TechSpot

SoftwareBundler:Win32/Stallmonitz Farbar FRST Log (Part 1)

By Polterdog
Oct 13, 2016
  1. Thank you for your warm welcome and help. They are both very much appreciated.

    Farbar has created two additional FRST and Addition logs without any action on my part. I will post them, consecutively, if you so request.


    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-10-2016
    Ran by Trevor (administrator) on TREVOR-PC (13-10-2016 21:19:41)
    Running from C:\Users\Trevor\Desktop
    Loaded Profiles: Trevor (Available Profiles: Trevor)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    () C:\Windows\SysWOW64\ASGT.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgfwsa.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
    () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    () C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
    () C:\Windows\Runservice.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Ransomware\MB3Service.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Alienware) C:\Program Files\Alienware\Alienware TactX Keyboard CI\txkbci.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Ransomware\mbarw.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    (SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Piriform Ltd) C:\Program Files (x86)\CCleaner\CCleaner64.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
    (Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
    (Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    (Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    ( Inc.) C:\Program Files\Alienware\Alienware TactX Mouse CI\AWMouseCI.exe
    (Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
    (Alienware) C:\Program Files\Alienware\Command Center\ThermalController.exe
    (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    (Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
    (Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
    (Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe
    (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
    (Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
    (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
    () C:\Program Files (x86)\Everything\Everything.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Comfort Software Group) C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
    (Intuit Inc.) C:\Program Files (x86)\Quicken\qw.exe
    (Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe


    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16407296 2015-11-06] (Realtek Semiconductor)
    HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
    HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
    HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1354712 2016-08-30] (Microsoft Corporation)
    HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [12656 2012-06-18] (Alienware)
    HKLM\...\Run: [Launch Keyboard CI] => C:\Program Files\Alienware\Alienware TactX Keyboard CI\txkbci.exe [3438088 2009-05-28] (Alienware)
    HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-04-22] (Logitech, Inc.)
    HKLM\...\Run: [Malwarebytes Anti-Ransomware] => C:\Program Files\Malwarebytes\Anti-Ransomware\mbarw.exe [722896 2016-08-26] (Malwarebytes)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [6718224 2016-08-26] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [218896 2016-09-13] (AVG Technologies CZ, s.r.o.)
    HKLM\...\RunOnce: [RealProtect] => C:\Program Files\McAfee\Real Protect\RealProtect.exe [6613872 2016-10-12] (McAfee Inc.)
    HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [559616 2013-09-09] (Dell)
    HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165184 2011-08-01] (Softthinks)
    Winlogon\Notify\!SASWinLogon: C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll [2009-09-03] (SUPERAntiSpyware.com)
    HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
    HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-08-31] (SUPERAntiSpyware)
    HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\...\Run: [CCleaner Monitoring] => C:\Program Files (x86)\CCleaner\CCleaner64.exe [8461224 2015-09-16] (Piriform Ltd)
    HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1163264 2015-03-30] (Ruiware LLC)
    HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation)
    ShellExecuteHooks-x32: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL [77824 2008-05-13] (SuperAdBlocker.com)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AWMouseCI.lnk [2016-09-01]
    ShortcutTarget: AWMouseCI.lnk -> C:\Program Files\Alienware\Alienware TactX Mouse CI\AWMouseCI.exe ( Inc.)
    BootExecute: autocheck autochk * sdnclean64.exe
    GroupPolicy: Restriction - Chrome <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
    Tcpip\..\Interfaces\{79904027-AA3E-4099-9322-97F672ACDDDC}: [DhcpNameServer] 192.168.2.1

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://outlook.live.com/owa/
    HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://support.alienware.com
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope value is missing
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
    BHO: LastPass Browser Helper Object -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPBar64.dll [2011-10-17] (LastPass)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
    BHO-x32: No Name -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> No File
    BHO-x32: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-11-01] (Oracle Corporation)
    BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> G:\Games\Arc\Plugins\ArcPluginIE.dll [2016-06-15] (Perfect World Entertainment Inc)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
    BHO-x32: LastPass Browser Helper Object -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPBar.dll [2011-10-17] (LastPass)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-11-01] (Oracle Corporation)
    Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll [2011-10-17] (LastPass)
    Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll [2011-10-17] (LastPass)
    DPF: HKLM {140E4DF8-9E14-4A34-9577-C77561ED7883} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
    DPF: HKLM-x32 {140E4DF8-9E14-4A34-9577-C77561ED7883}
    DPF: HKLM-x32 {3860DD98-0549-4D50-AA72-5D17D200EE10}
    DPF: HKLM-x32 {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2001-04-02] (Microsoft Corporation)
    Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2001-04-02] (Microsoft Corporation)
    Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2001-04-02] (Microsoft Corporation)
    Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2001-04-02] (Microsoft Corporation)
    Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2001-04-02] (Microsoft Corporation)
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
    Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2001-04-02] (Microsoft Corporation)
    Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2001-04-02] (Microsoft Corporation)

    FireFox:
    ========
    FF DefaultProfile: 7akasbd1.default-1367016688725
    FF ProfilePath: C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725 [2016-10-13]
    FF DefaultSearchEngine: Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725 -> Search Provided by Yahoo
    FF SelectedSearchEngine: Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725 -> Search Provided by Yahoo
    FF Homepage: Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725 -> hxxps://outlook.live.com/owa/?path=/mail/inbox
    FF Extension: (Adblock Plus Pop-up Addon) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725\Extensions\adblockpopups@jessehakanen.net.xpi [2016-04-27]
    FF Extension: (Add to Amazon Wish List Button) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725\Extensions\amznUWL2@amazon.com.xpi [2016-06-05]
    FF Extension: (Canadian English Dictionary) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725\Extensions\en-CA@dictionaries.addons.mozilla.org [2016-03-14]
    FF Extension: (Ghostery) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725\Extensions\firefox@ghostery.com.xpi [2016-08-11]
    FF Extension: (YouTube™ Enhancer Plus) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725\Extensions\firefoxaddon@youtubeenhancer.com.xpi [2016-08-12]
    FF Extension: (FlashStopper) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725\Extensions\flashstopper@byo.co.il.xpi [2016-09-26]
    FF Extension: (FoxyProxy Standard) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725\Extensions\foxyproxy@eric.h.jung [2016-08-31]
    FF Extension: (Webmail Ad Blocker) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725\Extensions\gmailnoads@mywebber.com.xpi [2015-09-18]
    FF Extension: (Image and Flash Blocker) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725\Extensions\imgflashblocker@shimon.chohen.xpi [2016-04-27]
    FF Extension: (Ad-blocker for Gmail) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725\Extensions\jid0-AocRXUCRsLTCYvn6bgJERnwfuqw@jetpack.xpi [2016-04-28]
    FF Extension: (Location Guard) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725\Extensions\jid1-HdwPLukcGQeOSh@jetpack.xpi [2016-10-09]
    FF Extension: (YouTube™ Downloader Plus) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725\Extensions\jid1-HfCj61J5q2gaGQ@jetpack.xpi [2015-12-12]
    FF Extension: (Outlook Web App Notifications) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725\Extensions\owa_notifications@mihai-chezan.github.com.xpi [2016-10-06]
    FF Extension: (YouTube Plus) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725\Extensions\particle@particlecore.github.io.xpi [2016-07-27]
    FF Extension: (Status-4-Evar) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725\Extensions\status4evar@caligonstudios.com.xpi [2016-10-12]
    FF Extension: (LastPass) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725\Extensions\support@lastpass.com [2016-03-11]
    FF Extension: (TinyURL Generator) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725\Extensions\tinyurl.addon@fast-chat.co.uk.xpi [2016-04-27]
    FF Extension: (Google Translator for Firefox) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725\Extensions\translator@zoli.bod.xpi [2016-04-27]
    FF Extension: (UnPlug) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725\Extensions\unplug@compunach.xpi [2015-12-21]
    FF Extension: (View as text) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725\Extensions\viewastext@john.tyree.xpi [2016-04-27]
    FF Extension: (1-Click YouTube Video Downloader) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2016-08-25]
    FF Extension: (Forecastfox) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2016-04-27]
    FF Extension: (Webutation) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725\Extensions\{15fe27f3-e5ab-2d59-4c5c-dadc7945bdbd}.xpi [2016-04-27]
    FF Extension: (Print Hint) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725\Extensions\{4ca88e02-7bbb-43fe-ae41-5103893fa10c}.xpi [2016-04-27]
    FF Extension: (Updated Ad Blocker for Firefox 11+) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725\Extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi [2016-04-28]
    FF Extension: (EPUBReader) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2016-08-17]
    FF Extension: (NoScript) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-08-09]
    FF Extension: (Adblock Plus) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
    FF Extension: (Clean Video) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725\Extensions\{d62bb6fa-7192-47fd-b640-ad8855c444f3}.xpi [2016-04-28]
    FF ProfilePath: C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\hkuihaap.Trevor [2016-10-13]
    FF Keyword.URL: Mozilla\Firefox\Profiles\hkuihaap.Trevor -> hxxp://ca.search.yahoo.com/search?fr=mcafee&p=
    FF NetworkProxy: Mozilla\Firefox\Profiles\hkuihaap.Trevor -> socks_remote_dns", true
    FF DefaultSearchEngineuser_pref("browser.search.defaultenginename","Google");: Mozilla\Firefox\Profiles\hkuihaap.Trevor -> user_pref("browser.search.defaultenginename","Google");
    FF SelectedSearchEngine: Mozilla\Firefox\Profiles\hkuihaap.Trevor -> Search Provided by Yahoo
    FF Extension: (Add to Amazon Wish List Button) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\hkuihaap.Trevor\Extensions\amznUWL2@amazon.com.xpi [2013-01-02] [not signed]
    FF Extension: (Canadian English Dictionary) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\hkuihaap.Trevor\Extensions\en-CA@dictionaries.addons.mozilla.org [2013-05-17] [not signed]
    FF Extension: (Tube Enhancer Plus) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\hkuihaap.Trevor\Extensions\firefoxaddon@youtubeenhancer.com [2013-05-17] [not signed]
    FF Extension: (FoxyProxy Standard) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\hkuihaap.Trevor\Extensions\foxyproxy@eric.h.jung [2013-05-17] [not signed]
    FF Extension: (Webmail Ad Blocker) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\hkuihaap.Trevor\Extensions\gmailnoads@mywebber.com.xpi [2012-09-26] [not signed]
    FF Extension: (Image and Flash Blocker) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\hkuihaap.Trevor\Extensions\imgflashblocker@shimon.chohen.xpi [2012-07-29] [not signed]
    FF Extension: (Status-4-Evar) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\hkuihaap.Trevor\Extensions\status4evar@caligonstudios.com.xpi [2013-02-18] [not signed]
    FF Extension: (LastPass) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\hkuihaap.Trevor\Extensions\support@lastpass.com [2013-05-17] [not signed]
    FF Extension: (TinyURL Generator) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\hkuihaap.Trevor\Extensions\tinyurl.addon@fast-chat.co.uk.xpi [2012-11-13] [not signed]
    FF Extension: (View as text) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\hkuihaap.Trevor\Extensions\viewastext@john.tyree.xpi [2012-09-30] [not signed]
    FF Extension: (YouTube Cinema Mode .) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\hkuihaap.Trevor\Extensions\youtube-cinemode@gmail.com.xpi [2013-04-18] [not signed]
    FF Extension: (Forecastfox) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\hkuihaap.Trevor\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2013-05-17] [not signed]
    FF Extension: (Updated Ad Blocker for Firefox 11+) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\hkuihaap.Trevor\Extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi [2012-07-31] [not signed]
    FF Extension: (EPUBReader) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\hkuihaap.Trevor\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2013-05-17] [not signed]
    FF Extension: (Adblock Plus) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\hkuihaap.Trevor\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-02-15] [not signed]
    FF Extension: (Youtube Hide Annotations) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\hkuihaap.Trevor\Extensions\{d62bb6fa-7192-47fd-b640-ad8855c444f3}.xpi [2013-04-18] [not signed]
    FF Extension: (DownThemAll!) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\hkuihaap.Trevor\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-04-06] [not signed]
    FF Extension: (No Name) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\onsugnew.default\extensions\gmailnoads@mywebber.com.xpi [not found]
    FF Extension: (No Name) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\onsugnew.default\extensions\tinyurl.addon@fast-chat.co.uk.xpi [not found]
    FF Extension: (No Name) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\onsugnew.default\extensions\viewastext@john.tyree.xpi [not found]
    FF Extension: (No Name) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\onsugnew.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [not found]
    FF Extension: (No Name) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\onsugnew.default\extensions\amznUWL2@amazon.com.xpi [not found]
    FF Extension: (No Name) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\onsugnew.default\extensions\status4evar@caligonstudios.com.xpi [not found]
    FF Extension: (No Name) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\onsugnew.default\extensions\foxyproxy@eric.h.jung [not found]
    FF Extension: (No Name) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\onsugnew.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [not found]
    FF Extension: (No Name) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\onsugnew.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [not found]
    FF Extension: (No Name) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\onsugnew.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Common Files\McAfee\SystemCore [not found]
    FF Extension: (No Name) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\onsugnew.default\extensions\{d62bb6fa-7192-47fd-b640-ad8855c444f3}.xpi [not found]
    FF Extension: (No Name) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\onsugnew.default\extensions\youtube-cinemode@gmail.com.xpi [not found]
    FF Extension: (No Name) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\onsugnew.default\extensions\firefoxaddon@youtubeenhancer.com [not found]
    FF Extension: (No Name) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\onsugnew.default\extensions\support@lastpass.com [not found]
    FF SearchPlugin: C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\hkuihaap.Trevor\searchplugins\startpage-https---uk.xml [2013-05-05]
    FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2016-08-23] [not signed]
    FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-08-23] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => not found
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2013-10-02]
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [No File]
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [No File]
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-04-08] ()
    FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-11-01] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-11-01] (Oracle Corporation)
    FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll [No File]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-08-11] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-08-11] (NVIDIA Corporation)
    FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> G:\Games\Arc\Plugins\npArcPluginFF.dll [2016-06-15] (Perfect World Entertainment Inc)
    FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll [2013-03-18] (Sony Corporation)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-1645592776-1552282287-2170224798-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Trevor\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [No File]
    FF Plugin HKU\S-1-5-21-1645592776-1552282287-2170224798-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Trevor\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [No File]
    FF Plugin HKU\S-1-5-21-1645592776-1552282287-2170224798-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-11-17] (The Happy Cloud)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npLegitCheckPlugin.dll [2009-06-25] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2008-10-24] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - C:\Program Files (x86)\LastPass\lpchrome.crx [2011-10-17]
    StartMenuInternet: Google Chrome - C:\Users\Trevor\AppData\Local\Google\Chrome\Application\chrome.exe

    Opera:
    =======
    OPR Extension: (LastPass) - C:\Users\Trevor\AppData\Roaming\Opera Software\Opera Stable\Extensions\hnjalnkldgigidggphhmacmimbdlafdo [2013-10-27]
    OPR Extension: (Adblock Plus) - C:\Users\Trevor\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2013-10-27]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-12] (SUPERAntiSpyware.com)
    S3 ArcService; G:\Games\Arc\ArcService.exe [88024 2016-06-15] (Perfect World Entertainment Inc)
    R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [48640 2015-05-29] () [File not signed]
    S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [674552 2016-08-26] (AVG Technologies CZ, s.r.o.)
    R2 avgfws; C:\Program Files (x86)\AVG\Av\avgfwsa.exe [2048920 2016-08-26] (AVG Technologies CZ, s.r.o.)
    R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5285344 2016-08-26] (AVG Technologies CZ, s.r.o.)
    R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1149712 2016-09-13] (AVG Technologies CZ, s.r.o.)
    R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [760024 2016-08-26] (AVG Technologies CZ, s.r.o.)
    S3 BRSptSvc; C:\programdata\bitraider\BRSptSvc.exe [915736 2013-06-10] (BitRaider, LLC)
    S2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [65640 2015-11-05] (CyberGhost S.R.L)
    R2 DAZContentManagementService; C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [22528 2011-05-05] () [File not signed]
    R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-03-10] (Dell Inc.)
    R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-03-10] (Dell Inc.)
    S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [130976 2011-08-15] (Futuremark Corporation)
    S3 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [246328 2016-05-21] (GOG.com)
    S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6167096 2016-05-21] (GOG.com)
    S4 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-02-13] (SurfRight B.V.)
    R2 LicCtrlService; C:\Windows\runservice.exe [2560 2010-03-05] () [File not signed]
    S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-01-14] (IObit)
    R2 MB3Service; C:\Program Files\Malwarebytes\Anti-Ransomware\MB3Service.exe [3291088 2016-08-26] (Malwarebytes)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
    R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [120888 2016-08-30] (Microsoft Corporation)
    R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-08-30] (Microsoft Corporation)
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
    S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
    S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
    S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2016-02-08] (Electronic Arts)
    R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
    S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2013-02-15] (Sony Corporation) [File not signed]
    R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-04-22] (Dell Inc.)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    S2 XTUService; C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe [30944 2009-07-27] (Intel Corporation)
    S2 HOSTS Anti-PUPs; C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -update [X]

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
    R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [73480 2016-06-06] (AVG Technologies CZ, s.r.o.)
    R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [310016 2016-08-23] (AVG Technologies CZ, s.r.o.)
    R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272640 2016-07-27] (AVG Technologies CZ, s.r.o.)
    R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [260352 2016-06-01] (AVG Technologies CZ, s.r.o.)
    R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
    R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [262400 2016-08-02] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
    R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [299264 2016-07-27] (AVG Technologies CZ, s.r.o.)
    R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-10-02] (AVG Technologies)
    R0 avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)
    R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [200448 2016-04-15] (Broadcom Corporation.)
    S3 BRDriver64; C:\programdata\bitraider\BRDriver64.sys [75048 2013-06-10] (BitRaider)
    R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [32464 2015-09-11] (Dell Computer Corporation)
    R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
    S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-09-08] (REALiX(tm))
    R0 MB3SwissArmy; C:\Windows\System32\drivers\MB3SwissArmy.sys [228800 2016-10-12] (Malwarebytes)
    R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [140672 2016-03-10] (Malwarebytes)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-10-13] (Malwarebytes)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
    R3 mio; C:\Windows\System32\DRIVERS\mio.sys [7680 2011-05-04] (Dell/Alienware)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
    S2 mrtRate; C:\Windows\SysWow64\Drivers\mrtRate.sys [34916 1999-08-12] (Marimba, Inc.)
    R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
    S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
    S3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [27136 2015-01-26] (The OpenVPN Project)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 SASENUM; E:\Program Files\SUPERAntiSpyware\SASENUM.SYS [12872 2010-02-18] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [28400 2016-03-30] () [File not signed]
    R0 SI3132; C:\Windows\System32\DRIVERS\SI3132.sys [90664 2009-07-29] (Silicon Image, Inc)
    R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [22056 2009-07-29] (Silicon Image, Inc)
    R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [17448 2009-07-29] (Silicon Image, Inc)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-10-12] ()
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 cpuz130; \??\C:\Users\Trevor\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]
    S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
    R4 IOMap; \??\C:\Windows\system32\drivers\IOMap64.sys [X]
    S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
    S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
    S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
    S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
    S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
    S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
  2. Polterdog

    Polterdog TS Rookie Topic Starter Posts: 31

    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-10-13 21:19 - 2016-10-13 21:20 - 00039991 _____ C:\Users\Trevor\Desktop\FRST.txt

    2016-10-13 21:19 - 2016-10-13 21:19 - 00000000 ____D C:\FRST

    2016-10-13 21:18 - 2016-10-13 21:18 - 02406912 _____ (Farbar) C:\Users\Trevor\Desktop\FRST64.exe

    2016-10-13 15:43 - 2016-10-13 15:43 - 00000006 _____ C:\Users\Trevor\Desktop\BMO Payment Code.txt

    2016-10-12 23:11 - 2016-10-12 23:11 - 05588495 _____ C:\Users\Trevor\Desktop\Sobeys Flyer.pdf

    2016-10-12 22:35 - 2016-10-12 23:05 - 00000000 ____D C:\Users\Trevor\Desktop\Old Dragon Age Launch

    2016-10-12 19:38 - 2016-07-22 10:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe

    2016-10-12 19:38 - 2016-07-22 10:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe

    2016-10-12 19:24 - 2016-10-12 19:26 - 00000000 ____D C:\Users\Trevor\AppData\Roaming\WinPatrol

    2016-10-12 19:18 - 2016-10-12 19:18 - 00001751 _____ C:\Users\Trevor\Desktop\RevoUninPro.lnk

    2016-10-12 18:45 - 2016-10-12 20:51 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware

    2016-10-12 18:44 - 2016-10-12 18:44 - 00001110 _____ C:\Users\Trevor\Desktop\FixExec.txt

    2016-10-12 18:43 - 2016-10-12 18:43 - 00003658 _____ C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon

    2016-10-12 18:43 - 2016-10-12 18:43 - 00002165 _____ C:\Users\Trevor\Desktop\Tweaking.com - Windows Repair.lnk

    2016-10-12 18:42 - 2016-10-12 18:43 - 00188523 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt

    2016-10-12 18:42 - 2016-10-12 18:42 - 00001014 _____ C:\Users\Trevor\Desktop\NTREGOPT.lnk

    2016-10-12 18:42 - 2016-10-12 18:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NT Registry Optimizer

    2016-10-12 18:42 - 2016-10-12 18:42 - 00000000 ____D C:\Program Files (x86)\NT Registry Optimizer

    2016-10-12 18:32 - 2016-10-13 17:12 - 00001947 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Ransomware.lnk

    2016-10-12 18:32 - 2016-10-12 19:26 - 00228800 _____ (Malwarebytes) C:\Windows\system32\Drivers\MB3SwissArmy.sys

    2016-10-12 18:32 - 2016-10-12 19:25 - 00091072 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys

    2016-10-12 18:32 - 2016-10-12 18:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Ransomware

    2016-10-12 18:31 - 2016-10-12 18:32 - 00000000 ____D C:\ProgramData\MalwarebytesARW

    2016-10-12 18:31 - 2016-10-12 18:31 - 00000000 ____D C:\Program Files\Malwarebytes

    2016-10-12 18:30 - 2016-10-12 18:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com

    2016-10-12 18:30 - 2016-10-12 18:43 - 00000000 ____D C:\Program Files (x86)\Tweaking.com

    2016-10-12 18:30 - 2016-10-12 18:30 - 00002109 _____ C:\Users\Trevor\Desktop\Tweaking.com - Hardware Identify.lnk

    2016-10-12 18:26 - 2016-10-12 18:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol

    2016-10-12 18:26 - 2016-10-12 18:26 - 00000000 ____D C:\ProgramData\InstallMate

    2016-10-12 18:26 - 2016-10-12 18:26 - 00000000 ____D C:\Program Files (x86)\Ruiware

    2016-10-12 16:14 - 2016-10-12 16:14 - 00000112 ___RH C:\Users\Trevor\Desktop\Stinger.opt

    2016-10-12 16:03 - 2016-10-12 16:03 - 00000000 ____D C:\Quarantine

    2016-10-12 15:59 - 2016-10-12 16:14 - 00000000 ____D C:\Program Files (x86)\stinger

    2016-10-12 15:59 - 2016-10-12 16:03 - 00000992 _____ C:\Users\Trevor\Desktop\Stinger_12102016_155956.html

    2016-10-12 15:59 - 2016-10-12 15:59 - 00000000 ____D C:\Program Files\McAfee

    2016-10-12 12:56 - 2016-09-30 16:13 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

    2016-10-12 12:56 - 2016-09-30 15:28 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

    2016-10-12 12:56 - 2016-09-30 11:37 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

    2016-10-12 12:56 - 2016-09-30 11:20 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

    2016-10-12 12:56 - 2016-09-30 11:20 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

    2016-10-12 12:56 - 2016-09-30 03:55 - 25765376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

    2016-10-12 12:56 - 2016-09-30 02:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

    2016-10-12 12:56 - 2016-09-30 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

    2016-10-12 12:56 - 2016-09-30 02:26 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

    2016-10-12 12:56 - 2016-09-30 02:25 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

    2016-10-12 12:56 - 2016-09-30 02:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

    2016-10-12 12:56 - 2016-09-30 02:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

    2016-10-12 12:56 - 2016-09-30 02:25 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

    2016-10-12 12:56 - 2016-09-30 02:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

    2016-10-12 12:56 - 2016-09-30 02:18 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

    2016-10-12 12:56 - 2016-09-30 02:17 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

    2016-10-12 12:56 - 2016-09-30 02:14 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

    2016-10-12 12:56 - 2016-09-30 02:13 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

    2016-10-12 12:56 - 2016-09-30 02:13 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

    2016-10-12 12:56 - 2016-09-30 02:12 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

    2016-10-12 12:56 - 2016-09-30 02:12 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

    2016-10-12 12:56 - 2016-09-30 02:09 - 06048256 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

    2016-10-12 12:56 - 2016-09-30 02:05 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

    2016-10-12 12:56 - 2016-09-30 02:02 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

    2016-10-12 12:56 - 2016-09-30 01:55 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

    2016-10-12 12:56 - 2016-09-30 01:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

    2016-10-12 12:56 - 2016-09-30 01:54 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll

    2016-10-12 12:56 - 2016-09-30 01:51 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

    2016-10-12 12:56 - 2016-09-30 01:50 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

    2016-10-12 12:56 - 2016-09-30 01:47 - 20306944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

    2016-10-12 12:56 - 2016-09-30 01:47 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

    2016-10-12 12:56 - 2016-09-30 01:46 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

    2016-10-12 12:56 - 2016-09-30 01:42 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

    2016-10-12 12:56 - 2016-09-30 01:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

    2016-10-12 12:56 - 2016-09-30 01:42 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

    2016-10-12 12:56 - 2016-09-30 01:42 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

    2016-10-12 12:56 - 2016-09-30 01:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

    2016-10-12 12:56 - 2016-09-30 01:38 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

    2016-10-12 12:56 - 2016-09-30 01:36 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

    2016-10-12 12:56 - 2016-09-30 01:35 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

    2016-10-12 12:56 - 2016-09-30 01:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

    2016-10-12 12:56 - 2016-09-30 01:33 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

    2016-10-12 12:56 - 2016-09-30 01:33 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

    2016-10-12 12:56 - 2016-09-30 01:32 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

    2016-10-12 12:56 - 2016-09-30 01:32 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

    2016-10-12 12:56 - 2016-09-30 01:32 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

    2016-10-12 12:56 - 2016-09-30 01:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

    2016-10-12 12:56 - 2016-09-30 01:31 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

    2016-10-12 12:56 - 2016-09-30 01:31 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

    2016-10-12 12:56 - 2016-09-30 01:24 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

    2016-10-12 12:56 - 2016-09-30 01:21 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

    2016-10-12 12:56 - 2016-09-30 01:19 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll

    2016-10-12 12:56 - 2016-09-30 01:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

    2016-10-12 12:56 - 2016-09-30 01:17 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

    2016-10-12 12:56 - 2016-09-30 01:17 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

    2016-10-12 12:56 - 2016-09-30 01:15 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

    2016-10-12 12:56 - 2016-09-30 01:14 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

    2016-10-12 12:56 - 2016-09-30 01:13 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

    2016-10-12 12:56 - 2016-09-30 01:12 - 04608512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

    2016-10-12 12:56 - 2016-09-30 01:07 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

    2016-10-12 12:56 - 2016-09-30 01:05 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

    2016-10-12 12:56 - 2016-09-30 01:05 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

    2016-10-12 12:56 - 2016-09-30 01:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

    2016-10-12 12:56 - 2016-09-30 01:05 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

    2016-10-12 12:56 - 2016-09-30 01:03 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

    2016-10-12 12:56 - 2016-09-30 00:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

    2016-10-12 12:56 - 2016-09-30 00:46 - 02444288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

    2016-10-12 12:56 - 2016-09-30 00:43 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

    2016-10-12 12:56 - 2016-09-30 00:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

    2016-10-12 12:56 - 2016-09-12 17:13 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

    2016-10-12 12:56 - 2016-09-12 17:08 - 01465344 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

    2016-10-12 12:56 - 2016-09-12 17:08 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

    2016-10-12 12:56 - 2016-09-12 17:08 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

    2016-10-12 12:56 - 2016-09-12 17:08 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

    2016-10-12 12:56 - 2016-09-12 17:08 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll

    2016-10-12 12:56 - 2016-09-12 17:08 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

    2016-10-12 12:56 - 2016-09-12 17:08 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

    2016-10-12 12:56 - 2016-09-12 17:08 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

    2016-10-12 12:56 - 2016-09-12 17:08 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll

    2016-10-12 12:56 - 2016-09-12 16:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

    2016-10-12 12:56 - 2016-09-12 16:49 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

    2016-10-12 12:56 - 2016-09-12 16:49 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

    2016-10-12 12:56 - 2016-09-12 16:49 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

    2016-10-12 12:56 - 2016-09-12 16:49 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

    2016-10-12 12:56 - 2016-09-12 16:49 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll

    2016-10-12 12:56 - 2016-09-12 16:37 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

    2016-10-12 12:56 - 2016-09-12 16:32 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys

    2016-10-12 12:56 - 2016-09-12 16:32 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys

    2016-10-12 12:56 - 2016-09-12 16:32 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys

    2016-10-12 12:56 - 2016-09-12 15:08 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

    2016-10-12 12:56 - 2016-09-12 14:43 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

    2016-10-12 12:56 - 2016-09-12 14:43 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll

    2016-10-12 12:56 - 2016-09-10 12:19 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll

    2016-10-12 12:56 - 2016-09-10 11:53 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll

    2016-10-12 12:56 - 2016-09-09 14:29 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi

    2016-10-12 12:56 - 2016-09-09 14:26 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi

    2016-10-12 12:56 - 2016-09-09 14:23 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

    2016-10-12 12:56 - 2016-09-09 14:20 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

    2016-10-12 12:56 - 2016-09-09 14:20 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

    2016-10-12 12:56 - 2016-09-09 14:20 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

    2016-10-12 12:56 - 2016-09-09 14:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

    2016-10-12 12:56 - 2016-09-09 14:01 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

    2016-10-12 12:56 - 2016-09-09 13:59 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll

    2016-10-12 12:56 - 2016-09-09 13:51 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe

    2016-10-12 12:56 - 2016-08-12 13:02 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll

    2016-10-12 12:56 - 2016-08-12 13:02 - 12574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL

    2016-10-12 12:56 - 2016-08-12 12:47 - 12574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL

    2016-10-12 12:56 - 2016-08-12 12:47 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll

    2016-10-12 12:56 - 2016-08-12 12:26 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll

    2016-10-12 12:56 - 2016-08-06 11:31 - 02023424 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll

    2016-10-12 12:56 - 2016-08-06 11:31 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll

    2016-10-12 12:56 - 2016-08-06 11:31 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll

    2016-10-12 12:56 - 2016-08-06 11:31 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll

    2016-10-12 12:56 - 2016-08-06 11:15 - 01178112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll

    2016-10-12 12:56 - 2016-08-06 11:15 - 00249344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll

    2016-10-12 12:56 - 2016-08-06 11:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll

    2016-10-12 12:56 - 2016-08-06 11:15 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll

    2016-10-12 12:56 - 2016-08-06 11:01 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe

    2016-10-12 12:56 - 2016-08-06 10:53 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe

    2016-10-12 12:56 - 2016-06-14 13:21 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys

    2016-10-12 12:56 - 2016-06-14 13:16 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

    2016-10-12 12:56 - 2016-06-14 13:16 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll

    2016-10-12 12:56 - 2016-06-14 13:16 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll

    2016-10-12 12:56 - 2016-06-14 13:16 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll

    2016-10-12 12:56 - 2016-06-14 13:16 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll

    2016-10-12 12:56 - 2016-06-14 13:16 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll

    2016-10-12 12:56 - 2016-06-14 13:16 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll

    2016-10-12 12:56 - 2016-06-14 13:16 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll

    2016-10-12 12:56 - 2016-06-14 13:16 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll

    2016-10-12 12:56 - 2016-06-14 13:16 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll

    2016-10-12 12:56 - 2016-06-14 13:16 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll

    2016-10-12 12:56 - 2016-06-14 13:16 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll

    2016-10-12 12:56 - 2016-06-14 13:16 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll

    2016-10-12 12:56 - 2016-06-14 13:16 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll

    2016-10-12 12:56 - 2016-06-14 13:16 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll

    2016-10-12 12:56 - 2016-06-14 13:16 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll

    2016-10-12 12:56 - 2016-06-14 13:11 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys

    2016-10-12 12:56 - 2016-06-14 11:21 - 03209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll

    2016-10-12 12:56 - 2016-06-14 11:21 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll

    2016-10-12 12:56 - 2016-06-14 11:21 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll

    2016-10-12 12:56 - 2016-06-14 11:21 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll

    2016-10-12 12:56 - 2016-06-14 11:21 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll

    2016-10-12 12:56 - 2016-06-14 11:21 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll

    2016-10-12 12:56 - 2016-06-14 11:21 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll

    2016-10-12 12:56 - 2016-06-14 11:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll

    2016-10-12 12:56 - 2016-06-14 11:21 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll

    2016-10-12 12:56 - 2016-06-14 11:21 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll

    2016-10-12 12:56 - 2016-06-14 11:21 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll

    2016-10-12 12:56 - 2016-06-14 11:21 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll

    2016-10-12 12:56 - 2016-06-14 11:21 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll

    2016-10-12 12:56 - 2016-06-14 11:15 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe

    2016-10-12 12:55 - 2016-09-15 11:30 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll

    2016-10-12 12:55 - 2016-09-15 11:30 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll

    2016-10-12 12:55 - 2016-09-15 11:15 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll

    2016-10-12 12:55 - 2016-09-15 11:15 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll

    2016-10-12 12:55 - 2016-09-12 17:13 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

    2016-10-12 12:55 - 2016-09-12 17:08 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

    2016-10-12 12:55 - 2016-09-12 17:08 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

    2016-10-12 12:55 - 2016-09-12 17:08 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

    2016-10-12 12:55 - 2016-09-12 17:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll

    2016-10-12 12:55 - 2016-09-12 17:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

    2016-10-12 12:55 - 2016-09-12 17:08 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

    2016-10-12 12:55 - 2016-09-12 17:08 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll

    2016-10-12 12:55 - 2016-09-12 17:08 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

    2016-10-12 12:55 - 2016-09-12 17:08 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

    2016-10-12 12:55 - 2016-09-12 17:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

    2016-10-12 12:55 - 2016-09-12 16:49 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll

    2016-10-12 12:55 - 2016-09-12 16:49 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

    2016-10-12 12:55 - 2016-09-12 16:49 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

    2016-10-12 12:55 - 2016-09-12 16:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

    2016-10-12 12:55 - 2016-09-12 16:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

    2016-10-12 12:55 - 2016-09-12 16:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll

    2016-10-12 12:55 - 2016-09-12 16:49 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

    2016-10-12 12:55 - 2016-09-12 16:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll

    2016-10-12 12:55 - 2016-09-12 16:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

    2016-10-12 12:55 - 2016-09-12 16:49 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

    2016-10-12 12:55 - 2016-09-12 16:39 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

    2016-10-12 12:55 - 2016-09-12 16:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

    2016-10-12 12:55 - 2016-09-12 16:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe

    2016-10-12 12:55 - 2016-09-12 16:25 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll

    2016-10-12 12:55 - 2016-09-09 14:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

    2016-10-12 12:55 - 2016-09-09 14:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

    2016-10-12 12:55 - 2016-09-09 14:20 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll

    2016-10-12 12:55 - 2016-09-09 14:20 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll

    2016-10-12 12:55 - 2016-09-09 14:20 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll

    2016-10-12 12:55 - 2016-09-09 14:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

    2016-10-12 12:55 - 2016-09-09 14:20 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

    2016-10-12 12:55 - 2016-09-09 14:20 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll

    2016-10-12 12:55 - 2016-09-09 14:20 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

    2016-10-12 12:55 - 2016-09-09 14:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

    2016-10-12 12:55 - 2016-09-09 14:20 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
     
