Solved Amazon Assistant

Confusd73 · Nov 15, 2017

Good morning!
I'm hoping someone here will help me remove Amazon Assistant from my computer.
I downloaded AA from the Amazon site a few days ago thinking it would be a wonderful little tool ...I was wrong! I usually do a little research before I download things like this but I assumed that it was safe because it came straight from the Amazon site.

The main issue I'm having (so far) is that it keeps changing the way Firefox looks-I haven't noticed any ad pop ups yet or any other issues but I'm guessing it's just a matter of time before I start having more issues based on what I've seen others say.

I have Windows 10 and Firefox-Firefox just updated this morning.

I tried removing AA myself, none of it worked and I realized that I am in over my head.

Here is what I have tried so far:
- Tried to remove AA using the add/remove/uninstall program on my computer. It doesn't even show up in my programs.
-Used system restore to restore my computer back to Nov 12th. (I downloaded the AA app on the 13th). I thought the system restore had fixed it-it was gone all of last night- but when I got up this morning it was right back in my toolbar and causing the same issue.
-Tried a malware removal program called Reimage. It did the scan but I don't have the money right this minute to pay the fee. Uninstalled Reimage.
-Installed Malwarebytes to remove it. Restarted my computer like it said to and it quarantined 47 files but that still didn't work. I have not uninstalled Malwarebytes.

I would greatly appreciate any help!!

Thank you,
Julie

Edited to add: I use Avast Internet Security as my antivirus program.

Broni · Nov 15, 2017

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

Confusd73 · Nov 15, 2017

Just a quick update- I was able to remove the AA from my toolbar and Firefox looks normal (for now).
I will start on your instructions in the morning;I'd rather know that it's gone than to assume it is.

Thank you!

Confusd73 · Nov 16, 2017

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-11-2017
Ran by Julie (administrator) on JULIE-PC (16-11-2017 09:57:55)
Running from C:\Users\Julie\Desktop\Techspot
Loaded Profiles: UpdatusUser & Julie (Available Profiles: UpdatusUser & Julie & DefaultAppPool)
Platform: Windows 10 Home Version 1703 15063.726 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Users\Julie\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Amazon Services LLC) C:\Users\Julie\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\nvapiw.exe
() C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
() C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
() C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11710.1001.27.0_x64__8wekyb3d8bbwe\WinStore.App.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1709.2703.0_x64__8wekyb3d8bbwe\Calculator.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\imstrayicon.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\uaclauncher.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-03] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-02-06] (Intel Corporation)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\athbttray.exe [801920 2012-12-27] (Atheros Commnucations)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-10-16] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1285704 2014-08-08] (CANON INC.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-860533698-1946648191-3752025309-1000\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517120 2017-03-18] (Microsoft Corporation)
HKU\S-1-5-21-860533698-1946648191-3752025309-1002\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Julie\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-860533698-1946648191-3752025309-1002\...\Run: [Amazon Music] => C:\Users\Julie\AppData\Local\Amazon Music\Amazon Music.exe [23668200 2017-11-13] (Amazon Services LLC)
HKU\S-1-5-21-860533698-1946648191-3752025309-1002\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421736 2017-03-28] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-860533698-1946648191-3752025309-1002\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3098952 2017-11-02] (Electronic Arts)
HKU\S-1-5-21-860533698-1946648191-3752025309-1002\...\Run: [Amazon Music Helper] => C:\Users\Julie\AppData\Local\Amazon Music\Amazon Music Helper.exe [3981288 2017-11-13] (Amazon Services LLC)
HKU\S-1-5-21-860533698-1946648191-3752025309-1002\...\MountPoints2: {2f3a58a5-b38a-11e7-9daf-9cd21e5b043c} - "J:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-860533698-1946648191-3752025309-1002\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk [2015-08-24]
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\Julie\AppData\Roaming\VERIZON\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.203.226
Tcpip\..\Interfaces\{7c3e1ef1-f2d1-471c-a893-6d95b24f8432}: [DhcpNameServer] 192.168.0.1 205.171.203.226
Tcpip\..\Interfaces\{8d9c2332-e1b8-4bad-ac4b-91474b9c610b}: [DhcpNameServer] 192.168.0.1 205.171.203.226

Internet Explorer:
==================
HKU\S-1-5-21-860533698-1946648191-3752025309-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-860533698-1946648191-3752025309-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKU\S-1-5-21-860533698-1946648191-3752025309-1002 -> DefaultScope {22A73F88-9445-4103-BAC9-3A3DACC0DF07} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-860533698-1946648191-3752025309-1002 -> {22A73F88-9445-4103-BAC9-3A3DACC0DF07} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-860533698-1946648191-3752025309-1002 -> {B34E0CBB-5D9E-4AA1-8222-E1AA0A9C9439} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-09-05] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2017-09-05] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-09-05] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2012-12-27] (Atheros Commnucations)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Julie\AppData\Roaming\Mozilla\Firefox\Profiles\3tzwc4pk.default [2017-11-16]
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\3tzwc4pk.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\3tzwc4pk.default -> hxxps://www.google.com/
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2017-11-15] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-15] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-07-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-07-16] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-03-23] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-860533698-1946648191-3752025309-1002: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Julie\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7446024 2017-10-16] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-10-16] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [330832 2017-10-16] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058416 2017-09-05] (Microsoft Corporation)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [208760 2017-07-27] (Dell Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3294584 2017-07-27] (Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217464 2017-07-27] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [230248 2017-05-01] (Dell Inc.)
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1099280 2017-03-28] (Garmin Ltd. or its subsidiaries)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-02-06] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [84616 2016-01-25] ()
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-07-16] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-07-16] (Intel Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2123104 2017-11-02] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3002728 2017-11-02] (Electronic Arts)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-08-03] (Realtek Semiconductor)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [53208 2017-09-22] (Dell Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-21] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [327296 2012-12-27] (Atheros) [File not signed]
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2012-12-26] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [321032 2017-10-16] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [198976 2017-10-16] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [343288 2017-10-16] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [57736 2017-10-16] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [47008 2017-10-16] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [41832 2017-09-01] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [147776 2017-10-16] (AVAST Software)
R1 aswNetSec; C:\WINDOWS\system32\drivers\aswNetSec.sys [556152 2017-10-16] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [110376 2017-10-16] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [84416 2017-10-16] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1029872 2017-11-15] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [587168 2017-10-16] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [201352 2017-10-16] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [363440 2017-10-16] (AVAST Software)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32960 2017-06-20] (Dell Inc.)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [32568 2017-06-20] (Dell Computer Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_desktop_ref4wui.inf_amd64_393cbe542dcfcdfd\nvlddmkm.sys [14456920 2017-05-19] (NVIDIA Corporation)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
U3 idsvc; no ImagePath
S3 vpnva; \SystemRoot\System32\drivers\vpnva64-6.sys [X]

