23 - 000314368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Proximity.dll
2018-10-10 00:40 - 2018-09-07 23:22 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2018-10-10 00:40 - 2018-08-02 23:38 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2018-10-09 23:49 - 2018-10-09 23:49 - 000896492 _____ C:\Users\Drew\Downloads\akp23 (online-video-cutter.com).mp4
2018-10-09 23:27 - 2018-10-11 21:13 - 000000000 ____D C:\Users\Drew\Downloads\WebMConverter
2018-10-09 23:27 - 2018-10-09 23:27 - 011300249 _____ C:\Users\Drew\Downloads\WebMConverter.zip
2018-10-08 16:17 - 2018-10-08 16:17 - 001438086 _____ (Igor Pavlov) C:\Users\Drew\Downloads\7z1805-x64.exe
2018-10-08 16:17 - 2018-10-08 16:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2018-10-08 16:17 - 2018-10-08 16:17 - 000000000 ____D C:\Program Files\7-Zip
2018-10-07 23:03 - 2018-10-07 23:03 - 011728248 _____ C:\Users\Drew\Downloads\HandBrake-1.1.2-x86_64-Win_GUI.exe
2018-10-07 23:03 - 2018-10-07 23:03 - 000000000 ____D C:\Users\Drew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HandBrake
2018-10-07 22:34 - 2018-10-07 22:34 - 010424065 _____ C:\Users\Drew\Downloads\ffmpeg-4.0.2.tar.bz2
2018-10-07 22:34 - 2018-10-07 22:34 - 000000000 ____D C:\Users\Drew\Downloads\ffmpeg-4.0.2
2018-10-01 22:05 - 2018-10-01 22:05 - 160279961 _____ C:\Users\Drew\Downloads\tour-photos.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-23 17:42 - 2016-05-30 00:28 - 000000000 ____D C:\Users\Drew\AppData\Roaming\qBittorrent
2018-10-23 17:41 - 2016-11-18 18:36 - 000000000 ____D C:\Users\Drew\AppData\LocalLow\Mozilla
2018-10-23 17:40 - 2018-09-07 01:11 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-10-23 12:47 - 2018-04-11 19:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-10-23 09:48 - 2018-09-07 01:16 - 000000000 ____D C:\Users\Drew\AppData\Local\D3DSCache
2018-10-23 07:57 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-10-23 07:48 - 2018-04-11 19:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-10-23 07:41 - 2018-02-26 16:34 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-10-23 07:41 - 2016-05-22 17:50 - 000000000 ____D C:\Users\Drew\AppData\Local\Adobe
2018-10-22 21:58 - 2015-10-30 03:24 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2018-10-22 21:37 - 2017-05-20 15:23 - 000000000 ____D C:\Users\Drew\AppData\Roaming\KeePass
2018-10-22 18:29 - 2017-12-08 21:06 - 000000000 ____D C:\Users\Drew\AppData\Roaming\MusicBee
2018-10-22 07:55 - 2018-09-07 01:20 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-10-22 07:55 - 2018-04-11 19:36 - 000000000 ____D C:\WINDOWS\INF
2018-10-22 07:48 - 2018-09-07 01:16 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-10-22 07:48 - 2018-04-11 17:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-10-22 07:48 - 2016-11-22 23:19 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2018-10-22 07:41 - 2017-06-24 16:16 - 000000000 ____D C:\AdwCleaner
2018-10-22 00:35 - 2016-05-30 04:27 - 000000000 ____D C:\Users\Drew\AppData\Roaming\MPC-HC
2018-10-21 21:55 - 2018-04-11 17:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-10-21 21:54 - 2017-12-31 15:28 - 000000000 ____D C:\ProgramData\AVAST Software
2018-10-21 21:53 - 2018-09-07 01:12 - 000000000 ____D C:\Users\Drew
2018-10-21 21:49 - 2018-09-06 17:40 - 000000000 ___DC C:\WINDOWS\Panther
2018-10-21 21:44 - 2018-04-11 19:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-10-21 21:44 - 2017-09-22 20:36 - 000000000 ____D C:\ProgramData\Freemake
2018-10-21 21:43 - 2018-09-07 01:16 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-10-20 00:22 - 2018-09-07 01:16 - 000003350 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-619396438-2450706291-207795060-1001
2018-10-20 00:22 - 2018-09-07 01:12 - 000002360 _____ C:\Users\Drew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-10-20 00:22 - 2018-02-26 01:14 - 000000000 ___RD C:\Users\Drew\OneDrive
2018-10-19 05:07 - 2018-04-11 19:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-10-18 20:13 - 2016-05-20 20:48 - 000000000 ____D C:\Program Files (x86)\Steam
2018-10-16 18:11 - 2016-05-20 01:24 - 000559880 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-10-13 14:27 - 2018-04-04 22:40 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-10-13 14:27 - 2016-05-19 23:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-10-11 18:28 - 2017-11-30 08:38 - 000000000 ____D C:\Users\Drew\AppData\Roaming\audacity
2018-10-11 11:31 - 2018-04-04 22:40 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-10-10 04:07 - 2018-02-26 01:12 - 000000000 ___RD C:\Users\Drew\3D Objects
2018-10-10 04:07 - 2016-05-19 23:17 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-10-10 04:06 - 2018-09-07 01:11 - 000482880 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-10-10 04:06 - 2018-04-11 19:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-10-10 04:06 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-10-10 04:06 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2018-10-10 04:06 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-10-10 04:06 - 2018-04-11 19:38 - 000000000 ____D C:\Program Files\Windows Defender
2018-10-10 04:06 - 2018-04-11 19:38 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2018-10-10 01:32 - 2018-09-07 01:16 - 000004564 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-10-10 01:32 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-10-10 01:32 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-10-10 00:43 - 2016-05-20 03:30 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-10-10 00:42 - 2016-05-20 03:30 - 136745976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-10-08 10:58 - 2017-02-08 20:38 - 000000000 ____D C:\Users\Drew\AppData\Roaming\HandBrake
2018-10-07 23:03 - 2017-02-08 20:35 - 000000000 ____D C:\Program Files\HandBrake
2018-10-07 22:49 - 2017-02-08 20:38 - 000000000 ____D C:\Users\Drew\AppData\Roaming\dvdcss
2018-10-07 21:54 - 2017-08-21 21:11 - 000000000 ____D C:\Users\Drew\AppData\Local\MKVCleaver
2018-10-07 21:54 - 2017-07-12 21:07 - 000000000 ____D C:\Users\Drew\AppData\Roaming\vlc
2018-10-04 17:10 - 2018-07-08 15:12 - 000000000 ____D C:\ProgramData\Packages
2018-10-02 16:13 - 2018-04-11 19:41 - 000835152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-10-02 16:13 - 2018-04-11 19:41 - 000179792 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-09-27 22:32 - 2016-08-07 19:03 - 000001104 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2018-09-27 22:32 - 2016-08-07 19:03 - 000000000 ____D C:\Program Files\paint.net

==================== Files in the root of some directories =======

2017-10-16 02:44 - 2017-10-16 02:44 - 008250832 _____ (Malwarebytes) C:\Users\Drew\adwcleaner_7.0.3.1.exe
2016-06-11 13:50 - 2016-06-11 13:51 - 000023170 _____ () C:\Users\Drew\AppData\Roaming\Requiem.log
2017-11-24 01:07 - 2017-11-25 16:52 - 000001456 _____ () C:\Users\Drew\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-05-30 04:27 - 2018-01-01 03:26 - 000024064 _____ () C:\Users\Drew\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-09-29 17:38 - 2018-09-29 17:38 - 000000000 _____ () C:\Users\Drew\AppData\Local\oobelibMkey.log
2018-08-04 21:56 - 2018-08-04 21:56 - 000001465 _____ () C:\Users\Drew\AppData\Local\recently-used.xbel
2017-12-08 20:27 - 2017-12-08 20:27 - 000007606 _____ () C:\Users\Drew\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2018-10-22 21:37 - 2018-09-06 18:56 - 001947720 _____ (Microsoft Corporation) C:\Users\Drew\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-09-07 01:11