    Last edited: Oct 13, 2016
  3. Polterdog

    Polterdog TS Rookie Topic Starter Posts: 31

    2016-10-12 12:55 - 2016-09-09 14:20 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 14:00 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2016-10-12 12:55 - 2016-09-09 14:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2016-10-12 12:55 - 2016-09-09 14:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2016-10-12 12:55 - 2016-09-09 14:00 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2016-10-12 12:55 - 2016-09-09 13:59 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2016-10-12 12:55 - 2016-09-09 13:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2016-10-12 12:55 - 2016-09-09 13:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 13:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 13:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2016-10-12 12:55 - 2016-09-09 13:51 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2016-10-12 12:55 - 2016-09-09 13:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2016-10-12 12:55 - 2016-09-09 13:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2016-10-12 12:55 - 2016-09-09 13:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2016-10-12 12:55 - 2016-09-09 13:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2016-10-12 12:55 - 2016-09-09 13:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2016-10-12 12:55 - 2016-09-09 13:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2016-10-12 12:55 - 2016-09-09 13:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2016-10-12 12:55 - 2016-09-09 13:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 13:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-08 16:34 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
    2016-10-12 12:55 - 2016-09-08 16:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
    2016-10-12 12:55 - 2016-09-08 16:34 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
    2016-10-12 12:55 - 2016-09-08 16:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
    2016-10-12 12:55 - 2016-09-08 10:55 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2016-10-12 12:55 - 2016-09-08 10:55 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
    2016-10-12 12:55 - 2016-08-12 13:02 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
    2016-10-12 12:55 - 2016-08-12 13:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
    2016-10-12 12:55 - 2016-08-12 13:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
    2016-10-12 12:55 - 2016-08-12 12:31 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
    2016-10-12 12:55 - 2016-08-12 12:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
    2016-10-12 12:55 - 2016-08-12 12:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
    2016-10-12 12:55 - 2016-08-06 11:31 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
    2016-10-12 12:55 - 2016-08-06 11:31 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
    2016-10-12 12:55 - 2016-08-06 11:15 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
    2016-10-12 12:55 - 2016-08-06 11:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
    2016-10-12 12:55 - 2016-08-06 10:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
    2016-10-12 12:55 - 2016-08-06 10:53 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
    2016-10-12 12:55 - 2016-06-14 13:16 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2016-10-12 12:55 - 2016-06-14 13:16 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
    2016-10-12 12:55 - 2016-06-14 13:16 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
    2016-10-12 12:55 - 2016-06-14 13:16 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
    2016-10-12 12:55 - 2016-06-14 13:16 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
    2016-10-12 12:55 - 2016-06-14 13:16 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
    2016-10-12 12:55 - 2016-06-14 13:16 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
    2016-10-12 12:55 - 2016-06-14 13:16 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
    2016-10-12 12:55 - 2016-06-14 13:16 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
    2016-10-12 12:55 - 2016-06-14 13:16 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
    2016-10-12 12:55 - 2016-06-14 13:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
    2016-10-12 12:55 - 2016-06-14 13:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
    2016-10-12 12:55 - 2016-06-14 11:21 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2016-10-12 12:55 - 2016-06-14 11:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
    2016-10-12 12:55 - 2016-06-14 11:21 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
    2016-10-12 12:55 - 2016-06-14 11:21 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2016-10-12 12:55 - 2016-06-14 11:21 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2016-10-12 12:55 - 2016-06-14 11:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2016-10-12 12:55 - 2016-06-14 11:21 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
    2016-10-12 12:55 - 2016-06-14 11:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
    2016-10-12 12:55 - 2016-06-14 11:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
    2016-10-12 12:55 - 2016-06-14 11:15 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
    2016-10-12 12:55 - 2016-06-14 11:15 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
    2016-10-12 12:55 - 2016-06-14 11:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
    2016-10-12 12:55 - 2016-06-14 11:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
    2016-10-12 12:55 - 2016-06-14 11:00 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
    2016-10-12 12:55 - 2016-06-14 11:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
    2016-10-12 12:53 - 2016-08-16 16:40 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
    2016-10-12 12:53 - 2016-08-16 16:40 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
    2016-10-12 12:53 - 2016-08-16 16:40 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
    2016-10-12 12:53 - 2016-08-16 16:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
    2016-10-12 12:53 - 2016-08-16 16:40 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
    2016-10-12 12:53 - 2016-08-16 16:40 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
    2016-10-12 12:53 - 2016-08-16 16:40 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
    2016-10-12 12:53 - 2016-08-05 11:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2016-10-12 12:53 - 2016-08-05 11:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2016-10-12 12:49 - 2016-09-12 17:17 - 00077032 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
    2016-10-12 12:49 - 2016-09-12 17:08 - 01226752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2016-10-12 12:49 - 2016-09-09 11:54 - 01629184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2016-10-12 12:49 - 2016-09-09 11:54 - 00586752 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2016-10-12 12:49 - 2016-09-09 11:54 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2016-10-12 12:49 - 2016-09-09 11:54 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2016-10-12 12:49 - 2016-09-09 11:54 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
    2016-10-12 12:49 - 2016-09-09 11:54 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2016-10-12 12:49 - 2016-09-09 11:54 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2016-10-12 12:49 - 2016-08-16 13:36 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
    2016-10-12 12:49 - 2016-08-15 22:48 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
    2016-10-12 12:49 - 2016-08-12 12:26 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
    2016-10-12 12:49 - 2016-08-12 12:26 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
    2016-10-12 12:49 - 2016-08-12 12:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
    2016-10-12 12:40 - 2016-08-29 11:31 - 14183424 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2016-10-12 12:40 - 2016-08-29 11:31 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2016-10-12 12:40 - 2016-08-29 11:31 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
    2016-10-12 12:40 - 2016-08-29 11:12 - 12880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2016-10-12 12:40 - 2016-08-29 11:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2016-10-12 12:40 - 2016-08-29 11:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
    2016-10-12 12:40 - 2016-08-29 11:04 - 03229696 _____ (Microsoft Corporation) C:\Windows\explorer.exe
    2016-10-12 12:40 - 2016-08-29 10:55 - 02972672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
    2016-10-12 12:40 - 2016-08-06 11:31 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2016-10-12 12:40 - 2016-08-06 11:15 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
    2016-10-12 10:23 - 2016-10-13 16:26 - 00000740 _____ C:\Users\Trevor\Desktop\TechSpot Post.txt
    2016-10-12 09:49 - 2016-10-12 09:49 - 00005778 _____ C:\Users\Trevor\Desktop\JRT Report.txt
    2016-10-12 09:14 - 2016-10-12 09:14 - 00005778 _____ C:\Users\Trevor\Desktop\JRT.txt
    2016-10-12 09:07 - 2016-10-12 09:07 - 00008869 _____ C:\Users\Trevor\Desktop\AdwCleaner[S3].txt
    2016-10-12 08:24 - 2016-10-12 08:24 - 00001086 _____ C:\Malware Antibytes Log (Safe Mode).txt
    2016-10-12 01:28 - 2016-10-12 01:28 - 00017280 _____ C:\Users\Trevor\Desktop\rk_4F67.tmp (Safe Mode).txt
    2016-10-12 00:52 - 2016-10-12 07:59 - 02534020 _____ C:\Windows\ntbtlog.txt
    2016-10-12 00:26 - 2016-10-12 00:26 - 00000000 ___HD C:\OneDriveTemp
    2016-10-12 00:04 - 2016-10-12 00:04 - 00367815 _____ C:\Users\Trevor\Desktop\Possible threat, just removed SoftwareBundler Win32_Stallmonitz - TechSpot Forums.htm
    2016-10-12 00:04 - 2016-10-12 00:04 - 00000000 ____D C:\Users\Trevor\Desktop\Possible threat, just removed SoftwareBundler Win32_Stallmonitz - TechSpot Forums_files
    2016-10-12 00:01 - 2016-10-12 00:01 - 00082164 _____ C:\Users\Trevor\Desktop\error messages preventing the removal of virus in Microsoft Security Essentials.htm
    2016-10-12 00:01 - 2016-10-12 00:01 - 00000000 ____D C:\Users\Trevor\Desktop\error messages preventing the removal of virus in Microsoft Security Essentials_files
    2016-10-11 23:53 - 2016-10-12 00:56 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
    2016-10-11 23:52 - 2016-10-12 00:07 - 00000000 ____D C:\ProgramData\RogueKiller
    2016-10-11 23:52 - 2016-10-12 00:04 - 00001017 _____ C:\Users\Public\Desktop\RogueKiller.lnk
    2016-10-11 23:52 - 2016-10-11 23:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
    2016-10-11 23:52 - 2016-10-11 23:52 - 00000000 ____D C:\Program Files\RogueKiller
    2016-10-11 19:40 - 2016-10-12 13:45 - 00000737 _____ C:\Users\Trevor\Desktop\New Passwords.txt
    2016-10-11 12:55 - 2016-10-11 12:55 - 00043596 _____ C:\ComboFix.txt
    2016-10-11 12:29 - 2016-10-12 00:08 - 00000000 ____D C:\ComboFix
    2016-10-11 12:29 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
    2016-10-11 12:29 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
    2016-10-11 12:29 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2016-10-11 12:29 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2016-10-11 12:29 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2016-10-11 12:29 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
    2016-10-11 12:29 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
    2016-10-11 12:29 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
    2016-10-11 12:23 - 2016-10-11 12:55 - 00000000 ____D C:\Qoobox
    2016-10-11 12:23 - 2016-10-11 12:52 - 00000000 ____D C:\Windows\erdnt
    2016-10-11 12:23 - 2016-10-11 12:23 - 00016712 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP113.SYS
    2016-10-11 00:37 - 2016-10-11 00:37 - 00077032 _____ C:\Users\Trevor\Desktop\8 Things You Must Do Before Reformatting Your PC.htm
    2016-10-11 00:37 - 2016-10-11 00:37 - 00000000 ____D C:\Users\Trevor\Desktop\8 Things You Must Do Before Reformatting Your PC_files
    2016-10-11 00:31 - 2016-10-11 00:31 - 01631928 _____ (Malwarebytes) C:\Users\Trevor\Desktop\Junk Removal Tool.exe
    2016-10-11 00:28 - 2016-10-11 00:28 - 00448512 _____ (OldTimer Tools) C:\Users\Trevor\Desktop\Temporary File Cleaner.exe
    2016-10-11 00:23 - 2016-10-11 00:23 - 04257344 _____ (Reason Software Company Inc.) C:\Users\Trevor\Desktop\reason-core-security-setup.exe
    2016-10-11 00:14 - 2016-10-11 00:14 - 16370544 _____ (McAfee Inc) C:\Users\Trevor\Desktop\Stinger 32.exe
    2016-10-11 00:09 - 2016-10-11 00:09 - 05659993 ____R (Swearware) C:\Users\Trevor\Desktop\ComboFix.exe
    2016-10-10 14:57 - 2016-10-10 15:01 - 138915096 _____ (Microsoft Corporation) C:\Users\Trevor\Desktop\Microsoft Security Response Tool.exe
    2016-10-10 08:03 - 2016-10-10 23:53 - 00002738 _____ C:\Users\Trevor\Desktop\Rkill.txt
    2016-10-10 06:19 - 2016-10-10 06:19 - 00041314 _____ C:\Users\Trevor\Desktop\How to Hide Your IP Address - 3 Easy Ways.htm
    2016-10-10 06:19 - 2016-10-10 06:19 - 00000000 ____D C:\Users\Trevor\Desktop\How to Hide Your IP Address - 3 Easy Ways_files
    2016-10-09 14:02 - 2016-10-09 14:02 - 00056859 _____ C:\Users\Trevor\Desktop\3 Ways to Get Rid of Viruses, Spyware and Malware.htm
    2016-10-09 14:02 - 2016-10-09 14:02 - 00000000 ____D C:\Users\Trevor\Desktop\3 Ways to Get Rid of Viruses, Spyware and Malware_files
    2016-10-09 14:00 - 2016-10-09 14:00 - 00000076 _____ C:\Users\Trevor\Desktop\Backup EA E-mail Codes.txt
    2016-10-09 12:51 - 2016-10-09 12:51 - 00000076 _____ C:\Users\Trevor\Desktop\Backup E-mail Codes.txt
    2016-10-08 19:56 - 2016-10-08 19:56 - 00071264 _____ C:\Users\Trevor\Desktop\Install & Setup (RU) _ BDFoundry.htm
    2016-10-08 19:56 - 2016-10-08 19:56 - 00000000 ____D C:\Users\Trevor\Desktop\Install & Setup (RU) _ BDFoundry_files
    2016-10-08 17:06 - 2016-10-08 17:06 - 00000000 ____D C:\Users\Trevor\AppData\Local\BDOCharacterCreator
    2016-10-08 17:05 - 2016-10-08 17:05 - 00000632 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Black Desert Character Creator.lnk
    2016-10-08 17:05 - 2016-10-08 17:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BDOCharacterCreator
    2016-10-08 16:56 - 2016-10-08 17:01 - 227195640 _____ (NC Interactive, LLC) C:\Users\Trevor\Desktop\BnS_Lite_Installer.exe
    2016-10-08 11:19 - 2016-10-08 11:21 - 00000000 ____D C:\Users\Trevor\AppData\Roaming\Mp3tag
    2016-10-08 11:18 - 2016-10-08 11:18 - 00000985 _____ C:\Users\Public\Desktop\Mp3tag.lnk
    2016-10-08 11:18 - 2016-10-08 11:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
    2016-10-08 11:18 - 2016-10-08 11:18 - 00000000 ____D C:\Program Files (x86)\Mp3tag
    2016-10-08 09:28 - 2016-10-12 18:08 - 00000813 _____ C:\Users\Trevor\Desktop\Falling Angels.txt
    2016-10-06 19:37 - 2016-10-06 19:37 - 00266133 _____ C:\Users\Trevor\Desktop\Revoltech _ eBay.htm
    2016-10-06 19:37 - 2016-10-06 19:37 - 00000000 ____D C:\Users\Trevor\Desktop\Revoltech _ eBay_files
    2016-10-06 00:03 - 2016-10-06 00:05 - 00000066 _____ C:\Users\Trevor\Desktop\Joe Derosa Sports Video Games - D&D Start.txt
    2016-10-04 21:12 - 2016-10-04 21:14 - 00000000 ____D C:\Users\Trevor\Desktop\Phenomena Magazine
    2016-10-04 19:18 - 2016-10-04 19:18 - 00000000 ____D C:\Users\Trevor\AppData\Roaming\AVG
    2016-10-04 19:11 - 2016-10-04 19:11 - 00000938 _____ C:\Users\Public\Desktop\AVG Protection.lnk
    2016-10-04 19:04 - 2016-10-13 01:47 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
    2016-10-02 12:21 - 2016-09-03 16:37 - 00001887 _____ C:\Users\Trevor\Desktop\Alienware Command Center.lnk
    2016-10-02 11:09 - 2016-10-02 11:09 - 00096505 _____ C:\Users\Trevor\Desktop\Where Did Satan Come From.htm
    2016-10-02 11:09 - 2016-10-02 11:09 - 00000000 ____D C:\Users\Trevor\Desktop\Where Did Satan Come From_files
    2016-10-02 00:41 - 2016-10-02 00:46 - 205978003 _____ C:\Users\Trevor\Desktop\Coast To Coast AM - September 30, 2016 Haunted Objects &amp; Open Lines - YouTube [360p].mp4
    2016-09-30 20:53 - 2016-09-30 20:53 - 12419286 _____ C:\Users\Trevor\Desktop\kindle-drm-removal.zip
    2016-09-30 19:06 - 2016-09-30 19:07 - 21282624 _____ (Epubor Inc.) C:\Users\Trevor\Desktop\Kindle DRM Removal.exe
    2016-09-30 19:06 - 2016-09-30 19:06 - 00045467 _____ C:\Users\Trevor\Desktop\How to Change Kindle Book Cover.htm
    2016-09-30 19:06 - 2016-09-30 19:06 - 00000000 ____D C:\Users\Trevor\Desktop\How to Change Kindle Book Cover_files
    2016-09-30 00:30 - 2016-09-30 00:30 - 00146078 _____ C:\Users\Trevor\Desktop\Gower Entertainment Studio Songs and Sounds for Healing.htm
    2016-09-30 00:30 - 2016-09-30 00:30 - 00000000 ____D C:\Users\Trevor\Desktop\Gower Entertainment Studio Songs and Sounds for Healing_files
    2016-09-30 00:14 - 2016-09-30 00:14 - 00018886 _____ C:\Users\Trevor\Desktop\iWinks - Dream without Limits.htm
    2016-09-30 00:14 - 2016-09-30 00:14 - 00000000 ____D C:\Users\Trevor\Desktop\iWinks - Dream without Limits_files
    2016-09-29 02:45 - 2016-09-29 02:45 - 00000682 _____ C:\Users\Public\Desktop\Furcadia Pounce.lnk
    2016-09-29 02:45 - 2016-09-29 02:45 - 00000673 _____ C:\Users\Public\Desktop\Furcadia.lnk
    2016-09-29 02:44 - 2016-09-29 02:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Furcadia
    2016-09-29 02:44 - 2016-09-29 02:44 - 00000000 ____D C:\Users\Trevor\Documents\Furcadia
    2016-09-29 02:44 - 2016-09-29 02:44 - 00000000 ____D C:\ProgramData\Dragon's Eye Productions
    2016-09-29 02:43 - 2016-09-29 02:43 - 00000000 ____D C:\Users\Trevor\AppData\Local\Dragon's Eye Productions
    2016-09-29 01:29 - 2016-10-06 00:01 - 00008106 _____ C:\Users\Trevor\Desktop\Bella Conversation.txt
    2016-09-28 02:58 - 2016-09-28 02:58 - 00059737 _____ C:\Users\Trevor\Desktop\300-Year-Old Preserved Corpse Appears to Opens Its Eyes _ Mysterious Universe.htm
    2016-09-28 02:58 - 2016-09-28 02:58 - 00000000 ____D C:\Users\Trevor\Desktop\300-Year-Old Preserved Corpse Appears to Opens Its Eyes _ Mysterious Universe_files
    2016-09-28 00:34 - 2016-09-28 00:34 - 04058901 _____ C:\Users\Trevor\Desktop\Fruit Infused Water by BOZ.pdf
    2016-09-27 23:57 - 2016-09-29 01:22 - 00001731 _____ C:\Users\Trevor\Desktop\Tavern Talk.txt
    2016-09-27 14:06 - 2016-09-27 18:45 - 00000071 _____ C:\Users\Trevor\Desktop\Guardian Drugs.txt
    2016-09-24 22:58 - 2016-09-24 22:58 - 00061638 _____ C:\Users\Trevor\Desktop\Coming Soon! – Shattered Starlight.htm
    2016-09-24 22:58 - 2016-09-24 22:58 - 00000000 ____D C:\Users\Trevor\Desktop\Coming Soon! – Shattered Starlight_files
    2016-09-24 17:17 - 2016-10-08 16:11 - 00000000 ____D C:\Users\Trevor\AppData\Local\Avg
    2016-09-24 17:17 - 2016-10-04 19:09 - 00000000 ____D C:\ProgramData\Avg
    2016-09-24 17:17 - 2016-09-27 01:57 - 00000000 ____D C:\Users\Trevor\AppData\Local\AvgSetupLog
    2016-09-22 14:59 - 2016-09-22 16:51 - 00000013 _____ C:\Users\Trevor\Desktop\Credit Card Totals.txt
    2016-09-22 14:56 - 2016-09-22 14:56 - 00004385 _____ C:\Users\Trevor\Desktop\statement.qfx
    2016-09-22 09:25 - 2016-10-12 19:34 - 00000000 ____D C:\Users\Trevor\Documents\My Kindle Content
    2016-09-22 09:24 - 2016-09-22 09:24 - 00001984 _____ C:\Users\Trevor\Desktop\Kindle.lnk
    2016-09-22 09:24 - 2016-09-22 09:24 - 00000000 ____D C:\Users\Trevor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
    2016-09-22 09:24 - 2016-09-22 09:24 - 00000000 ____D C:\Users\Trevor\AppData\Local\Amazon
    2016-09-22 09:24 - 2016-09-22 09:24 - 00000000 ____D C:\Program Files (x86)\Amazon
    2016-09-20 20:24 - 2016-09-30 22:47 - 00001964 _____ C:\Users\Trevor\Desktop\Ronnie Complaint.txt
    2016-09-20 18:32 - 2016-09-20 18:32 - 03016085 _____ C:\Users\Trevor\Desktop\Catalogue of Lunar Events.pdf
    2016-09-20 16:34 - 2016-09-20 16:34 - 00088385 _____ C:\Users\Trevor\Desktop\Risen Chapter 8 Gods - Monsters, a Naruto + Dragon Age Crossover fanfic _ FanFiction.htm
    2016-09-20 16:34 - 2016-09-20 16:34 - 00000000 ____D C:\Users\Trevor\Desktop\Risen Chapter 8 Gods - Monsters, a Naruto + Dragon Age Crossover fanfic _ FanFiction_files
    2016-09-18 23:14 - 2016-09-19 00:27 - 00004085 _____ C:\Users\Trevor\Desktop\Sten Conversation.txt
    2016-09-15 15:30 - 2016-10-11 23:39 - 00005966 _____ C:\Users\Trevor\Desktop\Online Passwords(2).txt
    2016-09-15 15:30 - 2016-09-15 15:31 - 00004894 _____ C:\Users\Trevor\Desktop\Online Passwords(1)(1).txt
    2016-09-15 15:30 - 2016-09-15 15:30 - 00004471 _____ C:\Users\Trevor\Desktop\Online Passwords(1).txt

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-10-13 21:10 - 2011-10-17 20:40 - 00000000 ____D C:\Users\Trevor\AppData\LocalLow\LastPass
    2016-10-13 20:47 - 2012-06-08 05:20 - 00000000 ____D C:\ProgramData\MFAData
    2016-10-13 16:38 - 2010-03-05 13:18 - 00003409 ___SH C:\Windows\SysWOW64\mmf.sys
    2016-10-13 16:28 - 2015-05-03 14:54 - 00000000 ____D C:\Users\Trevor\AppData\Roaming\Everything
    2016-10-13 13:39 - 2012-03-08 01:44 - 00000000 ____D C:\Users\Trevor\AppData\Roaming\vlc
    2016-10-13 03:45 - 2015-02-17 09:44 - 00000512 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task ed805aaa-3e4b-4d18-b75e-92b1fb1f9462.job
    2016-10-13 03:35 - 2009-07-14 00:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-10-13 03:35 - 2009-07-14 00:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-10-13 03:22 - 2014-07-24 23:28 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2016-10-12 23:11 - 2014-12-31 09:06 - 00000000 ____D C:\Users\Trevor\Desktop\Dragon Age Stuff
    2016-10-12 21:40 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
    2016-10-12 19:26 - 2015-10-07 16:22 - 00000000 ___RD C:\Users\Trevor\OneDrive
    2016-10-12 19:26 - 2010-01-16 15:06 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
    2016-10-12 19:23 - 2010-02-11 00:52 - 00000000 ____D C:\Users\Trevor\AppData\Local\SoftThinks
    2016-10-12 19:23 - 2010-01-16 15:19 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
    2016-10-12 19:23 - 2010-01-16 15:19 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
    2016-10-12 19:22 - 2012-02-21 17:59 - 00000000 ____D C:\ProgramData\NVIDIA
    2016-10-12 19:22 - 2010-03-31 03:27 - 00065536 _____ C:\Windows\system32\Ikeext.etl
    2016-10-12 19:22 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-10-12 19:19 - 2016-01-04 15:54 - 00000000 ____D C:\Users\Trevor\AppData\Local\CrashDumps
    2016-10-12 18:48 - 2015-04-12 01:17 - 00000000 ____D C:\Users\Trevor\Desktop\Files To Show Andrea
    2016-10-12 14:16 - 2009-07-14 00:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2016-10-12 14:02 - 2010-07-29 17:02 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
    2016-10-12 14:02 - 2010-01-16 15:07 - 00000000 ____D C:\ProgramData\Temp
    2016-10-12 13:57 - 2009-07-14 01:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-10-12 13:57 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
    2016-10-12 13:53 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\tracing
    2016-10-12 13:49 - 2013-03-13 03:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2016-10-12 13:49 - 2013-03-13 03:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2016-10-12 13:49 - 2009-07-14 00:45 - 00850472 _____ C:\Windows\system32\FNTCACHE.DAT
    2016-10-12 13:46 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
    2016-10-12 13:45 - 2015-04-15 03:33 - 00000000 ____D C:\Windows\system32\appraiser
    2016-10-12 13:45 - 2014-04-30 11:17 - 00000000 ___SD C:\Windows\system32\CompatTel
    2016-10-12 13:45 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\Dism
    2016-10-12 13:06 - 2013-08-15 03:01 - 00000000 ____D C:\Windows\system32\MRT
    2016-10-12 13:06 - 2010-03-08 01:35 - 143495576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2016-10-12 13:04 - 2013-03-13 03:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2016-10-12 12:59 - 2015-10-14 16:59 - 00002119 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    2016-10-12 12:59 - 2015-10-14 16:59 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2016-10-12 12:59 - 2012-11-20 07:49 - 00002155 _____ C:\Windows\epplauncher.mif
    2016-10-12 12:58 - 2015-10-14 16:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2016-10-12 12:41 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
    2016-10-12 12:40 - 2010-02-14 21:57 - 00000000 ____D C:\Users\Trevor\AppData\Local\ElevatedDiagnostics
    2016-10-12 11:36 - 2014-07-21 22:10 - 00000000 ____D C:\ProgramData\Norton
    2016-10-12 11:35 - 2015-11-03 01:11 - 00001123 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
    2016-10-12 11:33 - 2015-11-03 01:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
    2016-10-12 11:31 - 2014-03-06 20:35 - 00007926 _____ C:\Users\Trevor\Desktop\Online Passwords.txt
    2016-10-12 09:10 - 2015-07-14 22:09 - 00000000 ____D C:\ProgramData\IObit
    2016-10-12 09:10 - 2015-07-14 22:08 - 00000000 ____D C:\Users\Trevor\AppData\Roaming\IObit
    2016-10-12 09:10 - 2015-07-14 22:08 - 00000000 ____D C:\Program Files (x86)\IObit
    2016-10-12 08:58 - 2013-10-14 19:57 - 00000000 ____D C:\AdwCleaner
    2016-10-12 01:31 - 2013-06-20 17:22 - 00000000 ____D C:\Users\Trevor\AppData\Local\Apps\2.0
    2016-10-11 12:46 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini
    2016-10-11 12:27 - 2010-02-11 00:53 - 00295472 _____ C:\Users\Trevor\AppData\Local\GDIPFONTCACHEV1.DAT
    2016-10-11 00:07 - 2013-02-11 20:32 - 00002335 _____ C:\Users\Public\Desktop\LogoDesignStudio Pro.lnk
    2016-10-09 23:39 - 2010-02-13 16:08 - 00000000 _____ C:\Users\Trevor\AppData\Local\prvlcl.dat
    2016-10-09 14:28 - 2015-07-31 06:33 - 00000258 __RSH C:\ProgramData\ntuser.pol
    2016-10-09 14:18 - 2015-04-18 19:18 - 00000000 ____D C:\Users\Trevor\AppData\Roaming\uTorrent
    2016-10-09 13:52 - 2013-02-11 20:36 - 00000000 ____D C:\Users\Trevor\Documents\LogoDesignStudio Pro
    2016-10-09 13:41 - 2011-05-24 14:23 - 00000000 ____D C:\Users\Trevor\Documents\My Library
    2016-10-08 17:05 - 2010-01-16 14:25 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2016-10-06 16:41 - 2016-08-31 23:08 - 00000143 _____ C:\Users\Trevor\Desktop\Liberation.txt
    2016-10-04 22:53 - 2014-08-20 19:38 - 00000000 ____D C:\Users\Trevor\Desktop\Misc
    2016-10-04 19:37 - 2013-11-13 01:12 - 00000000 ____D C:\Users\Trevor\AppData\Local\NVIDIA Corporation
    2016-10-04 19:32 - 2015-02-13 00:00 - 00000512 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 2501b65a-d079-4e38-8c82-a577be3de2f0.job
    2016-10-04 19:32 - 2014-07-22 20:58 - 00000512 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 7f27b3d5-66bf-49cc-8fd0-9190467f78ad.job
    2016-10-04 19:32 - 2012-04-06 17:06 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-10-04 19:32 - 2011-09-12 10:36 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645592776-1552282287-2170224798-1000UA.job
    2016-10-04 19:32 - 2011-09-12 10:36 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645592776-1552282287-2170224798-1000Core.job
    2016-10-04 19:31 - 2013-01-21 17:13 - 00000000 ____D C:\ProgramData\AVG2013
    2016-10-04 19:29 - 2015-05-04 00:12 - 00000000 ____D C:\Users\Trevor\Desktop\Quicken Canadian Edition Data
    2016-10-04 19:13 - 2010-02-11 22:44 - 00000000 ____D C:\Program Files (x86)\AVG
    2016-10-04 19:12 - 2016-07-22 04:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    2016-10-04 19:12 - 2015-07-17 08:44 - 00000000 ____D C:\Program Files\Common Files\AV
    2016-10-04 19:12 - 2010-03-07 06:24 - 00000000 ____D C:\$AVG
    2016-10-03 21:00 - 2016-05-16 07:51 - 00000000 ____D C:\Users\Trevor\Desktop\Writing Projects
    2016-09-27 22:29 - 2011-03-21 22:53 - 00000000 ____D C:\Users\Trevor\Desktop\Temporary Documents Folder
    2016-09-24 17:17 - 2016-08-11 07:56 - 00000331 _____ C:\Users\Trevor\Desktop\Burger World.txt
    2016-09-23 00:25 - 2014-04-29 07:02 - 00000000 ____D C:\Users\Trevor\Desktop\Writing
    2016-09-20 21:14 - 2016-09-09 18:31 - 00002891 _____ C:\Users\Trevor\Desktop\Noise Complaint Defence.txt
    2016-09-20 01:27 - 2016-06-28 01:28 - 00000000 ____D C:\Users\Trevor\Desktop\Game Stuff
    2016-09-15 02:24 - 2016-06-28 02:20 - 00000153 _____ C:\ADRInfos.xml

    ==================== Files in the root of some directories =======

    2013-06-27 03:32 - 2013-10-02 15:33 - 0003726 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
    2013-05-30 21:57 - 2013-05-30 22:08 - 0004744 _____ () C:\Users\Trevor\AppData\Roaming\RegistrationLog.log
    2013-05-30 21:57 - 2013-05-30 22:08 - 0002983 _____ () C:\Users\Trevor\AppData\Roaming\ReplayMusicLog.log
    2014-06-15 14:50 - 2014-06-15 14:50 - 0001675 _____ () C:\Users\Trevor\AppData\Roaming\SAS7_000.DAT
    2014-07-22 12:10 - 2014-07-22 12:10 - 0193994 _____ () C:\Users\Trevor\AppData\Local\ars.cache
    2014-07-22 12:10 - 2014-07-22 12:10 - 0309823 _____ () C:\Users\Trevor\AppData\Local\census.cache
    2012-02-21 04:22 - 2012-02-24 05:51 - 0005632 _____ () C:\Users\Trevor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-09-10 17:45 - 2012-09-10 17:45 - 0027520 _____ () C:\Users\Trevor\AppData\Local\dt.dat
    2014-07-22 11:54 - 2014-07-22 11:54 - 0000036 _____ () C:\Users\Trevor\AppData\Local\housecall.guid.cache
    2010-02-13 16:08 - 2016-10-09 23:39 - 0000000 _____ () C:\Users\Trevor\AppData\Local\prvlcl.dat
    2011-04-01 01:43 - 2015-12-19 07:04 - 0007598 _____ () C:\Users\Trevor\AppData\Local\Resmon.ResmonCfg
    2014-07-22 12:01 - 2014-07-22 12:01 - 0000010 _____ () C:\Users\Trevor\AppData\Local\sponge.last.runtime.cache

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-10-11 13:25

    ==================== End of FRST.txt ============================
     
  4. Polterdog

    Polterdog TS Rookie Topic Starter Posts: 31

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-10-2016

    Ran by Trevor (13-10-2016 21:21:02)

    Running from C:\Users\Trevor\Desktop

    Windows 7 Home Premium Service Pack 1 (X64) (2010-02-11 04:52:32)

    Boot Mode: Normal

    ==========================================================





    ==================== Accounts: =============================



    Administrator (S-1-5-21-1645592776-1552282287-2170224798-500 - Administrator - Disabled)

    Guest (S-1-5-21-1645592776-1552282287-2170224798-501 - Limited - Enabled)

    HomeGroupUser$ (S-1-5-21-1645592776-1552282287-2170224798-1002 - Limited - Enabled)

    Trevor (S-1-5-21-1645592776-1552282287-2170224798-1000 - Administrator - Enabled) => C:\Users\Trevor



    ==================== Security Center ========================



    (If an entry is included in the fixlist, it will be removed.)



    AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}

    AV: AVG Internet Security (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}

    AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}

    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    AS: AVG Internet Security (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

    FW: AVG Internet Security (Enabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}



    ==================== Installed Programs ======================



    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)



    µTorrent (HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\...\uTorrent) (Version: 3.4.8.42449 - BitTorrent Inc.)

    7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )

    AbiWord 2.8.6 (HKLM-x32\...\AbiWord2) (Version: 2.8.6 - AbiSource Developers)

    Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)

    Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden

    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.144 - Adobe Systems Incorporated)

    Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.192 - Adobe Systems Incorporated)

    Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)

    Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)

    Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

    Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)

    Advertising Center (x32 Version: 0.0.0.1 - Nero AG) Hidden

    Alan Wake (HKLM-x32\...\Steam App 108710) (Version: - Remedy Entertainment)

    AlfaReader (HKLM-x32\...\{F96FEBCC-3005-4C3A-B8E5-5577F3DA3A21}) (Version: 1.7.1 - AlfaReader)

    Alienware Command Center (HKLM-x32\...\InstallShield_{ACBE8264-9018-49B8-9041-3A74E2596BF3}) (Version: 2.8.9.0 - Alienware Corp.)

    Alienware Command Center (Version: 2.8.9.0 - Alienware Corp.) Hidden

    Alienware TactX Keyboard CI 1.00.130 (HKLM\...\{13A3A271-B2AA-486C-9AD5-F272079BB9B5}) (Version: 1.00.130 - Alienware)

    Alienware TactX(TM) Mouse CI 1.00 (HKLM\...\{B0D59FDC-FEAB-49A2-9B5A-E5E0A8F9D7E0}) (Version: 1.00 - Alienware)

    Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: 1.17.1.44183 - Amazon)

    Ansel (Version: 372.54 - NVIDIA Corporation) Hidden

    AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)

    Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)

    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

    Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)

    ASUS GPU TweakII (HKLM-x32\...\InstallShield_{0075AAC2-EA9F-490E-83F7-5D5F81EB2A43}) (Version: 1.0.6.9 - ASUSTek COMPUTER INC.)

    ASUS GPU TweakII (x32 Version: 1.0.6.9 - ASUSTek COMPUTER INC.) Hidden

    ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.026 - ASUSTek Computer Inc.)

    AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2001681662.48.56.3083634 - Audible, Inc.)

    AVG (Version: 16.111.7797 - AVG Technologies) Hidden

    AVG 2016 (Version: 16.0.4664 - AVG Technologies) Hidden

    AVG Protection (HKLM\...\AVG) (Version: 2016.111.7797 - AVG Technologies)

    AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )

    Baldur's Gate Enhanced Edition (HKLM-x32\...\Baldur's Gate Enhanced Edition) (Version: 0.2.3.0 - Beamdog)

    Baldur's Gate II Enhanced Edition (HKLM-x32\...\Baldur's Gate II Enhanced Edition) (Version: 0.2.8.0 - Beamdog)

    Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com)

    BeamDog Launcher 1.8.1.0 (HKLM-x32\...\BeamDog Launcher) (Version: 1.8.1.0 - BeamDog)

    BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.3.1 - BitRaider, LLC)

    Black Desert Character Creator (HKLM-x32\...\{83AC6E37-6497-4A01-BB5D-AA845BA08832}) (Version: 1.0.0.2 - Daum Games EU)

    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

    Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{2E98C5B7-D64C-4D7E-BFC3-A7D078569F28}) (Version: 12.25.01 - Broadcom Corporation)

    Broken Sword 1 - Shadow of the Templars: Director's Cut (HKLM-x32\...\Steam App 57640) (Version: - Revolution Software Ltd)

    CBR Reader (HKLM-x32\...\{EDAAC216-AC73-4152-9654-E12FE5A69F5D}_is1) (Version: - cbrreader.com)

    CCleaner (HKLM\...\CCleaner) (Version: 5.10 - Piriform)

    ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version: - DownloadHelper)

    CryptoPrevent v4.3.0 (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: - Foolish IT LLC)

    CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version: - CyberGhost S.R.L.)

    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

    DAZ Content Management Service (HKLM-x32\...\DAZ Content Management Service 4.8.1.7) (Version: 4.8.1.7 - DAZ 3D)

    DAZ Studio 4.5 (64bit) (HKLM-x32\...\DAZ Studio 4.5 (64bit) 4.5.1.56) (Version: 4.5.1.56 - DAZ 3D)

    Decimator DS4 (64bit) (HKLM-x32\...\Decimator DS4 (64bit) 1.3.1.56) (Version: 1.3.1.56 - DAZ 3D)

    Dell Data Vault (Version: 4.3.8.0 - Dell Inc.) Hidden

    Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)

    Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)

    Dell Service Tag Lookup Tool (HKLM-x32\...\Dell Service Tag Lookup Tool) (Version: - )

    Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6817.133 - Dell)

    Dell SupportAssistAgent (HKLM-x32\...\{3ED468C2-2235-4747-90AD-A7A34F0FE70A}) (Version: 1.2.2.8 - Dell)

    Dell System Detect (HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\...\58d94f3ce2c27db0) (Version: 7.6.0.17 - Dell)

    Dell System Detect Bootstrapper (HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\...\8e3135b376bd523e) (Version: 5.1.0.41 - Dell)

    Divinity - Original Sin Enhanced Edition (HKLM-x32\...\1445516929_is1) (Version: 2.4.0.11 - GOG.com)

    Doodle God (HKLM-x32\...\Steam App 348360) (Version: - JoyBits, LTD)

    Dragon Age II (HKLM-x32\...\{F2E23139-3404-4E3C-9855-7724415D62A5}) (Version: 1.04 - Electronic Arts, Inc.)

    Dragon Age Legends (HKLM-x32\...\com.bwsf.DragonAgeLegends) (Version: 1.0.11 - Electronic Arts)

    Dragon Age Legends (x32 Version: 1.0.11 - Electronic Arts) Hidden

    Dragon Age Redesigned © Morrigan (HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\...\Dragon Age Redesigned © Morrigan) (Version: - )

    Dragon Age Redesigned© (HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\...\Dragon Age Redesigned©) (Version: - )

    Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.04 - Electronic Arts, Inc.)

    Dragon Age™: Inquisition (HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}) (Version: 1.0.0.12 - Electronic Arts)

    Dragon NaturallySpeaking 11 (HKLM-x32\...\{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}) (Version: 11.50.100 - Nuance Communications Inc.)

    Driver Booster 3.5 (HKLM-x32\...\Driver Booster_is1) (Version: 3.5 - IObit)

    Eastside Hockey Manager v1.16 (HKLM-x32\...\Eastside Hockey Manager v1.16_is1) (Version: - )

    eSpeak version 1.48.04 (HKLM-x32\...\eSpeak_is1) (Version: - )

    Everything 1.3.4.686 (x86) (HKLM-x32\...\Everything) (Version: - )

    Final Draft 6 (HKLM-x32\...\{CC8B19D1-91D2-4D5B-B331-F885F432745E}) (Version: 6.0.10 - Final Draft, Inc.)

    Final Draft v6.0.2.5 Update (HKLM-x32\...\Final Draft v6.0.2.5 Update) (Version: - )

    FMW 1 (Version: 1.132.1 - AVG Technologies) Hidden

    Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )

    Free Alarm Clock 3.1.0 (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 3.1 - Comfort Software Group)

    Freedom Force (HKLM-x32\...\{75AD7D33-EF26-4609-9D8D-CBF7F9AC5E08}) (Version: - )

    Freedom Force (HKLM-x32\...\1445250806_is1) (Version: 2.0.0.6 - GOG.com)

    FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version: - Subset Games)

    Furcadia (HKLM-x32\...\Furcadia) (Version: 31.0 - Dragon's Eye Productions, Inc.)

    Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.2.0 - Futuremark Corporation)

    Game of Thrones - A Telltale Games Series (HKLM-x32\...\Steam App 330840) (Version: - Telltale Games)

    Goat Simulator (HKLM-x32\...\Steam App 265930) (Version: - Coffee Stain Studios)

    GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)

    GOG.com Downloader version 3.6.0 (HKLM-x32\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.6.0 - GOG.com)

    GOG.com Inherit the Earth (HKLM\...\{23d47423-7f28-4c79-8bc4-df0b7d6f48c9}.sdb) (Version: - )

    GOG.com Planescape Torment (HKLM\...\{8f376ce2-c213-4a6c-a329-0b2a7eb2bad8}.sdb) (Version: - )

    Google Chrome (HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)

    GooReader (HKLM-x32\...\{B3542C71-F156-422B-88D0-15F4BF8CD6E0}) (Version: 5.1.1 - GooReader)

    GoZ DS4 (64bit) (HKLM-x32\...\GoZ DS4 (64bit) 1.2.1.56) (Version: 1.2.1.56 - DAZ 3D)

    GWX Control Panel (HKLM-x32\...\UltimateOutsider_GwxControlPanel) (Version: - UltimateOutsider)

    Happy Cloud Client (HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\...\HappyCloud) (Version: 4.54 - Happy Cloud, Inc.)