Confusd73 · Nov 16, 2017

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-16 09:57 - 2017-11-16 09:57 - 000000000 ____D C:\FRST
2017-11-16 09:56 - 2017-11-16 09:57 - 000000000 ____D C:\Users\Julie\Desktop\Techspot
2017-11-16 00:02 - 2017-11-16 00:02 - 000001212 _____ C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Music.lnk
2017-11-15 23:57 - 2017-11-15 23:57 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-11-15 20:20 - 2017-11-15 20:20 - 000002159 _____ C:\Users\Public\Desktop\Play Adelantado Trilogy - Book One.lnk
2017-11-15 20:20 - 2017-11-15 20:20 - 000000000 ____D C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adelantado Trilogy - Book Two
2017-11-15 20:20 - 2017-11-15 20:20 - 000000000 ____D C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adelantado Trilogy - Book One
2017-11-15 20:20 - 2017-11-15 20:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adelantado Trilogy - Book Two
2017-11-15 20:20 - 2017-11-15 20:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adelantado Trilogy - Book One
2017-11-15 20:20 - 2017-11-15 20:20 - 000000000 ____D C:\Program Files (x86)\Adelantado Trilogy - Book Two
2017-11-15 20:20 - 2017-11-15 20:20 - 000000000 ____D C:\Program Files (x86)\Adelantado Trilogy - Book One
2017-11-15 20:19 - 2017-11-15 20:19 - 000000000 ____D C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adelantado Trilogy - Book Three
2017-11-15 20:19 - 2017-11-15 20:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adelantado Trilogy - Book Three
2017-11-15 20:19 - 2017-11-15 20:19 - 000000000 ____D C:\Program Files (x86)\Adelantado Trilogy - Book Three
2017-11-15 16:19 - 2017-11-15 20:20 - 000001248 _____ C:\Users\Public\Desktop\More Great Games.lnk
2017-11-15 16:18 - 2017-11-15 16:18 - 000000000 ____D C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vampire Legends - The Untold Story of Elizabeth Bathory
2017-11-15 16:18 - 2017-11-15 16:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vampire Legends - The Untold Story of Elizabeth Bathory
2017-11-15 16:07 - 2017-11-02 00:13 - 000095640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2017-11-15 16:07 - 2017-11-02 00:04 - 001292360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-11-15 16:07 - 2017-11-02 00:03 - 000223640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-11-15 16:07 - 2017-11-01 23:49 - 001838848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-11-15 16:07 - 2017-11-01 23:45 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-11-15 16:07 - 2017-11-01 23:45 - 000613136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-11-15 16:07 - 2017-11-01 23:45 - 000362144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-11-15 16:07 - 2017-11-01 23:45 - 000354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-11-15 16:07 - 2017-11-01 23:45 - 000283544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-11-15 16:07 - 2017-11-01 23:45 - 000172952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-11-15 16:07 - 2017-11-01 23:45 - 000133896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-11-15 16:07 - 2017-11-01 23:44 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-11-15 16:07 - 2017-11-01 23:44 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-11-15 16:07 - 2017-11-01 23:43 - 020372896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-11-15 16:07 - 2017-11-01 23:35 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2017-11-15 16:07 - 2017-11-01 23:35 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-11-15 16:07 - 2017-11-01 23:30 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-11-15 16:07 - 2017-11-01 23:30 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-11-15 16:07 - 2017-11-01 23:30 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-11-15 16:07 - 2017-11-01 23:28 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-11-15 16:07 - 2017-11-01 23:27 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-11-15 16:07 - 2017-11-01 23:27 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertPKICmdlet.dll
2017-11-15 16:07 - 2017-11-01 23:26 - 005963776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-11-15 16:07 - 2017-11-01 23:26 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-11-15 16:07 - 2017-11-01 23:26 - 000371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-11-15 16:07 - 2017-11-01 23:26 - 000068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2017-11-15 16:07 - 2017-11-01 23:25 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-11-15 16:07 - 2017-11-01 23:25 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-11-15 16:07 - 2017-11-01 23:25 - 000364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-11-15 16:07 - 2017-11-01 23:24 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-11-15 16:07 - 2017-11-01 23:24 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-11-15 16:07 - 2017-11-01 23:24 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-11-15 16:07 - 2017-11-01 23:24 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2017-11-15 16:07 - 2017-11-01 23:23 - 000680960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2017-11-15 16:07 - 2017-11-01 23:23 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-11-15 16:07 - 2017-11-01 23:23 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-11-15 16:07 - 2017-11-01 23:22 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-11-15 16:07 - 2017-11-01 23:22 - 001494528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-11-15 16:07 - 2017-11-01 23:21 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-11-15 16:07 - 2017-11-01 23:21 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-11-15 16:07 - 2017-10-25 02:40 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-11-15 16:07 - 2017-10-15 10:09 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-11-15 16:07 - 2017-10-15 10:03 - 006765728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-11-15 16:07 - 2017-10-15 10:01 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-11-15 16:07 - 2017-10-15 09:49 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-11-15 16:07 - 2017-10-15 09:45 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-11-15 16:07 - 2017-10-15 09:45 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-11-15 16:07 - 2017-10-15 09:44 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-11-15 16:07 - 2017-10-15 09:44 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-11-15 16:07 - 2017-10-15 09:42 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-11-15 16:07 - 2017-10-15 09:42 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-11-15 16:07 - 2017-10-15 09:41 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-11-15 16:07 - 2017-10-15 09:41 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-11-15 16:07 - 2017-10-15 09:38 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-11-15 16:06 - 2017-11-02 00:13 - 000546712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-11-15 16:06 - 2017-11-01 23:36 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-11-15 16:06 - 2017-11-01 23:34 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-11-15 16:06 - 2017-11-01 23:34 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-11-15 