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10.10.2018
Ran by Drew (23-10-2018 17:45:37)
Running from C:\Users\Drew\Desktop
Windows 10 Home Version 1803 17134.345 (X64) (2018-09-07 05:16:24)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-619396438-2450706291-207795060-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-619396438-2450706291-207795060-503 - Limited - Disabled)
Drew (S-1-5-21-619396438-2450706291-207795060-1001 - Administrator - Enabled) => C:\Users\Drew
Guest (S-1-5-21-619396438-2450706291-207795060-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-619396438-2450706291-207795060-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
ACP Application (HKLM\...\{F6191048-C738-9336-04C8-968455D82C31}) (Version: 2016.0718.1650.38 - Advanced Micro Devices, Inc.) Hidden
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.122 - Adobe Systems Incorporated)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 18.2.1 - Advanced Micro Devices, Inc.)
Audacity 2.2.0 (HKLM-x32\...\Audacity_is1) (Version: 2.2.0 - Audacity Team)
AviSynth 2.6 (HKLM-x32\...\AviSynth) (Version: 2.6.0.6 - GPL Public release.)
Bulk Rename Utility 3.0.0.1 (64-bit) (HKLM\...\Bulk Rename Utility Installation_is1) (Version: - TGRMN Software)
Catalyst Control Center Next Localization BR (HKLM\...\{118C2119-84B6-E32C-63E2-B56DBCF41CE5}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{3E245378-BF77-6946-C6F6-096DBE5EAB82}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{51F85784-6799-5CA3-97B2-2E5904FC3E58}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{55A4D3AB-C8DF-26B2-89A8-7E16E1E40700}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{A16E186C-58C4-3BDC-5CCE-714EFEF5F27F}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{E7AA1A02-575C-14C6-FBEF-4BE6D46A5B74}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{365AEAB2-4CF3-7CBB-0DAC-E9E14B688E65}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{45907537-804A-514F-5280-5F4F12A6DCBC}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{5A083A57-10D6-D4E5-292C-F274870E73A4}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{8E6F5592-ED7E-9C50-74AC-BF417B1FE291}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{E42911E5-48F8-8557-ED20-D72AD1907D25}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{EB6C44F1-0F78-FE10-BC63-90BA50AB0CE9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{7ABC6D83-816E-6D48-E65D-B0CEDD294E4E}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{962364E4-08BB-347D-32E7-2B789F37BF8A}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{AD28960A-6190-C991-C964-308B86EAA2E2}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B26D75B8-FAB7-6F8B-767F-BAF975383D91}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B4C30EF4-B2C5-1395-B534-7B63BCB6E8E4}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{DF0D7C1C-72B6-9FFB-DF66-B3720237BB80}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{238F6F6F-2544-86CF-3AB6-2CDADAB58CF0}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{36EDC500-E4C0-371C-9865-08450415C1E9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{62098A5F-E03B-31A3-5F9C-51A7F7D25744}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{84C3F2C5-F7B2-2F08-CDF4-79EF7CC55D74}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{A0407E39-2AA4-60B3-885F-3C5347B6909E}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{C3EE628C-7394-FE2C-0C90-C05284EB528D}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{0989D0EA-AFF3-5F9A-3D25-20EE133E409B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{0E8A3B17-D603-B1B6-C205-1685EBDD23E9}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{1757AD9B-0E3C-05F9-FE43-4343BED7DA85}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{2F544F46-5F6E-97BB-3550-A0242A3C5754}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{4C2FB7FD-89FD-BA5C-585A-3811F326AD34}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{EC688BD0-240D-AE40-55F3-234E54919AE6}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{1E7D3072-1D28-E33A-99DF-85D9F7ECD06E}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{66B06F29-EE4F-9130-D96A-754826093FEA}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{A8689A0F-5928-7300-B82B-C5E85131B7BA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{D74218A3-C503-57EF-AC9F-2220082E7ADE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{E27224E3-7913-DA1E-5B08-9BEEC8FEE3D1}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{FC4086D6-E345-5F43-08BB-280FB57DAF49}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{76AAF56B-93D8-161D-809A-EC05F3B913DA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{821D0A0E-F246-BE40-0D68-93883C14C410}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{95A52FC1-C728-841D-1BFC-CC793B77B0A4}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{BA26B70C-3D8C-2D14-4122-211FB3E6F691}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{DA433FCF-90A1-19A5-65A7-FDF82DE4826D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{F8EBE530-A4D5-BF51-F623-3787E6B8A878}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{063CED74-F5F0-870E-DC9C-2D78FDEDA3EE}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{42FBD43F-DE53-6D4D-5134-E3C93B45CBEF}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{5FEACE78-C338-9AED-FF05-7DE7E273C774}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{88BD74C4-23AB-4554-915C-6E1F0C81F6CD}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{949F125B-A6CC-5A5E-EEE7-4AC50305C1FA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{A22CDEBA-6DB5-12CD-F6CE-6238C2D78363}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{13BB60AA-88F7-4B1F-2DEC-D81EEDE8B3AA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{20D46801-147B-30AD-7C5A-AC4560A79096}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{A3795528-F572-6314-C4E3-EE9DAF0FBF02}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{A48E2AB0-0866-7783-9657-E1709EB18D02}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{AC85CF50-9A55-0103-ADBF-365C37603AA4}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{C0BFC67D-E447-02C8-6046-C078DFE9EC97}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{22C39711-2747-D264-319A-1550BEEAAEC6}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{37AA6227-FF2C-95AC-87C0-45DCC0BB87DA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{4853A56D-7931-A08B-5BA7-8E2D61043DF9}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{94C72EBE-2908-F0AC-62DA-D61951830F8F}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{B349892D-B015-033C-4CA8-3635E6B655D7}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{E61CEF9A-BAC3-EAEE-F735-E257D2354DF2}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{1DBACFDB-5E43-7882-36BD-53526D34BD22}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{5B987681-3652-492B-6A11-E02AC0FE5959}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{B28CF677-E2C8-12CA-52BB-19B6F066D36A}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{BE8D6AB1-3049-2F0C-67FA-00C0A5D321A3}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{DA0326BB-657D-AAFC-752C-363E8FA33755}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{EB328356-1DF0-1CCE-3607-6361DD329219}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{26567561-DFB2-2B63-9BA8-6A490ED37016}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{43F6D22B-E0E9-EE90-9B62-1C5FC5D15A55}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{86BFE5B4-1FCE-3C02-6373-92B1AE6431E8}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{87E6EC29-AEC5-28CB-F773-93EB6C1B8A2B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{A91FC4BF-C1EC-ADCA-79D1-F4F0671F1D60}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{B873A1FB-5EA0-EE5F-A861-1E38880AD08E}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{0742432E-42D9-2240-4CA1-8595CCCBAA77}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{0809FEC1-EF86-51E9-8210-DC1B1BDB6745}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{CA55697D-BD74-3ED8-6B21-D7EDAD3B7D02}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{D4490E0F-8E7B-1097-B56A-7643C75F1C28}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{EC9DF9FF-9D75-4CDD-1D58-A2E887B0A42E}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED75A775-03A7-F214-868D-497748707968}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{07BFBD5C-2F63-6828-1B61-B41A44113F3B}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{5FD706FF-6AD8-E372-A35A-879409982655}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{7ABACA7E-6E59-0EF9-8FA3-6B32E5F58127}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{CFC860C8-4F51-E08C-A74C-2E444ED06160}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{DAB44116-0266-C65B-B643-AC11217C3041}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{EAEAA839-44F4-22DF-D1CC-88C3B2A3D4B1}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{3AF70346-52C7-0334-606F-118D1C1CB7A2}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{3E196AAF-F81C-B384-E2AB-28EE2398FE5F}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{9338D693-38B7-1ED4-9B42-BFA1D5600CCB}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{A3973655-E448-4A1B-477C-988A79D132D9}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{A4E7CA0C-84EB-5E29-2F04-06C4E4790C2F}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{E6038D3E-5D87-8DF7-6D05-BE7532C3E73E}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{53AE8AC7-5213-67AF-0DC0-CED696B77643}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{59D2664C-949B-7FA7-9880-ECB993B6616A}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{6DC92550-D065-4B36-C4D3-D8D7A702A7A7}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{C971C145-258D-6650-7088-13DDB161327A}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DAEFFE0C-CD05-1355-6AFC-7B3D4106A820}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DFAD9DAC-4768-C8BB-4E0E-5239605A9BEA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{970A40CA-46AB-986C-1798-976ED0EA00FA}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{B2A83706-3F14-1532-20CD-B4EE715A8945}