    Heroine's Quest: The Herald of Ragnarok (HKLM-x32\...\Steam App 283880) (Version: - Crystal Shard)

    HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.236 - SurfRight B.V.)

    Homeworld Remastered Collection (HKLM-x32\...\Steam App 244160) (Version: - Gearbox Software)

    ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden

    Inherit the Earth (HKLM-x32\...\GOGPACKINHERITTHEEARTH_is1) (Version: 2.0.0.6 - GOG.com)

    Intel Extreme Tuning Utility (HKLM-x32\...\InstallShield_{72B59E5A-CF45-4528-8227-7EDF5EC772BE}) (Version: 1.3.9.1 - Intel Corporation)

    Intel Extreme Tuning Utility (x32 Version: 1.3.9.1 - Intel Corporation) Hidden

    Intel(R) SMBus (HKLM\...\SMBus) (Version: - )

    Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)

    Invisible, Inc. (HKLM-x32\...\Steam App 243970) (Version: - Klei Entertainment)

    iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)

    iTunes (HKLM\...\{7FCDABCC-1A1E-4D61-909D-BA9495172774}) (Version: 11.0.3.42 - Apple Inc.)

    Jade Empire: Special Edition (HKLM-x32\...\Steam App 7110) (Version: - BioWare Corporation)

    Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)

    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

    King's Bounty: The Legend (HKLM-x32\...\Steam App 25900) (Version: - Katauri)

    King's Quest 1-2-3 (HKLM-x32\...\GOGPACKKINGSQUEST123_is1) (Version: 2.0.0.14 - GOG.com)

    LastPass (uninstall only) (HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\...\LastPass) (Version: - LastPass)

    Leisure Suit Larry in the Land of the Lounge Lizards: Reloaded (HKLM-x32\...\Steam App 231910) (Version: - nFusion Interactive)

    Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.10 - Magical Jelly Bean)

    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)

    Malwarebytes Anti-Ransomware version 0.9.17.661 (HKLM\...\{6CA75021-FBB0-41A5-B95C-FC1C9E0421F0}_is1) (Version: 0.9.17.661 - Malwarebytes)

    Marvel Heroes (HKLM-x32\...\Steam App 226320) (Version: - Gazillion Entertainment)

    Mass Effect (HKLM-x32\...\{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}) (Version: 1.00 - Electronic Arts, Inc.)

    Media Player Classic - Home Cinema 1.6.0.4014 x64 (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.6.0.4014 - MPC-HC Team)

    Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)

    Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)

    Microsoft Office 2000 Premium (HKLM-x32\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)

    Microsoft Office Access Runtime (English) 2007 (HKLM-x32\...\{90120000-001C-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

    Microsoft OneDrive (HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\...\OneDriveSetup.exe) (Version: 17.3.6517.0809 - Microsoft Corporation)

    Microsoft Reader (HKLM-x32\...\{B6F7DBE7-2FE2-458F-A738-B10832746036}) (Version: - )

    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.205.0 - Microsoft Corporation)

    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)

    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

    Microsoft SQL Server Management Studio Express (HKLM\...\{1B918A92-A0BC-4B34-B2EF-AD427332732D}) (Version: 9.00.2047.00 - Microsoft Corporation)

    Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)

    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)

    Microsoft Works 6-9 Converter (HKLM-x32\...\{172423F9-522A-483A-AD65-03600CE4CA4F}) (Version: 9.7.0621 - Microsoft Corporation)

    Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)

    Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)

    mIRC (HKLM-x32\...\mIRC) (Version: 7.34 - mIRC Co. Ltd.)

    Mozilla Firefox 47.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 en-GB)) (Version: 47.0.1 - Mozilla)

    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla)

    Mp3tag v2.79 (HKLM-x32\...\Mp3tag) (Version: v2.79 - Florian Heidenreich)

    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

    NaturalReader 14 Free (HKLM-x32\...\{773ED0E5-538E-4E86-8E00-719630613290}) (Version: 1.00.0000 - Naturalsoft)

    NEKOPARA Vol. 1 (HKLM-x32\...\Steam App 333600) (Version: - NEKO WORKs)

    Nero 9 Essentials (HKLM-x32\...\{80bcb170-826d-4291-955e-50fec87aea4f}) (Version: - Nero AG)

    Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.23 - Black Tree Gaming)

    NTREGOPT 1.1j (HKLM-x32\...\NTREGOPT_is1) (Version: - Lars Hederer)

    NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)

    NVIDIA 3D Vision Driver 372.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 372.54 - NVIDIA Corporation)

    NVIDIA Graphics Driver 372.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 372.54 - NVIDIA Corporation)

    NVIDIA HD Audio Driver 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)

    NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)

    OpenAL (HKLM-x32\...\OpenAL) (Version: - )

    OpenOffice.org 3.3 (HKLM-x32\...\{82AF3E91-57E1-4754-84D0-40A46E2479AB}) (Version: 3.3.9567 - OpenOffice.org)

    Opera 12.16 (HKLM-x32\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)

    Origin (HKLM-x32\...\Origin) (Version: 9.4.23.2817 - Electronic Arts, Inc.)

    Pillars of Eternity (HKLM-x32\...\Steam App 291650) (Version: - Obsidian Entertainment)

    Planescape Torment (HKLM-x32\...\GOGPACKPLANESCAPETORMENT_is1) (Version: 2.0.0.8 - GOG.com)

    Python 2.5.4 (HKLM-x32\...\{2E0DFC24-7C4B-4DCF-BCC7-81C513BED3BC}) (Version: 2.5.4150 - Python Software Foundation)

    PzDB1.1.010a (HKLM-x32\...\{4D4D26CB-CA22-4ED9-9AEB-833CF20ACA1A}) (Version: 1.1.010 - Rocketship Software)

    PzDB1.2022e (HKLM-x32\...\{3FE19FF5-B7C1-430F-A7EA-BAC52D20F9FB}) (Version: 1.2.22 - Rocketship Software)

    Quest for Glory - So You Want To Be A Hero (HKLM-x32\...\1207661313_is1) (Version: 2.1.0.33 - GOG.com)

    Quicken 2015 (HKLM-x32\...\{01D49A09-04D1-4495-93CB-70E4FF898949}) (Version: 24.1.3.6 - Intuit)

    Quicken Basic 2000 (HKLM-x32\...\Quicken Basic 2000) (Version: - )

    Reader for PC (HKLM-x32\...\{11CBB0F5-989E-4B16-AE7E-D569AC4BF241}) (Version: 2.0.02.15180 - Sony Corporation)

    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7628 - Realtek Semiconductor Corp.)

    Recuva (HKLM\...\Recuva) (Version: 1.45 - Piriform)

    Revo Uninstaller 1.93 (HKLM-x32\...\Revo Uninstaller) (Version: 1.93 - VS Revo Group)

    Revo Uninstaller Pro 3.1.7 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.7 - VS Revo Group, Ltd.)

    RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)

    RPG Maker VX Ace (HKLM-x32\...\{835D562C-B72C-461D-A9C3-B8206B66E85A}) (Version: 1.01 - RPG MAKER)

    RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)

    Sam and Max Save the World (HKLM-x32\...\GOGPACKSAMANDMAXSEASON1_is1) (Version: 2.0.0.25 - GOG.com)

    Scribblenauts Unmasked (HKLM-x32\...\Steam App 249870) (Version: - 5th Cell Media)

    Scrivener (HKLM-x32\...\Scrivener 1900) (Version: 1900 - Literature and Latte)

    Shadowrun Returns (HKLM-x32\...\Steam App 234650) (Version: - Harebrained Schemes)

    SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden

    SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden

    Showtime! (HKLM\...\Steam App 285050) (Version: - Myrtilus Entertainment)

    Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)

    SimCity 2000 Special Edition (HKLM-x32\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts)

    SimCity 4 Deluxe Edition (HKLM-x32\...\1207664593_is1) (Version: 2.1.0.11 - GOG.com)

    Speccy (HKLM\...\Speccy) (Version: 1.24 - Piriform)

    SPORE™ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.00.0000 - Electronic Arts)

    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)

    SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)

    Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)

    Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)

    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com)

    SUPERAntiSpyware Professional (HKLM-x32\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.33.0.1000 - SUPERAntiSpyware.com)

    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

    Syndicate (HKLM-x32\...\{64CFBAAB-46F7-4628-8D9B-E656A8C11CDB}) (Version: 2.0.0.3 - Electronic Arts)

    System Requirements Lab (HKLM-x32\...\{92482FB3-C05B-41C6-89E7-75D985602A6E}) (Version: 4.1.72.0 - Husdawg, LLC)

    System Requirements Lab (HKLM-x32\...\{F89CDED6-B1F1-489F-BA44-698BF6A737C2}) (Version: 6.1.6.0 - Husdawg, LLC)

    TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )

    TEW2010 (HKLM-x32\...\TEW2010) (Version: - )

    TEW2013 (HKLM-x32\...\TEW2013) (Version: - )

    TEW2016 (HKLM-x32\...\TEW2016) (Version: - )

    The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)

    The Marvellous Miss Take (HKLM-x32\...\1207666973_is1) (Version: 2.2.0.3 - GOG.com)

    The Purring Quest (HKLM\...\Steam App 409100) (Version: - Valhalla Cats)

    The Sims™ 2 Deluxe (HKLM-x32\...\{9C244239-ED8E-40f1-937F-51C706CD2160}) (Version: - )

    The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version: - CD Projekt RED)

    The Witcher Enhanced Edition (HKLM-x32\...\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}) (Version: 1.4.5.1280 - CD Projekt Red)

    Torchlight (HKLM-x32\...\Steam App 41500) (Version: - Runic Games)

    Trillian (HKLM-x32\...\Trillian) (Version: - Cerulean Studios, LLC)

    Tweaking.com - Hardware Identify (HKLM-x32\...\Tweaking.com - Hardware Identify) (Version: 2.1.1 - Tweaking.com)

    Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.9.12 - Tweaking.com)

    Ultima 8 (HKLM-x32\...\{428C6B01-D292-46F9-9321-75668ED17DA2}) (Version: 1.0.0.1 - Electronic Arts)

    Ultra Defragmenter (HKLM-x32\...\UltraDefrag) (Version: 7.0.1 - UltraDefrag Development Team)

    Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)

    Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64) (HKLM\...\{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}) (Version: 11.0.200 - Nuance Communications Inc.)

    Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)

    Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)

    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)

    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)

    Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)

    WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9600 - Broadcom Corporation)

    Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17329 - Microsoft Corporation)

    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)

    Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)

    Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)

    WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.1.2015.0 - Ruiware)

    WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )

    WinZip (HKLM-x32\...\WinZip) (Version: 8.1 (4331) - WinZip Computing, Inc.)

    XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version: - Firaxis Games)

    Yahoo! Detect (HKLM-x32\...\YTdetect) (Version: - )



    ==================== Custom CLSID (Whitelisted): ==========================



    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)



    CustomCLSID: HKU\S-1-5-21-1645592776-1552282287-2170224798-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Trevor\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File

    CustomCLSID: HKU\S-1-5-21-1645592776-1552282287-2170224798-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Trevor\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File

    CustomCLSID: HKU\S-1-5-21-1645592776-1552282287-2170224798-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Trevor\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileCoAuthLib64.dll ()

    CustomCLSID: HKU\S-1-5-21-1645592776-1552282287-2170224798-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Trevor\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File

    CustomCLSID: HKU\S-1-5-21-1645592776-1552282287-2170224798-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Trevor\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File

    CustomCLSID: HKU\S-1-5-21-1645592776-1552282287-2170224798-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Trevor\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File

    CustomCLSID: HKU\S-1-5-21-1645592776-1552282287-2170224798-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Trevor\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)

    CustomCLSID: HKU\S-1-5-21-1645592776-1552282287-2170224798-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Trevor\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File

    CustomCLSID: HKU\S-1-5-21-1645592776-1552282287-2170224798-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Trevor\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File

    CustomCLSID: HKU\S-1-5-21-1645592776-1552282287-2170224798-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Trevor\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File

    CustomCLSID: HKU\S-1-5-21-1645592776-1552282287-2170224798-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Trevor\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File

    CustomCLSID: HKU\S-1-5-21-1645592776-1552282287-2170224798-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Trevor\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File

    CustomCLSID: HKU\S-1-5-21-1645592776-1552282287-2170224798-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Trevor\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File

    CustomCLSID: HKU\S-1-5-21-1645592776-1552282287-2170224798-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Trevor\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File

    CustomCLSID: HKU\S-1-5-21-1645592776-1552282287-2170224798-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Trevor\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File

    CustomCLSID: HKU\S-1-5-21-1645592776-1552282287-2170224798-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Trevor\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File



    ==================== Scheduled Tasks (Whitelisted) =============



    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)



    Task: {04DA165A-E218-445A-9553-E24EE629357B} - System32\Tasks\{1D87E1E0-B3EE-4C0F-BC9F-C52D847FA7CF} => C:\Program Files (x86)\BeamDog\Games\00766\Baldur.exe [2014-09-12] (Overhaul Games™)

    Task: {0D87E031-D265-4E9A-A19A-7BA3C93C03C2} - System32\Tasks\{C88A0EA5-F5CE-4CAE-AC4D-FC2837B50802} => C:\Program Files (x86)\BeamDog\Games\00766\Baldur.exe [2014-09-12] (Overhaul Games™)

    Task: {115F7FA7-6950-4E00-BA70-CB1DAA164ECC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)

    Task: {12D0B872-2FCE-4C0E-BEA6-72875A075419} - System32\Tasks\{EA205F58-415D-4541-A74D-997A170AF882} => C:\Program Files (x86)\BeamDog\Games\00766\Baldur.exe [2014-09-12] (Overhaul Games™)

    Task: {184B93FC-06BD-4433-BE59-CBA88A87449B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2015-09-16] (Piriform Ltd)

    Task: {1904C88B-8C3E-4E3F-A2A8-F2B18BCE105C} - System32\Tasks\{69B30CF1-A270-4F80-9998-41DE2937218E} => C:\Program Files (x86)\BeamDog\Games\00766\Baldur.exe [2014-09-12] (Overhaul Games™)

    Task: {1F63A520-6A25-4E43-8E52-EADDF737EE5E} - System32\Tasks\{F2E309A5-7963-45A1-BEC4-A9AA51166BFF} => C:\Program Files (x86)\BeamDog\Games\00766\Baldur.exe [2014-09-12] (Overhaul Games™)

    Task: {1F776E7F-B502-495D-8F63-4B2D925B7CCE} - System32\Tasks\{8E65AC66-D35F-47DE-92D8-15EC96B925F3} => C:\Program Files (x86)\BeamDog\Games\00766\Baldur.exe [2014-09-12] (Overhaul Games™)

    Task: {25D15665-1FD6-4398-9DD2-AA46A8ECDBCA} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-04-22] (Dell Inc.)

    Task: {2713B93C-EA4A-4650-9079-C51DF0CFEC35} - System32\Tasks\{3FE69226-642B-4352-8781-BBD89C71D39F} => C:\Program Files (x86)\BeamDog\Games\00766\Baldur.exe [2014-09-12] (Overhaul Games™)

    Task: {2BC4745C-E682-49E8-86A8-A5086E1AFCEA} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-08-30] (Microsoft Corporation)

    Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION

    Task: {31FBC0EE-8C67-4761-83C5-550F65C40880} - System32\Tasks\{17D06069-27D6-4747-9672-72AAD92D1402} => C:\Program Files (x86)\Irrational Games\Freedom Force\fforce.exe [2005-02-11] (Irrational Games)

    Task: {3BC483EA-049D-49C5-90C8-542149B786B8} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe

    Task: {3F1C6993-466E-4EFF-B85B-B78EA71D2BFA} - System32\Tasks\{52514B91-1284-4A03-9627-FB0A99729CF1} => C:\Program Files (x86)\BeamDog\Games\00766\Baldur.exe [2014-09-12] (Overhaul Games™)

    Task: {4232F5E7-20F1-4E98-A799-8FBCB88BE35E} - System32\Tasks\{A12BCA3D-6D6F-4474-AA43-FB32B1B48304} => C:\Program Files (x86)\BeamDog\Games\00766\Baldur.exe [2014-09-12] (Overhaul Games™)

    Task: {4319706B-3A8F-4078-A328-A49E846D8D30} - System32\Tasks\{20F509B1-0BB8-4019-81CD-0BDBB31925CB} => C:\Program Files (x86)\BeamDog\Games\00766\Baldur.exe [2014-09-12] (Overhaul Games™)

    Task: {4E08EE92-F495-4B49-986E-89A05A9BF854} - System32\Tasks\{F8C1265A-EC74-414B-A314-DA6F646FF2FF} => C:\Program Files (x86)\BeamDog\Games\00766\Baldur.exe [2014-09-12] (Overhaul Games™)

    Task: {5637B750-9A5E-42AE-ACDF-DB5E520FAAD6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1645592776-1552282287-2170224798-1000UA => C:\Users\Trevor\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

    Task: {583DEE9D-A233-44C4-9DBD-2ABA0565AED4} - System32\Tasks\{744993DD-0B42-48C7-9C5B-8FABE7DA31B1} => C:\Program Files (x86)\Baldur's Gate Enhanced Edition\BGEE.exe [2012-11-29] (Overhaul Games™)

    Task: {5C44C6C7-2F34-4A4F-888C-D309CBD22D83} - System32\Tasks\SUPERAntiSpyware Scheduled Task ed805aaa-3e4b-4d18-b75e-92b1fb1f9462 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)

    Task: {5CC4B8DB-35DA-4865-85D1-8CE8FDB95273} - System32\Tasks\{AC3CE391-24D1-40DD-A750-E2C2D4800C79} => pcalua.exe -a "C:\Program Files (x86)\Steam\steam.exe" -c steam://uninstall/212680

    Task: {5F7DFF2F-BFD6-4E27-8259-032A9F7B1115} - System32\Tasks\{A91D388F-E3B2-45BB-949F-AEF78DE5A5D1} => C:\Program Files (x86)\BeamDog\Games\00766\Baldur.exe [2014-09-12] (Overhaul Games™)

    Task: {6D15140A-9BF7-43FE-873B-1D0E0C5D5A60} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Trevor\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-24] (Microsoft Corporation)

    Task: {6E32252E-CD30-4C65-B305-18749430DE30} - System32\Tasks\{01217261-7FB4-46A9-9A0E-3C860A6C10A7} => C:\Program Files (x86)\BeamDog\Games\00766\Baldur.exe [2014-09-12] (Overhaul Games™)

    Task: {70A7849A-C417-4744-AC8E-40219E56B899} - System32\Tasks\{2760E824-44D4-4B43-88BE-F460D7B5DE31} => pcalua.exe -a C:\Users\Trevor\Desktop\9357_23_expa_Stephanie4EliteBase_23.exe -d C:\Users\Trevor\Desktop

    Task: {7B238872-BA5F-47B2-815D-A7180E572856} - System32\Tasks\{5B7A8473-46DD-4EF4-90A1-CFAB04DB7A35} => pcalua.exe -a C:\dell\drivers\R249211\setup.exe -d C:\dell\drivers\R249211

    Task: {7C2295F2-F191-4C12-9573-3103BA8C209C} - System32\Tasks\{9D1F5804-FEEC-4C39-89E2-0FD0484F9F44} => C:\Program Files (x86)\BeamDog\Games\00766\Baldur.exe [2014-09-12] (Overhaul Games™)

    Task: {84ADAF87-BD4D-4C25-8009-CBFDAA13F7DB} - System32\Tasks\{FFC7B291-FED3-45D0-8EDD-2DB5D4950A3B} => C:\Program Files (x86)\BeamDog\Games\00766\Baldur.exe [2014-09-12] (Overhaul Games™)

    Task: {866D8BA3-ECB8-4278-9DAC-5827AAC06245} - System32\Tasks\{62D72035-58AA-4475-8092-8F08672499C3} => C:\Program Files (x86)\Cryptic Studios\Champions Online.exe

    Task: {87552809-BDCC-4EE0-A04C-5319B3E03F7B} - System32\Tasks\{74419A0B-AB46-4120-BEC0-CC31597049BF} => C:\Program Files (x86)\BeamDog\Games\00766\Baldur.exe [2014-09-12] (Overhaul Games™)

    Task: {89800CC3-B794-483D-8146-A91C125A3EFD} - System32\Tasks\{D3F2B805-E46E-4055-A89D-639FD8139A64} => pcalua.exe -a "C:\Users\Trevor\Desktop\Poser Files\ps_pe069_Victoria4DS.exe" -d "C:\Users\Trevor\Desktop\Poser Files"

    Task: {8B74A99F-25D3-4E0E-A22F-8E10588E0DF4} - System32\Tasks\{9ED5B50F-2FCF-4688-A8BB-4C91464B879D} => C:\Program Files (x86)\Baldur's Gate Enhanced Edition\BGEE.exe [2012-11-29] (Overhaul Games™)

    Task: {8DB2C2A3-B61B-4E16-B55B-9AB6E6B7713E} - System32\Tasks\{B096B6B5-C03A-452B-B17B-CB6226A2CDF6} => C:\Program Files (x86)\BeamDog\Games\00766\Baldur.exe [2014-09-12] (Overhaul Games™)

    Task: {90EFBBC7-D531-4B4F-A061-8AF917C5B3C9} - \IHUninstallTrackingTASK -> No File <==== ATTENTION

    Task: {9B832781-7B98-4B2E-AFDD-231A6E4544F4} - System32\Tasks\{42917117-97DC-4F7C-B4B5-8DFC9F64C704} => C:\Program Files (x86)\BeamDog\Games\00766\Baldur.exe [2014-09-12] (Overhaul Games™)

    Task: {9C49147D-C0CF-4522-B8E4-345575BD275C} - System32\Tasks\{B9AD087D-D86D-44FE-BF03-5A86E2FF16FD} => C:\Program Files (x86)\BeamDog\Games\00766\Baldur.exe [2014-09-12] (Overhaul Games™)

    Task: {9F0F527A-5213-4BA7-800E-6763420AD2C4} - System32\Tasks\{CD29DB36-7B03-4DCC-8CF4-A9BA657D214F} => C:\Program Files (x86)\BeamDog\Games\00766\Baldur.exe [2014-09-12] (Overhaul Games™)

    Task: {A2478141-80E6-4FBB-9B84-AD5BE680516B} - System32\Tasks\{D916B41F-7582-4867-A8A6-EC461919DB2B} => C:\Program Files (x86)\BeamDog\Games\00766\Baldur.exe [2014-09-12] (Overhaul Games™)

    Task: {A6DEAF93-B8EA-4C91-A49E-C904E24DA360} - System32\Tasks\{16CCA84C-1976-472D-B874-5CC30489B98F} => pcalua.exe -a F:\Setup.exe -d F:\

    Task: {A9F81D0D-09A0-4FD9-B0F7-E8F0F7AA8304} - System32\Tasks\{62069881-FF80-42D4-B859-AAD2542E9153} => C:\Users\Trevor\AppData\Roaming\uTorrent\uTorrent.exe [2016-08-07] (BitTorrent Inc.)

    Task: {AB67A2DA-B34F-409C-98A6-EE1B71CA7A11} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION

    Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION

    Task: {B0694431-9C3A-4844-9111-13037928DED1} - System32\Tasks\SUPERAntiSpyware Scheduled Task 7f27b3d5-66bf-49cc-8fd0-9190467f78ad => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)

    Task: {B8AC2827-41D5-4EAA-80E5-3F1764024111} - System32\Tasks\{BC0C323C-88F8-41AD-A880-12D9C25A41C3} => C:\Program Files (x86)\BeamDog\Games\00766\Baldur.exe [2014-09-12] (Overhaul Games™)

    Task: {BF1BF868-BAE0-48F4-8C12-0FEF1D51C1A3} - System32\Tasks\SUPERAntiSpyware Scheduled Task 2501b65a-d079-4e38-8c82-a577be3de2f0 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)

    Task: {C20B17F9-9F4F-4875-8D33-6933C3CCEE96} - System32\Tasks\{B926854A-F064-456F-9517-7CF5E6700C8E} => C:\Program Files (x86)\BeamDog\Games\00766\Baldur.exe [2014-09-12] (Overhaul Games™)

    Task: {C54744C3-3827-45BD-AD31-750D1FC29E3A} - System32\Tasks\{C9DB5284-1BFE-4253-8B65-2C9543B23456} => C:\Program Files (x86)\Scrivener\Scrivener.exe [2015-10-06] (Scrivener HQ Pty Ltd.)

    Task: {C5C786FE-7CAC-44D6-ACBC-67036B439E61} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com)

    Task: {CD2A9D77-215E-44DA-B5D5-9571017A6778} - System32\Tasks\{AB08DD32-5B65-43BD-9F9F-FBE869E14B33} => C:\Program Files (x86)\BeamDog\Games\00766\Baldur.exe [2014-09-12] (Overhaul Games™)

    Task: {CD72FAA9-F160-424C-AADA-862F9D824310} - System32\Tasks\{23BE454D-3289-4C26-8775-A9A753F59E8A} => C:\Program Files (x86)\BeamDog\Games\00766\Baldur.exe [2014-09-12] (Overhaul Games™)

    Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION

    Task: {D09F7138-E4EB-46F6-B2BE-D9E7043EA766} - System32\Tasks\{F23B540A-3376-4D15-B598-3F743AAB44E2} => C:\Program Files (x86)\BeamDog\Games\00766\Baldur.exe [2014-09-12] (Overhaul Games™)

    Task: {D71D2D25-4CC8-475D-9D5D-B89DE64F4D64} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe

    Task: {DB4FC8D3-BF72-456F-B91A-1B34227F63FA} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2014-03-25] (ASUSTek Computer Inc.)

    Task: {DD693CF4-92C5-4BC4-BECB-4BD5128058CF} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe

    Task: {DDB98FB4-EB92-4525-B551-1C9F1DE0F898} - System32\Tasks\{AA35A77D-77C8-4217-8A10-69FC8DE19CA6} => C:\Program Files (x86)\Baldur's Gate Enhanced Edition\BGEE.exe [2012-11-29] (Overhaul Games™)

    Task: {DF13BCF0-A286-46B1-98D7-ECD41F910288} - System32\Tasks\{3C7DC7B7-80B3-40DF-989C-6EE8C8048F07} => pcalua.exe -a "C:\Users\Trevor\Desktop\Poser Files\ps_pe069_Victoria4.exe" -d "C:\Users\Trevor\Desktop\Poser Files"

    Task: {E0266165-9478-4F56-A3FC-F1450F174B54} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION

    Task: {E0D4D059-19BB-4C01-8528-BDE22A4CB3B5} - System32\Tasks\{2414ECF4-6CF8-4846-8CB2-0E5F37F8D640} => C:\Users\Trevor\AppData\Roaming\uTorrent\uTorrent.exe [2016-08-07] (BitTorrent Inc.)

    Task: {E25AFC50-B92B-41C9-8128-77DDAABED012} - System32\Tasks\IHSelfDeleteTASK => /C DEL C:\Users\Trevor\AppData\Local\Temp\IHUB389.tmp.exe <==== ATTENTION

    Task: {E5D6DD66-FA56-4D6E-BCC1-B9E24D1D22C7} - System32\Tasks\{3F4C13C2-7EB9-476F-B4BF-758BE7067D59} => C:\Program Files (x86)\BeamDog\Games\00766\Baldur.exe [2014-09-12] (Overhaul Games™)

    Task: {E9E55696-94CD-41CA-A4D6-5D2286195575} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-13] (Adobe Systems Incorporated)

    Task: {F550F0CA-F39C-4932-895D-ED2A27B327E6} - System32\Tasks\{969084F1-37C7-4144-A6BC-D9D082E9AE5F} => C:\Program Files (x86)\BeamDog\Games\00766\Baldur.exe [2014-09-12] (Overhaul Games™)

    Task: {F66CF17B-70F8-4D3C-B9A0-112AEA83478F} - System32\Tasks\{7B9E256C-1C64-4ECB-8BC9-2E5ABE444A88} => C:\Program Files (x86)\BeamDog\Games\00766\Baldur.exe [2014-09-12] (Overhaul Games™)

    Task: {F802369D-FA5F-41B2-9C2E-DDB01E0BBD48} - System32\Tasks\{1D992464-2F4F-480C-9D24-0B291DF97CC0} => C:\Program Files (x86)\BeamDog\Games\00766\Baldur.exe [2014-09-12] (Overhaul Games™)

    Task: {F835D791-22C5-4064-BF96-7B0BCCD67F18} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1645592776-1552282287-2170224798-1000Core => C:\Users\Trevor\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

    Task: {F84085F2-88F7-4199-A904-CBFE1DFAA0E4} - System32\Tasks\{C3ADBB5B-5370-48E5-A8BF-B9F79738917D} => C:\Program Files (x86)\BeamDog\Games\00766\Baldur.exe [2014-09-12] (Overhaul Games™)

    Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION



    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)



    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645592776-1552282287-2170224798-1000Core.job => C:\Users\Trevor\AppData\Local\Google\Update\GoogleUpdate.exe

    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645592776-1552282287-2170224798-1000UA.job => C:\Users\Trevor\AppData\Local\Google\Update\GoogleUpdate.exe

    Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 2501b65a-d079-4e38-8c82-a577be3de2f0.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

    Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 7f27b3d5-66bf-49cc-8fd0-9190467f78ad.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task ed805aaa-3e4b-4d18-b75e-92b1fb1f9462.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE



    ==================== Shortcuts =============================



    (The entries could be listed to be restored or removed.)



    Shortcut: C:\Users\Trevor\Favorites\PSPVC PSP Video Converter.lnk -> hxxp://pspvc.nswardh.com/

    Shortcut: C:\Users\Trevor\Favorites\PSPVC on Twitter.lnk -> hxxp://twitter.com/swardh

    Shortcut: C:\Users\Trevor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAZ 3D\DAZStudio4\Online Documentation.lnk -> hxxp:docs.daz3d.com\doku.php\public\software\dazstudio(



    ==================== Loaded Modules (Whitelisted) ==============



    2012-02-21 17:59 - 2016-08-11 07:49 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

    2016-08-24 19:38 - 2016-08-24 19:38 - 01864384 _____ () C:\Users\Trevor\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll

    2015-05-29 11:28 - 2015-05-29 11:28 - 00048640 _____ () C:\Windows\SysWOW64\ASGT.exe

    2010-01-16 15:06 - 2011-08-18 11:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe

    2013-02-20 16:40 - 2011-05-05 16:36 - 00022528 _____ () C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe

    2013-02-20 16:40 - 2011-05-05 16:36 - 01479680 _____ () C:\Program Files\DAZ 3D\Content Management Service\ace_x64.dll

    2013-02-20 16:40 - 2011-05-05 16:36 - 00977408 _____ () C:\Program Files\DAZ 3D\Content Management Service\VServer_x64.dll

    2013-02-20 16:40 - 2011-05-05 16:36 - 01053696 _____ () C:\Program Files\DAZ 3D\Content Management Service\ace_ssl_x64.dll

    2013-02-20 16:40 - 2011-05-05 16:36 - 00155136 _____ () C:\Program Files\DAZ 3D\Content Management Service\asnmp_x64.dll

    2010-03-05 13:18 - 2010-03-05 13:18 - 00002560 _____ () C:\Windows\runservice.exe

    2016-10-12 18:31 - 2016-08-26 09:37 - 01175504 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-RANSOMWARE\arwlib.dll

    2016-10-12 18:31 - 2016-04-14 18:38 - 00745984 _____ () C:\Program Files\Malwarebytes\Anti-Ransomware\QtQuick\Controls\qtquickcontrolsplugin.dll

    2009-03-12 21:18 - 2014-08-05 21:01 - 01048576 _____ () C:\Program Files (x86)\Everything\Everything.exe

    2010-03-05 13:18 - 2010-03-05 13:18 - 00048640 _____ () C:\Windows\mmfs.dll

    2015-04-28 14:39 - 2016-06-14 16:03 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll

    2016-08-24 19:38 - 2016-08-24 19:38 - 01383616 _____ () C:\Users\Trevor\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll

    2016-08-24 19:38 - 2016-08-24 19:38 - 00118976 _____ () C:\Users\Trevor\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncViews.dll

    2016-10-04 19:04 - 2016-10-04 19:04 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll

    2016-03-11 19:01 - 2016-03-11 19:01 - 01114136 _____ () C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll

    2014-11-10 19:44 - 2014-11-10 19:44 - 36625920 _____ () C:\Program Files (x86)\Quicken\libcef.dll
     
  5. Polterdog

    Polterdog TS Rookie Topic Starter Posts: 31

    ==================== Alternate Data Streams (Whitelisted) =========



    (If an entry is included in the fixlist, only the ADS will be removed.)



    AlternateDataStreams: C:\ProgramData\Temp:0FF263E8 [123]

    AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]



    ==================== Safe Mode (Whitelisted) ===================



    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)





    ==================== Association (Whitelisted) ===============



    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)





    ==================== Internet Explorer trusted/restricted ===============



    (If an entry is included in the fixlist, it will be removed from the registry.)



    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com

    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com

    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com

    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com

    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com

    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com

    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com

    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com

    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com

    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com

    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com

    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com

    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com

    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com

    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net

    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net

    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info

    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com

    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com

    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com



    There are 7915 more sites.



    IE trusted site: HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\...\dell.com -> dell.com

    IE trusted site: HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\...\localhost -> localhost

    IE trusted site: HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\...\webcompanion.com -> hxxp://webcompanion.com

    IE restricted site: HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\...\007guard.com -> install.007guard.com

    IE restricted site: HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\...\008i.com -> 008i.com

    IE restricted site: HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\...\008k.com -> www.008k.com

    IE restricted site: HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\...\00hq.com -> www.00hq.com

    IE restricted site: HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\...\010402.com -> 010402.com

    IE restricted site: HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\...\0190-dialers.com -> 0190-dialers.com

    IE restricted site: HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\...\01i.info -> 01i.info

    IE restricted site: HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com

    IE restricted site: HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com

    IE restricted site: HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\...\0411dd.com -> 0411dd.com

    IE restricted site: HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\...\0511zfhl.com -> 0511zfhl.com

    IE restricted site: HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\...\05p.com -> 05p.com

    IE restricted site: HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\...\0632qyw.com -> 0632qyw.com

    IE restricted site: HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com

    IE restricted site: HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com

    IE restricted site: HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com

    IE restricted site: HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\...\0calories.net -> 0calories.net

    IE restricted site: HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\...\0cj.net -> 0cj.net

    IE restricted site: HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\...\0scan.com -> www.0scan.com

    IE restricted site: HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\...\1-2005-search.com -> www.1-2005-search.com



    There are 12730 more sites.





    ==================== Hosts content: ===============================



    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)



    2009-07-13 22:34 - 2016-10-11 12:45 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts



    127.0.0.1 localhost



    ==================== Other Areas ============================



    (Currently there is no automatic fix for this section.)



    HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Trevor\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

    DNS Servers: 192.168.2.1

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)

    Windows Firewall is enabled.