16:06 - 2017-11-01 23:34 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2017-11-15 16:06 - 2017-11-01 23:32 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-11-15 16:06 - 2017-11-01 23:30 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-11-15 16:06 - 2017-11-01 23:26 - 001937408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2017-11-15 16:06 - 2017-11-01 23:23 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-11-15 16:06 - 2017-11-01 23:22 - 001884160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2017-11-15 16:05 - 2017-11-02 00:16 - 002398696 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-11-15 16:05 - 2017-11-02 00:15 - 001239448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-11-15 16:05 - 2017-11-02 00:10 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-11-15 16:05 - 2017-11-01 23:44 - 023680000 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-11-15 16:05 - 2017-11-01 23:34 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-11-15 16:05 - 2017-11-01 23:31 - 020512256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-11-15 16:05 - 2017-11-01 23:30 - 013381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-11-15 16:05 - 2017-11-01 23:29 - 019338240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-11-15 16:05 - 2017-11-01 23:29 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-11-15 16:05 - 2017-11-01 23:29 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-11-15 16:05 - 2017-11-01 23:28 - 023684096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-11-15 16:05 - 2017-11-01 23:27 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-11-15 16:05 - 2017-11-01 23:26 - 008197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-11-15 16:05 - 2017-11-01 23:26 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-11-15 16:05 - 2017-11-01 23:25 - 012227072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-11-15 16:05 - 2017-11-01 23:25 - 004727808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-11-15 16:05 - 2017-11-01 23:24 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-11-15 16:05 - 2017-11-01 23:22 - 006254080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-11-15 16:05 - 2017-11-01 23:21 - 003653120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-11-15 16:05 - 2017-11-01 23:21 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-11-15 16:05 - 2017-10-15 09:53 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-11-15 16:05 - 2017-10-15 09:49 - 000094616 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-11-15 16:05 - 2017-10-15 09:14 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-11-15 16:05 - 2017-10-15 09:10 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-11-15 16:04 - 2017-11-02 00:16 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-11-15 16:04 - 2017-11-02 00:16 - 002327448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-11-15 16:04 - 2017-11-02 00:13 - 000212888 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-11-15 16:04 - 2017-11-02 00:12 - 000727336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-11-15 16:04 - 2017-11-02 00:12 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-11-15 16:04 - 2017-11-02 00:12 - 000430848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2017-11-15 16:04 - 2017-11-02 00:12 - 000412752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-11-15 16:04 - 2017-11-02 00:12 - 000319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-11-15 16:04 - 2017-11-02 00:12 - 000144248 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-11-15 16:04 - 2017-11-02 00:05 - 000187800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-11-15 16:04 - 2017-11-01 23:34 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-11-15 16:04 - 2017-11-01 23:34 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-11-15 16:04 - 2017-11-01 23:30 - 000719872 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-11-15 16:04 - 2017-11-01 23:30 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-11-15 16:04 - 2017-11-01 23:30 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-11-15 16:04 - 2017-11-01 23:29 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-11-15 16:04 - 2017-11-01 23:28 - 000939008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2017-11-15 16:04 - 2017-11-01 23:27 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-11-15 16:04 - 2017-11-01 23:27 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-11-15 16:04 - 2017-11-01 23:25 - 011888128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-11-15 16:04 - 2017-11-01 23:25 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-11-15 16:04 - 2017-11-01 23:23 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-11-15 16:04 - 2017-11-01 23:22 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-11-15 16:04 - 2017-10-15 09:53 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-11-15 16:04 - 2017-10-15 09:13 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-11-15 16:04 - 2017-10-15 09:05 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-11-15 16:04 - 2017-10-15 09:04 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-11-15 16:04 - 2017-10-15 09:02 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2017-11-15 16:03 - 2017-11-02 00:21 - 001578904 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-11-15 16:03 - 2017-11-02 00:21 - 000678808 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-11-15 16:03 - 2017-11-02 00:21 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-11-15 16:03 - 2017-11-02 00:21 - 000379288 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-11-15 16:03 - 2017-11-02 00:21 - 000190360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-11-15 16:03 - 2017-11-02 00:21 - 000136088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-11-15 16:03 - 2017-11-02 00:20 - 002032536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-11-15 16:03 - 2017-11-02 00:20 - 001144728 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-11-15 16:03 - 2017-11-02 00:20 - 001015704 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-11-15 16:03 - 2017-11-02 00:20 - 000965016 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-11-15 16:03 - 2017-11-02 00:20 - 000821656 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-11-15 16:03 - 2017-11-02 00:20 - 000613784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-11-15 16:03 - 2017-11-02 00:20 - 000543640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-11-15 16:03 - 2017-11-02 00:20 - 000484248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-11-15 16:03 - 2017-11-02 00:20 - 000469568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2017-11-15 16:03 - 2017-11-02 00:20 - 000259992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-11-15 16:03 - 2017-11-02 00:20 - 000034712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-11-15 16:03 - 2017-11-02 00:15 - 000503704 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2017-11-15 16:03 - 2017-11-02 00:14 - 000667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-11-15 16:03 - 2017-11-02 00:14 - 000067992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2017-11-15 16:03 - 2017-11-02 00:13 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-11-15 16:03 - 2017-11-02 00:13 - 002443672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-11-15 16:03 - 2017-11-02 00:13 - 001345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-11-15 16:03 - 2017-11-02 00:12 - 000714648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-11-15 16:03 - 2017-11-02 00:12 - 000643192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-11-15 16:03 - 2017-11-02 00:12 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