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{DC9DFCBF-87DA-892C-6151-99CC9EF46E3E}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{E392A425-53A7-DF90-96A0-E287A75DD3B2}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{EBA09DAF-14B4-7BE7-676E-6E2FB21EDBDD}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{FFBFBD1F-B160-A119-7C43-8584FA2E5665}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{44ED2CDA-4197-E9E9-B328-26E1FB749116}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4707CBFC-8ED4-463E-0FF9-DE86F4A743E9}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4D1D5407-9B69-6422-629C-8518A26004A4}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{9AA4DD93-94BF-22EA-C9D2-7084F304A31B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{C1EFF2A2-DF4A-F6D1-B99C-1ED194AE9E78}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{D6F47BB4-700A-F612-0671-5F69EA311BB7}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{01FD9A26-3F61-9236-B360-BE5D043D82C0}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{3450566C-4561-0EE8-B1AB-D5C79CCE8D2C}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{379D900B-A785-6DB0-012E-434356A365B3}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{46EB68BE-8AAC-8C2B-7284-8DEDE6B5CD2A}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{A8379BAB-59A9-C0A3-8BCC-4852EA403692}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{C14A3A5B-8A86-C239-37D7-158211778C54}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{24DF617A-CD23-6E6A-126B-23630D2781CE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{366C4FB5-CF6E-258B-418D-E6D29549A278}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{64D4CCC3-63DF-252D-D29D-03491670225D}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{7A6E431B-CF43-EC3E-FD7E-0A0AAB1B25FC}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{A50C89BC-8D8E-8828-824A-7171F6D583D5}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{FCE8438C-3272-D63F-479F-670F082B294B}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{0B5633F0-C415-2F08-671E-4C9E2FAACD45}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{25D1751E-7CA2-5F6D-0125-0A16E47AF9FE}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{83DDDFD8-AD42-72F9-E4F1-5456FDB304C9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{89A1F076-19B8-A2B1-D5A3-E8247EFAF157}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{8DF90937-B869-9F76-5D45-5A8BDA0A33B6}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{B10089DE-934F-6E0F-683A-B788F89348DF}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.47 - Piriform)
FFmpeg (Windows) for Audacity version 2.2.2 (HKLM-x32\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 69.0.3497.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google 日本語入力 (HKLM\...\{DD4E0E70-C0D8-4B20-947D-AF1BD276AFAC}) (Version: 2.24.3250.0 - Google Inc.)
HandBrake 1.1.2 (HKLM-x32\...\HandBrake) (Version: 1.1.2 - )
HexChat (HKLM\...\HexChat_is1) (Version: 2.12.4 - HexChat)
HP Deskjet 2540 series Basic Device Software (HKLM\...\{6A79CD11-0C1C-4E24-A8C6-46A02F680346}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
ImageGlass (HKLM\...\{D539FBEF-4AA8-4415-B66F-6367DA5D0186}_is1) (Version: 4.5.11.27 - Duong Dieu Phap)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.42 - Irfan Skiljan)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
KeePass Password Safe 2.35 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.35 - Dominik Reichl)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LAV Filters 0.70.2 (HKLM-x32\...\lavfilters_is1) (Version: 0.70.2 - Hendrik Leppkes)
LibreOffice 5.2.0.4 (HKLM-x32\...\{8FA59B7B-1D26-408F-A798-BD11A65A68B9}) (Version: 5.2.0.4 - The Document Foundation)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-619396438-2450706291-207795060-1001\...\OneDriveSetup.exe) (Version: 18.172.0826.0010 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25017 (HKLM-x32\...\{e9d78d68-c26c-4da7-9158-99355d8ef3ad}) (Version: 14.10.25017.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
MKVCleaver x64 (HKLM\...\{EE4FBCD4-BAB6-405A-8AFF-5FEF41B841B4}) (Version: 7.0.2 - Ilia Bakhmoutski)
MKVToolNix 15.0.0 (64-bit) (HKLM-x32\...\MKVToolNix) (Version: 15.0.0 - Moritz Bunkus)
Mozilla Firefox 62.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 62.0.3 (x64 en-US)) (Version: 62.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.2 - Mozilla)
Mozilla Thunderbird 52.9.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.9.1 (x86 en-US)) (Version: 52.9.1 - Mozilla)
Mp3tag v2.85 (HKLM-x32\...\Mp3tag) (Version: 2.85 - Florian Heidenreich)
MPC-HC 1.7.11 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.11 - MPC-HC Team)
MusicBee 3.1 (HKLM-x32\...\MusicBee) (Version: 3.1 - Steven Mayall)
Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 2.0.0 - Nexon)
Npackd (HKLM\...\{A130D596-676C-4ADA-8CA6-A8A82DC5113A}) (Version: 1.22.2 - Npackd)
paint.net (HKLM\...\{36C264F3-0458-42D9-A091-807B5CEB0FA8}) (Version: 4.1.1 - dotPDN LLC)
Python 3.5.2 (32-bit) (HKU\S-1-5-21-619396438-2450706291-207795060-1001\...\{cf72a2ab-2f1d-49fd-a0d7-1065e6357e1e}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 Core Interpreter (32-bit) (HKLM-x32\...\{EB0611B2-7F10-4D97-BCF2-DCAAB1199498}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (32-bit) (HKLM-x32\...\{5DB2183B-62D3-407F-BBC1-EAD2F36283FA}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Documentation (32-bit) (HKLM-x32\...\{1FBA5182-78DD-4940-9F06-96E5042B7061}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (32-bit) (HKLM-x32\...\{33B10015-A9B1-4210-B50A-26C6443979B0}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 pip Bootstrap (32-bit) (HKLM-x32\...\{9ADF9987-3327-48C6-91B3-B10900366491}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (32-bit) (HKLM-x32\...\{FCBB04F4-D2CF-4F55-BE92-B3898696B318}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (32-bit) (HKLM-x32\...\{C1153533-FDC4-4922-892D-B71810F69566}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (32-bit) (HKLM-x32\...\{9D50A6D7-410A-4469-87B7-35FA84CBD479}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Utility Scripts (32-bit) (HKLM-x32\...\{E6DEBF43-7ACF-4E88-9BBF-9B5945683281}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{963ECCDD-F09F-4C24-9367-8B5D748AA7C8}) (Version: 3.5.2121.0 - Python Software Foundation)
qBittorrent 4.0.4 (HKLM-x32\...\qBittorrent) (Version: 4.0.4 - The qBittorrent project)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.)
RogueKiller version 12.13.6.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.13.6.0 - Adlice Software)
Skype Web Plugin (HKLM-x32\...\{EB96DF8B-65A7-4E72-BFB1-38DB36870D16}) (Version: 7.32.6.278 - Skype Technologies S.A.)
SoundSwitch 4.9.6733.39597 (HKLM\...\SoundSwitch_is1) (Version: 4.9.6733.39597 - Antoine Aflalo)
Spybot Anti-Beacon (HKLM-x32\...\{419A7FCF-93E1-474D-BFE9-987CF3F90C88}_is1) (Version: 1.5 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.1 - Krzysztof Kowalczyk)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F94A5095-E4DD-4ED8-AB0B-BFAC62176F8C}) (Version: 2.49.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.0.0 - Elaborate Bytes)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22350 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
YGOPro DevPro Launcher (HKLM-x32\...\{043FE158-FD1B-41AE-8139-5592C944D237}) (Version: 2.0.15 - DevPro, LLC)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-619396438-2450706291-207795060-1001_Classes\CLSID\{41052F6E-3662-4584-BCD3-77BCCAAE8470}\InprocServer32 -> C:\Users\Drew\AppData\Local\SkypePlugin\7.32.6.278\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-619396438-2450706291-207795060-1001_Classes\CLSID\{60813F68-E9F7-4B3C-80B4-A76A66211660}\localserver32 -> C:\Users\Drew\AppData\Local\SkypePlugin\7.32.6.278\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-619396438-2450706291-207795060-1001_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Drew\AppData\Local\SkypePlugin\7.32.6.278\EdgeCalling.exe (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ContextMenuHandlers1: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files\Bulk Rename Utility\BRUhere64.dll [2017-01-28] (Bulk Rename Utility)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-10-25] (Florian Heidenreich)
ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers2: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files\Bulk Rename Utility\BRUhere64.dll [2017-01-28] (Bulk Rename Utility)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-10-25] (Florian Heidenreich)
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers4: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files\Bulk Rename Utility\BRUhere64.dll [2017-01-28] (Bulk Rename Utility)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-10-25] (Florian Heidenreich)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-01-31] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {25F80D4D-B447-4381-9EC3-FDF2DC7D9204} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_122_Plugin.exe [2018-10-10] (Adobe Systems Incorporated)
Task: {273BFDF3-7801-44E3-B760-B128EDB5E4E0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-02] (Google Inc.)
Task: {4D003FFD-B451-4B1F-8613-112E83508259} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-23] (Microsoft Corporation)
Task: {5A2C4CD9-261F-4760-8640-296AF82ADD9D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-10-10] (Adobe Systems Incorporated)
Task: {5B37FED0-E272-405D-AAB3-0D1A50F2495B} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {7096BC9B-72FE-46BC-AECE-4384E9EC1C21} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-23] (Microsoft Corporation)
Task: {7974EC30-D88B-44FD-A70D-594A84F40A46} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe
Task: {7A7EA1C1-8326-45A6-BCD4-C6F8EF9A2E31} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe [2018-01-31] (Advanced Micro Devices, Inc.)
Task: {818DD7E9-90FC-4956-8608-07B806B20AB2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-09-19] (Piriform Ltd)
Task: {826180B1-AC4A-4D8A-B441-95A888B06BC2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-02] (Google Inc.)