    ==================== MSCONFIG/TASK MANAGER disabled items ==



    MSCONFIG\Services: AdvancedSystemCareService9 => 2

    MSCONFIG\Services: Apple Mobile Device => 2

    MSCONFIG\Services: ArcService => 3

    MSCONFIG\Services: Bonjour Service => 2

    MSCONFIG\Services: DAUpdaterSvc => 3

    MSCONFIG\Services: DragonSvc => 2

    MSCONFIG\Services: hidserv => 3

    MSCONFIG\Services: HitmanProScheduler => 2

    MSCONFIG\Services: LiveUpdateSvc => 2

    MSCONFIG\Services: Nero BackItUp Scheduler 4.0 => 2

    MSCONFIG\Services: Origin Client Service => 3

    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk => C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup

    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup

    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup

    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PrivateTunnel.lnk => C:\Windows\pss\PrivateTunnel.lnk.CommonStartup

    MSCONFIG\startupfolder: C:^Users^Trevor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup

    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

    MSCONFIG\startupreg: Advanced SystemCare 9 => "C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe" /Auto

    MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

    MSCONFIG\startupreg: BDRegion => c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe

    MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files (x86)\CCleaner\CCleaner64.exe" /MONITOR

    MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 5\CyberGhost.exe" /autostart /min

    MSCONFIG\startupreg: DNS7reminder => "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini"

    MSCONFIG\startupreg: Everything => "C:\Program Files (x86)\Everything\Everything.exe" -startup

    MSCONFIG\startupreg: FreeAC => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe -autorun

    MSCONFIG\startupreg: GalaxyClient => C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe /launchViaAutoStart

    MSCONFIG\startupreg: Google Update => "C:\Users\Trevor\AppData\Local\Google\Update\GoogleUpdate.exe" /c

    MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler

    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

    MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

    MSCONFIG\startupreg: PDVD8LanguageShortcut => "c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"

    MSCONFIG\startupreg: Reader Application Helper => C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe

    MSCONFIG\startupreg: RemoteControl8 => "c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"

    MSCONFIG\startupreg: RemoveShowDesktopButton => C:\Windows\sdbr.exe hide

    MSCONFIG\startupreg: ROC_roc_dec12 => "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

    MSCONFIG\startupreg: Skytel => C:\Program Files\Realtek\Audio\HDA\Skytel.exe

    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

    MSCONFIG\startupreg: uTorrent => "C:\Users\Trevor\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED

    MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Secure Search\vprot.exe"



    ==================== FirewallRules (Whitelisted) ===============



    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)



    FirewallRules: [{49E30BC1-9815-4CAD-BE99-6AF03CD6EAE9}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD8\PowerDVD8.EXE

    FirewallRules: [{AF810A37-5BA0-454A-86D7-13D735076CA9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

    FirewallRules: [{AED9E667-EF42-4C11-A805-1903AA5369DB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

    FirewallRules: [TCP Query User{4C4DFEC9-2BFC-4D40-BA0E-BC716CA064E4}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe

    FirewallRules: [UDP Query User{72F3BEB7-BD0C-4B84-8566-63767B0523C1}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe

    FirewallRules: [{07F5419F-F03E-4E7E-9EE3-761EEEE4F899}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe

    FirewallRules: [TCP Query User{55E689D4-018C-47FC-B72B-9DDD64AD3F51}C:\program files (x86)\curious labs\poser 6\poser.exe] => (Block) C:\program files (x86)\curious labs\poser 6\poser.exe

    FirewallRules: [UDP Query User{4B23FF6B-8222-4A9E-9039-27D844BCC8DB}C:\program files (x86)\curious labs\poser 6\poser.exe] => (Block) C:\program files (x86)\curious labs\poser 6\poser.exe

    FirewallRules: [{22C8EAB4-EFDF-4401-9B76-D9707C7F7F4A}] => (Allow) E:\Program Files\uTorrent\uTorrent.exe

    FirewallRules: [{AF311194-3B36-4301-ACFA-97A298669C99}] => (Allow) E:\Program Files\uTorrent\uTorrent.exe

    FirewallRules: [{9A127494-6F1B-4DD4-9B1F-A82E9DC72DD2}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daorigins.exe

    FirewallRules: [{F1EF0F05-7AF0-4105-BB61-F5FAD3A3E6EA}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daorigins.exe

    FirewallRules: [{09494011-F99F-403B-B4DD-B48BF3C27D4D}] => (Allow) C:\Program Files (x86)\Dragon Age\DAOriginsLauncher.exe

    FirewallRules: [{CFAF3591-CFEB-4EB1-A3E4-F15787293CBF}] => (Allow) C:\Program Files (x86)\Dragon Age\DAOriginsLauncher.exe

    FirewallRules: [{DD3A8F26-D9B0-401D-B55F-9703B1D44D8C}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe

    FirewallRules: [{C2BF2C02-59B4-4DCC-BBC5-473ED3F04865}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe

    FirewallRules: [{E7A7A500-336B-4E35-AAB2-F52595BBCD2D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

    FirewallRules: [{E46EDB05-03ED-42B1-AB2B-41E6D89DDD53}] => (Allow) LPort=2869

    FirewallRules: [{4A452023-FDC6-42E0-B2F3-44BFE510D26C}] => (Allow) LPort=1900

    FirewallRules: [{162C60CB-2295-48E4-ACE3-E86AABCD8734}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

    FirewallRules: [{CECE4ABA-5EA2-49DD-982A-6FC8E3D4645A}] => (Allow) C:\Program Files (x86)\Dragon Age 2\bin_ship\DragonAge2.exe

    FirewallRules: [{C5AF0433-BF16-4A7A-AABF-8E78CAAF38C3}] => (Allow) C:\Program Files (x86)\Dragon Age 2\bin_ship\DragonAge2.exe

    FirewallRules: [{856C2638-E4ED-403A-92A9-7CCACF9E796D}] => (Allow) C:\Program Files (x86)\Dragon Age 2\DragonAge2Launcher.exe

    FirewallRules: [{206CA681-1784-4B95-920E-40216144F594}] => (Allow) C:\Program Files (x86)\Dragon Age 2\DragonAge2Launcher.exe

    FirewallRules: [{A6C6964C-37D9-4467-941E-68CF107AC506}] => (Allow) C:\Program Files (x86)\Mass Effect\Binaries\MassEffect.exe

    FirewallRules: [{9E273AEA-00DB-43FF-9AD1-0E5EF17AD162}] => (Allow) C:\Program Files (x86)\Mass Effect\Binaries\MassEffect.exe

    FirewallRules: [{9C0164B1-3B4C-40B6-B766-CF2A30BB445D}] => (Allow) C:\Program Files (x86)\Mass Effect\MassEffectLauncher.exe

    FirewallRules: [{D2D05632-ACD7-4C8B-9F2B-6F782CD4A427}] => (Allow) C:\Program Files (x86)\Mass Effect\MassEffectLauncher.exe

    FirewallRules: [{D3771278-7A18-4335-A124-0D7F5E2709F3}] => (Allow) C:\Program Files (x86)\HollywoodMogul3\hm3.exe

    FirewallRules: [{C16B3628-BE80-4EF0-B6D6-4F8D11D134B4}] => (Allow) C:\Program Files (x86)\HollywoodMogul3\hm3.exe

    FirewallRules: [TCP Query User{B6E9B88E-025D-41D2-A0B9-B0EED37B6162}E:\mirc\mirc.exe] => (Block) E:\mirc\mirc.exe

    FirewallRules: [UDP Query User{E194A098-1579-427E-BDD5-3A7344A7DA6E}E:\mirc\mirc.exe] => (Block) E:\mirc\mirc.exe

    FirewallRules: [TCP Query User{46B00044-EDCC-4FC3-AFEC-E0885C62C489}C:\program files (x86)\dragon age\bin_ship\daorigins.exe] => (Allow) C:\program files (x86)\dragon age\bin_ship\daorigins.exe

    FirewallRules: [UDP Query User{7773A525-B395-421A-A52B-4D40BC68ECE1}C:\program files (x86)\dragon age\bin_ship\daorigins.exe] => (Allow) C:\program files (x86)\dragon age\bin_ship\daorigins.exe

    FirewallRules: [{3289AE5C-F33B-43A7-8A15-2DD879B2AE92}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe

    FirewallRules: [{FBBC38E7-F9E7-4875-BFC5-61C419581EC9}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe

    FirewallRules: [TCP Query User{F2E73E31-CBB5-4A14-8F55-C458857FA388}C:\program files (x86)\electronic arts\bioware\star wars - the old republic\betatest\retailclient\swtor.exe] => (Allow) C:\program files (x86)\electronic arts\bioware\star wars - the old republic\betatest\retailclient\swtor.exe

    FirewallRules: [UDP Query User{D3B8D9B7-1243-4B09-9E27-57D2F1D133D3}C:\program files (x86)\electronic arts\bioware\star wars - the old republic\betatest\retailclient\swtor.exe] => (Allow) C:\program files (x86)\electronic arts\bioware\star wars - the old republic\betatest\retailclient\swtor.exe

    FirewallRules: [{D076527B-D452-4A75-BFC6-2AAC193BA4D7}] => (Allow) C:\Program Files (x86)\Dragon Age\tools\GffEditor.exe

    FirewallRules: [{18E3C544-B0C0-4B0D-A5E7-B2896CB2DE39}] => (Allow) C:\Program Files (x86)\Dragon Age\tools\GffEditor.exe

    FirewallRules: [{AFB2E0EB-586F-4904-ACBA-2A03ABC7FC97}] => (Allow) C:\Program Files (x86)\Dragon Age\tools\ErfEditor.exe

    FirewallRules: [{5CAD97B4-EF06-4ECD-A5C3-E1E33AFB16AD}] => (Allow) C:\Program Files (x86)\Dragon Age\tools\ErfEditor.exe

    FirewallRules: [{A549842B-E3BE-49F7-9C20-D42CE5F11D17}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\swtor\retailclient\swtor.exe

    FirewallRules: [{7EC0C227-C3E8-4850-839E-604A76C3E484}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\swtor\retailclient\swtor.exe

    FirewallRules: [{5EF7B69D-00D7-4D72-A32E-1B9028F5CCAB}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\swtor\retailclient\swtor.exe

    FirewallRules: [{059F74F8-11C3-4A4C-AFA1-8DDB4F3898C2}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\swtor\retailclient\swtor.exe

    FirewallRules: [{4AAB739C-D1AA-4232-A0C4-69D97308F10D}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe

    FirewallRules: [{BD606EF6-3D56-4964-A4D0-BEB04559ABB2}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe

    FirewallRules: [{57ABAF1D-A37C-4768-B222-A49145DAECD2}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe

    FirewallRules: [{41E05A38-588C-4B5F-AD7F-DB6E9AF08A63}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe

    FirewallRules: [{6D449565-6D4D-4E43-94B6-76F0A01E8E11}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe

    FirewallRules: [{54AE5C96-2607-4228-952C-D711E2D878FA}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe

    FirewallRules: [{BBF3E2B6-DD86-449F-990D-E83619BE26FC}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe

    FirewallRules: [{A93DC9EC-072C-4851-8EC4-C9EB949A9045}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe

    FirewallRules: [TCP Query User{43B412D7-0C15-4841-9AA2-1A3A2985EA28}C:\program files (x86)\beamdog\beamdog.launcher.exe] => (Allow) C:\program files (x86)\beamdog\beamdog.launcher.exe

    FirewallRules: [UDP Query User{5F67EA85-EAE2-48AA-8DD8-66046EE75A2E}C:\program files (x86)\beamdog\beamdog.launcher.exe] => (Allow) C:\program files (x86)\beamdog\beamdog.launcher.exe

    FirewallRules: [{149AB87A-8523-47E7-B7A6-93191C602B3C}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe

    FirewallRules: [{45FACCDA-C4F6-4F49-9DEA-CB3A97049368}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe

    FirewallRules: [{28B7FD70-10A0-43FD-8A6F-D0424477FDCE}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe

    FirewallRules: [{DFA9437C-3D2E-4D08-A84B-8899F2B207A5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

    FirewallRules: [{5D5774FF-23D0-415D-BBC3-35C0E61683D0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

    FirewallRules: [{61C9749D-D319-4FFF-B82A-E3896A0AE65E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

    FirewallRules: [{C3B3D321-450C-4B99-AC24-007F79C41A5E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

    FirewallRules: [{E2B95A3F-C8B3-4645-9926-3D3E7A9E6126}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe

    FirewallRules: [TCP Query User{96686D9B-08B2-409D-A187-28F8B153D492}C:\program files (x86)\gazillion entertainment\marvel heroes\unrealengine3\binaries\win32\marvelgame.exe] => (Allow) C:\program files (x86)\gazillion entertainment\marvel heroes\unrealengine3\binaries\win32\marvelgame.exe

    FirewallRules: [UDP Query User{C8485275-E38D-4491-8339-A5B288F38E8A}C:\program files (x86)\gazillion entertainment\marvel heroes\unrealengine3\binaries\win32\marvelgame.exe] => (Allow) C:\program files (x86)\gazillion entertainment\marvel heroes\unrealengine3\binaries\win32\marvelgame.exe

    FirewallRules: [{D052AC2C-67D7-4C93-A5CF-B98574F74F0D}] => (Allow) C:\Users\Trevor\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe

    FirewallRules: [TCP Query User{9405C89B-7F75-422A-ABE1-940BA8C53387}C:\program files (x86)\baldur's gate enhanced edition\bgee.exe] => (Allow) C:\program files (x86)\baldur's gate enhanced edition\bgee.exe

    FirewallRules: [UDP Query User{F7D3F7CC-85F5-474F-84C5-7CFA091305A5}C:\program files (x86)\baldur's gate enhanced edition\bgee.exe] => (Allow) C:\program files (x86)\baldur's gate enhanced edition\bgee.exe

    FirewallRules: [{C106BE3A-424F-425D-BFF0-49C2483B58A5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\the witcher 2\Launcher.exe

    FirewallRules: [{E2710BF6-281F-4BC3-B6BF-2E06DDE095CD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\the witcher 2\Launcher.exe

    FirewallRules: [{EC53805F-3FA0-4EC6-B964-A1A26A294CB6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\King's Bounty - The Legend\kb.exe

    FirewallRules: [{034C447B-7C2E-4D81-9735-6A2C52D828C4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\King's Bounty - The Legend\kb.exe

    FirewallRules: [{8BE600F2-C830-47DF-A55B-0F73562C323D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\King's Bounty - The Legend\save_fixer.exe

    FirewallRules: [{619E0E99-A669-4DBF-B806-FB8B87DD7408}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\King's Bounty - The Legend\save_fixer.exe

    FirewallRules: [{3E10FD49-4C98-4F14-928A-6CC4DA85A111}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Alan Wake\AlanWake.exe

    FirewallRules: [{8C3B158F-BB43-468F-A0AA-AD2DBCC96F63}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Alan Wake\AlanWake.exe

    FirewallRules: [{40F4F3B2-DE64-4E23-9A1B-13106B6A3A4A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Leisure Suit Larry in the Land of the Lounge Lizards Reloaded\LarryReloaded.exe

    FirewallRules: [{425DA194-D9E0-47BC-AB7C-41292CE1EF3C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Leisure Suit Larry in the Land of the Lounge Lizards Reloaded\LarryReloaded.exe

    FirewallRules: [{14D66D33-821F-4589-9BA0-30F98CC8F76F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe

    FirewallRules: [{629E0F46-511C-400E-91C9-7CAFF9557B35}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe

    FirewallRules: [{31D79DC5-12BD-41ED-A365-9D7A797D5EDC}] => (Allow) G:\Games\Steam\SteamApps\common\the witcher 2\Launcher.exe

    FirewallRules: [{F9E8EEA1-F747-497D-80D0-D8BBE54C2A2D}] => (Allow) G:\Games\Steam\SteamApps\common\the witcher 2\Launcher.exe

    FirewallRules: [{6B1C3EF4-A088-448D-A988-CEA658646DA6}] => (Allow) G:\Games\Steam\SteamApps\common\King's Bounty - The Legend\kb.exe

    FirewallRules: [{CE9DA1D2-663E-4813-85E8-8DE42A56DA18}] => (Allow) G:\Games\Steam\SteamApps\common\King's Bounty - The Legend\kb.exe

    FirewallRules: [{F4201ECE-1EAE-4BF9-9855-E7AA832F3C1B}] => (Allow) G:\Games\Steam\SteamApps\common\King's Bounty - The Legend\save_fixer.exe

    FirewallRules: [{4EF83B04-204B-45C6-9E4B-12D1798F3DAC}] => (Allow) G:\Games\Steam\SteamApps\common\King's Bounty - The Legend\save_fixer.exe

    FirewallRules: [{0D5C693C-9554-48EE-887D-4CC63EA392D2}] => (Allow) C:\Program Files (x86)\Opera\opera.exe

    FirewallRules: [{C1A1E9AB-0D1A-409D-8306-0EA7D7066851}] => (Allow) C:\Program Files (x86)\Opera\opera.exe

    FirewallRules: [{9C948C7D-AD45-4E51-8535-B4C65D58A59F}] => (Allow) G:\Games\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe

    FirewallRules: [{E59F09A1-ABD9-4E36-94FB-253004B17192}] => (Allow) G:\Games\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe

    FirewallRules: [{98AB2345-92B0-43F8-B603-9281606C79CF}] => (Allow) G:\Games\Steam\SteamApps\common\Leisure Suit Larry in the Land of the Lounge Lizards Reloaded\LarryReloaded.exe

    FirewallRules: [{A99CB411-1E05-4DD9-B81F-28CC53DF6ECB}] => (Allow) G:\Games\Steam\SteamApps\common\Leisure Suit Larry in the Land of the Lounge Lizards Reloaded\LarryReloaded.exe

    FirewallRules: [{71ACEC3E-092F-479F-A43B-369A934DE9DC}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

    FirewallRules: [{531CE928-4C25-4DA8-8EE0-33B79B38CD4F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

    FirewallRules: [{FED1631B-B1A4-4416-8ADE-0B2C381ECD52}] => (Allow) G:\Games\Steam\SteamApps\common\Alan Wake\AlanWake.exe

    FirewallRules: [{1B9E05C4-AC4E-47FB-A065-34286E2F141B}] => (Allow) G:\Games\Steam\SteamApps\common\Alan Wake\AlanWake.exe

    FirewallRules: [{9F73AEA6-B44A-42AC-BF3F-D1F1BD5E7ABA}] => (Allow) G:\Games\Steam\SteamApps\common\Shadowrun Returns\Shadowrun.exe

    FirewallRules: [{9DC35499-A9CF-4987-88D7-BDFEC22A8352}] => (Allow) G:\Games\Steam\SteamApps\common\Shadowrun Returns\Shadowrun.exe

    FirewallRules: [{1661C7B4-5773-41DF-9759-794A2227207C}] => (Allow) G:\Games\Steam\SteamApps\common\Jade Empire\JadeEmpireLauncher.exe

    FirewallRules: [{5790486F-7C6C-461E-A769-898E54DFC60A}] => (Allow) G:\Games\Steam\SteamApps\common\Jade Empire\JadeEmpireLauncher.exe

    FirewallRules: [{11A8EF7F-4EFD-4311-B60D-838BA1DEC835}] => (Allow) G:\Games\Steam\SteamApps\common\Jade Empire\JadeEmpireConfig.exe

    FirewallRules: [{B45C42C9-E9F8-4E8F-99BC-C075A925849F}] => (Allow) G:\Games\Steam\SteamApps\common\Jade Empire\JadeEmpireConfig.exe

    FirewallRules: [{A6DA5A5C-1E3E-4771-A6AA-9027BBE6EAA1}] => (Allow) G:\Games\Steam\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win32\MarvelGame.exe

    FirewallRules: [{3A2AD0DD-D7E5-4B9B-ACE0-6C2C2EDB62F2}] => (Allow) G:\Games\Steam\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win32\MarvelGame.exe

    FirewallRules: [{8B5E39AC-5CC9-4755-B395-B7C3D060A757}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

    FirewallRules: [{349ACFBC-1AA4-4BC6-B6E0-CC2F9E664222}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

    FirewallRules: [{83539628-ABC3-43BF-B041-81FCEC48CAF2}] => (Allow) G:\Games\Steam\SteamApps\common\Shadowrun Returns\Shadowrun.exe

    FirewallRules: [{1CBC217E-CE73-41BF-859E-580C6F78BF9E}] => (Allow) G:\Games\Steam\SteamApps\common\Shadowrun Returns\Shadowrun.exe

    FirewallRules: [{33A373F9-EA67-4F7B-8920-2266B38A9534}] => (Allow) G:\Games\Steam\SteamApps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe

    FirewallRules: [{4F43790C-AA69-4DDD-BC48-C1E60F63CC7C}] => (Allow) G:\Games\Steam\SteamApps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe

    FirewallRules: [{203452A1-AA4F-4799-8590-C3B80761F319}] => (Allow) G:\Games\Steam\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win32\MarvelGame.exe

    FirewallRules: [{04409A3B-25AC-4BFD-8BF1-79637CB431DA}] => (Allow) G:\Games\Steam\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win32\MarvelGame.exe

    FirewallRules: [{3B55A883-7D8D-4201-94D4-4C84D2E76CCB}] => (Allow) G:\Games\Steam\Steam.exe

    FirewallRules: [{CEFC81B0-F487-45DD-B88B-15B3589B7E0E}] => (Allow) G:\Games\Steam\Steam.exe

    FirewallRules: [{F2E8480F-04A9-4DF3-89C9-BEDC09D91903}] => (Allow) G:\Games\Steam\SteamApps\common\Scribblenauts Unmasked\Scribble.exe

    FirewallRules: [{639A7000-6246-4B35-95C8-1248C59B1633}] => (Allow) G:\Games\Steam\SteamApps\common\Scribblenauts Unmasked\Scribble.exe

    FirewallRules: [TCP Query User{132EA6BC-127F-48FA-BA40-D69CC8DA2A5D}E:\mirc\mirc.exe] => (Allow) E:\mirc\mirc.exe

    FirewallRules: [UDP Query User{E6A6505B-1D8D-4C57-ACF0-707A1FD7ED1D}E:\mirc\mirc.exe] => (Allow) E:\mirc\mirc.exe

    FirewallRules: [{B8A77CE8-D718-43C6-95EB-03542B5028AD}] => (Allow) G:\Games\Steam\SteamApps\common\Broken Sword Shadow of the Templars\bs1dc.exe

    FirewallRules: [{9360200F-7E71-4CBD-9348-B0A903A6FEBE}] => (Allow) G:\Games\Steam\SteamApps\common\Broken Sword Shadow of the Templars\bs1dc.exe

    FirewallRules: [{667892C8-F737-42D6-BF1A-8B2C3FE253BE}] => (Allow) G:\Games\Steam\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win32\MarvelHeroes2015.exe

    FirewallRules: [{B1F11A71-516C-4882-B183-5A591F77A7F9}] => (Allow) G:\Games\Steam\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win32\MarvelHeroes2015.exe

    FirewallRules: [{AE402559-A1F5-4F03-8B3D-F20D3D5178C9}] => (Allow) G:\Games\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe

    FirewallRules: [{13ACA6E0-1FDC-4E87-B93A-F1801579BB40}] => (Allow) G:\Games\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe

    FirewallRules: [{10B864E8-1D66-4DC8-8B31-83DCE70EA922}] => (Allow) G:\Games\Steam\SteamApps\common\The Sims Medieval\Game\Bin\TSM.exe

    FirewallRules: [{8E783514-4B93-4ECC-B301-1275A1313559}] => (Allow) G:\Games\Steam\SteamApps\common\The Sims Medieval\Game\Bin\TSM.exe

    FirewallRules: [{2BAC827B-EB1C-43C3-A10D-B25F13D91A76}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe

    FirewallRules: [{057C67C9-4620-4B6A-8A93-6EA00C7C6F3E}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe

    FirewallRules: [{A0846FB0-6FF5-4615-A644-89DFCFE79836}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe

    FirewallRules: [{F215D071-3A1D-4C72-8922-95703A099278}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe

    FirewallRules: [{1FF1E100-2999-4752-AE3E-F28C9275ABAD}] => (Allow) G:\HappyCloud\Cache\TERA\TERA-Launcher.exe

    FirewallRules: [{94296674-5398-4600-82D2-CEF77F8246A0}] => (Allow) G:\HappyCloud\Cache\TERA\TERA-Launcher.exe

    FirewallRules: [{172DDB0A-D650-48BA-BA96-CD6A7D494704}] => (Allow) G:\HappyCloud\Cache\TERA\Client\TL.exe

    FirewallRules: [{98B82CE1-F4FC-4609-B025-E3966409AB0A}] => (Allow) G:\HappyCloud\Cache\TERA\Client\TL.exe

    FirewallRules: [{37AC57F4-1B91-4337-878D-A529A8DCD04B}] => (Allow) G:\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe

    FirewallRules: [{9B3A1AB5-DD64-4FC8-ACD2-F9DFE2577585}] => (Allow) G:\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe

    FirewallRules: [{1BB7A158-EE3A-465A-8604-B3A77E68681E}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4 Create A Sim Demo\Game\Bin\TS4CAS.exe

    FirewallRules: [{8487F072-3734-4419-A427-BFF80A10CEBE}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4 Create A Sim Demo\Game\Bin\TS4CAS.exe

    FirewallRules: [{D36DF2F2-A285-421C-823E-A6D6D2771AD4}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe

    FirewallRules: [{3B16A197-6AC1-460B-8EDE-8119A178204A}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe

    FirewallRules: [{85D98E0E-EF07-48FB-BF0B-760F1E535BD2}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity 2000 SE\Game\Game\DOSBox\DOSBox.exe

    FirewallRules: [{32E02BEF-5906-47BB-A053-D9FAE70E74FC}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity 2000 SE\Game\Game\DOSBox\DOSBox.exe

    FirewallRules: [{C1F9BCE2-AFB6-4E92-AC11-B045E1FFC21D}] => (Allow) G:\Games\Steam\bin\steamwebhelper.exe

    FirewallRules: [{974D940D-1B4E-4A94-8EF3-9FEDA27F59D3}] => (Allow) G:\Games\Steam\bin\steamwebhelper.exe

    FirewallRules: [{F123521E-8EFA-4AA5-B701-5570E6E6CC23}] => (Allow) C:\Program Files (x86)\Origin Games\Syndicate (1993)\data\Game\DOSBox\LAUNCHER.exe

    FirewallRules: [{5A747DE5-480B-4C13-835B-CC235AB94733}] => (Allow) C:\Program Files (x86)\Origin Games\Syndicate (1993)\data\Game\DOSBox\LAUNCHER.exe

    FirewallRules: [{28BC8A27-D873-4677-B2A8-54686CA8F04C}] => (Allow) G:\Games\Steam\SteamApps\common\Pillars of Eternity\PillarsOfEternity.exe

    FirewallRules: [{B3D78AF3-B654-4FE2-9ACE-0B8F736F1BBD}] => (Allow) G:\Games\Steam\SteamApps\common\Pillars of Eternity\PillarsOfEternity.exe

    FirewallRules: [{635063E9-1511-4B41-A905-73BF9A55E686}] => (Allow) C:\Users\Trevor\AppData\Roaming\uTorrent\uTorrent.exe

    FirewallRules: [{6D180673-7293-4F04-A1F3-F031C1F24F7C}] => (Allow) C:\Users\Trevor\AppData\Roaming\uTorrent\uTorrent.exe

    FirewallRules: [{DD529B8E-8E05-4D6B-A4E7-91D600A128B8}] => (Allow) C:\Program Files (x86)\Origin Games\Ultima 8\Game\Game\DOSBox\DOSBox.exe

    FirewallRules: [{1C279089-2CED-4C0D-B9E4-9E1A2A084B97}] => (Allow) C:\Program Files (x86)\Origin Games\Ultima 8\Game\Game\DOSBox\DOSBox.exe

    FirewallRules: [{63D3C89F-43B3-4FBF-B514-7734C46D1A66}] => (Allow) G:\Games\Steam\SteamApps\common\Heroine's Quest\Heroine's Quest.exe

    FirewallRules: [{4329B9D4-097D-44D7-BC2B-EA4332E91B75}] => (Allow) G:\Games\Steam\SteamApps\common\Heroine's Quest\Heroine's Quest.exe

    FirewallRules: [{1A540182-9C84-4EA3-B3A2-9DEC757DB1EA}] => (Allow) G:\Games\Steam\SteamApps\common\Homeworld\HWLauncher\Launcher.exe

    FirewallRules: [{19A48817-E496-475E-9065-F9F622CA3CC8}] => (Allow) G:\Games\Steam\SteamApps\common\Homeworld\HWLauncher\Launcher.exe

    FirewallRules: [{26556BD2-D263-4381-91D4-0B0249119CF7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe

    FirewallRules: [{90E217B9-E20F-44E1-B27B-C6474C8E5084}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe

    FirewallRules: [{A27DB6CE-993C-4A82-BEA4-89311FB83685}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe

    FirewallRules: [{D6E98FCA-51E4-4B20-9434-FCC2E9976BA5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

    FirewallRules: [{4A15CA04-E4AB-4F20-AE44-CA12AC6EF693}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

    FirewallRules: [{7414D9D1-8177-429D-B14F-73AD1075846D}] => (Allow) G:\Games\Steam\SteamApps\common\InvisibleInc\invisibleinc.exe

    FirewallRules: [{6C9C172C-B168-4132-B844-3691E735CE15}] => (Allow) G:\Games\Steam\SteamApps\common\InvisibleInc\invisibleinc.exe

    FirewallRules: [{C39A045D-E7FF-4992-BA87-2C7E6E93FD39}] => (Allow) G:\Games\Steam\SteamApps\common\Torchlight\Torchlight.exe

    FirewallRules: [{4C06089C-D8D1-4BC7-B09C-C0BADC4C8637}] => (Allow) G:\Games\Steam\SteamApps\common\Torchlight\Torchlight.exe

    FirewallRules: [{0D36F229-8CF8-4FE7-AACD-23F8A4F14ADA}] => (Allow) G:\Games\Steam\SteamApps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe

    FirewallRules: [{B2ADD6CE-F748-49CE-A11F-74A704051B83}] => (Allow) G:\Games\Steam\SteamApps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe

    FirewallRules: [{7C5A6983-1D70-4342-ADC3-42B8E60DB383}] => (Allow) G:\Games\Steam\SteamApps\common\FTL Faster Than Light\FTLGame.exe

    FirewallRules: [{6F54FC18-4D27-4F3C-B681-2C6295CC16E5}] => (Allow) G:\Games\Steam\SteamApps\common\FTL Faster Than Light\FTLGame.exe

    FirewallRules: [{760D789E-2D16-4266-B262-F01D4D74490F}] => (Allow) G:\Games\Steam\SteamApps\common\Game of Thrones\Thrones.exe

    FirewallRules: [{31AC1597-7280-4716-A647-046640E71EE2}] => (Allow) G:\Games\Steam\SteamApps\common\Game of Thrones\Thrones.exe

    FirewallRules: [{4AD43CD8-1F40-47DD-B536-B3974AC3B263}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    FirewallRules: [{09460CFA-F49D-4307-AEC6-8DC564399AA5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    FirewallRules: [{9D1CE529-65DB-4A36-BA92-832E2F91545E}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe

    FirewallRules: [{04E131A8-7BDF-48AF-916C-A756CD33ED40}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe

    FirewallRules: [{C55E5D6E-68A6-4857-A37B-B483DF749543}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    FirewallRules: [{4F94DF74-AB38-476A-B326-74A006E679BC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    FirewallRules: [{3F67D6B8-0BE4-408F-BCE5-9D0B57CB9F15}] => (Allow) G:\Games\Steam\SteamApps\common\Doodle God\DoodleGod.exe

    FirewallRules: [{3FCB040E-F0F6-4543-9BBA-59DC97A280CF}] => (Allow) G:\Games\Steam\SteamApps\common\Doodle God\DoodleGod.exe

    FirewallRules: [{7F322E2E-B22E-42E6-889A-ECF24105F962}] => (Allow) G:\Games\Steam\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2016.exe

    FirewallRules: [{950B9A8D-00FF-4C4E-91BA-BA5C30310872}] => (Allow) G:\Games\Steam\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2016.exe

    FirewallRules: [{57DC029F-2363-4ECA-9EE7-378E433E21D6}] => (Allow) G:\Games\Steam\SteamApps\common\NEKOPARA Vol. 1\nekopara_vol1.exe

    FirewallRules: [{A2AC7C7E-5AEF-4958-8BA7-A1CF57D41CE2}] => (Allow) G:\Games\Steam\SteamApps\common\NEKOPARA Vol. 1\nekopara_vol1.exe

    FirewallRules: [{3EFCD0AE-BEFE-4B14-8501-623A8B26DA61}] => (Allow) G:\Games\Steam\SteamApps\common\The Purring Quest\ThePurringQuest.exe

    FirewallRules: [{A9D9C1EF-3195-4FE4-BCB6-767CFE5BE9C3}] => (Allow) G:\Games\Steam\SteamApps\common\The Purring Quest\ThePurringQuest.exe

    FirewallRules: [{68EA30E7-B7ED-446C-8DB1-CA10C7894D76}] => (Allow) G:\Games\Steam\SteamApps\common\Portal\hl2.exe

    FirewallRules: [{F545645E-625D-450F-A9E0-B11E9F9ED847}] => (Allow) G:\Games\Steam\SteamApps\common\Portal\hl2.exe

    FirewallRules: [{B58EAD14-D6F2-4C55-93D3-4FDB941AE726}] => (Allow) C:\Program Files (x86)\HollywoodMovieStudio\hms.exe

    FirewallRules: [{3075E8A7-6C6B-405F-8708-8AE6FD618538}] => (Allow) C:\Program Files (x86)\HollywoodMovieStudio\hms.exe

    FirewallRules: [{FDF32A29-75E6-4F1D-AE12-3E08512465A1}] => (Allow) G:\Games\Steam\SteamApps\common\Showtime\Showtime.exe

    FirewallRules: [{8E13C82A-04F4-476D-BBB0-59120ABE9AD6}] => (Allow) G:\Games\Steam\SteamApps\common\Showtime\Showtime.exe

    FirewallRules: [{8BAA48ED-33BD-4206-8141-A27E0A92141C}] => (Allow) G:\Games\Steam\SteamApps\common\Showtime\Editor.exe

    FirewallRules: [{3446AF10-DB7B-41DA-8993-81ED082F5013}] => (Allow) G:\Games\Steam\SteamApps\common\Showtime\Editor.exe

    FirewallRules: [{9F2A3A33-D625-4611-A90B-1B6582F1372B}] => (Allow) C:\Users\Trevor\AppData\Local\Google\Chrome\Application\chrome.exe

    FirewallRules: [{677F5E4F-C81D-4376-A197-DF036956D5A1}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe

    FirewallRules: [{9A4B88AF-79AC-4637-8F7B-24D144416B03}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe

    FirewallRules: [{08249C4B-17D9-4740-9F66-5D8B8565E9EE}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe

    FirewallRules: [{2D03AD66-225C-47CE-B36E-4A1926B3E78E}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe

    FirewallRules: [{C647AD74-4D79-484D-8A99-0BCAB0DD0893}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe

    FirewallRules: [{3B7854BE-1BCC-460E-A395-D797E3977C1B}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe

    FirewallRules: [{BED1B68C-C36E-4345-AC20-F15E3090969E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe

    FirewallRules: [{B84C22F6-CD11-4B8F-9A54-E8867FE58C26}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe

    FirewallRules: [{F9ECF901-4187-486D-9652-804634124260}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe

    FirewallRules: [{EF03F6C9-287B-4126-A0DC-0F37C91B42D4}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe

    FirewallRules: [{E642ED77-CACB-4EE3-89B3-DD2A2C1875BC}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe

    FirewallRules: [{B74E76C6-FA07-44F2-8A57-1A22ECB69516}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe

    FirewallRules: [{F32133D2-6DE9-408A-A01C-5ADBD0D060FE}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe

    FirewallRules: [{188C799B-7CFD-45E0-BDE0-85AFA85D7422}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe

    FirewallRules: [{46AE619D-B4A3-4141-9FF9-5D2607FF63D1}] => (Allow) C:\Users\Trevor\Desktop\bin\BlackDesert32.exe

    FirewallRules: [{B89F944D-9C15-4F0E-8682-EA98E32A8C7B}] => (Allow) C:\Users\Trevor\Desktop\bin64\BlackDesert64.exe

    FirewallRules: [{48948C0D-54F7-4D74-90BB-F713C7698E89}] => (Allow) C:\Users\Trevor\Desktop\BlackDesert_Launcher.exe

    FirewallRules: [{363991CA-7D27-4555-9AAC-B45C48E86E12}] => (Allow) C:\Users\Trevor\Desktop\BlackDesert_Downloader.exe



    ==================== Restore Points =========================



    12-10-2016 09:09:05 JRT Pre-Junkware Removal

    12-10-2016 11:35:38 Revo Uninstaller Pro's restore point - Norton Security Scan

    12-10-2016 12:57:03 Windows Update

    12-10-2016 19:37:22 Revo Uninstaller Pro's restore point - Emsisoft Anti-Malware

    12-10-2016 19:38:38 Windows Update



    ==================== Faulty Device Manager Devices =============



    Name: Unknown Device

    Description: Unknown Device

    Class Guid: {36fc9e60-c465-11cf-8056-444553540000}

    Manufacturer: (Standard USB Host Controller)

    Service:

    Problem: : Windows has stopped this device because it has reported problems. (Code 43)

    Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.
     
  6. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =========================================

    [​IMG] In the future please use Notepad instead of Wordpad to open logs.
    Wordpad creates an extra space and all logs are twice as long and harder for me to read.
    Thank you :)

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Double click on downloaded setup.exe file to install the program.
    • Click on Start Scan button.
    • Click on another Start Scan button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    [​IMG] Please download Malwarebytes Anti-Malware to your desktop.
    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    Already installed:
    2.0 Threat Scan
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    How to get logs:
    (Export log to save as txt)

    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the scan log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.
    (Copy to clipboard for pasting into forum replies or tickets)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the scan log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.
    [​IMG] Please download AdwCleaner by Xplode and save to your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8 users right-click and select Run As Administrator
    • The tool will start to update the database if one is required.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Logfile button.
    • A window will open which lists the logs of your scans.
    • Click on the Scan tab.
    • Double-click the most recent scan which will be at the top of the list....the log will appear.
    • To open a Cleaning log, click on the Cleaning tab and double-click the log at the top of the list.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of all logfiles are saved to C:\AdwCleaner.
    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  7. Polterdog

    Polterdog TS Rookie Topic Starter Posts: 31

    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (10/12/2016 07:37:15 PM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {fb053c05-0ba8-4aaf-83c0-b7a49ff2879e}

    Error: (10/12/2016 07:28:36 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: NvStreamNetworkService.exe, version: 7.1.2084.9592, time stamp: 0x57605ac0
    Faulting module name: MessageBus.dll, version: 0.0.0.0, time stamp: 0x5760534f
    Exception code: 0xc0000005
    Fault offset: 0x0000000000010f73
    Faulting process id: 0x1da8
    Faulting application start time: 0x01d224e054d602f2
    Faulting application path: C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    Faulting module path: C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
    Report Id: 98d072cd-90d3-11e6-b371-0025648bf141

    Error: (10/12/2016 07:19:39 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: firefox.exe, version: 47.0.1.6018, time stamp: 0x576c85bd
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x000cfd74
    Faulting process id: 0xa74
    Faulting application start time: 0x01d224df1ac2d4c9
    Faulting application path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Faulting module path: unknown
    Report Id: 587dc768-90d2-11e6-b35b-0025648bf141

    Error: (10/12/2016 07:19:33 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: firefox.exe, version: 47.0.1.6018, time stamp: 0x576c85bd
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x000cfd74
    Faulting process id: 0x24a4
    Faulting application start time: 0x01d224df16fb103d
    Faulting application path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Faulting module path: unknown
    Report Id: 54dc01fb-90d2-11e6-b35b-0025648bf141

    Error: (10/12/2016 07:18:45 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: RevoUninPro.exe, version: 3.1.7.0, time stamp: 0x57f748bd
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x00000000000fee60
    Faulting process id: 0x504
    Faulting application start time: 0x01d224defa56568f
    Faulting application path: C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe
    Faulting module path: unknown
    Report Id: 382546a9-90d2-11e6-b35b-0025648bf141

    Error: (10/12/2016 07:18:37 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: DllHost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bca54
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x00000000000fee60
    Faulting process id: 0x1f50
    Faulting application start time: 0x01d224def622af3f
    Faulting application path: C:\Windows\system32\DllHost.exe
    Faulting module path: unknown
    Report Id: 33d58b6f-90d2-11e6-b35b-0025648bf141

    Error: (10/12/2016 07:18:09 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: DllHost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bca54
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x00000000000fee60
    Faulting process id: 0x1dd8
    Faulting application start time: 0x01d224dee539369a
    Faulting application path: C:\Windows\system32\DllHost.exe
    Faulting module path: unknown
    Report Id: 22ec12cb-90d2-11e6-b35b-0025648bf141

    Error: (10/12/2016 07:18:03 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: DllHost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bca54
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x00000000000fee60
    Faulting process id: 0x1034
    Faulting application start time: 0x01d224dee18d85f8
    Faulting application path: C:\Windows\system32\DllHost.exe
    Faulting module path: unknown
    Report Id: 1f401407-90d2-11e6-b35b-0025648bf141

    Error: (10/12/2016 07:18:02 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: DllHost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bca54
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x00000000000fee60
    Faulting process id: 0x20a0
    Faulting application start time: 0x01d224dee109ae0a
    Faulting application path: C:\Windows\system32\DllHost.exe
    Faulting module path: unknown
    Report Id: 1ebc632a-90d2-11e6-b35b-0025648bf141

    Error: (10/12/2016 07:18:01 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: DllHost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bca54
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x00000000000fee60
    Faulting process id: 0x158c
    Faulting application start time: 0x01d224dee07c3907
    Faulting application path: C:\Windows\system32\DllHost.exe
    Faulting module path: unknown
    Report Id: 1e2ec717-90d2-11e6-b35b-0025648bf141


    System errors:
    =============
    Error: (10/13/2016 05:14:20 PM) (Source: NetBT) (EventID: 4321) (User: )
    Description: The name "TREVOR-PC :0" could not be registered on the interface with IP address 192.168.2.10.
    The computer with the IP address 192.168.2.12 did not allow the name to be claimed by
    this computer.