2017-11-15 16:03 - 2017-11-02 00:12 - 000026472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-11-15 16:03 - 2017-11-02 00:11 - 021353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-11-15 16:03 - 2017-11-02 00:05 - 000871408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-11-15 16:03 - 2017-11-01 23:37 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-11-15 16:03 - 2017-11-01 23:37 - 001278976 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-11-15 16:03 - 2017-11-01 23:37 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-11-15 16:03 - 2017-11-01 23:37 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-11-15 16:03 - 2017-11-01 23:37 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-11-15 16:03 - 2017-11-01 23:36 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-11-15 16:03 - 2017-11-01 23:35 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-11-15 16:03 - 2017-11-01 23:35 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2017-11-15 16:03 - 2017-11-01 23:35 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-11-15 16:03 - 2017-11-01 23:34 - 000438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2017-11-15 16:03 - 2017-11-01 23:34 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageLiveTileTask.exe
2017-11-15 16:03 - 2017-11-01 23:34 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-11-15 16:03 - 2017-11-01 23:33 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-11-15 16:03 - 2017-11-01 23:33 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageHandlers.dll
2017-11-15 16:03 - 2017-11-01 23:33 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2017-11-15 16:03 - 2017-11-01 23:33 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-11-15 16:03 - 2017-11-01 23:33 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertPKICmdlet.dll
2017-11-15 16:03 - 2017-11-01 23:32 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2017-11-15 16:03 - 2017-11-01 23:32 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Storage.dll
2017-11-15 16:03 - 2017-11-01 23:31 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-11-15 16:03 - 2017-11-01 23:31 - 000411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-11-15 16:03 - 2017-11-01 23:31 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
2017-11-15 16:03 - 2017-11-01 23:30 - 007339008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-11-15 16:03 - 2017-11-01 23:30 - 000635392 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-11-15 16:03 - 2017-11-01 23:30 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2017-11-15 16:03 - 2017-11-01 23:30 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-11-15 16:03 - 2017-11-01 23:29 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-11-15 16:03 - 2017-11-01 23:29 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-11-15 16:03 - 2017-11-01 23:28 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-11-15 16:03 - 2017-11-01 23:28 - 000799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-11-15 16:03 - 2017-11-01 23:28 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-11-15 16:03 - 2017-11-01 23:27 - 000565248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-11-15 16:03 - 2017-11-01 23:27 - 000537600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2017-11-15 16:03 - 2017-11-01 23:26 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-11-15 16:03 - 2017-11-01 23:26 - 003060224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-11-15 16:03 - 2017-11-01 23:26 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-11-15 16:03 - 2017-11-01 23:26 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-11-15 16:03 - 2017-11-01 23:25 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-11-15 16:03 - 2017-11-01 23:25 - 002052608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-11-15 16:03 - 2017-11-01 23:25 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-11-15 16:03 - 2017-11-01 23:25 - 001713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-11-15 16:03 - 2017-11-01 23:25 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-11-15 16:03 - 2017-11-01 23:25 - 000877568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2017-11-15 16:03 - 2017-11-01 23:25 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-11-15 16:03 - 2017-11-01 23:23 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-11-15 16:03 - 2017-11-01 23:23 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-11-15 16:03 - 2017-11-01 23:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2017-11-15 16:03 - 2017-10-15 09:59 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-11-15 16:03 - 2017-10-15 09:57 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-11-15 16:03 - 2017-10-15 09:57 - 000409496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-11-15 16:03 - 2017-10-15 09:56 - 000872464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-11-15 16:03 - 2017-10-15 09:55 - 007910960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-11-15 16:03 - 2017-10-15 09:51 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-11-15 16:03 - 2017-10-15 09:15 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-11-15 16:03 - 2017-10-15 09:09 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-11-15 16:03 - 2017-10-15 09:09 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-11-15 16:03 - 2017-10-15 09:08 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-11-15 16:03 - 2017-10-15 09:08 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-11-15 16:03 - 2017-10-15 09:07 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-11-15 16:03 - 2017-10-15 09:05 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-11-15 16:03 - 2017-10-15 09:00 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-11-15 16:02 - 2017-11-01 23:24 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-11-15 15:13 - 2017-11-15 15:13 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p220292716_s1_l1.exe
2017-11-15 15:13 - 2017-11-15 15:13 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p204748311_s1_l1.exe
2017-11-15 15:13 - 2017-11-15 15:13 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p204748261_s1_l1.exe
2017-11-15 15:10 - 2017-11-15 15:11 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p276595098_s1_l1.exe
2017-11-15 13:17 - 2017-10-16 18:53 - 000401488 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-11-15 13:16 - 2017-11-15 13:16 - 005996544 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2017-11-15 10:29 - 2017-11-15 10:29 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-11-15 10:29 - 2017-11-15 10:29 - 000000000 ____D C:\Program Files\Malwarebytes
2017-11-14 20:33 - 2017-11-15 13:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Urban Legends - The Maze