Task: {8AA61235-0D32-492D-BC07-607C28F6905D} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-09-19] (Piriform Ltd)
Task: {9229364E-A384-45F0-9639-21C36C50CCE2} - System32\Tasks\AdobeAAMUpdater-1.0-DREW-Drew => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {A190CE54-FF3F-42A6-A74C-3748071AD11E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-23] (Microsoft Corporation)
Task: {C0EB90A4-948C-4E22-ADB8-53BDC2D2609A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-23] (Microsoft Corporation)
Task: {C6040191-C801-4110-AC29-B065E723C1AA} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-10-21] (AVAST Software)
Task: {E1BFC0EE-5BB6-4A85-9B1F-BB96C407C507} - System32\Tasks\Safer-Networking\Spybot Anti-Beacon\Refresh Anti-Beacon immunization => C:\Program Files (x86)\Spybot Anti-Beacon\SDAntiBeacon.exe [2015-10-19] (Safer-Networking Ltd.)
Task: {ECF6A086-C9A1-4E7A-B0CE-824698CE536C} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-09-22] (Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-10-13 16:48 - 2018-09-12 11:35 - 002701064 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-10-13 16:48 - 2018-09-12 17:57 - 002785784 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-04-11 19:34 - 2018-04-11 19:34 - 000491744 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-04-11 19:34 - 2018-04-11 19:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 19:34 - 2018-04-11 19:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2017-09-26 03:52 - 2017-09-26 03:52 - 000491600 _____ () C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
2018-10-10 00:40 - 2018-09-19 23:38 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-07-12 14:22 - 2017-07-12 14:22 - 000015360 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2017-07-12 14:22 - 2017-07-12 14:22 - 002519040 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2018-09-25 21:28 - 2018-09-25 21:28 - 000479232 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2018-09-25 21:28 - 2018-09-25 21:28 - 069128192 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2018-02-26 02:53 - 2018-02-26 02:54 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2018-08-30 17:34 - 2018-08-30 17:34 - 003699200 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2018-09-25 21:28 - 2018-09-25 21:28 - 000010752 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2018-05-03 13:29 - 2018-05-03 13:30 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\ImagePipelineNative.dll
2018-08-30 17:34 - 2018-08-30 17:34 - 000035328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
2018-08-21 17:34 - 2018-08-21 17:34 - 002480640 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\opencv_imgproc320.dll
2018-08-21 17:34 - 2018-08-21 17:34 - 002280960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\opencv_core320.dll
2018-04-05 13:23 - 2018-04-05 13:23 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2018-09-25 21:28 - 2018-09-25 21:28 - 014171648 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-08-30 17:34 - 2018-08-30 17:34 - 003544576 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2018-09-25 21:28 - 2018-09-25 21:28 - 002866176 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-08-30 17:34 - 2018-08-30 17:34 - 000973312 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-07-26 17:54 - 2018-07-26 17:54 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-09-25 21:28 - 2018-09-25 21:28 - 000145920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\SKU.dll
2018-09-25 21:28 - 2018-09-25 21:28 - 000094720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\MediaEngineVideoDataProvider.UWP.dll
2018-09-25 21:28 - 2018-09-25 21:28 - 000048128 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\ImageDecoding.dll
2018-10-05 20:44 - 2018-10-05 20:44 - 000194048 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11809.1001.8.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-07-30 18:17 - 2018-07-30 18:17 - 002447072 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11809.1001.8.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-10-05 20:44 - 2018-10-05 20:44 - 001689088 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11809.1001.8.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.dll
2018-10-16 18:09 - 2018-10-16 18:09 - 004183040 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1809.2731.0_x64__8wekyb3d8bbwe\Calculator.exe
2018-09-25 21:28 - 2018-09-25 21:28 - 004472952 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1809.2731.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\py.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\pyw.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpreference.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DelayAPO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DevManagerCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LogiDPP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LogiDPPApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lvco1380853.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lvcod64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LVUI64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LVUIRC64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SET1CBA.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SET4192.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SET41B3.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SET8A3.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SETA106.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SETABC9.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SETC55B.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SETC60B.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SETC7CB.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SETC86C.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SETD3A1.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SETD58A.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SETD85B.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SETD909.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SETE3CC.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SETEF5C.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SETF00C.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SETFB67.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SETFB88.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SETFC38.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WmJoyFrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevManagerCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LogiDPP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LogiDPPApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\lvcodec2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LVUI2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LVUI2RC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SET60B.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SETAF2A.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SETB24B.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SETB50C.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SETC717.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SETD0D8.tmp:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SETD195.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SETD234.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SETDE30.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SETEBB6.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SETF119.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SETFD54.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SETFFEE.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WmJoyF32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\amdacpksd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\amdkmafd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\htcnprot.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\lvrs64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\lvuvc64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ScpVBus.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\SET588.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\SET599.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\SET9F8B.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\SETC529.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\SETC594.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\SETC6.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\SETD73E.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\SETEF2A.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\SETFB45.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\SETFEAF.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WmBEnum.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WmFilter.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WmXlCore.sys:$CmdTcID [64]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 03:24 - 2018-10-22 07:53 - 000004750 _____ C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.0 choice.microsoft.com
0.0.0.0 choice.microsoft.com.nstac.net
0.0.0.0 df.telemetry.microsoft.com
0.0.0.0 oca.telemetry.microsoft.com
0.0.0.0 oca.telemetry.microsoft.com.nsatc.net
0.0.0.0 redir.metaservices.microsoft.com
0.0.0.0 reports.wes.df.telemetry.microsoft.com
0.0.0.0 services.wes.df.telemetry.microsoft.com
0.0.0.0 settings-sandbox.data.microsoft.com
0.0.0.0 settings-win.data.microsoft.com
0.0.0.0 sqm.df.telemetry.microsoft.com
0.0.0.0 sqm.telemetry.microsoft.com
0.0.0.0 sqm.telemetry.microsoft.com.nsatc.net
0.0.0.0 telecommand.telemetry.microsoft.com
0.0.0.0 telecommand.telemetry.microsoft.com.nsatc.net
0.0.0.0 telemetry.appex.bing.net
0.0.0.0 telemetry.microsoft.com
0.0.0.0 telemetry.urs.microsoft.com
0.0.0.0 vortex-sandbox.data.microsoft.com
0.0.0.0 vortex-win.data.microsoft.com
0.0.0.0 vortex.data.microsoft.com
0.0.0.0 watson.telemetry.microsoft.com
0.0.0.0 watson.telemetry.microsoft.com.nsatc.net
0.0.0.0 watson.ppe.telemetry.microsoft.com
0.0.0.0 wes.df.telemetry.microsoft.com
0.0.0.0 vortex-bn2.metron.live.com.nsatc.net
0.0.0.0 vortex-cy2.metron.live.com.nsatc.net
0.0.0.0 watson.live.com
0.0.0.0 watson.microsoft.com
0.0.0.0 feedback.search.microsoft.com