    Error: (10/13/2016 05:13:54 PM) (Source: NetBT) (EventID: 4321) (User: )
    Description: The name "TREVOR-PC :0" could not be registered on the interface with IP address 192.168.2.10.
    The computer with the IP address 192.168.2.12 did not allow the name to be claimed by
    this computer.

    Error: (10/13/2016 04:05:23 PM) (Source: NetBT) (EventID: 4321) (User: )
    Description: The name "TREVOR-PC :0" could not be registered on the interface with IP address 192.168.2.10.
    The computer with the IP address 192.168.2.12 did not allow the name to be claimed by
    this computer.

    Error: (10/13/2016 04:05:01 PM) (Source: NetBT) (EventID: 4321) (User: )
    Description: The name "TREVOR-PC :0" could not be registered on the interface with IP address 192.168.2.10.
    The computer with the IP address 192.168.2.12 did not allow the name to be claimed by
    this computer.

    Error: (10/13/2016 04:04:31 PM) (Source: NetBT) (EventID: 4321) (User: )
    Description: The name "TREVOR-PC :0" could not be registered on the interface with IP address 192.168.2.10.
    The computer with the IP address 192.168.2.12 did not allow the name to be claimed by
    this computer.

    Error: (10/13/2016 03:51:00 PM) (Source: NetBT) (EventID: 4321) (User: )
    Description: The name "TREVOR-PC :0" could not be registered on the interface with IP address 192.168.2.10.
    The computer with the IP address 192.168.2.12 did not allow the name to be claimed by
    this computer.

    Error: (10/13/2016 03:51:00 PM) (Source: NetBT) (EventID: 4321) (User: )
    Description: The name "TREVOR-PC :0" could not be registered on the interface with IP address 192.168.2.10.
    The computer with the IP address 192.168.2.12 did not allow the name to be claimed by
    this computer.

    Error: (10/13/2016 03:43:05 PM) (Source: NetBT) (EventID: 4321) (User: )
    Description: The name "TREVOR-PC :0" could not be registered on the interface with IP address 192.168.2.10.
    The computer with the IP address 192.168.2.12 did not allow the name to be claimed by
    this computer.

    Error: (10/13/2016 03:43:04 PM) (Source: NetBT) (EventID: 4321) (User: )
    Description: The name "TREVOR-PC :0" could not be registered on the interface with IP address 192.168.2.10.
    The computer with the IP address 192.168.2.12 did not allow the name to be claimed by
    this computer.

    Error: (10/13/2016 03:43:03 PM) (Source: NetBT) (EventID: 4321) (User: )
    Description: The name "TREVOR-PC :0" could not be registered on the interface with IP address 192.168.2.10.
    The computer with the IP address 192.168.2.12 did not allow the name to be claimed by
    this computer.


    CodeIntegrity:
    ===================================
    Date: 2016-10-11 12:40:49.574
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2016-10-11 12:40:49.473
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-10-08 11:06:17.130
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-10-08 11:01:02.788
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-10-08 08:44:05.417
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-10-07 22:37:27.766
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-10-07 22:18:46.621
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-10-07 21:54:49.403
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-10-07 20:50:56.278
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-10-07 19:43:35.002
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz
    Percentage of memory in use: 46%
    Total physical RAM: 12278.93 MB
    Available physical RAM: 6535.86 MB
    Total Virtual: 24556.04 MB
    Available Virtual: 19081.66 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:587.91 GB) (Free:207.48 GB) NTFS
    Drive e: () (Fixed) (Total:229.67 GB) (Free:155.38 GB) NTFS
    Drive f: (My Book) (Fixed) (Total:931.28 GB) (Free:920.87 GB) FAT32
    Drive g: (1 TB Hard Drive) (Fixed) (Total:931.51 GB) (Free:703.3 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 596.2 GB) (Disk ID: 5BB6E660)
    Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
    Partition 2: (Active) - (Size=8.2 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=587.9 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (Size: 232.8 GB) (Disk ID: 41AB2316)
    Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
    Partition 2: (Active) - (Size=229.7 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=3.1 GB) - (Type=DB)

    ========================================================
    Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C671211A)
    Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 3 (Size: 931.5 GB) (Disk ID: E8900690)
    Partition 1: (Not Active) - (Size=931.5 GB) - (Type=0C)

    ==================== End of Addition.txt ============================
     
  8. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    I posted my reply before you posted your last reply.
    Pease see above.
     
  9. Polterdog

    Polterdog TS Rookie Topic Starter Posts: 31

    Apologies for the spacing issue. I was trying to use something that had a built-in word counter to figure out how to divide my posts into appropriate "chunks". I swear, it won't happen again.

    Anyhow, this is the RogueKiller Report:

    RogueKiller V12.7.1.0 (x64) [Oct 10 2016] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/download/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Trevor [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Mode : Delete -- Date : 10/14/2016 00:30:48 (Duration : 00:46:57)

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 41 ¤¤¤
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Trymedia Systems -> Not selected
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\VBMZ -> Not selected
    [PUP] (X64) HKEY_USERS\.DEFAULT\Software\AVG Secure Search -> Not selected
    [PUP] (X64) HKEY_USERS\.DEFAULT\Software\IGearSettings -> Not selected
    [PUP] (X86) HKEY_USERS\.DEFAULT\Software\AVG Secure Search -> Not selected
    [PUP] (X86) HKEY_USERS\.DEFAULT\Software\IGearSettings -> Not selected
    [PUP] (X64) HKEY_USERS\RK_Trevor_ON_E_CBA9\Software\AskBarDis -> Not selected
    [PUP] (X64) HKEY_USERS\RK_Trevor_ON_E_CBA9\Software\YahooPartnerToolbar -> Not selected
    [PUP] (X86) HKEY_USERS\RK_Trevor_ON_E_CBA9\Software\AskBarDis -> Not selected
    [PUP] (X86) HKEY_USERS\RK_Trevor_ON_E_CBA9\Software\YahooPartnerToolbar -> Not selected
    [PUP] (X64) HKEY_USERS\S-1-5-21-1645592776-1552282287-2170224798-1000\Software\ProductSetup -> Not selected
    [PUP] (X86) HKEY_USERS\S-1-5-21-1645592776-1552282287-2170224798-1000\Software\ProductSetup -> Not selected
    [PUP] (X64) HKEY_USERS\S-1-5-18\Software\AVG Secure Search -> Not selected
    [PUP] (X64) HKEY_USERS\S-1-5-18\Software\IGearSettings -> Not selected
    [PUP] (X86) HKEY_USERS\S-1-5-18\Software\AVG Secure Search -> Not selected
    [PUP] (X86) HKEY_USERS\S-1-5-18\Software\IGearSettings -> Not selected
    [PUP] (X64) HKEY_USERS\RK_Trevor_ON_E_CBA9\Software\AppDataLow\AskBarDis -> Not selected
    [PUP] (X86) HKEY_USERS\RK_Trevor_ON_E_CBA9\Software\AppDataLow\AskBarDis -> Not selected
    [PUP] (X64) HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\AVG Security Toolbar -> Not selected
    [PUP] (X86) HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\AVG Security Toolbar -> Not selected
    [PUP] (X64) HKEY_USERS\S-1-5-21-1645592776-1552282287-2170224798-1000\Software\AppDataLow\Software\adawarebp -> Not selected
    [PUP] (X86) HKEY_USERS\S-1-5-21-1645592776-1552282287-2170224798-1000\Software\AppDataLow\Software\adawarebp -> Not selected
    [PUP] (X64) HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\AVG Security Toolbar -> Not selected
    [PUP] (X86) HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\AVG Security Toolbar -> Not selected
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_E_B665\Microsoft\Internet Explorer\Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} | Exec : %windir%\Network Diagnostic\xpnetdiag.exe [x] -> Not selected
    [Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_E_B665\Microsoft\Internet Explorer\Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} | Exec : %windir%\Network Diagnostic\xpnetdiag.exe [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_FE7A\ControlSet001\Services\esihdrv (\??\C:\DOCUME~1\Trevor\LOCALS~1\Temp\esihdrv.sys) -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_FE7A\ControlSet001\Services\F-Secure Standalone Minifilter (\??\C:\DOCUME~1\Trevor\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys) -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_FE7A\ControlSet003\Services\esihdrv (\??\C:\DOCUME~1\Trevor\LOCALS~1\Temp\esihdrv.sys) -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_FE7A\ControlSet003\Services\F-Secure Standalone Minifilter (\??\C:\DOCUME~1\Trevor\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys) -> Not selected
    [PUM.HomePage] (X64) HKEY_USERS\RK_Trevor_ON_E_CBA9\Software\Microsoft\Internet Explorer\Main | Start Page : http://by104fd.bay104.hotmail.msn.c...5b2697227741a446bb5569a30a3efcfd5b728&fti=yes -> Not selected
    [PUM.HomePage] (X86) HKEY_USERS\RK_Trevor_ON_E_CBA9\Software\Microsoft\Internet Explorer\Main | Start Page : http://by104fd.bay104.hotmail.msn.c...5b2697227741a446bb5569a30a3efcfd5b728&fti=yes -> Not selected
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1645592776-1552282287-2170224798-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://outlook.live.com/owa/ -> Not selected
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1645592776-1552282287-2170224798-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://outlook.live.com/owa/ -> Not selected
    [PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_E_B665\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www1.ca.dell.com/content/default.aspx?c=ca&l=en&s=gen -> Not selected
    [PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_E_B665\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www1.ca.dell.com/content/default.aspx?c=ca&l=en&s=gen -> Not selected
    [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected
    [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected
    [PUM.StartMenu] (X64) HKEY_USERS\RK_Trevor_ON_E_CBA9\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 2 -> Not selected
    [PUM.StartMenu] (X86) HKEY_USERS\RK_Trevor_ON_E_CBA9\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 2 -> Not selected

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 2 ¤¤¤
    [Hj.Shortcut][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rocketship Software\Rocketship Software.com.lnk [LNK@] C:\PROGRA~2\INTERN~1\iexplore.exe http://www.rocketshipsoftware.com/pzdb/default.asp -> Shortcut cleaned
    [PUP][File] C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml -> Deleted

    ¤¤¤ WMI : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

    ¤¤¤ Web browsers : 3 ¤¤¤
    [PUM.HomePage][FIREFX:Config] 7akasbd1.default-1367016688725 : user_pref("browser.startup.homepage", "https://outlook.live.com/owa/?path=/mail/inbox"); -> Not selected
    [PUM.SearchEngine][FIREFX:Config] 7akasbd1.default-1367016688725 : user_pref("browser.search.selectedEngine", "Search Provided by Yahoo"); -> Not selected
    [PUM.SearchEngine][FIREFX:Config] 7akasbd1.default-1367016688725 : user_pref("browser.search.defaultenginename", "Search Provided by Yahoo"); -> Not selected

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: WDC WD6400AAKS-75A7B2 +++++
    --- User ---
    [MBR] 1c1366a26a2ed303e99363e53245e6f8
    [BSP] e8f46b46af702620712fbc1be23d1598 : HP MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
    1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 8418 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 17321984 | Size: 602021 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: SAMSUNG SP2504C +++++
    --- User ---
    [MBR] 330174a8722122cc0e1207f11a8c89a4
    [BSP] dfe4c0bfa859120fb83a6a1aa43abcee : Dell MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 MB
    1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 112455 | Size: 235178 MB [Windows XP Bootstrap | Windows XP Bootloader]
    2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 481757220 | Size: 3176 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive2: ST1000NM0033-9ZM173 +++++
    --- User ---
    [MBR] 5bc134351b2a26e5ff0bc38b558c5fdd
    [BSP] 80de0650a9a2ab24754348d241de73e8 : Windows Vista/7/8|VT.Unknown MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive3: WD 10EADS External USB Device +++++
    --- User ---
    [MBR] a65cf760d43b336347fb57bc883ace24
    [BSP] 39cc44575b71c8e70f97ed1007b4e215 : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 63 | Size: 953867 MB
    User = LL1 ... OK
    Error reading LL2 MBR! ([32] The request is not supported. )


     
  10. Polterdog

    Polterdog TS Rookie Topic Starter Posts: 31

    This is the Malware Bytes Log:

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 10/14/2016
    Scan Time: 2:47 AM
    Logfile: MWL.txt
    Administrator: Yes

    Version: 2.2.1.1043
    Malware Database: v2016.10.13.12
    Rootkit Database: v2016.09.26.02
    License: Premium
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Enabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Trevor

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 413324
    Time Elapsed: 1 hr, 36 min, 30 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  11. Polterdog

    Polterdog TS Rookie Topic Starter Posts: 31

    I hope I read the instructions correctly. Here is AdwCleaner Scan Log. There is no AdwCleaner Cleaning Log.

    # AdwCleaner v6.021 - Logfile created 14/10/2016 at 16:13:45
    # Updated on 06/10/2016 by ToolsLib
    # Database : 2016-10-14.1 [Server]
    # Operating System : Windows 7 Home Premium Service Pack 1 (X64)
    # Username : Trevor - TREVOR-PC
    # Running from : C:\Users\Trevor\Desktop\AdwCleaner(1).exe
    # Mode: Scan
    # Support : https://toolslib.net/forum



    ***** [ Services ] *****

    No malicious services found.


    ***** [ Folders ] *****

    Folder Found: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG Secure Search
    Folder Found: C:\Users\Trevor\AppData\Local\Geckofx


    ***** [ Files ] *****

    File Found: C:\Windows\SysNative\LavasoftTcpService64.dll
    File Found: C:\Windows\SysNative\LavasoftTcpServiceOff.ini
    File Found: C:\Windows\SysWOW64\lavasofttcpservice.dll
    File Found: C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
    File Found: C:\Program Files (x86)\Mozilla Firefox\avg-secure-search.xml
    File Found: C:\Program Files (x86)\Mozilla Firefox\avg-secure-search.xml
    File Found: C:\Program Files (x86)\Mozilla Firefox\avg-secure-search.xml
    File Found: C:\Program Files (x86)\Mozilla Firefox\avg-secure-search.xml


    ***** [ DLL ] *****

    No malicious DLLs found.


    ***** [ WMI ] *****

    No malicious keys found.


    ***** [ Shortcuts ] *****

    No infected shortcut found.


    ***** [ Scheduled Tasks ] *****

    Task Found: IHSelfDeleteTASK
    Task Found: IHUninstallTrackingTASK


    ***** [ Registry ] *****

    Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer
    Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1
    Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController
    Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1
    Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable
    Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1
    Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields
    Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1
    Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder
    Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1
    Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic
    Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1
    Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager
    Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1
    Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController
    Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1
    Key Found: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
    Key Found: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
    Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer
    Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1
    Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController
    Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1
    Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable
    Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1
    Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields
    Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1
    Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder
    Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1
    Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic
    Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1
    Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager
    Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1
    Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController
    Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1
    Key Found: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
    Key Found: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{63EDCDD3-8AFC-4358-A90F-F7FB8F5C64FF}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{BD5843ED-13C4-4EFF-ACE9-56CEE22BC087}
    Key Found: HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
    Key Found: HKLM\SOFTWARE\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}
    Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}
    Key Found: HKU\.DEFAULT\Software\AVG Secure Search
    Key Found: HKU\.DEFAULT\Software\IGearSettings
    Key Found: HKU\.DEFAULT\Software\AppDataLow\Software\AVG Security Toolbar
    Key Found: HKU\RK_Trevor_ON_E_CBA9\Software\AskBarDis
    Key Found: HKU\RK_Trevor_ON_E_CBA9\Software\YahooPartnerToolbar
    Key Found: HKU\RK_Trevor_ON_E_CBA9\Software\AppDataLow\AskBarDis
    Key Found: HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\Software\PRODUCTSETUP
    Key Found: HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\Software\Yahoo\Companion
    Key Found: HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\Software\AppDataLow\Software\adawarebp
    Key Found: HKU\S-1-5-18\Software\AVG Secure Search
    Key Found: HKU\S-1-5-18\Software\IGearSettings
    Key Found: HKU\S-1-5-18\Software\AppDataLow\Software\AVG Security Toolbar
    Key Found: HKCU\Software\PRODUCTSETUP
    Key Found: HKCU\Software\Yahoo\Companion
    Key Found: HKCU\Software\AppDataLow\Software\adawarebp
    Key Found: HKLM\SOFTWARE\Trymedia Systems
    Key Found: HKLM\SOFTWARE\VBMZ
    Key Found: [x64] HKCU\Software\PRODUCTSETUP
    Key Found: [x64] HKCU\Software\Yahoo\Companion
    Key Found: [x64] HKCU\Software\AppDataLow\Software\adawarebp
    Key Found: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\ROC_roc_dec12
    Key Found: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\vProt
    Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com


    ***** [ Web browsers ] *****

    Firefox pref Found: [C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725\prefs.js] - "browser.search.defaultenginename" - "Search Provided by Yahoo"
    Firefox pref Found: [C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725\prefs.js] - "browser.search.selectedEngine" - "Search Provided by Yahoo"
    Firefox pref Found: [C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\hkuihaap.Trevor\prefs.js] - "browser.search.selectedEngine" - "Search Provided by Yahoo"
    No malicious Chromium based browser items found.

    *************************

    C:\AdwCleaner\AdwCleaner[R0].txt - [10504 Bytes] - [14/10/2013 19:57:07]
    C:\AdwCleaner\AdwCleaner[R1].txt - [1490 Bytes] - [16/10/2013 14:31:24]
    C:\AdwCleaner\AdwCleaner[R2].txt - [1668 Bytes] - [16/10/2013 20:42:49]
    C:\AdwCleaner\AdwCleaner[R3].txt - [1879 Bytes] - [21/07/2014 21:41:38]
    C:\AdwCleaner\AdwCleaner[S0].txt - [10174 Bytes] - [14/10/2013 20:02:33]
    C:\AdwCleaner\AdwCleaner[S1].txt - [1557 Bytes] - [16/10/2013 14:32:39]
    C:\AdwCleaner\AdwCleaner[S2].txt - [1735 Bytes] - [16/10/2013 20:44:07]
    C:\AdwCleaner\AdwCleaner[S3].txt - [8869 Bytes] - [12/10/2016 08:58:55]
    C:\AdwCleaner\AdwCleaner[S4].txt - [8292 Bytes] - [14/10/2016 16:00:17]
    C:\AdwCleaner\AdwCleaner[S5].txt - [8121 Bytes] - [14/10/2016 16:13:45]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [8194 Bytes] ##########
     
  12. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    I still need JRT log.
     
  13. Polterdog

    Polterdog TS Rookie Topic Starter Posts: 31

    On the way. I just wanted to see if I needed any special instructions regarding not having that "missing" AdwCleaner log.
     
  14. Polterdog

    Polterdog TS Rookie Topic Starter Posts: 31

    Here's the JRT report:

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.9 (09.30.2016)
    Operating System: Windows 7 Home Premium x64
    Ran by Trevor (Administrator) on Sat 10/15/2016 at 11:57:20.32
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 0




    Registry: 2

    Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814} (Registry Key)
    Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814} (Registry Key)




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sat 10/15/2016 at 12:01:15.94
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  15. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  16. Polterdog

    Polterdog TS Rookie Topic Starter Posts: 31

    ComboFix 16-09-28.01 - Trevor 10/16/2016 0:12:49.2.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12279.8169 [GMT -4:00]
    Running from: C:\Users\Trevor\Desktop\ComboFix.exe
    AV: AVG Internet Security *Disabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
    AV: Microsoft Security Essentials *Disabled/Updated* {71A27EC9-3DA6-45FC-60A7-004F623C6189}
    FW: AVG Internet Security *Enabled* {757AB44A-78C2-7D1A-E37F-CA42A037B368}
    SP: AVG Internet Security *Disabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
    SP: Microsoft Security Essentials *Disabled/Updated* {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


    ((((((((((((((((((((((((( Files Created from 2016-09-16 to 2016-10-16 )))))))))))))))))))))))))))))))


    2016-10-16 04:22:24 . 2016-10-16 04:22:24 -------- d-----w- C:\Users\Default\AppData\Local\temp
    2016-10-15 23:32:55 . 2016-09-22 15:57:56 12030488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DBA15E6B-2976-4D1D-AADB-057011206D62}\mpengine.dll
    2016-10-15 16:05:08 . 2016-09-22 15:57:56 12030488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2016-10-14 01:19:32 . 2016-10-14 01:28:15 -------- d-----w- C:\FRST
    2016-10-12 23:38:09 . 2016-07-22 14:58:21 142336 ----a-w- C:\Windows\system32\poqexec.exe
    2016-10-12 23:38:09 . 2016-07-22 14:51:37 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
    2016-10-12 23:24:17 . 2016-10-14 23:01:59 -------- d-----w- C:\Users\Trevor\AppData\Roaming\WinPatrol
    2016-10-12 22:45:35 . 2016-10-13 00:51:39 -------- d-----w- C:\Program Files\Emsisoft Anti-Malware
    2016-10-12 22:42:13 . 2016-10-12 22:42:15 -------- d-----w- C:\Program Files (x86)\NT Registry Optimizer
    2016-10-12 22:32:13 . 2016-10-12 23:25:40 91072 ----a-w- C:\Windows\system32\drivers\farflt.sys
    2016-10-12 22:32:10 . 2016-10-12 23:26:31 228800 ----a-w- C:\Windows\system32\drivers\MB3SwissArmy.sys
    2016-10-12 22:31:55 . 2016-10-12 22:32:17 -------- d-----w- C:\ProgramData\MalwarebytesARW
    2016-10-12 22:31:55 . 2016-10-12 22:31:55 -------- d-----w- C:\Program Files\Malwarebytes
    2016-10-12 22:30:34 . 2016-10-12 22:43:07 -------- d-----w- C:\Program Files (x86)\Tweaking.com
    2016-10-12 22:26:05 . 2016-10-12 22:26:05 -------- d-----w- C:\Program Files (x86)\Ruiware
    2016-10-12 22:26:04 . 2016-10-12 22:26:04 -------- d-----w- C:\ProgramData\InstallMate
    2016-10-12 20:03:11 . 2016-10-12 20:03:11 -------- d-----w- C:\Quarantine
    2016-10-12 19:59:53 . 2016-10-12 19:59:53 -------- d-----w- C:\Program Files\McAfee
    2016-10-12 19:59:46 . 2016-10-12 20:14:40 -------- d-----w- C:\Program Files (x86)\stinger
    2016-10-12 16:55:59 . 2016-09-15 15:30:46 976896 ----a-w- C:\Windows\system32\inetcomm.dll
    2016-10-12 16:53:56 . 2016-08-05 15:30:32 2048 ----a-w- C:\Windows\system32\tzres.dll
    2016-10-12 16:53:56 . 2016-08-05 15:13:38 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2016-10-12 16:53:40 . 2016-08-16 21:03:46 24576 ----a-w- C:\Windows\system32\drivers\en-US\usbport.sys.mui
    2016-10-12 16:53:40 . 2016-08-16 21:03:44 11776 ----a-w- C:\Windows\system32\drivers\en-US\usbhub.sys.mui
    2016-10-12 16:53:40 . 2016-08-16 21:03:37 3072 ----a-w- C:\Windows\system32\drivers\en-US\usbehci.sys.mui
    2016-10-12 16:53:40 . 2016-08-16 20:40:26 343552 ----a-w- C:\Windows\system32\drivers\usbhub.sys
    2016-10-12 16:53:40 . 2016-08-16 20:40:16 99840 ----a-w- C:\Windows\system32\drivers\usbccgp.sys
    2016-10-12 16:53:40 . 2016-08-16 20:40:12 56320 ----a-w- C:\Windows\system32\drivers\usbehci.sys
    2016-10-12 16:53:40 . 2016-08-16 20:40:11 327168 ----a-w- C:\Windows\system32\drivers\usbport.sys
    2016-10-12 16:53:40 . 2016-08-16 20:40:10 25600 ----a-w- C:\Windows\system32\drivers\usbohci.sys
    2016-10-12 16:53:40 . 2016-08-16 20:40:09 30720 ----a-w- C:\Windows\system32\drivers\usbuhci.sys
    2016-10-12 16:53:39 . 2016-08-16 20:40:06 7808 ----a-w- C:\Windows\system32\drivers\usbd.sys
    2016-10-12 16:40:13 . 2016-08-29 15:31:19 14183424 ----a-w- C:\Windows\system32\shell32.dll
    2016-10-12 16:40:11 . 2016-08-29 15:31:07 1867776 ----a-w- C:\Windows\system32\ExplorerFrame.dll
    2016-10-12 16:40:11 . 2016-08-29 15:31:04 1941504 ----a-w- C:\Windows\system32\authui.dll
    2016-10-12 16:40:11 . 2016-08-29 15:04:37 3229696 ----a-w- C:\Windows\explorer.exe
    2016-10-12 16:40:11 . 2016-08-29 14:55:07 2972672 ----a-w- C:\Windows\SysWow64\explorer.exe
    2016-10-12 16:40:07 . 2016-08-29 15:12:38 1499648 ----a-w- C:\Windows\SysWow64\ExplorerFrame.dll
    2016-10-12 16:40:07 . 2016-08-29 15:12:35 1806848 ----a-w- C:\Windows\SysWow64\authui.dll
    2016-10-12 16:40:03 . 2016-08-06 15:31:25 877056 ----a-w- C:\Windows\system32\oleaut32.dll
    2016-10-12 16:40:00 . 2016-08-06 15:15:01 581632 ----a-w- C:\Windows\SysWow64\oleaut32.dll
    2016-10-12 04:26:45 . 2016-10-12 04:26:45 -------- d-----w- C:\OneDriveTemp
    2016-10-12 03:53:22 . 2016-10-14 04:30:49 28272 ----a-w- C:\Windows\system32\drivers\TrueSight.sys
    2016-10-12 03:52:44 . 2016-10-12 03:52:52 -------- d-----w- C:\Program Files\RogueKiller
    2016-10-12 03:52:32 . 2016-10-12 04:07:58 -------- d-----w- C:\ProgramData\RogueKiller
    2016-10-08 21:06:31 . 2016-10-08 21:06:36 -------- d-----w- C:\Users\Trevor\AppData\Local\BDOCharacterCreator
    2016-10-08 15:19:02 . 2016-10-08 15:21:13 -------- d-----w- C:\Users\Trevor\AppData\Roaming\Mp3tag
    2016-10-08 15:18:17 . 2016-10-08 15:18:22 -------- d-----w- C:\Program Files (x86)\Mp3tag
    2016-10-05 23:44:07 . 2016-05-11 04:52:15 1167568 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{663EB6A9-8F80-40F3-89E7-34EE371911B9}\gapaengine.dll
    2016-10-04 23:18:12 . 2016-10-04 23:18:12 -------- d-----w- C:\Users\Trevor\AppData\Roaming\AVG
    2016-09-29 06:44:52 . 2016-09-29 06:44:52 -------- d-----w- C:\ProgramData\Dragon's Eye Productions
    2016-09-29 06:43:45 . 2016-09-29 06:43:45 -------- d-----w- C:\Users\Trevor\AppData\Local\Dragon's Eye Productions
    2016-09-24 21:17:36 . 2016-10-04 23:09:25 -------- d-----w- C:\ProgramData\Avg
    2016-09-24 21:17:31 . 2016-10-08 20:11:00 -------- d-----w- C:\Users\Trevor\AppData\Local\Avg
    2016-09-22 13:24:58 . 2016-09-22 13:24:58 -------- d-----w- C:\Users\Trevor\AppData\Local\Amazon
    2016-09-22 13:24:26 . 2016-09-22 13:24:43 -------- d-----w- C:\Program Files (x86)\Amazon
    .


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2016-10-16 03:56:05 . 2014-07-25 03:28:23 192216 ----a-w- C:\Windows\system32\drivers\MBAMSwissArmy.sys
    2016-10-12 17:06:33 . 2010-03-08 05:35:35 143495576 -c--a-w- C:\Windows\system32\MRT.exe
    2016-09-29 06:45:29 . 2016-09-29 06:45:29 1409 ----a-w- C:\Windows\Fonts\fsex2p00_public.fot
    2016-09-09 17:59:45 . 2016-10-12 16:55:53 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2016-09-08 05:59:26 . 2015-07-15 02:08:59 27552 ----a-w- C:\Windows\SysWow64\drivers\HWiNFO64A.SYS
    2016-08-25 14:46:12 . 2016-08-25 14:46:12 295000 ----a-w- C:\Windows\system32\drivers\MpFilter.sys
    2016-08-25 14:46:12 . 2015-03-04 23:34:52 135928 ----a-w- C:\Windows\system32\drivers\NisDrvWFP.sys
    2016-08-23 20:31:14 . 2016-08-23 20:31:14 310016 ----a-w- C:\Windows\system32\drivers\avgidsdrivera.sys
    2016-08-16 05:19:18 . 2016-08-22 14:42:07 54728 ----a-w- C:\Windows\system32\nvhdap64.dll
    2016-08-16 05:19:18 . 2016-08-22 14:42:07 223304 ----a-w- C:\Windows\system32\drivers\nvhda64v.sys
    2016-08-16 05:19:18 . 2016-08-22 14:42:07 1588688 ----a-w- C:\Windows\system32\nvhdagenco6420103.dll
    2016-08-12 16:46:55 . 2016-10-12 16:55:43 2560 ----a-w- C:\Windows\apppatch\AcRes.dll
    2016-08-11 14:31:06 . 2016-08-22 14:42:06 9078776 ----a-w- C:\Windows\SysWow64\nvopencl.dll
    2016-08-11 14:31:06 . 2016-08-22 14:42:06 8644640 ----a-w- C:\Windows\SysWow64\nvptxJitCompiler.dll
    2016-08-11 14:31:06 . 2016-08-22 14:42:06 494120 ----a-w- C:\Windows\system32\nvumdshimx.dll
    2016-08-11 14:31:06 . 2016-08-22 14:42:06 409624 ----a-w- C:\Windows\SysWow64\nvumdshim.dll
    2016-08-11 14:31:06 . 2016-08-22 14:42:06 17249896 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll
    2016-08-11 14:31:06 . 2016-08-22 14:42:06 10719920 ----a-w- C:\Windows\system32\nvopencl.dll
    2016-08-11 14:31:06 . 2016-08-22 14:42:06 10530960 ----a-w- C:\Windows\system32\nvptxJitCompiler.dll
    2016-08-11 14:31:06 . 2016-08-22 14:42:05 958912 ----a-w- C:\Windows\SysWow64\NvFBC.dll
    2016-08-11 14:31:06 . 2016-08-22 14:42:05 945088 ----a-w- C:\Windows\system32\NvIFR64.dll
    2016-08-11 14:31:06 . 2016-08-22 14:42:05 897592 ----a-w- C:\Windows\SysWow64\NvIFR.dll
    2016-08-11 14:31:06 . 2016-08-22 14:42:05 695136 ----a-w- C:\Windows\system32\nvfatbinaryLoader.dll
    2016-08-11 14:31:06 . 2016-08-22 14:42:05 584896 ----a-w- C:\Windows\SysWow64\nvfatbinaryLoader.dll
    2016-08-11 14:31:06 . 2016-08-22 14:42:05 544256 ----a-w- C:\Windows\system32\nvEncodeAPI64.dll
    2016-08-11 14:31:06 . 2016-08-22 14:42:05 459088 ----a-w- C:\Windows\SysWow64\nvEncodeAPI.dll
    2016-08-11 14:31:06 . 2016-08-22 14:42:05 442816 ----a-w- C:\Windows\system32\NvIFROpenGL.dll
    2016-08-11 14:31:06 . 2016-08-22 14:42:05 395320 ----a-w- C:\Windows\SysWow64\NvIFROpenGL.dll
    2016-08-11 14:31:06 . 2016-08-22 14:42:05 34798528 ----a-w- C:\Windows\system32\nvoglv64.dll
    2016-08-11 14:31:06 . 2016-08-22 14:42:05 28203968 ----a-w- C:\Windows\SysWow64\nvoglv32.dll
    2016-08-11 14:31:06 . 2016-08-22 14:42:05 181488 ----a-w- C:\Windows\system32\nvinitx.dll
    2016-08-11 14:31:06 . 2016-08-22 14:42:05 159352 ----a-w- C:\Windows\SysWow64\nvinit.dll
    2016-08-11 14:31:06 . 2016-08-22 14:42:05 153368 ----a-w- C:\Windows\system32\nvoglshim64.dll
    2016-08-11 14:31:06 . 2016-08-22 14:42:05 14075960 ----a-w- C:\Windows\system32\drivers\nvlddmkm.sys
    2016-08-11 14:31:06 . 2016-08-22 14:42:05 131720 ----a-w- C:\Windows\SysWow64\nvoglshim32.dll
    2016-08-11 14:31:06 . 2016-08-22 14:42:05 1021888 ----a-w- C:\Windows\system32\NvFBC64.dll
    2016-08-11 14:31:06 . 2016-08-22 14:42:04 1586744 ----a-w- C:\Windows\system32\nvdispgenco6437254.dll
    2016-08-11 14:31:06 . 2016-08-22 14:42:02 8674320 ----a-w- C:\Windows\SysWow64\nvcuda.dll
    2016-08-11 14:31:06 . 2016-08-22 14:42:02 40068544 ----a-w- C:\Windows\system32\nvcompiler.dll
    2016-08-11 14:31:06 . 2016-08-22 14:42:02 3597248 ----a-w- C:\Windows\system32\nvcuvid.dll
    2016-08-11 14:31:06 . 2016-08-22 14:42:02 35182648 ----a-w- C:\Windows\SysWow64\nvcompiler.dll
    2016-08-11 14:31:06 . 2016-08-22 14:42:02 3166264 ----a-w- C:\Windows\SysWow64\nvcuvid.dll
    2016-08-11 14:31:06 . 2016-08-22 14:42:02 1922616 ----a-w- C:\Windows\system32\nvdispco6437254.dll
    2016-08-11 14:31:06 . 2016-08-22 14:42:02 10264136 ----a-w- C:\Windows\system32\nvcuda.dll
    2016-08-11 14:31:06 . 2015-12-06 23:44:49 19832440 ----a-w- C:\Windows\system32\nvwgf2umx.dll
    2016-08-11 14:31:06 . 2015-12-06 23:44:34 17462904 ----a-w- C:\Windows\system32\nvd3dumx.dll
    2016-08-11 14:31:06 . 2015-12-06 23:44:33 14352304 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
    2016-08-11 14:31:06 . 2015-12-06 23:44:06 3911624 ----a-w- C:\Windows\system32\nvapi64.dll
    2016-08-11 14:31:06 . 2015-12-06 23:44:06 3451904 ----a-w- C:\Windows\SysWow64\nvapi.dll
    2016-08-11 11:49:41 . 2009-11-10 21:03:00 6384576 ----a-w- C:\Windows\system32\nvcpl.dll
    2016-08-11 11:49:41 . 2009-11-10 21:03:00 2469944 ----a-w- C:\Windows\system32\nvsvc64.dll
    2016-08-11 11:49:39 . 2015-12-26 16:03:17 81856 ----a-w- C:\Windows\system32\nv3dappshextr.dll
    2016-08-11 11:49:39 . 2015-12-26 16:03:17 548920 ----a-w- C:\Windows\system32\nv3dappshext.dll
    2016-08-11 11:49:39 . 2012-02-21 21:59:48 69568 ----a-w- C:\Windows\system32\nvshext.dll
    2016-08-11 11:49:39 . 2009-11-10 21:03:00 392128 ----a-w- C:\Windows\system32\nvmctray.dll
    2016-08-11 11:49:39 . 2009-11-10 21:03:00 1764408 ----a-w- C:\Windows\system32\nvsvcr.dll
    2016-08-11 11:49:39 . 2009-11-10 21:03:00 1363392 ----a-w- C:\Windows\system32\nvvsvc.exe
    2016-08-11 11:22:59 . 2016-08-22 14:45:46 138808 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
    2016-08-08 11:54:45 . 2014-05-27 09:09:44 7255045 ----a-w- C:\Windows\system32\nvcoproc.bin
    2016-08-03 13:22:31 . 2016-08-03 13:22:31 1409 ----a-w- C:\Windows\Fonts\Courier Prime.fot
    2016-08-03 13:22:25 . 2016-08-03 13:22:25 1409 ----a-w- C:\Windows\Fonts\Courier Prime Italic.fot
    2016-08-03 13:22:25 . 2016-08-03 13:22:25 1409 ----a-w- C:\Windows\Fonts\Courier Prime Bold.fot
    2016-08-03 13:22:25 . 2016-08-03 13:22:25 1409 ----a-w- C:\Windows\Fonts\Courier Prime Bold Italic.fot
    2016-08-02 15:41:18 . 2016-08-02 15:41:18 262400 ----a-w- C:\Windows\system32\drivers\avgmfx64.sys
    2016-07-27 19:25:34 . 2010-02-11 08:04:30 504488 ------w- C:\Windows\system32\MpSigStub.exe
    2016-07-27 19:24:54 . 2016-07-27 19:24:54 299264 ----a-w- C:\Windows\system32\drivers\avgtdia.sys
    2016-07-27 19:24:26 . 2016-07-27 19:24:26 272640 ----a-w- C:\Windows\system32\drivers\avgidsha.sys
    2016-07-22 01:28:11 . 2010-06-24 16:33:56 24800 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2016-08-24 23:38:20 1748168 ----a-w- C:\Users\Trevor\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncShell.dll

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
    @="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
    [HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
    2016-08-24 23:38:20 1748168 ----a-w- C:\Users\Trevor\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncShell.dll

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
    @="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
    [HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
    2016-08-24 23:38:20 1748168 ----a-w- C:\Users\Trevor\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncShell.dll

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2016-08-24 23:38:20 1748168 ----a-w- C:\Users\Trevor\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncShell.dll

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2016-08-24 23:38:20 1748168 ----a-w- C:\Users\Trevor\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncShell.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 20:07:20 2260480]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2016-08-31 06:44:00 7943072]
    "OneDrive"="C:\Users\Trevor\AppData\Local\Microsoft\OneDrive\OneDrive.exe" [2016-08-24 23:38:17 633024]
    "CCleaner Monitoring"="C:\Program Files (x86)\CCleaner\CCleaner64.exe" [2015-09-16 20:32:38 8461224]
    "WinPatrol"="C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe" [2015-03-30 16:57:58 1163264]
    "RESTART_STICKY_NOTES"="C:\Windows\system32\StikyNot.exe" [BU]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "AVG_UI"="C:\Program Files (x86)\AVG\Av\avuirunnerx.exe" [2016-08-26 18:13:18 32528]
    "AvgUi"="C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" [2016-09-13 10:54:10 218896]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2013-09-09 15:37:50 559616]
    "Launcher"="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2011-08-01 17:57:32 165184]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    AWMouseCI.lnk - C:\Program Files\Alienware\Alienware TactX Mouse CI\AWMouseCI.exe [2009-6-25 831488]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
    "NoAutoUpdate"=