2017-11-14 20:33 - 2017-11-15 13:11 - 000000000 ____D C:\Program Files (x86)\Urban Legends - The Maze
2017-11-14 20:31 - 2017-11-15 13:11 - 000000000 ____D C:\Program Files (x86)\PuppetShow - Lost Town Collector's Edition
2017-11-14 20:30 - 2017-11-15 13:11 - 000000000 ____D C:\Program Files (x86)\PuppetShow - Souls of the Innocent Collectors Edition
2017-11-14 20:29 - 2017-11-15 13:11 - 000000000 ____D C:\Program Files (x86)\PuppetShow - Mystery of Joyville
2017-11-14 11:41 - 2017-11-14 23:55 - 000000000 ____D C:\Users\Julie\AppData\Roaming\Organic 2 Digital
2017-11-13 22:49 - 2017-11-13 22:49 - 000000000 ____D C:\Users\Julie\AppData\Roaming\Home Sweet Home
2017-11-13 22:41 - 2017-11-14 15:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Home Sweet Home 2 - Kitchens and Baths
2017-11-13 22:41 - 2017-11-14 15:39 - 000000000 ____D C:\Program Files (x86)\Home Sweet Home 2 - Kitchens and Baths
2017-11-13 22:40 - 2017-11-14 15:39 - 000000000 ____D C:\Program Files (x86)\Home Sweet Home - Christmas Edition
2017-11-13 22:35 - 2017-11-14 15:39 - 000000000 ____D C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Magic Encyclopedia
2017-11-13 22:35 - 2017-11-14 15:39 - 000000000 ____D C:\Program Files (x86)\Magic Encyclopedia
2017-11-13 22:33 - 2017-11-14 15:39 - 000000000 ____D C:\Program Files (x86)\Home Sweet Home
2017-11-13 22:32 - 2017-11-14 15:39 - 000000000 ____D C:\Program Files (x86)\Vampire Legends - The True Story of Kisilova
2017-11-13 22:13 - 2017-11-15 16:19 - 000000000 ____D C:\Program Files (x86)\Vampire Legends - The Untold Story of Elizabeth Bathory
2017-11-12 21:40 - 2017-11-12 21:40 - 000000000 ____D C:\Users\Julie\AppData\Roaming\bigwig_media
2017-11-12 14:36 - 2017-11-12 14:36 - 000000000 ____D C:\Users\Julie\AppData\LocalLow\Jumb_O_Fun Games Inc
2017-11-12 13:02 - 2017-11-14 15:39 - 000000000 ____D C:\Program Files (x86)\Campgrounds - The Endorus Expedition
2017-11-11 13:20 - 2017-11-11 13:20 - 000000000 ____D C:\Users\Julie\AppData\Roaming\Jumb-O-Fun Games
2017-11-10 20:41 - 2017-11-10 20:41 - 000000000 ____D C:\Users\Julie\AppData\Roaming\dingogames
2017-11-10 19:27 - 2017-11-10 19:27 - 000000000 ____D C:\ProgramData\BigFishGames
2017-11-08 23:25 - 2017-11-08 23:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chuzzle - Christmas Edition
2017-11-08 23:25 - 2017-11-08 23:25 - 000000000 ____D C:\Program Files (x86)\Chuzzle - Christmas Edition
2017-11-08 21:19 - 2017-11-08 21:19 - 000000000 ____D C:\Users\Julie\AppData\Roaming\PlayFirst
2017-11-08 21:19 - 2017-11-08 21:19 - 000000000 ____D C:\ProgramData\PlayFirst
2017-11-08 21:18 - 2017-11-08 21:18 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p214632098_s1_l1.exe
2017-11-08 21:16 - 2017-11-08 21:16 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p245503921_s1_l1.exe
2017-11-08 21:08 - 2017-11-08 21:08 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p242144338_s1_l1.exe
2017-11-08 21:08 - 2017-11-08 21:08 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p209912651_s1_l1.exe
2017-11-08 21:07 - 2017-11-08 21:07 - 000000000 ____D C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wandering Willows
2017-11-08 21:07 - 2017-11-08 21:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wandering Willows
2017-11-08 21:07 - 2017-11-08 21:07 - 000000000 ____D C:\Program Files (x86)\Wandering Willows
2017-11-08 21:04 - 2017-11-08 21:04 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p40281896_s1_l1.exe
2017-11-08 20:37 - 2017-11-08 20:45 - 000000000 ____D C:\Users\Julie\Desktop\New folder (2)
2017-10-31 21:41 - 2017-10-31 21:41 - 000000000 ____D C:\Users\Public\Documents\BigFish
2017-10-29 15:06 - 2017-10-29 15:07 - 000000000 ____D C:\Program Files (x86)\Drawn - Trail of Shadows Collector's Edition
2017-10-29 15:06 - 2017-10-29 15:06 - 000000000 ____D C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Drawn - Trail of Shadows Collector's Edition
2017-10-29 15:06 - 2017-10-29 15:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drawn - Trail of Shadows Collector's Edition
2017-10-29 00:29 - 2017-10-29 00:30 - 000000000 ____D C:\Program Files (x86)\Drawn - Dark Flight Collector's Edition
2017-10-29 00:29 - 2017-10-29 00:29 - 000000000 ____D C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Drawn - Dark Flight Collector's Edition
2017-10-29 00:29 - 2017-10-29 00:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drawn - Dark Flight Collector's Edition
2017-10-29 00:02 - 2017-10-29 00:02 - 000000000 ____D C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Magic Encyclopedia - Illusions
2017-10-29 00:02 - 2017-10-29 00:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magic Encyclopedia - Illusions
2017-10-29 00:02 - 2017-10-29 00:02 - 000000000 ____D C:\Program Files (x86)\Magic Encyclopedia - Illusions
2017-10-28 23:55 - 2017-10-28 23:56 - 000000000 ____D C:\Program Files (x86)\Drawn - The Painted Tower
2017-10-28 23:55 - 2017-10-28 23:55 - 000000000 ____D C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Drawn - The Painted Tower
2017-10-28 23:55 - 2017-10-28 23:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drawn - The Painted Tower
2017-10-28 23:47 - 2017-10-28 23:47 - 000000000 ____D C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Magic Encyclopedia - Moon Light
2017-10-28 23:47 - 2017-10-28 23:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magic Encyclopedia - Moon Light
2017-10-28 23:47 - 2017-10-28 23:47 - 000000000 ____D C:\Program Files (x86)\Magic Encyclopedia - Moon Light
2017-10-28 23:32 - 2017-10-28 23:32 - 000000000 ____D C:\Users\Julie\AppData\Roaming\10tons
2017-10-28 23:32 - 2017-10-28 23:32 - 000000000 ____D C:\ProgramData\10tons
2017-10-28 23:31 - 2017-10-28 23:31 - 000000000 ____D C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\King Oddball
2017-10-28 23:31 - 2017-10-28 23:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\King Oddball
2017-10-28 23:31 - 2017-10-28 23:31 - 000000000 ____D C:\Program Files (x86)\King Oddball
2017-10-28 23:28 - 2017-10-28 23:28 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p167482147_s1_l1.exe
2017-10-28 23:25 - 2017-10-28 23:25 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p81900529_s1_l1.exe
2017-10-28 23:25 - 2017-10-28 23:25 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p64941726_s1_l1.exe
2017-10-28 23:25 - 2017-10-28 23:25 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p163576333_s1_l1.exe
2017-10-28 23:24 - 2017-10-28 23:24 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p72878659_s1_l1.exe
2017-10-28 23:24 - 2017-10-28 23:24 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p47944533_s1_l1.exe
2017-10-28 23:14 - 2017-10-28 23:19 - 000000000 ____D C:\Users\Julie\AppData\Roaming\Ancient Quest of Saqqarah__bfg
2017-10-28 00:26 - 2017-10-28 00:26 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p201579695_s1_l1.exe
2017-10-27 23:25 - 2017-10-27 23:25 - 000000000 ____D C:\ProgramData\Playrix Entertainment
2017-10-27 23:21 - 2017-10-27 23:22 - 000000000 ____D C:\Program Files (x86)\Gardenscapes 2
2017-10-27 23:21 - 2017-10-27 23:21 - 000000000 ____D C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gardenscapes 2