There are 78 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-619396438-2450706291-207795060-1001\Control Panel\Desktop\\Wallpaper -> P:\Pictures\Wallpapers\test 4.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "StartCN"
HKLM\...\StartupApproved\Run: => "COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "Start WingMan Profiler"
HKLM\...\StartupApproved\Run: => "XboxStat"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "IseUI"
HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive"
HKU\S-1-5-21-619396438-2450706291-207795060-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-619396438-2450706291-207795060-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-619396438-2450706291-207795060-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-619396438-2450706291-207795060-1001\...\StartupApproved\Run: => "WiinUSoft"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{EFF2AE61-67E1-4578-A949-B7DD2E18726A}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{65A2979C-416B-4DC9-AC66-5B8D6E9296A4}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{5D0FDB27-2F85-4967-AA4C-6BDA72CEE6BB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{FED24DE9-41D1-4256-BDCC-19C1E037A605}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{6DE857FF-6804-4105-A2AA-1B6594DDD778}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Maniac Mansion\ScummVM\scummvm.exe
FirewallRules: [{7F5149FB-1A79-47F4-AA84-46648C86A2FC}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Maniac Mansion\ScummVM\scummvm.exe
FirewallRules: [{40316834-FE4C-40A2-940C-24DC2AD75254}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F1ADC47A-CD34-48BD-89FC-0196A2E17286}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E352BD23-8636-4572-8EE2-9537F2A88C55}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{0620254D-0429-4D27-8E6F-98965EBB7A7A}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{34404FEB-D884-4F29-B0A5-D92BCBFFD245}C:\users\drew\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\drew\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [UDP Query User{5E513217-4074-4304-8FF0-0C4EAE2D98D4}C:\users\drew\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\drew\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [{F7069DA2-43C7-450A-96B6-3ABB5C87D2AD}] => (Block) C:\users\drew\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [{AC4C6954-FAB6-4457-BBAC-BDC703B48903}] => (Block) C:\users\drew\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [{8EE5717C-1B0C-4B2C-AD4D-66E2DDB494AD}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe
FirewallRules: [{D2125358-855C-4907-8015-3BCD54552F91}] => (Allow) LPort=5357
FirewallRules: [{805754EB-7449-4C80-8FBB-4930B9426E23}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{CC9EF392-8F7D-4F86-A114-8ABFA3F8F468}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Braid\braid.exe
FirewallRules: [{AF59F457-086E-4DF6-B912-2B8A4110341F}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Braid\braid.exe
FirewallRules: [{55F48E0F-F68B-45DA-8DCC-8207E5BAA538}] => (Allow) P:\Games\SteamLibrary\steamapps\common\The Witness\witness_d3d11.exe
FirewallRules: [{C5F6E9FB-0725-4058-8032-2BFE0587CFA8}] => (Allow) P:\Games\SteamLibrary\steamapps\common\The Witness\witness_d3d11.exe
FirewallRules: [{232084D6-B892-4DF0-874B-BE2A6CA444BE}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{9415C73D-F28F-405D-A615-76EDACACCACB}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{EC6EFEB5-EB58-44F0-86E1-72308DD5B957}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Cuphead\Cuphead.exe
FirewallRules: [{261E22B4-71CC-4180-AD56-74BE1A32CD6B}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Cuphead\Cuphead.exe
FirewallRules: [{C653F0CD-B5D6-431D-8C9A-42F3A2FA75CF}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe
FirewallRules: [{71D3C72A-C5D6-4B80-A9D6-20F105C85127}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe
FirewallRules: [{2CE3D13E-815A-4D12-9ECD-8EFDE624A762}] => (Allow) P:\Games\SteamLibrary\steamapps\common\NieRAutomata\NieRAutomata.exe
FirewallRules: [{8E35372F-2BD9-4DFB-8BCA-E31EFA460833}] => (Allow) P:\Games\SteamLibrary\steamapps\common\NieRAutomata\NieRAutomata.exe
FirewallRules: [{486070CC-AF11-4F6B-9CC2-9D829FD22933}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Sonic Mania\SonicMania.exe
FirewallRules: [{FF814388-0F3A-424E-A14F-B67B6B51E7D5}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Sonic Mania\SonicMania.exe
FirewallRules: [{AE473788-4E2A-4B47-B3A4-E2458DDDE0D2}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Little Nightmares\Atlas\Binaries\Win64\LittleNightmares.exe
FirewallRules: [{B1642CE5-B46D-44FB-8E2F-57A79C799018}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Little Nightmares\Atlas\Binaries\Win64\LittleNightmares.exe
FirewallRules: [{F13BDD89-1FDA-4B2F-A343-24C457307976}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Ultimate Doom\base\dosbox.exe
FirewallRules: [{95B6FCD5-1874-44CB-BB3E-B305E7DB6B07}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Ultimate Doom\base\dosbox.exe
FirewallRules: [{D863ECA4-76AA-42D6-976B-B2BEC1581548}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Final Doom\base\dosbox.exe
FirewallRules: [{FB61CBCF-5B92-4AB4-97F4-4C7CEE362291}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Final Doom\base\dosbox.exe
FirewallRules: [{9E5434EE-F59B-4C33-ABFD-AAE19430C07D}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Master Levels of Doom\dosbox.exe
FirewallRules: [{C1CA8531-7065-4A23-BE02-E2A060BE98E2}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Master Levels of Doom\dosbox.exe
FirewallRules: [{B9FDA0C9-6E49-4F24-95D3-016B97C9111D}] => (Allow) P:\Games\SteamLibrary\steamapps\common\DOOM\DOOMx64.exe
FirewallRules: [{ED201F08-B210-4FC8-AEF7-AB1956F97149}] => (Allow) P:\Games\SteamLibrary\steamapps\common\DOOM\DOOMx64.exe
FirewallRules: [{46EC4E34-FBDD-4C7C-A375-B977EAE9BD98}] => (Allow) P:\Games\SteamLibrary\steamapps\common\NEKOPARA Vol. 3\NEKOPARAvol3.exe
FirewallRules: [{6A5F8E78-1999-488D-9055-FA9A79C54B9E}] => (Allow) P:\Games\SteamLibrary\steamapps\common\NEKOPARA Vol. 3\NEKOPARAvol3.exe
FirewallRules: [{6F6FCBF3-328C-4E15-A5FB-341CF332B8CB}] => (Allow) P:\Games\SteamLibrary\steamapps\common\NEKOPARA Vol. 0\nekopara_vol0.exe
FirewallRules: [{74C5A92E-6E57-4118-A792-B7AD99D8858E}] => (Allow) P:\Games\SteamLibrary\steamapps\common\NEKOPARA Vol. 0\nekopara_vol0.exe
FirewallRules: [{A08C568F-9430-48CB-85A0-C6F98315FB99}] => (Allow) P:\Games\SteamLibrary\steamapps\common\NEKOPARA Vol. 1\nekopara_vol1.exe
FirewallRules: [{279AD974-C5D2-4CB9-9DC1-22ACDAB74601}] => (Allow) P:\Games\SteamLibrary\steamapps\common\NEKOPARA Vol. 1\nekopara_vol1.exe
FirewallRules: [{AF5C7F66-7339-479B-AB5A-D9426EAA08BB}] => (Allow) P:\Games\SteamLibrary\steamapps\common\NEKOPARA Vol. 2\nekopara_vol2.exe
FirewallRules: [{C8380E89-A8DB-4042-AAD5-364E000C0845}] => (Allow) P:\Games\SteamLibrary\steamapps\common\NEKOPARA Vol. 2\nekopara_vol2.exe
FirewallRules: [{BCE81B4D-6DC9-4520-BE51-B8FC555C24E5}] => (Allow) P:\Games\SteamLibrary\steamapps\common\vvvvvv\VVVVVV.exe
FirewallRules: [{EFA88763-6F86-4335-B49E-0C99B6082E6E}] => (Allow) P:\Games\SteamLibrary\steamapps\common\vvvvvv\VVVVVV.exe
FirewallRules: [{41A70446-41BF-44E3-B21E-E3A07010BDAA}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{5B98E461-4B7F-4632-98C2-70C40ECBEF0D}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{6C6D9FE8-A288-427E-A895-18A7BF7A9972}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{EA1F89ED-CEBF-4299-B919-3ED71BDED188}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{221B9ADB-2ABD-4E29-9BD2-1413F0C5673C}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Stacking\Stack.exe
FirewallRules: [{5D964FF0-E029-4825-B03C-508CDBB95723}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Stacking\Stack.exe
FirewallRules: [{2315B3E4-A4DA-4353-AAEC-1361808888BD}] => (Allow) P:\Games\SteamLibrary\steamapps\common\SpacebaseDF9\Space.exe
FirewallRules: [{EFCDAF22-80EE-4961-A0C8-0612CDEDB911}] => (Allow) P:\Games\SteamLibrary\steamapps\common\SpacebaseDF9\Space.exe
FirewallRules: [{007397EB-730E-4D23-A4DE-4C064DA13550}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Psychonauts\Psychonauts.exe
FirewallRules: [{34C60104-674F-4C8B-AB76-67255C01A63B}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Psychonauts\Psychonauts.exe