    [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 13:13:36 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 18:21:42 548352 ----a-w- C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"

    R2 ASGT;ASGT;C:\Windows\SysWOW64\ASGT.exe;C:\Windows\SysWOW64\ASGT.exe [x]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\Av\avgidsagenta.exe;C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [x]
    R2 CGVPNCliService;CyberGhost 5 Client Service;C:\Program Files\CyberGhost 5\Service.exe;C:\Program Files\CyberGhost 5\Service.exe [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R3 ArcService;Arc Service;G:\Games\Arc\ArcService.exe;G:\Games\Arc\ArcService.exe [x]
    R3 AvgAMPS;AvgAMPS;C:\Program Files (x86)\AVG\Av\avgamps.exe;C:\Program Files (x86)\AVG\Av\avgamps.exe [x]
    R3 BRDriver64;BRDriver64;C:\programdata\bitraider\BRDriver64.sys;C:\programdata\bitraider\BRDriver64.sys [x]
    R3 BRSptSvc;BitRaider Mini-Support Service;C:\programdata\bitraider\BRSptSvc.exe;C:\programdata\bitraider\BRSptSvc.exe [x]
    R3 cpuz130;cpuz130;C:\Users\Trevor\AppData\Local\Temp\cpuz130\cpuz_x64.sys;C:\Users\Trevor\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
    R3 cpuz135;cpuz135;C:\Windows\TEMP\cpuz135\cpuz135_x64.sys;C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]
    R4 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe;C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [x]
    R4 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [x]
    S0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys;C:\Windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
    S0 Avgloga;AVG Logging Driver;C:\Windows\system32\DRIVERS\avgloga.sys;C:\Windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
    S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys;C:\Windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
    S0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys;C:\Windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
    S0 avguniva;AVG Universal Driver;C:\Windows\system32\DRIVERS\avguniva.sys;C:\Windows\SYSNATIVE\DRIVERS\avguniva.sys [x]
    S1 Avgdiska;AVG Disk Driver;C:\Windows\system32\DRIVERS\avgdiska.sys;C:\Windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
    S1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys;C:\Windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x]
    S1 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys;C:\Windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
    S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys;C:\Windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
    S1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys;C:\Windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
    S1 avgtp;avgtp;C:\Windows\system32\drivers\avgtpx64.sys;C:\Windows\SYSNATIVE\drivers\avgtpx64.sys [x]
    S2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [x]
    S2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [x]
    S2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [x]
    S2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\Av\avgfwsa.exe;C:\Program Files (x86)\AVG\Av\avgfwsa.exe [x]
    S2 avgsvc;AVG Service;C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe;C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [x]
    S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\Av\avgwdsvca.exe;C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [x]
    S2 DAZContentManagementService;DAZ Content Management Service;C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe ;C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [x]
    S2 DellDataVault;Dell Data Vault;C:\Program Files\Dell\DellDataVault\DellDataVault.exe ;C:\Program Files\Dell\DellDataVault\DellDataVault.exe [x]
    S2 DellDataVaultWiz;Dell Data Vault Wizard;C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe;C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [x]
    S2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe;C:\Windows\SYSNATIVE\svchost.exe [x]
    S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\system32\drivers\bcbtums.sys;C:\Windows\SYSNATIVE\drivers\bcbtums.sys [x]
    S3 btwampfl;btwampfl;C:\Windows\system32\DRIVERS\btwampfl.sys;C:\Windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
    S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys;C:\Windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
    S3 DDDriver;DDDriver;C:\Windows\system32\drivers\DDDriver64Dcsa.sys;C:\Windows\SYSNATIVE\drivers\DDDriver64Dcsa.sys [x]
    S3 DellProf;DellProf;C:\Windows\system32\drivers\DellProf.sys;C:\Windows\SYSNATIVE\drivers\DellProf.sys [x]


    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - MB3SWISSARMY
    *Deregistered* - TrueSight

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc

    Contents of the 'Scheduled Tasks' folder

    2016-10-04 C:\Windows\Tasks\Adobe Flash Player Updater.job
    - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 21:06:00 . 2016-07-13 04:31:21]

    2016-10-04 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645592776-1552282287-2170224798-1000Core.job
    - C:\Users\Trevor\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-12 14:36:59 . 2015-08-28 11:31:03]

    2016-10-04 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645592776-1552282287-2170224798-1000UA.job
    - C:\Users\Trevor\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-12 14:36:59 . 2015-08-28 11:31:03]

    2016-10-04 C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 2501b65a-d079-4e38-8c82-a577be3de2f0.job
    - C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08:40 . 2013-11-07 20:08:40]

    2016-10-04 C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 7f27b3d5-66bf-49cc-8fd0-9190467f78ad.job
    - C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08:40 . 2013-11-07 20:08:40]

    2016-10-15 C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task ed805aaa-3e4b-4d18-b75e-92b1fb1f9462.job
    - C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08:40 . 2013-11-07 20:08:40]


    --------- X64 Entries -----------


    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2016-08-24 23:38:25 1802432 ----a-w- C:\Users\Trevor\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
    @="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
    [HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
    2016-08-24 23:38:25 1802432 ----a-w- C:\Users\Trevor\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
    @="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
    [HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
    2016-08-24 23:38:25 1802432 ----a-w- C:\Users\Trevor\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2016-08-24 23:38:25 1802432 ----a-w- C:\Users\Trevor\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2016-08-24 23:38:25 1802432 ----a-w- C:\Users\Trevor\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Malwarebytes Anti-Ransomware"="C:\Program Files\Malwarebytes\Anti-Ransomware\mbarw.exe--starttray" [X]
    "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2015-11-06 17:25:40 16407296]
    "IAAnotif"="C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 01:03:32 186904]
    "NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2016-06-14 20:03:38 2397120]
    "XboxStat"="C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 00:57:29 825184]
    "MSC"="C:\Program Files\Microsoft Security Client\msseces.exe" [2016-08-30 20:46:08 1354712]
    "Command Center Controllers"="C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe" [2012-06-18 20:15:12 12656]
    "Launch Keyboard CI"="C:\Program Files\Alienware\Alienware TactX Keyboard CI\txkbci.exe" [2009-05-28 14:42:12 3438088]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-04-22 21:09:36 130576]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "RealProtect"="C:\Program Files\McAfee\Real Protect\RealProtect.exe" [2016-10-12 19:59:53 6613872]

    ------- Supplementary Scan -------

    uLocal Page = C:\Windows\system32\blank.htm
    uStart Page = https://outlook.live.com/owa/
    mStart Page = about:blank
    mLocal Page = C:\Windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <-loopback>;;rest.cyberghostvpn.com;localhost;127.0.0.1
    IE: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass
    IE: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms
    IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    Trusted Zone: dell.com
    Trusted Zone: localhost
    Trusted Zone: webcompanion.com
    TCP: DhcpNameServer = 192.168.2.1
    FF - ProfilePath - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725\
    FF - prefs.js: browser.search.selectedEngine - Search Provided by Yahoo
    FF - prefs.js: browser.startup.homepage - hxxps://outlook.live.com/owa/?path=/mail/inbox

    - - - - ORPHANS REMOVED - - - -

    Toolbar-Locked - (no file)
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    AddRemove-1207664593_is1 - G:\Games\SimCity 4 Deluxe Edition\unins000.exe
    AddRemove-Adobe Flash Player NPAPI - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_192_Plugin.exe
    AddRemove-Driver Booster_is1 - C:\Program Files (x86)\IObit\Driver Booster\unins000.exe
    AddRemove-Quicken Basic 2000 - C:\QUICKENW\Uninst.isu
    AddRemove-Steam App 108710 - C:\Program Files (x86)\Steam\steam.exe
    AddRemove-Steam App 20920 - C:\Program Files (x86)\Steam\steam.exe
    AddRemove-Steam App 231910 - C:\Program Files (x86)\Steam\steam.exe
    AddRemove-Steam App 25900 - C:\Program Files (x86)\Steam\steam.exe
    AddRemove-Steam App 8930 - C:\Program Files (x86)\Steam\steam.exe
    AddRemove-{59D2C751-F7BE-4E9F-9C8C-1F16013802C7} - C:\Program Files (x86)\Common Files\EAInstaller\SimCity 2000 Special Edition\Cleanup.exe
     
  17. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    [​IMG] You have two AV programs installed, MSE and AVG (disabled or not).
    You must uninstall one of them.
    If AVG use AVG Remover: http://www.avg.com/us-en/utilities

    [​IMG] Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double click to run it.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  18. Polterdog

    Polterdog TS Rookie Topic Starter Posts: 31

    The Farbar Recovery Scan Tool latest FRST and Addition TXTs:



    LastRegBack: 2016-10-15 00:18

    ==================== End of FRST.txt ============================


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz
    Percentage of memory in use: 26%
    Total physical RAM: 12278.93 MB
    Available physical RAM: 8970.64 MB
    Total Virtual: 24556.04 MB
    Available Virtual: 21198.24 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:587.91 GB) (Free:206.11 GB) NTFS
    Drive e: () (Fixed) (Total:229.67 GB) (Free:155.37 GB) NTFS
    Drive f: (My Book) (Fixed) (Total:931.28 GB) (Free:920.87 GB) FAT32
    Drive g: (1 TB Hard Drive) (Fixed) (Total:931.51 GB) (Free:703.3 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 596.2 GB) (Disk ID: 5BB6E660)
    Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
    Partition 2: (Active) - (Size=8.2 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=587.9 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (Size: 232.8 GB) (Disk ID: 41AB2316)
    Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
    Partition 2: (Active) - (Size=229.7 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=3.1 GB) - (Type=DB)

    ========================================================
    Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C671211A)
    Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 3 (Size: 931.5 GB) (Disk ID: E8900690)
    Partition 1: (Not Active) - (Size=931.5 GB) - (Type=0C)

    ==================== End of Addition.txt ============================
     
  19. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    That's incomplete.
    Post two complete logs.
     
  20. Polterdog

    Polterdog TS Rookie Topic Starter Posts: 31

    I thought it was odd too but that's what I got. I was hoping it was indicative of a clean computer. I'll run it again.

    Do you remember my original post about Farbar creating two additional reports on its first run? Meaning 3 FRST and 3 Addition logs? I wonder if that has something to do with it. I'm worried now.

    P. S I'm going to include a screenshot, if I can.
     

    Attached Files:

  21. Polterdog

    Polterdog TS Rookie Topic Starter Posts: 31

    Farbar fails to update upon launching with the error message: Failed to update (5)
     
  22. Polterdog

    Polterdog TS Rookie Topic Starter Posts: 31

    Huh. Well, here's the new FRST and Addition logs. For some reason it worked this time around.

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-10-2016
    Ran by Trevor (administrator) on TREVOR-PC (16-10-2016 23:26:03)
    Running from C:\Users\Trevor\Desktop
    Loaded Profiles: Trevor (Available Profiles: Trevor)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    () C:\Windows\SysWOW64\ASGT.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    () C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
    () C:\Windows\Runservice.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Ransomware\MB3Service.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe
    (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    (Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    (CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
    (Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    (Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    (Microsoft Corporation) C:\Windows\System32\StikyNot.exe
    ( Inc.) C:\Program Files\Alienware\Alienware TactX Mouse CI\AWMouseCI.exe
    (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    (Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Alienware) C:\Program Files\Alienware\Command Center\ThermalController.exe
    (Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
    (Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
    (Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
    (Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
    (Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
    (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
    (Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
    (Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe
    (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16407296 2015-11-06] (Realtek Semiconductor)
    HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
    HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
    HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1354712 2016-08-30] (Microsoft Corporation)
    HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [12656 2012-06-18] (Alienware)
    HKLM\...\Run: [Launch Keyboard CI] => C:\Program Files\Alienware\Alienware TactX Keyboard CI\txkbci.exe [3438088 2009-05-28] (Alienware)
    HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-04-22] (Logitech, Inc.)
    HKLM\...\Run: [Malwarebytes Anti-Ransomware] => C:\Program Files\Malwarebytes\Anti-Ransomware\mbarw.exe [722896 2016-08-26] (Malwarebytes)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
    HKLM\...\RunOnce: [RealProtect] => C:\Program Files\McAfee\Real Protect\RealProtect.exe [6613872 2016-10-12] (McAfee Inc.)
    HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [559616 2013-09-09] (Dell)
    HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165184 2011-08-01] (Softthinks)
    Winlogon\Notify\!SASWinLogon: C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll [2009-09-03] (SUPERAntiSpyware.com)
    HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
    HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-08-31] (SUPERAntiSpyware)
    HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\...\Run: [CCleaner Monitoring] => C:\Program Files (x86)\CCleaner\CCleaner64.exe [8461224 2015-09-16] (Piriform Ltd)
    HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1163264 2015-03-30] (Ruiware LLC)
    HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
    HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation)
    ShellExecuteHooks-x32: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL [77824 2008-05-13] (SuperAdBlocker.com)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AWMouseCI.lnk [2016-09-01]
    ShortcutTarget: AWMouseCI.lnk -> C:\Program Files\Alienware\Alienware TactX Mouse CI\AWMouseCI.exe ( Inc.)
    BootExecute: autocheck autochk * sdnclean64.exe
    GroupPolicy: Restriction - Chrome <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
    Tcpip\..\Interfaces\{79904027-AA3E-4099-9322-97F672ACDDDC}: [DhcpNameServer] 192.168.2.1

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://outlook.live.com/owa/
    HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://support.alienware.com
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope value is missing
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
    BHO: LastPass Browser Helper Object -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPBar64.dll [2011-10-17] (LastPass)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
    BHO-x32: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-11-01] (Oracle Corporation)
    BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> G:\Games\Arc\Plugins\ArcPluginIE.dll [2016-06-15] (Perfect World Entertainment Inc)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
    BHO-x32: LastPass Browser Helper Object -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPBar.dll [2011-10-17] (LastPass)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-11-01] (Oracle Corporation)
    Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll [2011-10-17] (LastPass)
    Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll [2011-10-17] (LastPass)
    DPF: HKLM {140E4DF8-9E14-4A34-9577-C77561ED7883} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
    DPF: HKLM-x32 {140E4DF8-9E14-4A34-9577-C77561ED7883}
    DPF: HKLM-x32 {3860DD98-0549-4D50-AA72-5D17D200EE10}
    DPF: HKLM-x32 {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2001-04-02] (Microsoft Corporation)
    Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2001-04-02] (Microsoft Corporation)
    Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2001-04-02] (Microsoft Corporation)
    Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2001-04-02] (Microsoft Corporation)
    Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2001-04-02] (Microsoft Corporation)
    Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2001-04-02] (Microsoft Corporation)
    Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2001-04-02] (Microsoft Corporation)

    FireFox:
    ========
    FF DefaultProfile: 7akasbd1.default-1367016688725
    FF ProfilePath: C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725 [2016-10-16]
    FF DefaultSearchEngine: Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725 -> Search Provided by Yahoo
    FF SelectedSearchEngine: Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725 -> Search Provided by Yahoo
    FF Homepage: Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725 -> hxxps://outlook.live.com/owa/?path=/mail/inbox
    FF Extension: (Adblock Plus Pop-up Addon) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725\Extensions\adblockpopups@jessehakanen.net.xpi [2016-04-27]
    FF Extension: (Add to Amazon Wish List Button) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725\Extensions\amznUWL2@amazon.com.xpi [2016-06-05]
    FF Extension: (Canadian English Dictionary) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725\Extensions\en-CA@dictionaries.addons.mozilla.org [2016-03-14]
    FF Extension: (Ghostery) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725\Extensions\firefox@ghostery.com.xpi [2016-08-11]
    FF Extension: (YouTube™ Enhancer Plus) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725\Extensions\firefoxaddon@youtubeenhancer.com.xpi [2016-08-12]
    FF Extension: (FlashStopper) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725\Extensions\flashstopper@byo.co.il.xpi [2016-09-26]
    FF Extension: (FoxyProxy Standard) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725\Extensions\foxyproxy@eric.h.jung [2016-08-31]
    FF Extension: (Webmail Ad Blocker) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725\Extensions\gmailnoads@mywebber.com.xpi [2015-09-18]
    FF Extension: (Image and Flash Blocker) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725\Extensions\imgflashblocker@shimon.chohen.xpi [2016-04-27]
    FF Extension: (Ad-blocker for Gmail) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725\Extensions\jid0-AocRXUCRsLTCYvn6bgJERnwfuqw@jetpack.xpi [2016-04-28]
    FF Extension: (Location Guard) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725\Extensions\jid1-HdwPLukcGQeOSh@jetpack.xpi [2016-10-09]
    FF Extension: (YouTube™ Downloader Plus) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725\Extensions\jid1-HfCj61J5q2gaGQ@jetpack.xpi [2015-12-12]
    FF Extension: (Outlook Web App Notifications) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725\Extensions\owa_notifications@mihai-chezan.github.com.xpi [2016-10-06]
    FF Extension: (YouTube Plus) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725\Extensions\particle@particlecore.github.io.xpi [2016-07-27]
    FF Extension: (Status-4-Evar) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725\Extensions\status4evar@caligonstudios.com.xpi [2016-10-12]
    FF Extension: (LastPass) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725\Extensions\support@lastpass.com [2016-03-11]
    FF Extension: (TinyURL Generator) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725\Extensions\tinyurl.addon@fast-chat.co.uk.xpi [2016-04-27]
    FF Extension: (Google Translator for Firefox) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725\Extensions\translator@zoli.bod.xpi [2016-04-27]
    FF Extension: (UnPlug) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725\Extensions\unplug@compunach.xpi [2015-12-21]
    FF Extension: (View as text) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725\Extensions\viewastext@john.tyree.xpi [2016-04-27]
    FF Extension: (1-Click YouTube Video Downloader) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2016-08-25]
    FF Extension: (Forecastfox) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2016-04-27]
    FF Extension: (Webutation) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725\Extensions\{15fe27f3-e5ab-2d59-4c5c-dadc7945bdbd}.xpi [2016-04-27]
    FF Extension: (Print Hint) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725\Extensions\{4ca88e02-7bbb-43fe-ae41-5103893fa10c}.xpi [2016-04-27]
    FF Extension: (Updated Ad Blocker for Firefox 11+) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725\Extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi [2016-04-28]
    FF Extension: (EPUBReader) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2016-08-17]
    FF Extension: (NoScript) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-08-09]
    FF Extension: (Adblock Plus) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
    FF Extension: (Clean Video) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725\Extensions\{d62bb6fa-7192-47fd-b640-ad8855c444f3}.xpi [2016-04-28]
    FF ProfilePath: C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\hkuihaap.Trevor [2016-10-16]
    FF Keyword.URL: Mozilla\Firefox\Profiles\hkuihaap.Trevor -> hxxp://ca.search.yahoo.com/search?fr=mcafee&p=
    FF NetworkProxy: Mozilla\Firefox\Profiles\hkuihaap.Trevor -> socks_remote_dns", true
    FF DefaultSearchEngineuser_pref("browser.search.defaultenginename","Google");: Mozilla\Firefox\Profiles\hkuihaap.Trevor -> user_pref("browser.search.defaultenginename","Google");
    FF SelectedSearchEngine: Mozilla\Firefox\Profiles\hkuihaap.Trevor -> Search Provided by Yahoo
    FF Extension: (Add to Amazon Wish List Button) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\hkuihaap.Trevor\Extensions\amznUWL2@amazon.com.xpi [2013-01-02] [not signed]
    FF Extension: (Canadian English Dictionary) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\hkuihaap.Trevor\Extensions\en-CA@dictionaries.addons.mozilla.org [2013-05-17] [not signed]
    FF Extension: (Tube Enhancer Plus) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\hkuihaap.Trevor\Extensions\firefoxaddon@youtubeenhancer.com [2013-05-17] [not signed]
    FF Extension: (FoxyProxy Standard) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\hkuihaap.Trevor\Extensions\foxyproxy@eric.h.jung [2013-05-17] [not signed]
    FF Extension: (Webmail Ad Blocker) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\hkuihaap.Trevor\Extensions\gmailnoads@mywebber.com.xpi [2012-09-26] [not signed]
    FF Extension: (Image and Flash Blocker) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\hkuihaap.Trevor\Extensions\imgflashblocker@shimon.chohen.xpi [2012-07-29] [not signed]
    FF Extension: (Status-4-Evar) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\hkuihaap.Trevor\Extensions\status4evar@caligonstudios.com.xpi [2013-02-18] [not signed]
    FF Extension: (LastPass) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\hkuihaap.Trevor\Extensions\support@lastpass.com [2013-05-17] [not signed]
    FF Extension: (TinyURL Generator) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\hkuihaap.Trevor\Extensions\tinyurl.addon@fast-chat.co.uk.xpi [2012-11-13] [not signed]
    FF Extension: (View as text) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\hkuihaap.Trevor\Extensions\viewastext@john.tyree.xpi [2012-09-30] [not signed]
    FF Extension: (YouTube Cinema Mode .) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\hkuihaap.Trevor\Extensions\youtube-cinemode@gmail.com.xpi [2013-04-18] [not signed]
    FF Extension: (Forecastfox) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\hkuihaap.Trevor\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2013-05-17] [not signed]
    FF Extension: (Updated Ad Blocker for Firefox 11+) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\hkuihaap.Trevor\Extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi [2012-07-31] [not signed]
    FF Extension: (EPUBReader) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\hkuihaap.Trevor\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2013-05-17] [not signed]
    FF Extension: (Adblock Plus) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\hkuihaap.Trevor\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-02-15] [not signed]
    FF Extension: (Youtube Hide Annotations) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\hkuihaap.Trevor\Extensions\{d62bb6fa-7192-47fd-b640-ad8855c444f3}.xpi [2013-04-18] [not signed]
    FF Extension: (DownThemAll!) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\hkuihaap.Trevor\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-04-06] [not signed]
    FF Extension: (No Name) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\onsugnew.default\extensions\gmailnoads@mywebber.com.xpi [not found]
    FF Extension: (No Name) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\onsugnew.default\extensions\tinyurl.addon@fast-chat.co.uk.xpi [not found]
    FF Extension: (No Name) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\onsugnew.default\extensions\viewastext@john.tyree.xpi [not found]
    FF Extension: (No Name) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\onsugnew.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [not found]
    FF Extension: (No Name) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\onsugnew.default\extensions\amznUWL2@amazon.com.xpi [not found]
    FF Extension: (No Name) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\onsugnew.default\extensions\status4evar@caligonstudios.com.xpi [not found]
    FF Extension: (No Name) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\onsugnew.default\extensions\foxyproxy@eric.h.jung [not found]
    FF Extension: (No Name) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\onsugnew.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [not found]
    FF Extension: (No Name) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\onsugnew.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [not found]
    FF Extension: (No Name) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\onsugnew.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Common Files\McAfee\SystemCore [not found]
    FF Extension: (No Name) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\onsugnew.default\extensions\{d62bb6fa-7192-47fd-b640-ad8855c444f3}.xpi [not found]
    FF Extension: (No Name) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\onsugnew.default\extensions\youtube-cinemode@gmail.com.xpi [not found]
    FF Extension: (No Name) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\onsugnew.default\extensions\firefoxaddon@youtubeenhancer.com [not found]
    FF Extension: (No Name) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\onsugnew.default\extensions\support@lastpass.com [not found]
    FF SearchPlugin: C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\hkuihaap.Trevor\searchplugins\startpage-https---uk.xml [2013-05-05]
    FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2016-08-23] [not signed]
    FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-08-23] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => not found
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [No File]
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [No File]
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-04-08] ()
    FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-11-01] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-11-01] (Oracle Corporation)
    FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll [No File]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-08-11] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-08-11] (NVIDIA Corporation)
    FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> G:\Games\Arc\Plugins\npArcPluginFF.dll [2016-06-15] (Perfect World Entertainment Inc)
    FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll [2013-03-18] (Sony Corporation)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-1645592776-1552282287-2170224798-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Trevor\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [No File]
    FF Plugin HKU\S-1-5-21-1645592776-1552282287-2170224798-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Trevor\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [No File]
    FF Plugin HKU\S-1-5-21-1645592776-1552282287-2170224798-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-11-17] (The Happy Cloud)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npLegitCheckPlugin.dll [2009-06-25] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2008-10-24] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - C:\Program Files (x86)\LastPass\lpchrome.crx [2011-10-17]
    StartMenuInternet: Google Chrome - C:\Users\Trevor\AppData\Local\Google\Chrome\Application\chrome.exe

    Opera:
    =======
    OPR Extension: (LastPass) - C:\Users\Trevor\AppData\Roaming\Opera Software\Opera Stable\Extensions\hnjalnkldgigidggphhmacmimbdlafdo [2013-10-27]
    OPR Extension: (Adblock Plus) - C:\Users\Trevor\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2013-10-27]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-12] (SUPERAntiSpyware.com)
    S3 ArcService; G:\Games\Arc\ArcService.exe [88024 2016-06-15] (Perfect World Entertainment Inc)
    R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [48640 2015-05-29] () [File not signed]
    S3 BRSptSvc; C:\programdata\bitraider\BRSptSvc.exe [915736 2013-06-10] (BitRaider, LLC)
    R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [65640 2015-11-05] (CyberGhost S.R.L)
    R2 DAZContentManagementService; C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [22528 2011-05-05] () [File not signed]
    R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-03-10] (Dell Inc.)
    R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-03-10] (Dell Inc.)
    S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [130976 2011-08-15] (Futuremark Corporation)
    S3 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [246328 2016-05-21] (GOG.com)
    S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6167096 2016-05-21] (GOG.com)
    S4 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-02-13] (SurfRight B.V.)
    R2 LicCtrlService; C:\Windows\runservice.exe [2560 2010-03-05] () [File not signed]
    S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-01-14] (IObit)
    R2 MB3Service; C:\Program Files\Malwarebytes\Anti-Ransomware\MB3Service.exe [3291088 2016-08-26] (Malwarebytes)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
    R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [120888 2016-08-30] (Microsoft Corporation)
    R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-08-30] (Microsoft Corporation)
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
    S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
    S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
    S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2016-02-08] (Electronic Arts)
    R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
    S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2013-02-15] (Sony Corporation) [File not signed]
    R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-04-22] (Dell Inc.)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    U2 XTUService; C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe [30944 2009-07-27] (Intel Corporation)
    S2 HOSTS Anti-PUPs; C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -update [X]

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-10-02] (AVG Technologies)
    R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [200448 2016-04-15] (Broadcom Corporation.)
    S3 BRDriver64; C:\programdata\bitraider\BRDriver64.sys [75048 2013-06-10] (BitRaider)
    R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [32464 2015-09-11] (Dell Computer Corporation)
    R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
    S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-09-08] (REALiX(tm))
    R0 MB3SwissArmy; C:\Windows\System32\drivers\MB3SwissArmy.sys [228800 2016-10-16] (Malwarebytes)
    R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [140672 2016-03-10] (Malwarebytes)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-10-16] (Malwarebytes)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
    R3 mio; C:\Windows\System32\DRIVERS\mio.sys [7680 2011-05-04] (Dell/Alienware)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
    S2 mrtRate; C:\Windows\SysWow64\Drivers\mrtRate.sys [34916 1999-08-12] (Marimba, Inc.)
    R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
    S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
    S3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [27136 2015-01-26] (The OpenVPN Project)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 SASENUM; E:\Program Files\SUPERAntiSpyware\SASENUM.SYS [12872 2010-02-18] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [28400 2016-03-30] () [File not signed]
    R0 SI3132; C:\Windows\System32\DRIVERS\SI3132.sys [90664 2009-07-29] (Silicon Image, Inc)
    R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [22056 2009-07-29] (Silicon Image, Inc)
    R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [17448 2009-07-29] (Silicon Image, Inc)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-10-14] ()
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 cpuz130; \??\C:\Users\Trevor\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]
    S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
    R4 IOMap; \??\C:\Windows\system32\drivers\IOMap64.sys [X]
    S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
    S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
    S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
    S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
    S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
    S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
     
  23. Polterdog

    Polterdog TS Rookie Topic Starter Posts: 31

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-10-16 18:15 - 2016-10-16 23:26 - 00037260 _____ C:\Users\Trevor\Desktop\FRST.txt
    2016-10-16 18:15 - 2016-10-16 18:15 - 00001660 _____ C:\Users\Trevor\Desktop\Addition.txt
    2016-10-16 17:55 - 2016-10-16 18:04 - 00000000 ____D C:\AVG_Remover
    2016-10-16 17:49 - 2016-10-16 17:49 - 08111408 _____ ( ) C:\Users\Trevor\Desktop\AVG_Remover.exe
    2016-10-16 17:49 - 2016-10-16 17:49 - 00001275 _____ C:\Users\Trevor\Desktop\Latest Instructions.txt
    2016-10-16 00:10 - 2016-10-16 00:26 - 00000000 ____D C:\ComboFix
    2016-10-15 13:42 - 2016-10-15 13:49 - 298619670 _____ C:\Users\Trevor\Desktop\David Paulides (10-14-14) Missing 411 - YouTube [360p].mp4
    2016-10-15 12:09 - 2016-10-11 12:45 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts.20161015-120912.backup
    2016-10-15 12:02 - 2016-10-15 12:02 - 00000887 _____ C:\Users\Trevor\Desktop\JRT Report 2.txt
    2016-10-14 13:32 - 2016-10-14 13:32 - 00001059 _____ C:\Users\Trevor\Desktop\MWL.txt
    2016-10-14 11:05 - 2016-10-14 11:05 - 00001078 _____ C:\Users\Trevor\Desktop\Malware Bytes Text Log.txt
    2016-10-14 01:24 - 2016-10-14 01:24 - 00017552 _____ C:\Users\Trevor\Desktop\RogueKiller Scan.txt
    2016-10-14 00:27 - 2016-10-14 00:27 - 00000235 _____ C:\Users\Trevor\Desktop\Techspot Rogue Killer Post.txt
    2016-10-14 00:20 - 2016-10-14 00:20 - 00338114 _____ C:\Users\Trevor\Desktop\SoftwareBundler Win32_Stallmonitz Farbar FRST Log (Part 1) - TechSpot Forums.htm
    2016-10-14 00:20 - 2016-10-14 00:20 - 00000000 ____D C:\Users\Trevor\Desktop\SoftwareBundler Win32_Stallmonitz Farbar FRST Log (Part 1) - TechSpot Forums_files
    2016-10-13 23:23 - 2016-10-13 23:23 - 22851472 _____ (Malwarebytes ) C:\Users\Trevor\Desktop\mbam-setup-2.2.1.1043.exe
    2016-10-13 21:19 - 2016-10-16 23:26 - 00000000 ____D C:\FRST
    2016-10-13 21:18 - 2016-10-13 21:18 - 02406912 _____ (Farbar) C:\Users\Trevor\Desktop\FRST64.exe
    2016-10-13 15:43 - 2016-10-13 15:43 - 00000006 _____ C:\Users\Trevor\Desktop\BMO Payment Code.txt
    2016-10-12 22:35 - 2016-10-12 23:05 - 00000000 ____D C:\Users\Trevor\Desktop\Old Dragon Age Launch
    2016-10-12 19:38 - 2016-07-22 10:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
    2016-10-12 19:38 - 2016-07-22 10:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
    2016-10-12 19:24 - 2016-10-14 19:01 - 00000000 ____D C:\Users\Trevor\AppData\Roaming\WinPatrol
    2016-10-12 19:18 - 2016-10-12 19:18 - 00001751 _____ C:\Users\Trevor\Desktop\RevoUninPro.lnk
    2016-10-12 18:44 - 2016-10-12 18:44 - 00001110 _____ C:\Users\Trevor\Desktop\FixExec.txt
    2016-10-12 18:43 - 2016-10-12 18:43 - 00003658 _____ C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
    2016-10-12 18:43 - 2016-10-12 18:43 - 00002165 _____ C:\Users\Trevor\Desktop\Tweaking.com - Windows Repair.lnk
    2016-10-12 18:42 - 2016-10-12 18:43 - 00188523 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
    2016-10-12 18:42 - 2016-10-12 18:42 - 00001014 _____ C:\Users\Trevor\Desktop\NTREGOPT.lnk
    2016-10-12 18:42 - 2016-10-12 18:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NT Registry Optimizer
    2016-10-12 18:42 - 2016-10-12 18:42 - 00000000 ____D C:\Program Files (x86)\NT Registry Optimizer
    2016-10-12 18:32 - 2016-10-16 18:02 - 00228800 _____ (Malwarebytes) C:\Windows\system32\Drivers\MB3SwissArmy.sys
    2016-10-12 18:32 - 2016-10-13 17:12 - 00001947 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Ransomware.lnk
    2016-10-12 18:32 - 2016-10-12 19:25 - 00091072 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
    2016-10-12 18:32 - 2016-10-12 18:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Ransomware
    2016-10-12 18:31 - 2016-10-12 18:32 - 00000000 ____D C:\ProgramData\MalwarebytesARW
    2016-10-12 18:31 - 2016-10-12 18:31 - 00000000 ____D C:\Program Files\Malwarebytes
    2016-10-12 18:30 - 2016-10-12 18:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2016-10-12 18:30 - 2016-10-12 18:43 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
    2016-10-12 18:30 - 2016-10-12 18:30 - 00002109 _____ C:\Users\Trevor\Desktop\Tweaking.com - Hardware Identify.lnk
    2016-10-12 18:26 - 2016-10-12 18:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
    2016-10-12 18:26 - 2016-10-12 18:26 - 00000000 ____D C:\ProgramData\InstallMate
    2016-10-12 18:26 - 2016-10-12 18:26 - 00000000 ____D C:\Program Files (x86)\Ruiware
    2016-10-12 16:14 - 2016-10-12 16:14 - 00000112 ___RH C:\Users\Trevor\Desktop\Stinger.opt
    2016-10-12 16:03 - 2016-10-12 16:03 - 00000000 ____D C:\Quarantine
    2016-10-12 15:59 - 2016-10-12 16:14 - 00000000 ____D C:\Program Files (x86)\stinger
    2016-10-12 15:59 - 2016-10-12 16:03 - 00000992 _____ C:\Users\Trevor\Desktop\Stinger_12102016_155956.html
    2016-10-12 15:59 - 2016-10-12 15:59 - 00000000 ____D C:\Program Files\McAfee
    2016-10-12 12:56 - 2016-09-30 16:13 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2016-10-12 12:56 - 2016-09-30 15:28 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2016-10-12 12:56 - 2016-09-30 11:37 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2016-10-12 12:56 - 2016-09-30 11:20 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2016-10-12 12:56 - 2016-09-30 11:20 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2016-10-12 12:56 - 2016-09-30 03:55 - 25765376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2016-10-12 12:56 - 2016-09-30 02:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2016-10-12 12:56 - 2016-09-30 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2016-10-12 12:56 - 2016-09-30 02:26 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2016-10-12 12:56 - 2016-09-30 02:25 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2016-10-12 12:56 - 2016-09-30 02:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2016-10-12 12:56 - 2016-09-30 02:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2016-10-12 12:56 - 2016-09-30 02:25 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2016-10-12 12:56 - 2016-09-30 02:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2016-10-12 12:56 - 2016-09-30 02:18 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2016-10-12 12:56 - 2016-09-30 02:17 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2016-10-12 12:56 - 2016-09-30 02:14 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2016-10-12 12:56 - 2016-09-30 02:13 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2016-10-12 12:56 - 2016-09-30 02:13 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2016-10-12 12:56 - 2016-09-30 02:12 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2016-10-12 12:56 - 2016-09-30 02:12 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2016-10-12 12:56 - 2016-09-30 02:09 - 06048256 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2016-10-12 12:56 - 2016-09-30 02:05 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2016-10-12 12:56 - 2016-09-30 02:02 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2016-10-12 12:56 - 2016-09-30 01:55 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2016-10-12 12:56 - 2016-09-30 01:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2016-10-12 12:56 - 2016-09-30 01:54 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2016-10-12 12:56 - 2016-09-30 01:51 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2016-10-12 12:56 - 2016-09-30 01:50 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2016-10-12 12:56 - 2016-09-30 01:47 - 20306944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2016-10-12 12:56 - 2016-09-30 01:47 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2016-10-12 12:56 - 2016-09-30 01:46 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2016-10-12 12:56 - 2016-09-30 01:42 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2016-10-12 12:56 - 2016-09-30 01:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2016-10-12 12:56 - 2016-09-30 01:42 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2016-10-12 12:56 - 2016-09-30 01:42 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2016-10-12 12:56 - 2016-09-30 01:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2016-10-12 12:56 - 2016-09-30 01:38 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2016-10-12 12:56 - 2016-09-30 01:36 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2016-10-12 12:56 - 2016-09-30 01:35 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2016-10-12 12:56 - 2016-09-30 01:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2016-10-12 12:56 - 2016-09-30 01:33 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2016-10-12 12:56 - 2016-09-30 01:33 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2016-10-12 12:56 - 2016-09-30 01:32 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2016-10-12 12:56 - 2016-09-30 01:32 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2016-10-12 12:56 - 2016-09-30 01:32 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2016-10-12 12:56 - 2016-09-30 01:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2016-10-12 12:56 - 2016-09-30 01:31 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2016-10-12 12:56 - 2016-09-30 01:31 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2016-10-12 12:56 - 2016-09-30 01:24 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2016-10-12 12:56 - 2016-09-30 01:21 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2016-10-12 12:56 - 2016-09-30 01:19 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2016-10-12 12:56 - 2016-09-30 01:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2016-10-12 12:56 - 2016-09-30 01:17 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2016-10-12 12:56 - 2016-09-30 01:17 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2016-10-12 12:56 - 2016-09-30 01:15 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2016-10-12 12:56 - 2016-09-30 01:14 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2016-10-12 12:56 - 2016-09-30 01:13 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2016-10-12 12:56 - 2016-09-30 01:12 - 04608512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2016-10-12 12:56 - 2016-09-30 01:07 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2016-10-12 12:56 - 2016-09-30 01:05 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2016-10-12 12:56 - 2016-09-30 01:05 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2016-10-12 12:56 - 2016-09-30 01:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2016-10-12 12:56 - 2016-09-30 01:05 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2016-10-12 12:56 - 2016-09-30 01:03 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2016-10-12 12:56 - 2016-09-30 00:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2016-10-12 12:56 - 2016-09-30 00:46 - 02444288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2016-10-12 12:56 - 2016-09-30 00:43 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2016-10-12 12:56 - 2016-09-30 00:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2016-10-12 12:56 - 2016-09-12 17:13 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2016-10-12 12:56 - 2016-09-12 17:08 - 01465344 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2016-10-12 12:56 - 2016-09-12 17:08 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2016-10-12 12:56 - 2016-09-12 17:08 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2016-10-12 12:56 - 2016-09-12 17:08 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2016-10-12 12:56 - 2016-09-12 17:08 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2016-10-12 12:56 - 2016-09-12 17:08 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2016-10-12 12:56 - 2016-09-12 17:08 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2016-10-12 12:56 - 2016-09-12 17:08 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2016-10-12 12:56 - 2016-09-12 17:08 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
    2016-10-12 12:56 - 2016-09-12 16:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2016-10-12 12:56 - 2016-09-12 16:49 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2016-10-12 12:56 - 2016-09-12 16:49 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2016-10-12 12:56 - 2016-09-12 16:49 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2016-10-12 12:56 - 2016-09-12 16:49 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2016-10-12 12:56 - 2016-09-12 16:49 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
    2016-10-12 12:56 - 2016-09-12 16:37 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2016-10-12 12:56 - 2016-09-12 16:32 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2016-10-12 12:56 - 2016-09-12 16:32 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2016-10-12 12:56 - 2016-09-12 16:32 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2016-10-12 12:56 - 2016-09-12 15:08 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2016-10-12 12:56 - 2016-09-12 14:43 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2016-10-12 12:56 - 2016-09-12 14:43 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
    2016-10-12 12:56 - 2016-09-10 12:19 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
    2016-10-12 12:56 - 2016-09-10 11:53 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
    2016-10-12 12:56 - 2016-09-09 14:29 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2016-10-12 12:56 - 2016-09-09 14:26 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2016-10-12 12:56 - 2016-09-09 14:23 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2016-10-12 12:56 - 2016-09-09 14:20 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2016-10-12 12:56 - 2016-09-09 14:20 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2016-10-12 12:56 - 2016-09-09 14:20 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2016-10-12 12:56 - 2016-09-09 14:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2016-10-12 12:56 - 2016-09-09 14:01 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2016-10-12 12:56 - 2016-09-09 13:59 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2016-10-12 12:56 - 2016-09-09 13:51 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2016-10-12 12:56 - 2016-08-12 13:02 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
    2016-10-12 12:56 - 2016-08-12 13:02 - 12574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
    2016-10-12 12:56 - 2016-08-12 12:47 - 12574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
    2016-10-12 12:56 - 2016-08-12 12:47 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
    2016-10-12 12:56 - 2016-08-12 12:26 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
    2016-10-12 12:56 - 2016-08-06 11:31 - 02023424 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
    2016-10-12 12:56 - 2016-08-06 11:31 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
    2016-10-12 12:56 - 2016-08-06 11:31 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
    2016-10-12 12:56 - 2016-08-06 11:31 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
    2016-10-12 12:56 - 2016-08-06 11:15 - 01178112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
    2016-10-12 12:56 - 2016-08-06 11:15 - 00249344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
    2016-10-12 12:56 - 2016-08-06 11:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
    2016-10-12 12:56 - 2016-08-06 11:15 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
    2016-10-12 12:56 - 2016-08-06 11:01 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
    2016-10-12 12:56 - 2016-08-06 10:53 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
    2016-10-12 12:56 - 2016-06-14 13:21 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
    2016-10-12 12:56 - 2016-06-14 13:16 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
    2016-10-12 12:56 - 2016-06-14 13:16 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
    2016-10-12 12:56 - 2016-06-14 13:16 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
    2016-10-12 12:56 - 2016-06-14 13:16 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
    2016-10-12 12:56 - 2016-06-14 13:16 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
    2016-10-12 12:56 - 2016-06-14 13:16 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
    2016-10-12 12:56 - 2016-06-14 13:16 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2016-10-12 12:56 - 2016-06-14 13:16 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
    2016-10-12 12:56 - 2016-06-14 13:16 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
    2016-10-12 12:56 - 2016-06-14 13:16 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
    2016-10-12 12:56 - 2016-06-14 13:16 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
    2016-10-12 12:56 - 2016-06-14 13:16 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
    2016-10-12 12:56 - 2016-06-14 13:16 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
    2016-10-12 12:56 - 2016-06-14 13:16 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
    2016-10-12 12:56 - 2016-06-14 13:16 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
    2016-10-12 12:56 - 2016-06-14 13:16 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
    2016-10-12 12:56 - 2016-06-14 13:11 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
    2016-10-12 12:56 - 2016-06-14 11:21 - 03209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
    2016-10-12 12:56 - 2016-06-14 11:21 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
    2016-10-12 12:56 - 2016-06-14 11:21 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
    2016-10-12 12:56 - 2016-06-14 11:21 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
    2016-10-12 12:56 - 2016-06-14 11:21 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
    2016-10-12 12:56 - 2016-06-14 11:21 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
    2016-10-12 12:56 - 2016-06-14 11:21 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2016-10-12 12:56 - 2016-06-14 11:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
    2016-10-12 12:56 - 2016-06-14 11:21 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
    2016-10-12 12:56 - 2016-06-14 11:21 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
    2016-10-12 12:56 - 2016-06-14 11:21 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
    2016-10-12 12:56 - 2016-06-14 11:21 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
    2016-10-12 12:56 - 2016-06-14 11:21 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
    2016-10-12 12:56 - 2016-06-14 11:15 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
    2016-10-12 12:55 - 2016-09-15 11:30 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
    2016-10-12 12:55 - 2016-09-15 11:30 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
    2016-10-12 12:55 - 2016-09-15 11:15 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
    2016-10-12 12:55 - 2016-09-15 11:15 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
    2016-10-12 12:55 - 2016-09-12 17:13 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2016-10-12 12:55 - 2016-09-12 17:08 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2016-10-12 12:55 - 2016-09-12 17:08 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2016-10-12 12:55 - 2016-09-12 17:08 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2016-10-12 12:55 - 2016-09-12 17:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
    2016-10-12 12:55 - 2016-09-12 17:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2016-10-12 12:55 - 2016-09-12 17:08 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2016-10-12 12:55 - 2016-09-12 17:08 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2016-10-12 12:55 - 2016-09-12 17:08 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2016-10-12 12:55 - 2016-09-12 17:08 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2016-10-12 12:55 - 2016-09-12 17:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2016-10-12 12:55 - 2016-09-12 16:49 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2016-10-12 12:55 - 2016-09-12 16:49 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2016-10-12 12:55 - 2016-09-12 16:49 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2016-10-12 12:55 - 2016-09-12 16:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2016-10-12 12:55 - 2016-09-12 16:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2016-10-12 12:55 - 2016-09-12 16:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
    2016-10-12 12:55 - 2016-09-12 16:49 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2016-10-12 12:55 - 2016-09-12 16:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2016-10-12 12:55 - 2016-09-12 16:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2016-10-12 12:55 - 2016-09-12 16:49 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2016-10-12 12:55 - 2016-09-12 16:39 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2016-10-12 12:55 - 2016-09-12 16:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2016-10-12 12:55 - 2016-09-12 16:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2016-10-12 12:55 - 2016-09-12 16:25 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 14:00 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2016-10-12 12:55 - 2016-09-09 14:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2016-10-12 12:55 - 2016-09-09 14:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2016-10-12 12:55 - 2016-09-09 14:00 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2016-10-12 12:55 - 2016-09-09 13:59 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2016-10-12 12:55 - 2016-09-09 13:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2016-10-12 12:55 - 2016-09-09 13:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
     