2017-10-27 23:21 - 2017-10-27 23:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gardenscapes 2
2017-10-27 22:58 - 2017-10-27 23:13 - 000000000 ____D C:\ProgramData\MumboJumbo
2017-10-27 22:42 - 2017-10-27 22:42 - 000000000 ____D C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ancient Quest of Saqqarah
2017-10-27 22:42 - 2017-10-27 22:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ancient Quest of Saqqarah
2017-10-27 22:42 - 2017-10-27 22:42 - 000000000 ____D C:\Program Files (x86)\Ancient Quest of Saqqarah
2017-10-27 22:36 - 2017-10-27 22:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fairy Godmother Tycoon
2017-10-27 22:35 - 2017-11-02 16:51 - 000000000 ____D C:\Program Files (x86)\Fairy Godmother Tycoon
2017-10-27 22:30 - 2017-10-27 22:31 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p18131780_s1_l1(1).exe
2017-10-27 22:30 - 2017-10-27 22:30 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p13570346_s1_l1(1).exe
2017-10-27 22:29 - 2017-10-27 22:29 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p18131780_s1_l1.exe
2017-10-27 22:29 - 2017-10-27 22:29 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p13570346_s1_l1.exe
2017-10-24 18:18 - 2017-10-24 18:18 - 000001248 _____ C:\Users\Public\Desktop\Dynomite!.lnk
2017-10-24 18:18 - 2017-10-24 18:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dynomite!
2017-10-24 18:18 - 2017-10-24 18:18 - 000000000 ____D C:\ProgramData\Electronic Arts
2017-10-24 18:17 - 2017-10-24 18:17 - 000000000 ____D C:\Program Files (x86)\Origin Games
2017-10-24 18:16 - 2017-11-16 04:30 - 000000000 ____D C:\Users\Julie\AppData\Roaming\Origin
2017-10-24 18:14 - 2017-11-15 15:56 - 000000000 ____D C:\Program Files (x86)\Origin
2017-10-24 18:14 - 2017-10-24 18:14 - 000001064 _____ C:\Users\Public\Desktop\Origin.lnk
2017-10-24 18:14 - 2017-10-24 18:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2017-10-24 18:10 - 2017-11-16 00:04 - 000000000 ____D C:\ProgramData\Origin
2017-10-24 18:10 - 2017-10-24 18:10 - 000000000 ____D C:\Users\Julie\.QtWebEngineProcess
2017-10-24 18:10 - 2017-10-24 18:10 - 000000000 ____D C:\Users\Julie\.Origin
2017-10-24 18:09 - 2017-10-24 18:18 - 000000000 ____D C:\Users\Julie\AppData\Local\Origin
2017-10-24 18:08 - 2017-10-24 18:09 - 062399560 _____ (Electronic Arts) C:\Users\Julie\Downloads\OriginThinSetup.exe
2017-10-24 16:23 - 2017-10-24 16:23 - 000000000 ____D C:\ProgramData\Grey Alien Games
2017-10-24 16:22 - 2017-10-24 16:22 - 000000000 ____D C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fairway Solitaire
2017-10-24 16:22 - 2017-10-24 16:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fairway Solitaire
2017-10-24 16:22 - 2017-10-24 16:22 - 000000000 ____D C:\Program Files (x86)\Fairway Solitaire
2017-10-24 16:19 - 2017-10-24 16:19 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p15140841_s1_l1(1).exe
2017-10-24 15:34 - 2017-10-24 15:34 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p15140841_s1_l1.exe
2017-10-23 23:05 - 2017-10-29 00:10 - 000000000 ____D C:\Users\Julie\AppData\Roaming\Big Fish Games
2017-10-23 22:49 - 2017-10-23 22:50 - 000000000 ____D C:\Program Files (x86)\Fairway Collector's Edition
2017-10-23 22:49 - 2017-10-23 22:49 - 000000000 ____D C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fairway Collector's Edition
2017-10-23 22:49 - 2017-10-23 22:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fairway Collector's Edition
2017-10-23 22:42 - 2017-10-23 22:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elf Bowling 7 1-7 - The Last Insult
2017-10-23 22:42 - 2017-10-23 22:42 - 000000000 ____D C:\Program Files (x86)\Elf Bowling 7 1-7 - The Last Insult
2017-10-23 22:41 - 2017-10-23 22:41 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p119187012_s1_l1.exe
2017-10-23 22:41 - 2017-10-23 22:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elf Bowling - Hawaiian Vacation
2017-10-23 22:41 - 2017-10-23 22:41 - 000000000 ____D C:\Program Files (x86)\Elf Bowling - Hawaiian Vacation
2017-10-23 22:40 - 2017-10-23 22:40 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p65286339_s1_l1.exe
2017-10-23 22:40 - 2017-10-23 22:40 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p13394287_s1_l1.exe
2017-10-23 22:19 - 2017-10-23 22:19 - 000000000 ____D C:\Users\Julie\AppData\Roaming\Pogo Games
2017-10-23 22:19 - 2017-10-23 22:19 - 000000000 ____D C:\ProgramData\Word Whomp Underground
2017-10-23 20:31 - 2017-10-23 20:31 - 000000000 ____D C:\Users\Julie\AppData\Roaming\AlawarEntertainment
2017-10-23 20:23 - 2017-10-23 20:23 - 000000110 _____ C:\WINDOWS\wininit.ini
2017-10-23 20:23 - 2017-10-23 20:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word Whomp Underground
2017-10-23 20:23 - 2017-10-23 20:23 - 000000000 ____D C:\Program Files (x86)\Word Whomp Underground
2017-10-23 20:22 - 2017-10-23 20:22 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p150406917_s1_l1.exe
2017-10-23 20:21 - 2017-10-23 22:16 - 000000000 ____D C:\Program Files (x86)\QBeez 2
2017-10-23 20:21 - 2017-10-23 20:21 - 000000000 ____D C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lost Head
2017-10-23 20:21 - 2017-10-23 20:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QBeez 2
2017-10-23 20:21 - 2017-10-23 20:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lost Head
2017-10-23 20:21 - 2017-10-23 20:21 - 000000000 ____D C:\Program Files (x86)\Lost Head
2017-10-23 20:20 - 2017-10-23 20:21 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p154180485_s1_l1.exe
2017-10-23 20:19 - 2017-10-23 20:19 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p158192941_s1_l1.exe
2017-10-23 18:40 - 2017-10-23 18:40 - 000000000 ____D C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Farm Frenzy 3 - Ice Age
2017-10-23 18:40 - 2017-10-23 18:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Feeding Frenzy
2017-10-23 18:40 - 2017-10-23 18:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Farm Frenzy 3 - Ice Age
2017-10-23 18:40 - 2017-10-23 18:40 - 000000000 ____D C:\Program Files (x86)\Feeding Frenzy
2017-10-23 18:40 - 2017-10-23 18:40 - 000000000 ____D C:\Program Files (x86)\Farm Frenzy 3 - Ice Age
2017-10-23 18:32 - 2017-10-23 18:32 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p91573531_s1_l1.exe
2017-10-23 18:32 - 2017-10-23 18:32 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p164468804_s1_l1.exe
2017-10-22 22:34 - 2017-10-22 22:34 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p172546036_s1_l1.exe
2017-10-20 20:42 - 2017-10-20 20:43 - 000000000 ____D C:\Program Files (x86)\Build-a-lot - Fairy Tales
2017-10-20 20:42 - 2017-10-20 20:42 - 000000000 ____D C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Build-a-lot - Fairy Tales
2017-10-20 20:42 - 2017-10-20 20:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Build-a-lot - Fairy Tales
2017-10-20 20:38 - 2017-10-20 20:38 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p146383080_s1_l1.exe
2017-10-17 20:30 - 2017-10-18 11:23 - 000000000 ____D C:\Users\Julie\Desktop\New folder
2017-10-17 20:27 - 2017-10-17 20:27 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUSB_01007.Wdf
2017-10-17 17:10 - 2017-10-17 17:10 - 000012460 _____ C:\Users\Julie\Downloads\firefox-update.js