FirewallRules: [{96C69306-67B3-4E70-BEE4-9B49FDD3DF03}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Octodad Dadliest Catch\OctodadDadliestCatch.exe
FirewallRules: [{4217261F-436D-4E46-89D1-09E8DC7FF893}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Octodad Dadliest Catch\OctodadDadliestCatch.exe
FirewallRules: [{7E7105A0-78F8-46EE-A600-4B4B2BBB1F56}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Massive Chalice\MC.exe
FirewallRules: [{1B86C50B-6EF1-4F01-8325-0E08D33FEBAD}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Massive Chalice\MC.exe
FirewallRules: [{72756E17-F475-4D0C-BB43-469753F29B7B}] => (Allow) P:\Games\SteamLibrary\steamapps\common\ironbrigade\IronBrigade.exe
FirewallRules: [{F731D348-F5D3-435D-AEB0-303FDDA56830}] => (Allow) P:\Games\SteamLibrary\steamapps\common\ironbrigade\IronBrigade.exe
FirewallRules: [{35D481D9-AFDD-4622-9657-EBBDD162F0D9}] => (Allow) P:\Games\SteamLibrary\steamapps\common\HacknSlash\Hack.exe
FirewallRules: [{6850BD8C-619A-4BC0-8194-033099EC7A3A}] => (Allow) P:\Games\SteamLibrary\steamapps\common\HacknSlash\Hack.exe
FirewallRules: [{37FEC300-A294-49BF-AD2A-811069348135}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Grim Fandango Remastered\GrimFandango.exe
FirewallRules: [{FC3677DA-AC7B-4A6C-93AB-22D2ABF8321F}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Grim Fandango Remastered\GrimFandango.exe
FirewallRules: [{4DA587CF-B6F0-444B-AC42-56D561C6B888}] => (Allow) P:\Games\SteamLibrary\steamapps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{8D4000DA-D41D-4695-A463-03B22A5CF895}] => (Allow) P:\Games\SteamLibrary\steamapps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{3632C54D-9340-42C9-BFBB-3D282809D052}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Full Throttle Remastered\Throttle.exe
FirewallRules: [{7BE03010-4A76-4C6F-BFA5-CD4272077A06}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Full Throttle Remastered\Throttle.exe
FirewallRules: [{962260BC-748B-455A-BFF5-679D3617C8D1}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Five Nights at Freddy's\FiveNightsatFreddys.exe
FirewallRules: [{7ABB87CF-3FA9-44D2-A6C8-55F4C33360C5}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Five Nights at Freddy's\FiveNightsatFreddys.exe
FirewallRules: [{A84F6EB8-230F-46F4-AE33-03ACA0F1C209}] => (Allow) P:\Games\SteamLibrary\steamapps\common\DLC Quest\DLC.exe
FirewallRules: [{3E223811-D944-450C-AF43-F8F1621CD4C6}] => (Allow) P:\Games\SteamLibrary\steamapps\common\DLC Quest\DLC.exe
FirewallRules: [{AABECDD7-103B-40BA-BA08-C99F4FE16C88}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Day of the Tentacle Remastered\Dott.exe
FirewallRules: [{8972045F-B560-4C1B-95EF-908E056F3E54}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Day of the Tentacle Remastered\Dott.exe
FirewallRules: [{78650000-534B-423F-914B-0EE29DA510CE}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Costume Quest\Cq.exe
FirewallRules: [{A2B10B68-DF79-4770-B8F9-86EAEA50C4FD}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Costume Quest\Cq.exe
FirewallRules: [{830B35F3-4934-43BD-9416-08F076F955B7}] => (Allow) P:\Games\SteamLibrary\steamapps\common\BrutalLegend\BrutalLegend.exe
FirewallRules: [{01AC71A7-A467-4D06-AA61-7C920D46778D}] => (Allow) P:\Games\SteamLibrary\steamapps\common\BrutalLegend\BrutalLegend.exe
FirewallRules: [{8288FE0A-3C1A-4107-AC2E-652D4D36FC37}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Broken Age\BrokenAge.exe
FirewallRules: [{8F0D407A-1027-494B-883D-9918D86BF31B}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Broken Age\BrokenAge.exe
FirewallRules: [{62F4E565-0DB6-4E32-B00C-997583EECA42}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Gone Home\GoneHome.exe
FirewallRules: [{C26E55D2-4501-46EA-84CC-07635AF1D209}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Gone Home\GoneHome.exe
FirewallRules: [{9C75992F-F5FF-49B3-8C54-5EBDF5E7C7D1}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Ori DE\oriDE.exe
FirewallRules: [{8D6F6D66-3490-4E20-8286-F019F800532F}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Ori DE\oriDE.exe
FirewallRules: [{B154FE44-B2C2-479D-8167-A9724B5E1330}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Ori\ori.exe
FirewallRules: [{1E089C34-8761-469B-AED6-EB315E2E9F21}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Ori\ori.exe
FirewallRules: [{8F0C69F6-CB90-4D92-A1E9-DD83A7A65B5C}] => (Allow) P:\Games\SteamLibrary\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{428D498D-359E-4A13-B680-8DFCE16A39EC}] => (Allow) P:\Games\SteamLibrary\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{D4B81699-9F39-4269-AADA-4E277E8E54B5}] => (Allow) P:\Games\SteamLibrary\steamapps\common\EdithFinch\FinchGame\Binaries\Win64\FinchGame.exe
FirewallRules: [{D597C208-3AD4-46DB-8FE1-9A4C72700161}] => (Allow) P:\Games\SteamLibrary\steamapps\common\EdithFinch\FinchGame\Binaries\Win64\FinchGame.exe
FirewallRules: [{C9CFA061-ED86-4D96-957E-DD55E16D6E34}] => (Allow) P:\Games\SteamLibrary\steamapps\common\DDDA\DDDA.exe
FirewallRules: [{771E25A4-F3CC-4B04-AB6C-64EB08392E55}] => (Allow) P:\Games\SteamLibrary\steamapps\common\DDDA\DDDA.exe
FirewallRules: [{5B0FED64-FD52-4FAB-B416-23C8AC81648A}] => (Allow) P:\Games\SteamLibrary\steamapps\common\LISA\mkxp\lisa.exe
FirewallRules: [{22C42AE4-10A2-4ED0-A898-2D5272A99ABF}] => (Allow) P:\Games\SteamLibrary\steamapps\common\LISA\mkxp\lisa.exe
FirewallRules: [{2029A111-3F33-4E69-B9CC-25DB13193F1F}] => (Allow) P:\Games\SteamLibrary\steamapps\common\LISA\Game.exe
FirewallRules: [{751CD463-B961-414C-90F0-4EF409C5CD6C}] => (Allow) P:\Games\SteamLibrary\steamapps\common\LISA\Game.exe
FirewallRules: [{ED53C954-5CD3-4211-8602-5B373747B68F}] => (Allow) P:\Games\SteamLibrary\steamapps\common\LISA\mkxp\lisa.exe
FirewallRules: [{C7CCBCDF-BF2B-445A-8D76-1E16A8B31105}] => (Allow) P:\Games\SteamLibrary\steamapps\common\LISA\mkxp\lisa.exe
FirewallRules: [{B5DAD1C3-8D7B-45B3-9EA8-F595CF37989E}] => (Allow) P:\Games\SteamLibrary\steamapps\common\LISA\JOYFUL\Game.exe
FirewallRules: [{FE7921A1-79E0-4017-9B48-6E3DF2CA336E}] => (Allow) P:\Games\SteamLibrary\steamapps\common\LISA\JOYFUL\Game.exe
FirewallRules: [{E7089F1B-6C8A-415F-A942-7D39B62439D4}] => (Allow) P:\Games\SteamLibrary\steamapps\common\RESIDENT EVIL 7 biohazard\re7.exe
FirewallRules: [{BF53FF50-3AD9-46D6-B0DF-DF76531A8CA6}] => (Allow) P:\Games\SteamLibrary\steamapps\common\RESIDENT EVIL 7 biohazard\re7.exe
FirewallRules: [{C6C8C192-2B48-4F25-823D-145107CFB614}] => (Allow) P:\Games\SteamLibrary\steamapps\common\SOMA\Soma.exe
FirewallRules: [{BA5276B1-D52B-4230-9E58-1D062814A49C}] => (Allow) P:\Games\SteamLibrary\steamapps\common\SOMA\Soma.exe
FirewallRules: [{56B6BBBE-675A-43B5-BD6F-0D15294B6D6A}] => (Allow) P:\Games\SteamLibrary\steamapps\common\SOMA\ModLauncher.exe
FirewallRules: [{708C5BAF-18E8-48F6-BB05-926ACD12BAF7}] => (Allow) P:\Games\SteamLibrary\steamapps\common\SOMA\ModLauncher.exe
FirewallRules: [{F87FD22F-DC5C-4570-8D08-9133973F56C6}] => (Allow) P:\Games\SteamLibrary\steamapps\common\VA-11 HALL-A\VA-11 Hall A.exe
FirewallRules: [{3978629E-8FDD-4189-820E-B533F92F9CC7}] => (Allow) P:\Games\SteamLibrary\steamapps\common\VA-11 HALL-A\VA-11 Hall A.exe
FirewallRules: [{545FA10A-42F6-4F5D-A531-C6296515FABF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{4F7388BA-895A-49CE-BFF3-F883864ACCAB}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Special Edition\DevilMayCry4SpecialEdition.exe
FirewallRules: [{77027D18-5604-49F3-AB43-9D599C13DE8D}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Special Edition\DevilMayCry4SpecialEdition.exe
FirewallRules: [{5DE3311C-744F-4E96-9168-0D6F37978B18}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Devil May Cry HD Collection\dmcLauncher.exe
FirewallRules: [{F0BE4B21-3348-45E6-ADA4-DFADFC9A346B}] => (Allow) P:\Games\SteamLibrary\steamapps\common\Devil May Cry HD Collection\dmcLauncher.exe
FirewallRules: [{D81AD678-3759-4D8A-81D2-F03DBBAA1F43}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [{78811B3F-E71E-4D60-B5D5-45D98D92F1E8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [{99EBD55C-7493-485B-BAAC-5C3CA99C2C68}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{D1A71545-EEE5-44D9-9AE5-B8724B4F4AD9}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{52A9F1F7-D528-4BE6-A0BD-1E45145DE2B2}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{F3FC2F42-0781-417D-A9FC-5656AF8632A8}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe

==================== Restore Points =========================

14-10-2018 16:40:12 Windows Modules Installer
15-10-2018 18:28:31 Windows Modules Installer
16-10-2018 20:29:03 Windows Modules Installer
17-10-2018 22:27:27 Windows Modules Installer
19-10-2018 00:29:35 Windows Modules Installer
20-10-2018 02:29:36 Windows Modules Installer
21-10-2018 04:16:41 Windows Modules Installer
23-10-2018 07:48:29 Windows Modules Installer

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/23/2018 07:40:42 AM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: Event-ID 0

Error: (10/23/2018 02:49:59 AM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: Event-ID 0

Error: (10/22/2018 11:31:23 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: Event-ID 0

Error: (10/22/2018 11:21:57 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: Event-ID 0

Error: (10/22/2018 11:18:54 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: Event-ID 0

Error: (10/22/2018 07:48:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ATKEX_cmd.exe, version: 0.0.0.0, time stamp: 0x00000000
Faulting module name: KERNELBASE.dll, version: 10.0.17134.319, time stamp: 0x5ea0e53d
Exception code: 0x0eedfade
Fault offset: 0x001117d2
Faulting process id: 0x25a8
Faulting application start time: 0x01d469fd2d99ad02
Faulting application path: C:\Program Files\Realtek\Audio\HDA\ATKEX_cmd.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: d2d9d837-6aa0-41d7-9023-ec764a7dbed9
Faulting package full name:
Faulting package-relative application ID:

Error: (10/22/2018 07:48:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ATKEX_cmd.exe, version: 0.0.0.0, time stamp: 0x00000000
Faulting module name: KERNELBASE.dll, version: 10.0.17134.319, time stamp: 0x5ea0e53d
Exception code: 0x0eedfade
Fault offset: 0x001117d2
Faulting process id: 0x25a8
Faulting application start time: 0x01d469fd2d99ad02
Faulting application path: C:\Program Files\Realtek\Audio\HDA\ATKEX_cmd.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 6bd098fa-7aa5-4c63-8277-660ef549bdc9
Faulting package full name:
Faulting package-relative application ID:

Error: (10/22/2018 07:48:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ATKEX_cmd.exe, version: 0.0.0.0, time stamp: 0x00000000
Faulting module name: KERNELBASE.dll, version: 10.0.17134.319, time stamp: 0x5ea0e53d
Exception code: 0x0eedfade
Fault offset: 0x001117d2
Faulting process id: 0x2418
Faulting application start time: 0x01d469fd2cb84355
Faulting application path: C:\Program Files\Realtek\Audio\HDA\ATKEX_cmd.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 7ebc6a5e-ac37-4828-9661-33b6166c726f
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (10/23/2018 07:43:11 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender Antivirus - KB2267602 (Definition 1.279.351.0).

Error: (10/22/2018 08:55:38 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The Nexon Game Security Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (10/22/2018 07:48:46 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscDataProtection
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/22/2018 07:48:46 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/22/2018 07:48:26 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/22/2018 07:48:26 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/22/2018 07:47:54 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Update Orchestrator Service service terminated with the following error:
This operation returned because the timeout period expired.

Error: (10/22/2018 07:43:34 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscDataProtection
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2018-10-21 21:55:09.453
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {D4FC09C8-C8CA-4DA0-943D-150F5905E88A}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-10-21 21:42:44.160
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {9F5439CD-37D1-49F1-B06D-30B0F585D2CF}
Scan Type: Antimalware
Scan Parameters: Full Scan

Date: 2018-10-21 02:17:20.412
Description:
Windows Defender Antivirus has detected a suspicious behavior.
Name: Informational:Behavior/ModifiedKernel
ID: 435840862
Severity: Low
Category: Suspicious Behavior
Path Found: process:_0
Detection Origin: Unknown
Detection Type: Suspicious
Detection Source: Real-Time Protection
Status: Executing
Process Name: Unknown
Signature ID: 717259538435
Signature Version: AV: 1.279.182.0, AS: 1.279.182.0
Engine Version: 1.1.15400.4
Fidelity Label: Medium
Target File Name: c:\windows\\system32\drivers\ndis.sys