  24. Polterdog

    Polterdog TS Rookie Topic Starter Posts: 31

    2016-10-12 12:55 - 2016-09-09 13:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 13:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2016-10-12 12:55 - 2016-09-09 13:51 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2016-10-12 12:55 - 2016-09-09 13:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2016-10-12 12:55 - 2016-09-09 13:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2016-10-12 12:55 - 2016-09-09 13:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2016-10-12 12:55 - 2016-09-09 13:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2016-10-12 12:55 - 2016-09-09 13:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2016-10-12 12:55 - 2016-09-09 13:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2016-10-12 12:55 - 2016-09-09 13:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2016-10-12 12:55 - 2016-09-09 13:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 13:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-09 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2016-10-12 12:55 - 2016-09-08 16:34 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
    2016-10-12 12:55 - 2016-09-08 16:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
    2016-10-12 12:55 - 2016-09-08 16:34 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
    2016-10-12 12:55 - 2016-09-08 16:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
    2016-10-12 12:55 - 2016-09-08 10:55 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2016-10-12 12:55 - 2016-09-08 10:55 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
    2016-10-12 12:55 - 2016-08-12 13:02 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
    2016-10-12 12:55 - 2016-08-12 13:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
    2016-10-12 12:55 - 2016-08-12 13:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
    2016-10-12 12:55 - 2016-08-12 12:31 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
    2016-10-12 12:55 - 2016-08-12 12:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
    2016-10-12 12:55 - 2016-08-12 12:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
    2016-10-12 12:55 - 2016-08-06 11:31 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
    2016-10-12 12:55 - 2016-08-06 11:31 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
    2016-10-12 12:55 - 2016-08-06 11:15 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
    2016-10-12 12:55 - 2016-08-06 11:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
    2016-10-12 12:55 - 2016-08-06 10:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
    2016-10-12 12:55 - 2016-08-06 10:53 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
    2016-10-12 12:55 - 2016-06-14 13:16 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2016-10-12 12:55 - 2016-06-14 13:16 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
    2016-10-12 12:55 - 2016-06-14 13:16 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
    2016-10-12 12:55 - 2016-06-14 13:16 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
    2016-10-12 12:55 - 2016-06-14 13:16 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
    2016-10-12 12:55 - 2016-06-14 13:16 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
    2016-10-12 12:55 - 2016-06-14 13:16 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
    2016-10-12 12:55 - 2016-06-14 13:16 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
    2016-10-12 12:55 - 2016-06-14 13:16 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
    2016-10-12 12:55 - 2016-06-14 13:16 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
    2016-10-12 12:55 - 2016-06-14 13:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
    2016-10-12 12:55 - 2016-06-14 13:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
    2016-10-12 12:55 - 2016-06-14 11:21 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2016-10-12 12:55 - 2016-06-14 11:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
    2016-10-12 12:55 - 2016-06-14 11:21 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
    2016-10-12 12:55 - 2016-06-14 11:21 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2016-10-12 12:55 - 2016-06-14 11:21 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2016-10-12 12:55 - 2016-06-14 11:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2016-10-12 12:55 - 2016-06-14 11:21 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
    2016-10-12 12:55 - 2016-06-14 11:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
    2016-10-12 12:55 - 2016-06-14 11:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
    2016-10-12 12:55 - 2016-06-14 11:15 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
    2016-10-12 12:55 - 2016-06-14 11:15 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
    2016-10-12 12:55 - 2016-06-14 11:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
    2016-10-12 12:55 - 2016-06-14 11:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
    2016-10-12 12:55 - 2016-06-14 11:00 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
    2016-10-12 12:55 - 2016-06-14 11:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
    2016-10-12 12:53 - 2016-08-16 16:40 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
    2016-10-12 12:53 - 2016-08-16 16:40 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
    2016-10-12 12:53 - 2016-08-16 16:40 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
    2016-10-12 12:53 - 2016-08-16 16:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
    2016-10-12 12:53 - 2016-08-16 16:40 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
    2016-10-12 12:53 - 2016-08-16 16:40 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
    2016-10-12 12:53 - 2016-08-16 16:40 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
    2016-10-12 12:53 - 2016-08-05 11:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2016-10-12 12:53 - 2016-08-05 11:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2016-10-12 12:49 - 2016-09-12 17:17 - 00077032 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
    2016-10-12 12:49 - 2016-09-12 17:08 - 01226752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2016-10-12 12:49 - 2016-09-09 11:54 - 01629184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2016-10-12 12:49 - 2016-09-09 11:54 - 00586752 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2016-10-12 12:49 - 2016-09-09 11:54 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2016-10-12 12:49 - 2016-09-09 11:54 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2016-10-12 12:49 - 2016-09-09 11:54 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
    2016-10-12 12:49 - 2016-09-09 11:54 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2016-10-12 12:49 - 2016-09-09 11:54 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2016-10-12 12:49 - 2016-08-16 13:36 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
    2016-10-12 12:49 - 2016-08-15 22:48 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
    2016-10-12 12:49 - 2016-08-12 12:26 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
    2016-10-12 12:49 - 2016-08-12 12:26 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
    2016-10-12 12:49 - 2016-08-12 12:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
    2016-10-12 12:40 - 2016-08-29 11:31 - 14183424 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2016-10-12 12:40 - 2016-08-29 11:31 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2016-10-12 12:40 - 2016-08-29 11:31 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
    2016-10-12 12:40 - 2016-08-29 11:12 - 12880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2016-10-12 12:40 - 2016-08-29 11:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2016-10-12 12:40 - 2016-08-29 11:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
    2016-10-12 12:40 - 2016-08-29 11:04 - 03229696 _____ (Microsoft Corporation) C:\Windows\explorer.exe
    2016-10-12 12:40 - 2016-08-29 10:55 - 02972672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
    2016-10-12 12:40 - 2016-08-06 11:31 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2016-10-12 12:40 - 2016-08-06 11:15 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
    2016-10-12 09:49 - 2016-10-12 09:49 - 00005778 _____ C:\Users\Trevor\Desktop\JRT Report.txt
    2016-10-12 09:14 - 2016-10-15 12:01 - 00000887 _____ C:\Users\Trevor\Desktop\JRT.txt
    2016-10-12 09:07 - 2016-10-12 09:07 - 00008869 _____ C:\Users\Trevor\Desktop\AdwCleaner[S3].txt
    2016-10-12 08:54 - 2016-10-12 08:55 - 03874368 _____ C:\Users\Trevor\Desktop\AdwCleaner(1).exe
    2016-10-12 08:24 - 2016-10-12 08:24 - 00001086 _____ C:\Malware Antibytes Log (Safe Mode).txt
    2016-10-12 01:28 - 2016-10-12 01:28 - 00017280 _____ C:\Users\Trevor\Desktop\rk_4F67.tmp (Safe Mode).txt
    2016-10-12 00:52 - 2016-10-12 07:59 - 02534020 _____ C:\Windows\ntbtlog.txt
    2016-10-12 00:26 - 2016-10-12 00:26 - 00000000 ___HD C:\OneDriveTemp
    2016-10-12 00:04 - 2016-10-12 00:04 - 00367815 _____ C:\Users\Trevor\Desktop\Possible threat, just removed SoftwareBundler Win32_Stallmonitz - TechSpot Forums.htm
    2016-10-12 00:04 - 2016-10-12 00:04 - 00000000 ____D C:\Users\Trevor\Desktop\Possible threat, just removed SoftwareBundler Win32_Stallmonitz - TechSpot Forums_files
    2016-10-12 00:01 - 2016-10-12 00:01 - 00082164 _____ C:\Users\Trevor\Desktop\error messages preventing the removal of virus in Microsoft Security Essentials.htm
    2016-10-12 00:01 - 2016-10-12 00:01 - 00000000 ____D C:\Users\Trevor\Desktop\error messages preventing the removal of virus in Microsoft Security Essentials_files
    2016-10-11 23:53 - 2016-10-14 00:30 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
    2016-10-11 23:52 - 2016-10-12 00:07 - 00000000 ____D C:\ProgramData\RogueKiller
    2016-10-11 23:52 - 2016-10-12 00:04 - 00001017 _____ C:\Users\Public\Desktop\RogueKiller.lnk
    2016-10-11 23:52 - 2016-10-11 23:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
    2016-10-11 23:52 - 2016-10-11 23:52 - 00000000 ____D C:\Program Files\RogueKiller
    2016-10-11 19:40 - 2016-10-15 17:18 - 00000804 _____ C:\Users\Trevor\Desktop\New Passwords.txt
    2016-10-11 12:29 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
    2016-10-11 12:29 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
    2016-10-11 12:29 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2016-10-11 12:29 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2016-10-11 12:29 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2016-10-11 12:29 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
    2016-10-11 12:29 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
    2016-10-11 12:29 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
    2016-10-11 12:23 - 2016-10-16 00:11 - 00000000 ____D C:\Qoobox
    2016-10-11 12:23 - 2016-10-11 12:52 - 00000000 ____D C:\Windows\erdnt
    2016-10-11 00:37 - 2016-10-11 00:37 - 00077032 _____ C:\Users\Trevor\Desktop\8 Things You Must Do Before Reformatting Your PC.htm
    2016-10-11 00:37 - 2016-10-11 00:37 - 00000000 ____D C:\Users\Trevor\Desktop\8 Things You Must Do Before Reformatting Your PC_files
    2016-10-11 00:31 - 2016-10-11 00:31 - 01631928 _____ (Malwarebytes) C:\Users\Trevor\Desktop\Junk Removal Tool.exe
    2016-10-11 00:28 - 2016-10-11 00:28 - 00448512 _____ (OldTimer Tools) C:\Users\Trevor\Desktop\Temporary File Cleaner.exe
    2016-10-11 00:23 - 2016-10-11 00:23 - 04257344 _____ (Reason Software Company Inc.) C:\Users\Trevor\Desktop\reason-core-security-setup.exe
    2016-10-11 00:14 - 2016-10-11 00:14 - 16370544 _____ (McAfee Inc) C:\Users\Trevor\Desktop\Stinger 32.exe
    2016-10-11 00:09 - 2016-10-11 00:09 - 05659993 ____R (Swearware) C:\Users\Trevor\Desktop\ComboFix.exe
    2016-10-10 14:57 - 2016-10-10 15:01 - 138915096 _____ (Microsoft Corporation) C:\Users\Trevor\Desktop\Microsoft Security Response Tool.exe
    2016-10-10 08:03 - 2016-10-10 23:53 - 00002738 _____ C:\Users\Trevor\Desktop\Rkill.txt
    2016-10-10 06:19 - 2016-10-10 06:19 - 00041314 _____ C:\Users\Trevor\Desktop\How to Hide Your IP Address - 3 Easy Ways.htm
    2016-10-10 06:19 - 2016-10-10 06:19 - 00000000 ____D C:\Users\Trevor\Desktop\How to Hide Your IP Address - 3 Easy Ways_files
    2016-10-09 14:02 - 2016-10-09 14:02 - 00056859 _____ C:\Users\Trevor\Desktop\3 Ways to Get Rid of Viruses, Spyware and Malware.htm
    2016-10-09 14:02 - 2016-10-09 14:02 - 00000000 ____D C:\Users\Trevor\Desktop\3 Ways to Get Rid of Viruses, Spyware and Malware_files
    2016-10-09 14:00 - 2016-10-09 14:00 - 00000076 _____ C:\Users\Trevor\Desktop\Backup EA E-mail Codes.txt
    2016-10-09 12:51 - 2016-10-09 12:51 - 00000076 _____ C:\Users\Trevor\Desktop\Backup E-mail Codes.txt
    2016-10-08 19:56 - 2016-10-08 19:56 - 00071264 _____ C:\Users\Trevor\Desktop\Install & Setup (RU) _ BDFoundry.htm
    2016-10-08 19:56 - 2016-10-08 19:56 - 00000000 ____D C:\Users\Trevor\Desktop\Install & Setup (RU) _ BDFoundry_files
    2016-10-08 17:06 - 2016-10-08 17:06 - 00000000 ____D C:\Users\Trevor\AppData\Local\BDOCharacterCreator
    2016-10-08 17:05 - 2016-10-08 17:05 - 00000632 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Black Desert Character Creator.lnk
    2016-10-08 17:05 - 2016-10-08 17:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BDOCharacterCreator
    2016-10-08 16:56 - 2016-10-08 17:01 - 227195640 _____ (NC Interactive, LLC) C:\Users\Trevor\Desktop\BnS_Lite_Installer.exe
    2016-10-08 11:19 - 2016-10-08 11:21 - 00000000 ____D C:\Users\Trevor\AppData\Roaming\Mp3tag
    2016-10-08 11:18 - 2016-10-08 11:18 - 00000985 _____ C:\Users\Public\Desktop\Mp3tag.lnk
    2016-10-08 11:18 - 2016-10-08 11:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
    2016-10-08 11:18 - 2016-10-08 11:18 - 00000000 ____D C:\Program Files (x86)\Mp3tag
    2016-10-08 09:28 - 2016-10-14 15:32 - 00000816 _____ C:\Users\Trevor\Desktop\Falling Angels.txt
    2016-10-06 19:37 - 2016-10-06 19:37 - 00266133 _____ C:\Users\Trevor\Desktop\Revoltech _ eBay.htm
    2016-10-06 19:37 - 2016-10-06 19:37 - 00000000 ____D C:\Users\Trevor\Desktop\Revoltech _ eBay_files
    2016-10-06 00:03 - 2016-10-06 00:05 - 00000066 _____ C:\Users\Trevor\Desktop\Joe Derosa Sports Video Games - D&D Start.txt
    2016-10-04 21:12 - 2016-10-04 21:14 - 00000000 ____D C:\Users\Trevor\Desktop\Phenomena Magazine
    2016-10-04 19:04 - 2016-10-16 05:05 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
    2016-10-02 12:21 - 2016-09-03 16:37 - 00001887 _____ C:\Users\Trevor\Desktop\Alienware Command Center.lnk
    2016-10-02 11:09 - 2016-10-02 11:09 - 00096505 _____ C:\Users\Trevor\Desktop\Where Did Satan Come From.htm
    2016-10-02 11:09 - 2016-10-02 11:09 - 00000000 ____D C:\Users\Trevor\Desktop\Where Did Satan Come From_files
    2016-10-02 00:41 - 2016-10-02 00:46 - 205978003 _____ C:\Users\Trevor\Desktop\Coast To Coast AM - September 30, 2016 Haunted Objects &amp; Open Lines - YouTube [360p].mp4
    2016-09-30 20:53 - 2016-09-30 20:53 - 12419286 _____ C:\Users\Trevor\Desktop\kindle-drm-removal.zip
    2016-09-30 19:06 - 2016-09-30 19:07 - 21282624 _____ (Epubor Inc.) C:\Users\Trevor\Desktop\Kindle DRM Removal.exe
    2016-09-30 19:06 - 2016-09-30 19:06 - 00045467 _____ C:\Users\Trevor\Desktop\How to Change Kindle Book Cover.htm
    2016-09-30 19:06 - 2016-09-30 19:06 - 00000000 ____D C:\Users\Trevor\Desktop\How to Change Kindle Book Cover_files
    2016-09-30 00:30 - 2016-09-30 00:30 - 00146078 _____ C:\Users\Trevor\Desktop\Gower Entertainment Studio Songs and Sounds for Healing.htm
    2016-09-30 00:30 - 2016-09-30 00:30 - 00000000 ____D C:\Users\Trevor\Desktop\Gower Entertainment Studio Songs and Sounds for Healing_files
    2016-09-30 00:14 - 2016-09-30 00:14 - 00018886 _____ C:\Users\Trevor\Desktop\iWinks - Dream without Limits.htm
    2016-09-30 00:14 - 2016-09-30 00:14 - 00000000 ____D C:\Users\Trevor\Desktop\iWinks - Dream without Limits_files
    2016-09-29 02:45 - 2016-09-29 02:45 - 00000682 _____ C:\Users\Public\Desktop\Furcadia Pounce.lnk
    2016-09-29 02:45 - 2016-09-29 02:45 - 00000673 _____ C:\Users\Public\Desktop\Furcadia.lnk
    2016-09-29 02:44 - 2016-09-29 02:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Furcadia
    2016-09-29 02:44 - 2016-09-29 02:44 - 00000000 ____D C:\Users\Trevor\Documents\Furcadia
    2016-09-29 02:44 - 2016-09-29 02:44 - 00000000 ____D C:\ProgramData\Dragon's Eye Productions
    2016-09-29 02:43 - 2016-09-29 02:43 - 00000000 ____D C:\Users\Trevor\AppData\Local\Dragon's Eye Productions
    2016-09-29 01:29 - 2016-10-06 00:01 - 00008106 _____ C:\Users\Trevor\Desktop\Bella Conversation.txt
    2016-09-28 02:58 - 2016-09-28 02:58 - 00059737 _____ C:\Users\Trevor\Desktop\300-Year-Old Preserved Corpse Appears to Opens Its Eyes _ Mysterious Universe.htm
    2016-09-28 02:58 - 2016-09-28 02:58 - 00000000 ____D C:\Users\Trevor\Desktop\300-Year-Old Preserved Corpse Appears to Opens Its Eyes _ Mysterious Universe_files
    2016-09-28 00:34 - 2016-09-28 00:34 - 04058901 _____ C:\Users\Trevor\Desktop\Fruit Infused Water by BOZ.pdf
    2016-09-27 23:57 - 2016-09-29 01:22 - 00001731 _____ C:\Users\Trevor\Desktop\Tavern Talk.txt
    2016-09-27 14:06 - 2016-09-27 18:45 - 00000071 _____ C:\Users\Trevor\Desktop\Guardian Drugs.txt
    2016-09-24 22:58 - 2016-09-24 22:58 - 00061638 _____ C:\Users\Trevor\Desktop\Coming Soon! – Shattered Starlight.htm
    2016-09-24 22:58 - 2016-09-24 22:58 - 00000000 ____D C:\Users\Trevor\Desktop\Coming Soon! – Shattered Starlight_files
    2016-09-24 17:17 - 2016-10-16 17:56 - 00000000 ____D C:\Users\Trevor\AppData\Local\Avg
    2016-09-24 17:17 - 2016-10-16 17:56 - 00000000 ____D C:\ProgramData\Avg
    2016-09-22 14:59 - 2016-09-22 16:51 - 00000013 _____ C:\Users\Trevor\Desktop\Credit Card Totals.txt
    2016-09-22 14:56 - 2016-09-22 14:56 - 00004385 _____ C:\Users\Trevor\Desktop\statement.qfx
    2016-09-22 09:25 - 2016-10-12 19:34 - 00000000 ____D C:\Users\Trevor\Documents\My Kindle Content
    2016-09-22 09:24 - 2016-09-22 09:24 - 00001984 _____ C:\Users\Trevor\Desktop\Kindle.lnk
    2016-09-22 09:24 - 2016-09-22 09:24 - 00000000 ____D C:\Users\Trevor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
    2016-09-22 09:24 - 2016-09-22 09:24 - 00000000 ____D C:\Users\Trevor\AppData\Local\Amazon
    2016-09-22 09:24 - 2016-09-22 09:24 - 00000000 ____D C:\Program Files (x86)\Amazon
    2016-09-20 20:24 - 2016-09-30 22:47 - 00001964 _____ C:\Users\Trevor\Desktop\Ronnie Complaint.txt
    2016-09-20 18:32 - 2016-09-20 18:32 - 03016085 _____ C:\Users\Trevor\Desktop\Catalogue of Lunar Events.pdf
    2016-09-20 16:34 - 2016-09-20 16:34 - 00088385 _____ C:\Users\Trevor\Desktop\Risen Chapter 8 Gods - Monsters, a Naruto + Dragon Age Crossover fanfic _ FanFiction.htm
    2016-09-20 16:34 - 2016-09-20 16:34 - 00000000 ____D C:\Users\Trevor\Desktop\Risen Chapter 8 Gods - Monsters, a Naruto + Dragon Age Crossover fanfic _ FanFiction_files
    2016-09-18 23:14 - 2016-09-19 00:27 - 00004085 _____ C:\Users\Trevor\Desktop\Sten Conversation.txt

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-10-16 23:24 - 2012-03-08 01:44 - 00000000 ____D C:\Users\Trevor\AppData\Roaming\vlc
    2016-10-16 23:24 - 2011-10-17 20:40 - 00000000 ____D C:\Users\Trevor\AppData\LocalLow\LastPass
    2016-10-16 19:24 - 2010-02-14 21:57 - 00000000 ____D C:\Users\Trevor\AppData\Local\ElevatedDiagnostics
    2016-10-16 18:10 - 2009-07-14 00:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-10-16 18:10 - 2009-07-14 00:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-10-16 18:03 - 2015-10-07 16:22 - 00000000 ___RD C:\Users\Trevor\OneDrive
    2016-10-16 18:03 - 2014-07-24 23:28 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2016-10-16 18:03 - 2010-02-11 22:44 - 00000000 ____D C:\Program Files (x86)\AVG
    2016-10-16 18:00 - 2010-01-16 15:06 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
    2016-10-16 17:59 - 2012-02-21 17:59 - 00000000 ____D C:\ProgramData\NVIDIA
    2016-10-16 17:59 - 2010-03-31 03:27 - 00065536 _____ C:\Windows\system32\Ikeext.etl
    2016-10-16 17:59 - 2010-03-05 13:18 - 00003409 ___SH C:\Windows\SysWOW64\mmf.sys
    2016-10-16 17:59 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-10-16 17:57 - 2015-05-03 14:54 - 00000000 ____D C:\Users\Trevor\AppData\Roaming\Everything
    2016-10-16 17:56 - 2015-07-17 08:44 - 00000000 ____D C:\Program Files\Common Files\AV
    2016-10-16 15:11 - 2016-02-18 02:03 - 00000000 ____D C:\Program Files (x86)\Naturalsoft
    2016-10-16 15:11 - 2011-05-10 12:58 - 00000000 ____D C:\Users\Trevor\AppData\Local\Downloaded Installations
    2016-10-16 11:40 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\tracing
    2016-10-16 03:45 - 2015-02-17 09:44 - 00000512 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task ed805aaa-3e4b-4d18-b75e-92b1fb1f9462.job
    2016-10-16 01:04 - 2013-06-20 17:22 - 00000000 ____D C:\Users\Trevor\AppData\Local\Apps\2.0
    2016-10-16 00:22 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini
    2016-10-15 12:17 - 2015-04-12 01:17 - 00000000 ____D C:\Users\Trevor\Desktop\Files To Show Andrea
    2016-10-15 12:06 - 2010-07-29 17:02 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
    2016-10-15 12:06 - 2010-01-16 15:07 - 00000000 ____D C:\ProgramData\Temp
    2016-10-14 16:22 - 2013-10-14 19:57 - 00000000 ____D C:\AdwCleaner
    2016-10-14 15:07 - 2016-03-14 13:19 - 00000334 _____ C:\Users\Trevor\Desktop\Shopper's Home Health Order Numbers.txt
    2016-10-14 01:24 - 2015-05-04 00:12 - 00000000 ____D C:\Users\Trevor\Desktop\Quicken Canadian Edition Data
    2016-10-12 23:11 - 2014-12-31 09:06 - 00000000 ____D C:\Users\Trevor\Desktop\Dragon Age Stuff
    2016-10-12 21:40 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
    2016-10-12 19:23 - 2010-02-11 00:52 - 00000000 ____D C:\Users\Trevor\AppData\Local\SoftThinks
    2016-10-12 19:23 - 2010-01-16 15:19 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
    2016-10-12 19:23 - 2010-01-16 15:19 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
    2016-10-12 19:19 - 2016-01-04 15:54 - 00000000 ____D C:\Users\Trevor\AppData\Local\CrashDumps
    2016-10-12 14:16 - 2009-07-14 00:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2016-10-12 13:57 - 2009-07-14 01:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-10-12 13:57 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
    2016-10-12 13:49 - 2013-03-13 03:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2016-10-12 13:49 - 2013-03-13 03:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2016-10-12 13:49 - 2009-07-14 00:45 - 00850472 _____ C:\Windows\system32\FNTCACHE.DAT
    2016-10-12 13:46 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
    2016-10-12 13:45 - 2015-04-15 03:33 - 00000000 ____D C:\Windows\system32\appraiser
    2016-10-12 13:45 - 2014-04-30 11:17 - 00000000 ___SD C:\Windows\system32\CompatTel
    2016-10-12 13:45 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\Dism
    2016-10-12 13:06 - 2013-08-15 03:01 - 00000000 ____D C:\Windows\system32\MRT
    2016-10-12 13:06 - 2010-03-08 01:35 - 143495576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2016-10-12 13:04 - 2013-03-13 03:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2016-10-12 12:59 - 2015-10-14 16:59 - 00002119 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    2016-10-12 12:59 - 2015-10-14 16:59 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2016-10-12 12:59 - 2012-11-20 07:49 - 00002155 _____ C:\Windows\epplauncher.mif
    2016-10-12 12:58 - 2015-10-14 16:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2016-10-12 12:41 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
    2016-10-12 11:36 - 2014-07-21 22:10 - 00000000 ____D C:\ProgramData\Norton
    2016-10-12 11:35 - 2015-11-03 01:11 - 00001123 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
    2016-10-12 11:33 - 2015-11-03 01:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
    2016-10-12 11:31 - 2014-03-06 20:35 - 00007926 _____ C:\Users\Trevor\Desktop\Online Passwords.txt
    2016-10-12 09:10 - 2015-07-14 22:09 - 00000000 ____D C:\ProgramData\IObit
    2016-10-12 09:10 - 2015-07-14 22:08 - 00000000 ____D C:\Users\Trevor\AppData\Roaming\IObit
    2016-10-12 09:10 - 2015-07-14 22:08 - 00000000 ____D C:\Program Files (x86)\IObit
    2016-10-11 23:39 - 2016-09-15 15:30 - 00005966 _____ C:\Users\Trevor\Desktop\Online Passwords(2).txt
    2016-10-11 12:27 - 2010-02-11 00:53 - 00295472 _____ C:\Users\Trevor\AppData\Local\GDIPFONTCACHEV1.DAT
    2016-10-11 00:07 - 2013-02-11 20:32 - 00002335 _____ C:\Users\Public\Desktop\LogoDesignStudio Pro.lnk
    2016-10-09 23:39 - 2010-02-13 16:08 - 00000000 _____ C:\Users\Trevor\AppData\Local\prvlcl.dat
    2016-10-09 14:28 - 2015-07-31 06:33 - 00000258 __RSH C:\ProgramData\ntuser.pol
    2016-10-09 14:18 - 2015-04-18 19:18 - 00000000 ____D C:\Users\Trevor\AppData\Roaming\uTorrent
    2016-10-09 13:52 - 2013-02-11 20:36 - 00000000 ____D C:\Users\Trevor\Documents\LogoDesignStudio Pro
    2016-10-09 13:41 - 2011-05-24 14:23 - 00000000 ____D C:\Users\Trevor\Documents\My Library
    2016-10-08 17:05 - 2010-01-16 14:25 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2016-10-06 16:41 - 2016-08-31 23:08 - 00000143 _____ C:\Users\Trevor\Desktop\Liberation.txt
    2016-10-04 22:53 - 2014-08-20 19:38 - 00000000 ____D C:\Users\Trevor\Desktop\Misc
    2016-10-04 19:37 - 2013-11-13 01:12 - 00000000 ____D C:\Users\Trevor\AppData\Local\NVIDIA Corporation
    2016-10-04 19:32 - 2015-02-13 00:00 - 00000512 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 2501b65a-d079-4e38-8c82-a577be3de2f0.job
    2016-10-04 19:32 - 2014-07-22 20:58 - 00000512 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 7f27b3d5-66bf-49cc-8fd0-9190467f78ad.job
    2016-10-04 19:32 - 2012-04-06 17:06 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-10-04 19:32 - 2011-09-12 10:36 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645592776-1552282287-2170224798-1000UA.job
    2016-10-04 19:32 - 2011-09-12 10:36 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645592776-1552282287-2170224798-1000Core.job
    2016-10-03 21:00 - 2016-05-16 07:51 - 00000000 ____D C:\Users\Trevor\Desktop\Writing Projects
    2016-09-27 22:29 - 2011-03-21 22:53 - 00000000 ____D C:\Users\Trevor\Desktop\Temporary Documents Folder
    2016-09-24 17:17 - 2016-08-11 07:56 - 00000331 _____ C:\Users\Trevor\Desktop\Burger World.txt
    2016-09-23 00:25 - 2014-04-29 07:02 - 00000000 ____D C:\Users\Trevor\Desktop\Writing
    2016-09-20 21:14 - 2016-09-09 18:31 - 00002891 _____ C:\Users\Trevor\Desktop\Noise Complaint Defence.txt
    2016-09-20 01:27 - 2016-06-28 01:28 - 00000000 ____D C:\Users\Trevor\Desktop\Game Stuff

    ==================== Files in the root of some directories =======

    2013-06-27 03:32 - 2013-10-02 15:33 - 0003726 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
    2013-05-30 21:57 - 2013-05-30 22:08 - 0004744 _____ () C:\Users\Trevor\AppData\Roaming\RegistrationLog.log
    2013-05-30 21:57 - 2013-05-30 22:08 - 0002983 _____ () C:\Users\Trevor\AppData\Roaming\ReplayMusicLog.log
    2014-06-15 14:50 - 2014-06-15 14:50 - 0001675 _____ () C:\Users\Trevor\AppData\Roaming\SAS7_000.DAT
    2014-07-22 12:10 - 2014-07-22 12:10 - 0193994 _____ () C:\Users\Trevor\AppData\Local\ars.cache
    2014-07-22 12:10 - 2014-07-22 12:10 - 0309823 _____ () C:\Users\Trevor\AppData\Local\census.cache
    2012-02-21 04:22 - 2012-02-24 05:51 - 0005632 _____ () C:\Users\Trevor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-09-10 17:45 - 2012-09-10 17:45 - 0027520 _____ () C:\Users\Trevor\AppData\Local\dt.dat
    2014-07-22 11:54 - 2014-07-22 11:54 - 0000036 _____ () C:\Users\Trevor\AppData\Local\housecall.guid.cache
    2010-02-13 16:08 - 2016-10-09 23:39 - 0000000 _____ () C:\Users\Trevor\AppData\Local\prvlcl.dat
    2011-04-01 01:43 - 2015-12-19 07:04 - 0007598 _____ () C:\Users\Trevor\AppData\Local\Resmon.ResmonCfg
    2014-07-22 12:01 - 2014-07-22 12:01 - 0000010 _____ () C:\Users\Trevor\AppData\Local\sponge.last.runtime.cache

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-10-15 00:18

    ==================== End of FRST.txt ============================
     
  25. Polterdog

    Polterdog TS Rookie Topic Starter Posts: 31

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-10-2016
    Ran by Trevor (16-10-2016 23:26:33)
    Running from C:\Users\Trevor\Desktop
    Windows 7 Home Premium Service Pack 1 (X64) (2010-02-11 04:52:32)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1645592776-1552282287-2170224798-500 - Administrator - Disabled)
    Guest (S-1-5-21-1645592776-1552282287-2170224798-501 - Limited - Enabled)
    HomeGroupUser$ (S-1-5-21-1645592776-1552282287-2170224798-1002 - Limited - Enabled)
    Trevor (S-1-5-21-1645592776-1552282287-2170224798-1000 - Administrator - Enabled) => C:\Users\Trevor