Confusd73 · Nov 16, 2017

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-16 09:47 - 2016-12-05 21:25 - 000000000 ____D C:\Users\Julie\AppData\LocalLow\Mozilla
2017-11-16 09:46 - 2017-07-21 12:04 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-11-16 06:54 - 2017-07-21 12:22 - 000004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FF1E2CB9-9DF1-4F8D-872E-4E811BE6AA9E}
2017-11-16 01:18 - 2014-03-30 00:07 - 000000000 ____D C:\ProgramData\TEMP
2017-11-16 00:26 - 2014-03-30 00:05 - 000000000 ____D C:\BigFishCache
2017-11-16 00:02 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-16 00:02 - 2016-06-22 09:40 - 000000000 ____D C:\Users\Julie\AppData\Local\Amazon Music
2017-11-16 00:01 - 2016-02-13 08:20 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-11-16 00:00 - 2017-07-21 12:07 - 001255640 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-15 23:57 - 2017-03-18 16:01 - 000000000 ____D C:\WINDOWS\INF
2017-11-15 23:56 - 2017-07-21 12:06 - 000000000 ____D C:\ProgramData\NVIDIA
2017-11-15 23:56 - 2017-07-21 12:04 - 000263488 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-11-15 23:55 - 2017-07-21 12:22 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-15 23:55 - 2017-03-18 06:40 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2017-11-15 23:54 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-11-15 23:54 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-11-15 23:54 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\Provisioning
2017-11-15 23:54 - 2017-03-18 16:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-11-15 23:54 - 2017-03-18 16:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-11-15 23:27 - 2014-03-22 06:22 - 000000000 ____D C:\Users\Julie\Desktop\funnies_inspiration
2017-11-15 23:08 - 2017-09-17 19:36 - 000000000 ____D C:\Users\Julie\Desktop\WOODBURNING
2017-11-15 20:20 - 2009-07-14 00:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-11-15 16:12 - 2017-03-18 15:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-11-15 15:06 - 2014-03-14 19:37 - 000000000 ____D C:\Program Files (x86)\Cisco
2017-11-15 15:01 - 2017-03-18 16:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-15 14:57 - 2016-06-22 09:40 - 000001301 _____ C:\Users\Julie\Desktop\Amazon Music.lnk
2017-11-15 13:17 - 2017-07-21 12:22 - 000003994 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-11-15 13:17 - 2017-07-21 12:08 - 000000000 ____D C:\Users\UpdatusUser
2017-11-15 13:17 - 2017-07-21 12:08 - 000000000 ____D C:\Users\Julie
2017-11-15 13:17 - 2017-06-13 21:17 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2017-11-15 13:17 - 2017-03-18 06:40 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-11-15 13:17 - 2016-07-11 14:38 - 000001981 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Internet Security.lnk
2017-11-15 13:17 - 2015-07-01 16:34 - 000001969 _____ C:\Users\Public\Desktop\Avast Internet Security.lnk
2017-11-15 13:17 - 2014-03-21 10:55 - 001029872 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2017-11-15 13:16 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-11-15 13:16 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-11-15 13:16 - 2014-03-21 10:55 - 001020536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys.151076986295307
2017-11-15 13:14 - 2017-03-18 16:03 - 000000000 ___RD C:\Program Files\Windows Defender
2017-11-15 13:13 - 2017-07-21 12:08 - 000000000 ____D C:\Users\DefaultAppPool
2017-11-15 13:13 - 2017-03-18 16:03 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-11-15 13:13 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2017-11-15 13:13 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-11-15 13:13 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2017-11-15 13:13 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-11-15 13:12 - 2017-03-18 16:03 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-11-15 13:12 - 2017-03-18 16:03 - 000000000 ___RD C:\WINDOWS\PrintDialog
2017-11-15 13:12 - 2017-03-18 16:03 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-11-15 13:12 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2017-11-15 13:12 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml
2017-11-15 13:12 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\setup
2017-11-15 13:12 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-11-15 13:12 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\migwiz
2017-11-15 13:12 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\icsxml
2017-11-15 13:12 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\schemas
2017-11-15 13:12 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2017-11-15 13:12 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\appcompat
2017-11-15 13:12 - 2017-03-18 16:03 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2017-11-15 13:12 - 2017-03-18 06:40 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2017-11-15 13:12 - 2017-03-18 06:40 - 000000000 ____D C:\WINDOWS\system32\Dism
2017-11-15 13:12 - 2017-03-18 06:40 - 000000000 ____D C:\WINDOWS\servicing
2017-11-15 13:12 - 2016-06-22 09:40 - 000000000 ____D C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Music
2017-11-15 13:12 - 2014-03-30 00:37 - 000000000 ____D C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nightmares from the Deep - Davy Jones Collector's Edition
2017-11-15 13:12 - 2014-03-30 00:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nightmares from the Deep - Davy Jones Collector's Edition
2017-11-15 13:11 - 2016-12-04 19:08 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-11-15 13:11 - 2014-03-30 00:37 - 000000000 ____D C:\Program Files (x86)\Nightmares from the Deep - Davy Jones Collector's Edition
2017-11-15 13:11 - 2014-03-21 10:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-11-15 12:56 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\registration
2017-11-15 12:54 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\SystemResources
2017-11-15 12:50 - 2014-03-21 10:23 - 000000000 ____D C:\Users\Julie\AppData\Roaming\Mozilla
2017-11-15 12:09 - 2017-01-04 17:50 - 000000000 ____D C:\ProgramData\Cisco
2017-11-15 10:42 - 2016-05-26 09:34 - 000000000 ____D C:\Users\Julie\AppData\Local\Packages
2017-11-14 23:46 - 2016-06-21 11:10 - 000000000 ____D C:\ProgramData\CanonIJPLM
2017-11-14 21:57 - 2017-01-20 21:08 - 000000000 ____D C:\Users\Julie\AppData\Roaming\Elephant Games
2017-11-08 20:20 - 2017-02-06 15:30 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-11-07 18:18 - 2017-07-09 16:28 - 000000111 _____ C:\WINDOWS\SysWOW64\SmartFlow.txt
2017-11-04 20:40 - 2017-03-18 16:06 - 000835568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-11-04 20:40 - 2017-03-18 16:06 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-02 21:44 - 2017-07-27 12:41 - 000003362 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-860533698-1946648191-3752025309-1002
2017-11-02 21:44 - 2016-05-26 09:39 - 000002405 _____ C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-11-02 21:44 - 2016-05-26 09:39 - 000000000 ___RD C:\Users\Julie\OneDrive
2017-10-28 09:24 - 2017-07-21 12:22 - 000003560 _____ C:\WINDOWS\System32\Tasks\PCDEventLauncherTask
2017-10-27 22:42 - 2014-03-30 00:07 - 000000000 ____D C:\ProgramData\Big Fish
2017-10-25 23:43 - 2017-07-21 12:22 - 000004374 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-10-25 01:01 - 2017-07-21 12:22 - 000003826 _____ C:\WINDOWS\System32\Tasks\PCDoctorBackgroundMonitorTask
2017-10-25 01:01 - 2017-07-21 12:22 - 000003356 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1468395287
2017-10-25 01:01 - 2017-07-21 12:22 - 000003256 _____ C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2017-10-25 01:01 - 2017-07-21 12:22 - 000003254 _____ C:\WINDOWS\System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d
2017-10-25 01:01 - 2017-07-21 12:22 - 000003136 _____ C:\WINDOWS\System32\Tasks\PCDDataUploadTask
2017-10-25 01:01 - 2017-07-21 12:22 - 000003016 _____ C:\WINDOWS\System32\Tasks\SystemToolsDailyTest
2017-10-25 01:01 - 2017-07-21 12:22 - 000002876 _____ C:\WINDOWS\System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon
2017-10-25 01:01 - 2017-07-21 12:22 - 000002702 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask
2017-10-24 23:14 - 2017-07-21 12:22 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2017-10-24 19:56 - 2014-03-21 10:17 - 000000000 ____D C:\Users\Julie\AppData\Local\VirtualStore
2017-10-24 18:16 - 2016-04-18 11:34 - 000000000 ____D C:\ProgramData\Package Cache
2017-10-20 20:43 - 2017-01-10 19:00 - 000000000 ____D C:\Users\Julie\AppData\Roaming\HipSoft
2017-10-17 02:12 - 2017-03-18 16:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-10-17 02:11 - 2014-03-21 10:25 - 000000000 ____D C:\Program Files\Microsoft Office 15