Date: 2018-10-13 20:10:32.845
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {E4E33B83-D18C-459B-AF06-A2DF24EE7374}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-10-13 16:00:40.620
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {40BA2F3F-C07A-4B32-AF0C-80902B0201C0}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-10-21 21:55:59.566
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80508023
Error description: The program could not find the malware and other potentially unwanted software on this device.
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-6600 CPU @ 3.30GHz
Percentage of memory in use: 30%
Total physical RAM: 16298.85 MB
Available physical RAM: 11327.67 MB
Total Virtual: 30341.52 MB
Available Virtual: 5204.74 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:231.93 GB) (Free:135.56 GB) NTFS
Drive p: (Pictures) (Fixed) (Total:931.51 GB) (Free:212.92 GB) NTFS
Drive s: (Storage) (Fixed) (Total:1862.89 GB) (Free:18.15 GB) NTFS

\\?\Volume{73dc8a39-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.46 GB) NTFS
\\?\Volume{73dc8a39-0000-0000-0000-c01a3a000000}\ () (Fixed) (Total:0.47 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 73DC8A39)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=231.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=477 MB) - (Type=27)

========================================================
Disk: 1 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: A8118AC1)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    7.3 KB · Views: 2
Fix result of Farbar Recovery Scan Tool (x64) Version: 10.10.2018
Ran by Drew (23-10-2018 18:39:08) Run:1
Running from C:\Users\Drew\Desktop
Loaded Profiles: Drew (Available Profiles: Drew)
Boot Mode: Normal
==============================================

fixlist content:
*****************
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [No File]
2017-10-16 02:44 - 2017-10-16 02:44 - 008250832 _____ (Malwarebytes) C:\Users\Drew\adwcleaner_7.0.3.1.exe
2016-06-11 13:50 - 2016-06-11 13:51 - 000023170 _____ () C:\Users\Drew\AppData\Roaming\Requiem.log
2017-11-24 01:07 - 2017-11-25 16:52 - 000001456 _____ () C:\Users\Drew\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-05-30 04:27 - 2018-01-01 03:26 - 000024064 _____ () C:\Users\Drew\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-09-29 17:38 - 2018-09-29 17:38 - 000000000 _____ () C:\Users\Drew\AppData\Local\oobelibMkey.log
2018-08-04 21:56 - 2018-08-04 21:56 - 000001465 _____ () C:\Users\Drew\AppData\Local\recently-used.xbel
2017-12-08 20:27 - 2017-12-08 20:27 - 000007606 _____ () C:\Users\Drew\AppData\Local\Resmon.ResmonCfg
2018-10-22 21:37 - 2018-09-06 18:56 - 001947720 _____ (Microsoft Corporation) C:\Users\Drew\AppData\Local\Temp\dllnt_dump.dll
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
Task: {5B37FED0-E272-405D-AAB3-0D1A50F2495B} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
AlternateDataStreams: C:\WINDOWS\py.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\pyw.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpreference.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DelayAPO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DevManagerCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LogiDPP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LogiDPPApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lvco1380853.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lvcod64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LVUI64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LVUIRC64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SET1CBA.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SET4192.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SET41B3.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SET8A3.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SETA106.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SETABC9.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SETC55B.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SETC60B.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SETC7CB.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SETC86C.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SETD3A1.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SETD58A.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SETD85B.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SETD909.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SETE3CC.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SETEF5C.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SETF00C.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SETFB67.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SETFB88.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SETFC38.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WmJoyFrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevManagerCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LogiDPP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LogiDPPApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\lvcodec2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LVUI2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LVUI2RC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SET60B.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SETAF2A.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SETB24B.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SETB50C.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SETC717.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SETD0D8.tmp:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SETD195.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SETD234.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SETDE30.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SETEBB6.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SETF119.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SETFD54.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SETFFEE.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WmJoyF32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\amdacpksd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\amdkmafd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\htcnprot.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\lvrs64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\lvuvc64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ScpVBus.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\SET588.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\SET599.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\SET9F8B.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\SETC529.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\SETC594.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\SETC6.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\SETD73E.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\SETEF2A.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\SETFB45.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\SETFEAF.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WmBEnum.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WmFilter.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WmXlCore.sys:$CmdTcID [64]

*****************

HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect => removed successfully
C:\Users\Drew\adwcleaner_7.0.3.1.exe => moved successfully
C:\Users\Drew\AppData\Roaming\Requiem.log => moved successfully
C:\Users\Drew\AppData\Local\Adobe Save for Web 13.0 Prefs => moved successfully
C:\Users\Drew\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\Users\Drew\AppData\Local\oobelibMkey.log => moved successfully
C:\Users\Drew\AppData\Local\recently-used.xbel => moved successfully
C:\Users\Drew\AppData\Local\Resmon.ResmonCfg => moved successfully
C:\Users\Drew\AppData\Local\Temp\dllnt_dump.dll => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => invalid subkey removed.
HKLM\Software\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => invalid subkey removed.
HKLM\Software\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => invalid subkey removed.
HKLM\Software\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => invalid subkey removed.
HKLM\Software\Wow6432Node\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => invalid subkey removed.
HKLM\Software\Wow6432Node\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => invalid subkey removed.
HKLM\Software\Wow6432Node\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => not found
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => not found
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5B37FED0-E272-405D-AAB3-0D1A50F2495B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B37FED0-E272-405D-AAB3-0D1A50F2495B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
C:\WINDOWS\py.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\pyw.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\cdpreference.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\DelayAPO.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\DevManagerCore.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\LogiDPP.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\LogiDPPApp.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\lvco1380853.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\lvcod64.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\LVUI64.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\LVUIRC64.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\SET1CBA.tmp => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\SET4192.tmp => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\SET41B3.tmp => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\SET8A3.tmp => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\SETA106.tmp => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\SETABC9.tmp => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\SETC55B.tmp => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\SETC60B.tmp => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\SETC7CB.tmp => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\SETC86C.tmp => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\SETD3A1.tmp => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\SETD58A.tmp => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\SETD85B.tmp => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\SETD909.tmp => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\SETE3CC.tmp => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\SETEF5C.tmp => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\SETF00C.tmp => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\SETFB67.tmp => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\SETFB88.tmp => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\SETFC38.tmp => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\WmJoyFrc.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\DevManagerCore.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\LogiDPP.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\LogiDPPApp.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\lvcodec2.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\LVUI2.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\LVUI2RC.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\SET60B.tmp => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\SETAF2A.tmp => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\SETB24B.tmp => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\SETB50C.tmp => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\SETC717.tmp => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\SETD0D8.tmp => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\SETD195.tmp => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\SETD234.tmp => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\SETDE30.tmp => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\SETEBB6.tmp => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\SETF119.tmp => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\SETFD54.tmp => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\SETFFEE.tmp => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\WmJoyF32.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\amdacpksd.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\amdkmafd.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\htcnprot.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\lvrs64.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\lvuvc64.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\ScpVBus.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\SET588.tmp => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\SET599.tmp => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\SET9F8B.tmp => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\SETC529.tmp => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\SETC594.tmp => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\SETC6.tmp => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\SETD73E.tmp => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\SETEF2A.tmp => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\SETFB45.tmp => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\SETFEAF.tmp => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\WmBEnum.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\WmFilter.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\WmXlCore.sys => ":$CmdTcID" ADS removed successfully


The system needed a reboot.

==== End of Fixlog 18:39:25 ====
 
Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
Spybot Anti-Beacon
Java 8 Update 131
Java version 32-bit out of Date!
Adobe Flash Player 31.0.0.122
Mozilla Thunderbird (52.9.1)
Google Chrome (Npackd...)
Google Chrome (69.0.3497.100)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamtray.exe
Windows Defender MSASCuiL.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

Farbar Service Scanner Version: 27-01-2016
Ran by Drew (administrator) on 24-10-2018 at 19:43:23
Running from "C:\Users\Drew\Desktop"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv: "%systemroot%\system32\svchost.exe -k netsvcs -p".
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 
Update your Java version here: https://www.java.com/en/download/manual.jsp
Alternate download: https://www.filehippo.com/search?q=java

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

========================================

Your computer is clean
p3879546.jpg


1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download
51a5ce45263de-delfix.png
DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC) and AdwCleaner weekly (you need to redownload these tools since they were removed by DelFix).

7. (optional) If you want to keep all your programs up to date, download and install FileHippo App Manager.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

8. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

9. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

10. Please, let me know, how your computer is doing.
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
831
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back