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
    AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\...\uTorrent) (Version: 3.4.8.42449 - BitTorrent Inc.)
    7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
    AbiWord 2.8.6 (HKLM-x32\...\AbiWord2) (Version: 2.8.6 - AbiSource Developers)
    Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
    Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.144 - Adobe Systems Incorporated)
    Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.192 - Adobe Systems Incorporated)
    Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
    Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
    Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
    Advertising Center (x32 Version: 0.0.0.1 - Nero AG) Hidden
    Alan Wake (HKLM-x32\...\Steam App 108710) (Version: - Remedy Entertainment)
    AlfaReader (HKLM-x32\...\{F96FEBCC-3005-4C3A-B8E5-5577F3DA3A21}) (Version: 1.7.1 - AlfaReader)
    Alienware Command Center (HKLM-x32\...\InstallShield_{ACBE8264-9018-49B8-9041-3A74E2596BF3}) (Version: 2.8.9.0 - Alienware Corp.)
    Alienware Command Center (Version: 2.8.9.0 - Alienware Corp.) Hidden
    Alienware TactX Keyboard CI 1.00.130 (HKLM\...\{13A3A271-B2AA-486C-9AD5-F272079BB9B5}) (Version: 1.00.130 - Alienware)
    Alienware TactX(TM) Mouse CI 1.00 (HKLM\...\{B0D59FDC-FEAB-49A2-9B5A-E5E0A8F9D7E0}) (Version: 1.00 - Alienware)
    Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: 1.17.1.44183 - Amazon)
    Ansel (Version: 372.54 - NVIDIA Corporation) Hidden
    AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
    Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
    ASUS GPU TweakII (HKLM-x32\...\InstallShield_{0075AAC2-EA9F-490E-83F7-5D5F81EB2A43}) (Version: 1.0.6.9 - ASUSTek COMPUTER INC.)
    ASUS GPU TweakII (x32 Version: 1.0.6.9 - ASUSTek COMPUTER INC.) Hidden
    ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.026 - ASUSTek Computer Inc.)
    AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2001681662.48.56.3083634 - Audible, Inc.)
    AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
    Baldur's Gate Enhanced Edition (HKLM-x32\...\Baldur's Gate Enhanced Edition) (Version: 0.2.3.0 - Beamdog)
    Baldur's Gate II Enhanced Edition (HKLM-x32\...\Baldur's Gate II Enhanced Edition) (Version: 0.2.8.0 - Beamdog)
    Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com)
    BeamDog Launcher 1.8.1.0 (HKLM-x32\...\BeamDog Launcher) (Version: 1.8.1.0 - BeamDog)
    BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.3.1 - BitRaider, LLC)
    Black Desert Character Creator (HKLM-x32\...\{83AC6E37-6497-4A01-BB5D-AA845BA08832}) (Version: 1.0.0.2 - Daum Games EU)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{2E98C5B7-D64C-4D7E-BFC3-A7D078569F28}) (Version: 12.25.01 - Broadcom Corporation)
    Broken Sword 1 - Shadow of the Templars: Director's Cut (HKLM-x32\...\Steam App 57640) (Version: - Revolution Software Ltd)
    CBR Reader (HKLM-x32\...\{EDAAC216-AC73-4152-9654-E12FE5A69F5D}_is1) (Version: - cbrreader.com)
    CCleaner (HKLM\...\CCleaner) (Version: 5.10 - Piriform)
    ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version: - DownloadHelper)
    CryptoPrevent v4.3.0 (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: - Foolish IT LLC)
    CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version: - CyberGhost S.R.L.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    DAZ Content Management Service (HKLM-x32\...\DAZ Content Management Service 4.8.1.7) (Version: 4.8.1.7 - DAZ 3D)
    DAZ Studio 4.5 (64bit) (HKLM-x32\...\DAZ Studio 4.5 (64bit) 4.5.1.56) (Version: 4.5.1.56 - DAZ 3D)
    Decimator DS4 (64bit) (HKLM-x32\...\Decimator DS4 (64bit) 1.3.1.56) (Version: 1.3.1.56 - DAZ 3D)
    Dell Data Vault (Version: 4.3.8.0 - Dell Inc.) Hidden
    Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
    Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
    Dell Service Tag Lookup Tool (HKLM-x32\...\Dell Service Tag Lookup Tool) (Version: - )
    Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6817.133 - Dell)
    Dell SupportAssistAgent (HKLM-x32\...\{3ED468C2-2235-4747-90AD-A7A34F0FE70A}) (Version: 1.2.2.8 - Dell)
    Dell System Detect (HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\...\58d94f3ce2c27db0) (Version: 7.6.0.17 - Dell)
    Dell System Detect Bootstrapper (HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\...\8e3135b376bd523e) (Version: 5.1.0.41 - Dell)
    Divinity - Original Sin Enhanced Edition (HKLM-x32\...\1445516929_is1) (Version: 2.4.0.11 - GOG.com)
    Doodle God (HKLM-x32\...\Steam App 348360) (Version: - JoyBits, LTD)
    Dragon Age II (HKLM-x32\...\{F2E23139-3404-4E3C-9855-7724415D62A5}) (Version: 1.04 - Electronic Arts, Inc.)
    Dragon Age Legends (HKLM-x32\...\com.bwsf.DragonAgeLegends) (Version: 1.0.11 - Electronic Arts)
    Dragon Age Legends (x32 Version: 1.0.11 - Electronic Arts) Hidden
    Dragon Age Redesigned © Morrigan (HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\...\Dragon Age Redesigned © Morrigan) (Version: - )
    Dragon Age Redesigned© (HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\...\Dragon Age Redesigned©) (Version: - )
    Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.04 - Electronic Arts, Inc.)
    Dragon Age™: Inquisition (HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}) (Version: 1.0.0.12 - Electronic Arts)
    Dragon NaturallySpeaking 11 (HKLM-x32\...\{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}) (Version: 11.50.100 - Nuance Communications Inc.)
    Driver Booster 3.5 (HKLM-x32\...\Driver Booster_is1) (Version: 3.5 - IObit)
    Eastside Hockey Manager v1.16 (HKLM-x32\...\Eastside Hockey Manager v1.16_is1) (Version: - )
    eSpeak version 1.48.04 (HKLM-x32\...\eSpeak_is1) (Version: - )
    Everything 1.3.4.686 (x86) (HKLM-x32\...\Everything) (Version: - )
    Final Draft 6 (HKLM-x32\...\{CC8B19D1-91D2-4D5B-B331-F885F432745E}) (Version: 6.0.10 - Final Draft, Inc.)
    Final Draft v6.0.2.5 Update (HKLM-x32\...\Final Draft v6.0.2.5 Update) (Version: - )
    Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
    Free Alarm Clock 3.1.0 (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 3.1 - Comfort Software Group)
    Freedom Force (HKLM-x32\...\{75AD7D33-EF26-4609-9D8D-CBF7F9AC5E08}) (Version: - )
    Freedom Force (HKLM-x32\...\1445250806_is1) (Version: 2.0.0.6 - GOG.com)
    FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version: - Subset Games)
    Furcadia (HKLM-x32\...\Furcadia) (Version: 31.0 - Dragon's Eye Productions, Inc.)
    Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.2.0 - Futuremark Corporation)
    Game of Thrones - A Telltale Games Series (HKLM-x32\...\Steam App 330840) (Version: - Telltale Games)
    Goat Simulator (HKLM-x32\...\Steam App 265930) (Version: - Coffee Stain Studios)
    GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
    GOG.com Downloader version 3.6.0 (HKLM-x32\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.6.0 - GOG.com)
    GOG.com Inherit the Earth (HKLM\...\{23d47423-7f28-4c79-8bc4-df0b7d6f48c9}.sdb) (Version: - )
    GOG.com Planescape Torment (HKLM\...\{8f376ce2-c213-4a6c-a329-0b2a7eb2bad8}.sdb) (Version: - )
    Google Chrome (HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
    GooReader (HKLM-x32\...\{B3542C71-F156-422B-88D0-15F4BF8CD6E0}) (Version: 5.1.1 - GooReader)
    GoZ DS4 (64bit) (HKLM-x32\...\GoZ DS4 (64bit) 1.2.1.56) (Version: 1.2.1.56 - DAZ 3D)
    GWX Control Panel (HKLM-x32\...\UltimateOutsider_GwxControlPanel) (Version: - UltimateOutsider)
    Happy Cloud Client (HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\...\HappyCloud) (Version: 4.54 - Happy Cloud, Inc.)
    HeatherTrial (HKLM-x32\...\{1602CCF5-D338-4755-863C-40B7E1207436}) (Version: 1.00.0000 - Naturalsoft)
    Heroine's Quest: The Herald of Ragnarok (HKLM-x32\...\Steam App 283880) (Version: - Crystal Shard)
    HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.236 - SurfRight B.V.)
    Homeworld Remastered Collection (HKLM-x32\...\Steam App 244160) (Version: - Gearbox Software)
    ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
    Inherit the Earth (HKLM-x32\...\GOGPACKINHERITTHEEARTH_is1) (Version: 2.0.0.6 - GOG.com)
    Intel Extreme Tuning Utility (HKLM-x32\...\InstallShield_{72B59E5A-CF45-4528-8227-7EDF5EC772BE}) (Version: 1.3.9.1 - Intel Corporation)
    Intel Extreme Tuning Utility (x32 Version: 1.3.9.1 - Intel Corporation) Hidden
    Intel(R) SMBus (HKLM\...\SMBus) (Version: - )
    Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
    Invisible, Inc. (HKLM-x32\...\Steam App 243970) (Version: - Klei Entertainment)
    iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
    iTunes (HKLM\...\{7FCDABCC-1A1E-4D61-909D-BA9495172774}) (Version: 11.0.3.42 - Apple Inc.)
    Jade Empire: Special Edition (HKLM-x32\...\Steam App 7110) (Version: - BioWare Corporation)
    Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    King's Bounty: The Legend (HKLM-x32\...\Steam App 25900) (Version: - Katauri)
    King's Quest 1-2-3 (HKLM-x32\...\GOGPACKKINGSQUEST123_is1) (Version: 2.0.0.14 - GOG.com)
    LastPass (uninstall only) (HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\...\LastPass) (Version: - LastPass)
    Leisure Suit Larry in the Land of the Lounge Lizards: Reloaded (HKLM-x32\...\Steam App 231910) (Version: - nFusion Interactive)
    Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.10 - Magical Jelly Bean)
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    Malwarebytes Anti-Ransomware version 0.9.17.661 (HKLM\...\{6CA75021-FBB0-41A5-B95C-FC1C9E0421F0}_is1) (Version: 0.9.17.661 - Malwarebytes)
    Marvel Heroes (HKLM-x32\...\Steam App 226320) (Version: - Gazillion Entertainment)
    Mass Effect (HKLM-x32\...\{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}) (Version: 1.00 - Electronic Arts, Inc.)
    Media Player Classic - Home Cinema 1.6.0.4014 x64 (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.6.0.4014 - MPC-HC Team)
    Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
    Microsoft Office 2000 Premium (HKLM-x32\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
    Microsoft Office Access Runtime (English) 2007 (HKLM-x32\...\{90120000-001C-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-1645592776-1552282287-2170224798-1000\...\OneDriveSetup.exe) (Version: 17.3.6517.0809 - Microsoft Corporation)
    Microsoft Reader (HKLM-x32\...\{B6F7DBE7-2FE2-458F-A738-B10832746036}) (Version: - )
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.205.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft SQL Server Management Studio Express (HKLM\...\{1B918A92-A0BC-4B34-B2EF-AD427332732D}) (Version: 9.00.2047.00 - Microsoft Corporation)
    Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
    Microsoft Works 6-9 Converter (HKLM-x32\...\{172423F9-522A-483A-AD65-03600CE4CA4F}) (Version: 9.7.0621 - Microsoft Corporation)
    Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
    Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
    mIRC (HKLM-x32\...\mIRC) (Version: 7.34 - mIRC Co. Ltd.)
    Mozilla Firefox 47.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 en-GB)) (Version: 47.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla)
    Mp3tag v2.79 (HKLM-x32\...\Mp3tag) (Version: v2.79 - Florian Heidenreich)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    NaturalReader 14 Free (HKLM-x32\...\{773ED0E5-538E-4E86-8E00-719630613290}) (Version: 1.00.0000 - Naturalsoft)
    NEKOPARA Vol. 1 (HKLM-x32\...\Steam App 333600) (Version: - NEKO WORKs)
    Nero 9 Essentials (HKLM-x32\...\{80bcb170-826d-4291-955e-50fec87aea4f}) (Version: - Nero AG)
    Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.23 - Black Tree Gaming)
    NTREGOPT 1.1j (HKLM-x32\...\NTREGOPT_is1) (Version: - Lars Hederer)
    NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 372.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 372.54 - NVIDIA Corporation)
    NVIDIA Graphics Driver 372.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 372.54 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
    OpenAL (HKLM-x32\...\OpenAL) (Version: - )
    OpenOffice.org 3.3 (HKLM-x32\...\{82AF3E91-57E1-4754-84D0-40A46E2479AB}) (Version: 3.3.9567 - OpenOffice.org)
    Opera 12.16 (HKLM-x32\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)
    Origin (HKLM-x32\...\Origin) (Version: 9.4.23.2817 - Electronic Arts, Inc.)
    Pillars of Eternity (HKLM-x32\...\Steam App 291650) (Version: - Obsidian Entertainment)
    Planescape Torment (HKLM-x32\...\GOGPACKPLANESCAPETORMENT_is1) (Version: 2.0.0.8 - GOG.com)
    Python 2.5.4 (HKLM-x32\...\{2E0DFC24-7C4B-4DCF-BCC7-81C513BED3BC}) (Version: 2.5.4150 - Python Software Foundation)
    PzDB1.1.010a (HKLM-x32\...\{4D4D26CB-CA22-4ED9-9AEB-833CF20ACA1A}) (Version: 1.1.010 - Rocketship Software)
    PzDB1.2022e (HKLM-x32\...\{3FE19FF5-B7C1-430F-A7EA-BAC52D20F9FB}) (Version: 1.2.22 - Rocketship Software)
    Quest for Glory - So You Want To Be A Hero (HKLM-x32\...\1207661313_is1) (Version: 2.1.0.33 - GOG.com)
    Quicken 2015 (HKLM-x32\...\{01D49A09-04D1-4495-93CB-70E4FF898949}) (Version: 24.1.3.6 - Intuit)
    Quicken Basic 2000 (HKLM-x32\...\Quicken Basic 2000) (Version: - )
    Reader for PC (HKLM-x32\...\{11CBB0F5-989E-4B16-AE7E-D569AC4BF241}) (Version: 2.0.02.15180 - Sony Corporation)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7628 - Realtek Semiconductor Corp.)
    Recuva (HKLM\...\Recuva) (Version: 1.45 - Piriform)
    Revo Uninstaller 1.93 (HKLM-x32\...\Revo Uninstaller) (Version: 1.93 - VS Revo Group)
    Revo Uninstaller Pro 3.1.7 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.7 - VS Revo Group, Ltd.)
    RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)
    RPG Maker VX Ace (HKLM-x32\...\{835D562C-B72C-461D-A9C3-B8206B66E85A}) (Version: 1.01 - RPG MAKER)
    RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
    Sam and Max Save the World (HKLM-x32\...\GOGPACKSAMANDMAXSEASON1_is1) (Version: 2.0.0.25 - GOG.com)
    Scribblenauts Unmasked (HKLM-x32\...\Steam App 249870) (Version: - 5th Cell Media)
    Scrivener (HKLM-x32\...\Scrivener 1900) (Version: 1900 - Literature and Latte)
    Shadowrun Returns (HKLM-x32\...\Steam App 234650) (Version: - Harebrained Schemes)
    SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
    Showtime! (HKLM\...\Steam App 285050) (Version: - Myrtilus Entertainment)
    Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
    SimCity 2000 Special Edition (HKLM-x32\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts)
    SimCity 4 Deluxe Edition (HKLM-x32\...\1207664593_is1) (Version: 2.1.0.11 - GOG.com)
    Speccy (HKLM\...\Speccy) (Version: 1.24 - Piriform)
    SPORE™ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.00.0000 - Electronic Arts)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
    SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
    Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
    Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com)
    SUPERAntiSpyware Professional (HKLM-x32\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.33.0.1000 - SUPERAntiSpyware.com)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Syndicate (HKLM-x32\...\{64CFBAAB-46F7-4628-8D9B-E656A8C11CDB}) (Version: 2.0.0.3 - Electronic Arts)
    System Requirements Lab (HKLM-x32\...\{92482FB3-C05B-41C6-89E7-75D985602A6E}) (Version: 4.1.72.0 - Husdawg, LLC)
    System Requirements Lab (HKLM-x32\...\{F89CDED6-B1F1-489F-BA44-698BF6A737C2}) (Version: 6.1.6.0 - Husdawg, LLC)
    TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
    TEW2010 (HKLM-x32\...\TEW2010) (Version: - )
    TEW2013 (HKLM-x32\...\TEW2013) (Version: - )
    TEW2016 (HKLM-x32\...\TEW2016) (Version: - )
    The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
    The Marvellous Miss Take (HKLM-x32\...\1207666973_is1) (Version: 2.2.0.3 - GOG.com)
    The Purring Quest (HKLM\...\Steam App 409100) (Version: - Valhalla Cats)
    The Sims™ 2 Deluxe (HKLM-x32\...\{9C244239-ED8E-40f1-937F-51C706CD2160}) (Version: - )
    The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version: - CD Projekt RED)
    The Witcher Enhanced Edition (HKLM-x32\...\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}) (Version: 1.4.5.1280 - CD Projekt Red)
    Torchlight (HKLM-x32\...\Steam App 41500) (Version: - Runic Games)
    Trillian (HKLM-x32\...\Trillian) (Version: - Cerulean Studios, LLC)
    Tweaking.com - Hardware Identify (HKLM-x32\...\Tweaking.com - Hardware Identify) (Version: 2.1.1 - Tweaking.com)
    Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.9.12 - Tweaking.com)
    Ultima 8 (HKLM-x32\...\{428C6B01-D292-46F9-9321-75668ED17DA2}) (Version: 1.0.0.1 - Electronic Arts)
    Ultra Defragmenter (HKLM-x32\...\UltraDefrag) (Version: 7.0.1 - UltraDefrag Development Team)
    Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
    Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64) (HKLM\...\{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}) (Version: 11.0.200 - Nuance Communications Inc.)
    Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
    Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
    Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
    WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9600 - Broadcom Corporation)
    Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17329 - Microsoft Corporation)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
    Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
    Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
    WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.1.2015.0 - Ruiware)
    WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
    WinZip (HKLM-x32\...\WinZip) (Version: 8.1 (4331) - WinZip Computing, Inc.)
    XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version: - Firaxis Games)
    Yahoo! Detect (HKLM-x32\...\YTdetect) (Version: - )

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-1645592776-1552282287-2170224798-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Trevor\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1645592776-1552282287-2170224798-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Trevor\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1645592776-1552282287-2170224798-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Trevor\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileCoAuthLib64.dll ()
    CustomCLSID: HKU\S-1-5-21-1645592776-1552282287-2170224798-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Trevor\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1645592776-1552282287-2170224798-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Trevor\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1645592776-1552282287-2170224798-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Trevor\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1645592776-1552282287-2170224798-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Trevor\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1645592776-1552282287-2170224798-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Trevor\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1645592776-1552282287-2170224798-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Trevor\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1645592776-1552282287-2170224798-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Trevor\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1645592776-1552282287-2170224798-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Trevor\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1645592776-1552282287-2170224798-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Trevor\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1645592776-1552282287-2170224798-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Trevor\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1645592776-1552282287-2170224798-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Trevor\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1645592776-1552282287-2170224798-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Trevor\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1645592776-1552282287-2170224798-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Trevor\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {04DA165A-E218-445A-9553-E24EE629357B} - System32\Tasks\{1D87E1E0-B3EE-4C0F-BC9F-C52D847FA7CF} => C:\Program Files (x86)\BeamDog\Games\00766\Baldur.exe [2014-09-12] (Overhaul Games™)
    Task: {0D87E031-D265-4E9A-A19A-7BA3C93C03C2} - System32\Tasks\{C88A0EA5-F5CE-4CAE-AC4D-FC2837B50802} => C:\Program Files (x86)\BeamDog\Games\00766\Baldur.exe [2014-09-12] (Overhaul Games™)
    Task: {115F7FA7-6950-4E00-BA70-CB1DAA164ECC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
    Task: {12D0B872-2FCE-4C0E-BEA6-72875A075419} - System32\Tasks\{EA205F58-415D-4541-A74D-997A170AF882} => C:\Program Files (x86)\BeamDog\Games\00766\Baldur.exe [2014-09-12] (Overhaul Games™)
    Task: {184B93FC-06BD-4433-BE59-CBA88A87449B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2015-09-16] (Piriform Ltd)
    Task: {1904C88B-8C3E-4E3F-A2A8-F2B18BCE105C} - System32\Tasks\{69B30CF1-A270-4F80-9998-41DE2937218E} => C:\Program Files (x86)\BeamDog\Games\00766\Baldur.exe [2014-09-12] (Overhaul Games™)
    Task: {1F63A520-6A25-4E43-8E52-EADDF737EE5E} - System32\Tasks\{F2E309A5-7963-45A1-BEC4-A9AA51166BFF} => C:\Program Files (x86)\BeamDog\Games\00766\Baldur.exe [2014-09-12] (Overhaul Games™)
    Task: {1F776E7F-B502-495D-8F63-4B2D925B7CCE} - System32\Tasks\{8E65AC66-D35F-47DE-92D8-15EC96B925F3} => C:\Program Files (x86)\BeamDog\Games\00766\Baldur.exe [2014-09-12] (Overhaul Games™)
    Task: {25D15665-1FD6-4398-9DD2-AA46A8ECDBCA} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-04-22] (Dell Inc.)
    Task: {2713B93C-EA4A-4650-9079-C51DF0CFEC35} - System32\Tasks\{3FE69226-642B-4352-8781-BBD89C71D39F} => C:\Program Files (x86)\BeamDog\Games\00766\Baldur.exe [2014-09-12] (Overhaul Games™)
    Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
    Task: {31FBC0EE-8C67-4761-83C5-550F65C40880} - System32\Tasks\{17D06069-27D6-4747-9672-72AAD92D1402} => C:\Program Files (x86)\Irrational Games\Freedom Force\fforce.exe [2005-02-11] (Irrational Games)
    Task: {3BC483EA-049D-49C5-90C8-542149B786B8} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
    Task: {3F1C6993-466E-4EFF-B85B-B78EA71D2BFA} - System32\Tasks\{52514B91-1284-4A03-9627-FB0A99729CF1} => C:\Program Files (x86)\BeamDog\Games\00766\Baldur.exe [2014-09-12] (Overhaul Games™)
    Task: {4232F5E7-20F1-4E98-A799-8FBCB88BE35E} - System32\Tasks\{A12BCA3D-6D6F-4474-AA43-FB32B1B48304} => C:\Program Files (x86)\BeamDog\Games\00766\Baldur.exe [2014-09-12] (Overhaul Games™)
    Task: {4319706B-3A8F-4078-A328-A49E846D8D30} - System32\Tasks\{20F509B1-0BB8-4019-81CD-0BDBB31925CB} => C:\Program Files (x86)\BeamDog\Games\00766\Baldur.exe [2014-09-12] (Overhaul Games™)
    Task: {4E08EE92-F495-4B49-986E-89A05A9BF854} - System32\Tasks\{F8C1265A-EC74-414B-A314-DA6F646FF2FF} => C:\Program Files (x86)\BeamDog\Games\00766\Baldur.exe [2014-09-12] (Overhaul Games™)
    Task: {5637B750-9A5E-42AE-ACDF-DB5E520FAAD6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1645592776-1552282287-2170224798-1000UA => C:\Users\Trevor\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
    Task: {583DEE9D-A233-44C4-9DBD-2ABA0565AED4} - System32\Tasks\{744993DD-0B42-48C7-9C5B-8FABE7DA31B1} => C:\Program Files (x86)\Baldur's Gate Enhanced Edition\BGEE.exe [2012-11-29] (Overhaul Games™)
    Task: {5C44C6C7-2F34-4A4F-888C-D309CBD22D83} - System32\Tasks\SUPERAntiSpyware Scheduled Task ed805aaa-3e4b-4d18-b75e-92b1fb1f9462 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
    Task: {5CC4B8DB-35DA-4865-85D1-8CE8FDB95273} - System32\Tasks\{AC3CE391-24D1-40DD-A750-E2C2D4800C79} => pcalua.exe -a "C:\Program Files (x86)\Steam\steam.exe" -c steam://uninstall/212680
    Task: {5F7DFF2F-BFD6-4E27-8259-032A9F7B1115} - System32\Tasks\{A91D388F-E3B2-45BB-949F-AEF78DE5A5D1} => C:\Program Files (x86)\BeamDog\Games\00766\Baldur.exe [2014-09-12] (Overhaul Games™)
    Task: {6D15140A-9BF7-43FE-873B-1D0E0C5D5A60} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Trevor\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-24] (Microsoft Corporation)
    Task: {6E32252E-CD30-4C65-B305-18749430DE30} - System32\Tasks\{01217261-7FB4-46A9-9A0E-3C860A6C10A7} => C:\Program Files (x86)\BeamDog\Games\00766\Baldur.exe [2014-09-12] (Overhaul Games™)
    Task: {70A7849A-C417-4744-AC8E-40219E56B899} - System32\Tasks\{2760E824-44D4-4B43-88BE-F460D7B5DE31} => pcalua.exe -a C:\Users\Trevor\Desktop\9357_23_expa_Stephanie4EliteBase_23.exe -d C:\Users\Trevor\Desktop
    Task: {767E7FDF-45EC-4F7E-92E5-D3FA5F174265} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-08-30] (Microsoft Corporation)
    Task: {7B238872-BA5F-47B2-815D-A7180E572856} - System32\Tasks\{5B7A8473-46DD-4EF4-90A1-CFAB04DB7A35} => pcalua.exe -a C:\dell\drivers\R249211\setup.exe -d C:\dell\drivers\R249211
    Task: {7C2295F2-F191-4C12-9573-3103BA8C209C} - System32\Tasks\{9D1F5804-FEEC-4C39-89E2-0FD0484F9F44} => C:\Program Files (x86)\BeamDog\Games\00766\Baldur.exe [2014-09-12] (Overhaul Games™)
    Task: {84ADAF87-BD4D-4C25-8009-CBFDAA13F7DB} - System32\Tasks\{FFC7B291-FED3-45D0-8EDD-2DB5D4950A3B} => C:\Program Files (x86)\BeamDog\Games\00766\Baldur.exe [2014-09-12] (Overhaul Games™)
    Task: {866D8BA3-ECB8-4278-9DAC-5827AAC06245} - System32\Tasks\{62D72035-58AA-4475-8092-8F08672499C3} => C:\Program Files (x86)\Cryptic Studios\Champions Online.exe
    Task: {87552809-BDCC-4EE0-A04C-5319B3E03F7B} - System32\Tasks\{74419A0B-AB46-4120-BEC0-CC31597049BF} => C:\Program Files (x86)\BeamDog\Games\00766\Baldur.exe [2014-09-12] (Overhaul Games™)
    Task: {89800CC3-B794-483D-8146-A91C125A3EFD} - System32\Tasks\{D3F2B805-E46E-4055-A89D-639FD8139A64} => pcalua.exe -a "C:\Users\Trevor\Desktop\Poser Files\ps_pe069_Victoria4DS.exe" -d "C:\Users\Trevor\Desktop\Poser Files"
    Task: {8B74A99F-25D3-4E0E-A22F-8E10588E0DF4} - System32\Tasks\{9ED5B50F-2FCF-4688-A8BB-4C91464B879D} => C:\Program Files (x86)\Baldur's Gate Enhanced Edition\BGEE.exe [2012-11-29] (Overhaul Games™)
    Task: {8DB2C2A3-B61B-4E16-B55B-9AB6E6B7713E} - System32\Tasks\{B096B6B5-C03A-452B-B17B-CB6226A2CDF6} => C:\Program Files (x86)\BeamDog\Games\00766\Baldur.exe [2014-09-12] (Overhaul Games™)
    Task: {90EFBBC7-D531-4B4F-A061-8AF917C5B3C9} - \IHUninstallTrackingTASK -> No File <==== ATTENTION
    Task: {9B832781-7B98-4B2E-AFDD-231A6E4544F4} - System32\Tasks\{42917117-97DC-4F7C-B4B5-8DFC9F64C704} => C:\Program Files (x86)\BeamDog\Games\00766\Baldur.exe [2014-09-12] (Overhaul Games™)
    Task: {9C49147D-C0CF-4522-B8E4-345575BD275C} - System32\Tasks\{B9AD087D-D86D-44FE-BF03-5A86E2FF16FD} => C:\Program Files (x86)\BeamDog\Games\00766\Baldur.exe [2014-09-12] (Overhaul Games™)
    Task: {9F0F527A-5213-4BA7-800E-6763420AD2C4} - System32\Tasks\{CD29DB36-7B03-4DCC-8CF4-A9BA657D214F} => C:\Program Files (x86)\BeamDog\Games\00766\Baldur.exe [2014-09-12] (Overhaul Games™)
    Task: {A2478141-80E6-4FBB-9B84-AD5BE680516B} - System32\Tasks\{D916B41F-7582-4867-A8A6-EC461919DB2B} => C:\Program Files (x86)\BeamDog\Games\00766\Baldur.exe [2014-09-12] (Overhaul Games™)
    Task: {A6DEAF93-B8EA-4C91-A49E-C904E24DA360} - System32\Tasks\{16CCA84C-1976-472D-B874-5CC30489B98F} => pcalua.exe -a F:\Setup.exe -d F:\
    Task: {A9F81D0D-09A0-4FD9-B0F7-E8F0F7AA8304} - System32\Tasks\{62069881-FF80-42D4-B859-AAD2542E9153} => C:\Users\Trevor\AppData\Roaming\uTorrent\uTorrent.exe [2016-08-07] (BitTorrent Inc.)
    Task: {AB67A2DA-B34F-409C-98A6-EE1B71CA7A11} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
    Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
    Task: {B0694431-9C3A-4844-9111-13037928DED1} - System32\Tasks\SUPERAntiSpyware Scheduled Task 7f27b3d5-66bf-49cc-8fd0-9190467f78ad => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
    Task: {B8AC2827-41D5-4EAA-80E5-3F1764024111} - System32\Tasks\{BC0C323C-88F8-41AD-A880-12D9C25A41C3} => C:\Program Files (x86)\BeamDog\Games\00766\Baldur.exe [2014-09-12] (Overhaul Games™)
    Task: {BF1BF868-BAE0-48F4-8C12-0FEF1D51C1A3} - System32\Tasks\SUPERAntiSpyware Scheduled Task 2501b65a-d079-4e38-8c82-a577be3de2f0 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
    Task: {C20B17F9-9F4F-4875-8D33-6933C3CCEE96} - System32\Tasks\{B926854A-F064-456F-9517-7CF5E6700C8E} => C:\Program Files (x86)\BeamDog\Games\00766\Baldur.exe [2014-09-12] (Overhaul Games™)
    Task: {C54744C3-3827-45BD-AD31-750D1FC29E3A} - System32\Tasks\{C9DB5284-1BFE-4253-8B65-2C9543B23456} => C:\Program Files (x86)\Scrivener\Scrivener.exe [2015-10-06] (Scrivener HQ Pty Ltd.)
    Task: {C5C786FE-7CAC-44D6-ACBC-67036B439E61} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com)
    Task: {CD2A9D77-215E-44DA-B5D5-9571017A6778} - System32\Tasks\{AB08DD32-5B65-43BD-9F9F-FBE869E14B33} => C:\Program Files (x86)\BeamDog\Games\00766\Baldur.exe [2014-09-12] (Overhaul Games™)
    Task: {CD72FAA9-F160-424C-AADA-862F9D824310} - System32\Tasks\{23BE454D-3289-4C26-8775-A9A753F59E8A} => C:\Program Files (x86)\BeamDog\Games\00766\Baldur.exe [2014-09-12] (Overhaul Games™)
    Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
    Task: {D09F7138-E4EB-46F6-B2BE-D9E7043EA766} - System32\Tasks\{F23B540A-3376-4D15-B598-3F743AAB44E2} => C:\Program Files (x86)\BeamDog\Games\00766\Baldur.exe [2014-09-12] (Overhaul Games™)
    Task: {D71D2D25-4CC8-475D-9D5D-B89DE64F4D64} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
    Task: {DB4FC8D3-BF72-456F-B91A-1B34227F63FA} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2014-03-25] (ASUSTek Computer Inc.)
    Task: {DD693CF4-92C5-4BC4-BECB-4BD5128058CF} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
    Task: {DDB98FB4-EB92-4525-B551-1C9F1DE0F898} - System32\Tasks\{AA35A77D-77C8-4217-8A10-69FC8DE19CA6} => C:\Program Files (x86)\Baldur's Gate Enhanced Edition\BGEE.exe [2012-11-29] (Overhaul Games™)
    Task: {DF13BCF0-A286-46B1-98D7-ECD41F910288} - System32\Tasks\{3C7DC7B7-80B3-40DF-989C-6EE8C8048F07} => pcalua.exe -a "C:\Users\Trevor\Desktop\Poser Files\ps_pe069_Victoria4.exe" -d "C:\Users\Trevor\Desktop\Poser Files"
    Task: {E0266165-9478-4F56-A3FC-F1450F174B54} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
    Task: {E0D4D059-19BB-4C01-8528-BDE22A4CB3B5} - System32\Tasks\{2414ECF4-6CF8-4846-8CB2-0E5F37F8D640} => C:\Users\Trevor\AppData\Roaming\uTorrent\uTorrent.exe [2016-08-07] (BitTorrent Inc.)
    Task: {E25AFC50-B92B-41C9-8128-77DDAABED012} - System32\Tasks\IHSelfDeleteTASK => /C DEL C:\Users\Trevor\AppData\Local\Temp\IHUB389.tmp.exe <==== ATTENTION
    Task: {E5D6DD66-FA56-4D6E-BCC1-B9E24D1D22C7} - System32\Tasks\{3F4C13C2-7EB9-476F-B4BF-758BE7067D59} => C:\Program Files (x86)\BeamDog\Games\00766\Baldur.exe [2014-09-12] (Overhaul Games™)
    Task: {E9E55696-94CD-41CA-A4D6-5D2286195575} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-13] (Adobe Systems Incorporated)
    Task: {F550F0CA-F39C-4932-895D-ED2A27B327E6} - System32\Tasks\{969084F1-37C7-4144-A6BC-D9D082E9AE5F} => C:\Program Files (x86)\BeamDog\Games\00766\Baldur.exe [2014-09-12] (Overhaul Games™)
    Task: {F66CF17B-70F8-4D3C-B9A0-112AEA83478F} - System32\Tasks\{7B9E256C-1C64-4ECB-8BC9-2E5ABE444A88} => C:\Program Files (x86)\BeamDog\Games\00766\Baldur.exe [2014-09-12] (Overhaul Games™)
    Task: {F802369D-FA5F-41B2-9C2E-DDB01E0BBD48} - System32\Tasks\{1D992464-2F4F-480C-9D24-0B291DF97CC0} => C:\Program Files (x86)\BeamDog\Games\00766\Baldur.exe [2014-09-12] (Overhaul Games™)
    Task: {F835D791-22C5-4064-BF96-7B0BCCD67F18} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1645592776-1552282287-2170224798-1000Core => C:\Users\Trevor\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
    Task: {F84085F2-88F7-4199-A904-CBFE1DFAA0E4} - System32\Tasks\{C3ADBB5B-5370-48E5-A8BF-B9F79738917D} => C:\Program Files (x86)\BeamDog\Games\00766\Baldur.exe [2014-09-12] (Overhaul Games™)
    Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645592776-1552282287-2170224798-1000Core.job => C:\Users\Trevor\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645592776-1552282287-2170224798-1000UA.job => C:\Users\Trevor\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 2501b65a-d079-4e38-8c82-a577be3de2f0.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 7f27b3d5-66bf-49cc-8fd0-9190467f78ad.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task ed805aaa-3e4b-4d18-b75e-92b1fb1f9462.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    Shortcut: C:\Users\Trevor\Favorites\PSPVC PSP Video Converter.lnk -> hxxp://pspvc.nswardh.com/
    Shortcut: C:\Users\Trevor\Favorites\PSPVC on Twitter.lnk -> hxxp://twitter.com/swardh
    Shortcut: C:\Users\Trevor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAZ 3D\DAZStudio4\Online Documentation.lnk -> hxxp:docs.daz3d.com\doku.php\public\software\dazstudio(

    ==================== Loaded Modules (Whitelisted) ==============

    2012-02-21 17:59 - 2016-08-11 07:49 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2016-08-24 19:38 - 2016-08-24 19:38 - 01864384 _____ () C:\Users\Trevor\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
    2015-05-29 11:28 - 2015-05-29 11:28 - 00048640 _____ () C:\Windows\SysWOW64\ASGT.exe
    2013-02-20 16:40 - 2011-05-05 16:36 - 00022528 _____ () C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
    2013-02-20 16:40 - 2011-05-05 16:36 - 01479680 _____ () C:\Program Files\DAZ 3D\Content Management Service\ace_x64.dll
    2013-02-20 16:40 - 2011-05-05 16:36 - 00977408 _____ () C:\Program Files\DAZ 3D\Content Management Service\VServer_x64.dll
    2013-02-20 16:40 - 2011-05-05 16:36 - 01053696 _____ () C:\Program Files\DAZ 3D\Content Management Service\ace_ssl_x64.dll
    2013-02-20 16:40 - 2011-05-05 16:36 - 00155136 _____ () C:\Program Files\DAZ 3D\Content Management Service\asnmp_x64.dll
    2010-03-05 13:18 - 2010-03-05 13:18 - 00002560 _____ () C:\Windows\runservice.exe
    2016-10-12 18:31 - 2016-08-26 09:37 - 01175504 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-RANSOMWARE\arwlib.dll
    2010-03-05 13:18 - 2010-03-05 13:18 - 00048640 _____ () C:\Windows\mmfs.dll
    2016-08-24 19:38 - 2016-08-24 19:38 - 01383616 _____ () C:\Users\Trevor\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll
    2009-07-27 16:18 - 2009-07-27 16:18 - 00022240 _____ () C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneAppMutex.dll
    2009-07-27 16:19 - 2009-07-27 16:19 - 00080096 _____ () C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneConfig.XmlSerializers.dll
    2010-01-16 14:28 - 2010-01-16 14:28 - 00071904 _____ () C:\Windows\assembly\GAC_32\PerfTunePublic.XmlSerializers\1.3.167.0__8d9de220bc527d88\PerfTunePublic.XmlSerializers.dll
    2010-01-16 14:28 - 2010-01-16 14:28 - 00039136 _____ () C:\Windows\assembly\GAC_32\Utilities.XmlSerializers\1.3.167.0__8d9de220bc527d88\Utilities.XmlSerializers.dll
    2015-04-28 14:39 - 2016-06-14 16:03 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
    2016-08-24 19:38 - 2016-08-24 19:38 - 00118976 _____ () C:\Users\Trevor\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncViews.dll
    2016-03-11 19:01 - 2016-03-11 19:01 - 01114136 _____ () C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\7akasbd1.default-1367016688725\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\ProgramData\Temp:0FF263E8 [123]
    AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...