==================== Files in the root of some directories =======

2017-07-21 12:06 - 2017-07-21 12:06 - 000000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
2017-10-28 23:26 - 2017-10-28 23:26 - 000000460 _____ () C:\Users\Julie\AppData\Local\Temp\tempmessage.bfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-11-15 13:47

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-11-2017
Ran by Julie (16-11-2017 09:58:50)
Running from C:\Users\Julie\Desktop\Techspot
Windows 10 Home Version 1703 15063.726 (X64) (2017-07-21 17:28:59)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-860533698-1946648191-3752025309-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-860533698-1946648191-3752025309-503 - Limited - Disabled)
Guest (S-1-5-21-860533698-1946648191-3752025309-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-860533698-1946648191-3752025309-1003 - Limited - Enabled)
Julie (S-1-5-21-860533698-1946648191-3752025309-1002 - Administrator - Enabled) => C:\Users\Julie
UpdatusUser (S-1-5-21-860533698-1946648191-3752025309-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adelantado Trilogy: Book One (HKLM-x32\...\BFG-Adelantado Trilogy - Book One) (Version: - )
Adelantado Trilogy: Book Three (HKLM-x32\...\BFG-Adelantado Trilogy - Book Three) (Version: - )
Adelantado Trilogy: Book Two (HKLM-x32\...\BFG-Adelantado Trilogy - Book Two) (Version: - )
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Adobe Reader XI MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Amazon MP3 Downloader 1.0.18 (HKU\S-1-5-21-860533698-1946648191-3752025309-1002\...\Amazon MP3 Downloader) (Version: 1.0.18 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-860533698-1946648191-3752025309-1002\...\Amazon Amazon Music) (Version: 6.1.3.1192 - Amazon Services LLC)
Ancient Quest of Saqqarah (HKLM-x32\...\BFG-Ancient Quest of Saqqarah) (Version: - )
ANT Drivers Installer x64 (HKLM\...\{7664AF65-7B0D-4171-9F0F-50455278B428}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Aquascapes (HKLM-x32\...\BFG-Aquascapes) (Version: - )
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.170 - Atheros)
Avast Internet Security (HKLM-x32\...\Avast Antivirus) (Version: 17.7.2314 - AVAST Software)
Azada: Elementa (HKLM-x32\...\BFG-Azada - Elementa) (Version: - )
Azada: In Libro (HKLM-x32\...\BFG-Azada - In Libro) (Version: - )
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Build-a-lot: Fairy Tales (HKLM-x32\...\BFG-Build-a-lot - Fairy Tales) (Version: - )
Build-a-Lot: Mysteries 2 (HKLM-x32\...\BFG-Build-a-Lot - Mysteries 2) (Version: - )
Build-a-lot: On Vacation (HKLM-x32\...\BFG-Build-a-lot - On Vacation) (Version: - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.15.23 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.3.0 - Canon Inc.)
Canon MX490 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX490_series) (Version: 1.02 - Canon Inc.)
Canon MX490 series On-screen Manual (HKLM-x32\...\Canon MX490 series On-screen Manual) (Version: 7.7.1 - Canon Inc.)
Canon MX490 series User Registration (HKLM-x32\...\Canon MX490 series User Registration) (Version: - ‭Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.1.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.1.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.5.0 - Canon Inc.)
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: 1.6.0 - Canon Inc.)
Christmas Stories 3: Hans Christian Andersen's Tin Soldier Collector's Edition (HKLM-x32\...\BFG-Christmas Stories 3 - Hans Christian Andersens Tin Soldier Collectors Edition) (Version: - )
Christmas Stories: A Christmas Carol Collector's Edition (HKLM-x32\...\BFG-Christmas Stories - A Christmas Carol Collectors Edition) (Version: - )
Chuzzle: Christmas Edition (HKLM-x32\...\BFG-Chuzzle - Christmas Edition) (Version: - )
Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Dark Parables: Ballad of Rapunzel (HKLM-x32\...\BFG-Dark Parables - Ballad of Rapunzel) (Version: - )
Dark Parables: Jack and the Sky Kingdom Collector's Edition (HKLM-x32\...\BFG-Dark Parables - Jack and the Sky Kingdom Collectors Edition) (Version: - )
Dark Parables: Queen of Sands (HKLM-x32\...\BFG-Dark Parables - Queen of Sands) (Version: - )
Dark Parables: Rise of the Snow Queen Collector's Edition (HKLM-x32\...\BFG-Dark Parables - Rise of the Snow Queen Collector's Edition) (Version: - )
Dark Parables: The Little Mermaid and the Purple Tide (HKLM-x32\...\BFG-Dark Parables - The Little Mermaid and the Purple Tide) (Version: - )
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{03A9F528-A754-460F-B2C1-AC125A147114}) (Version: 2.8.5000.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 2.0.6875.668 - Dell)
Dell SupportAssistAgent (HKLM\...\{18EF001B-B005-46CB-917B-112BA69ED85E}) (Version: 2.0.3.10 - Dell)
Dell Update (HKLM-x32\...\{F91263FA-BE4D-439D-9C0A-2E7204E0E9E3}) (Version: 1.9.20.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Dell Inc.)
Drawn®: The Painted Tower ™ (HKLM-x32\...\BFG-Drawn - The Painted Tower) (Version: - )
Drawn®: Dark Flight ™ Collector's Edition (HKLM-x32\...\BFG-Drawn - Dark Flight Collector's Edition) (Version: - )
Drawn™: Trail of Shadows Collector's Edition (HKLM-x32\...\BFG-Drawn - Trail of Shadows Collector's Edition) (Version: - )
Dreampath: Curse of the Swamps (HKLM-x32\...\BFG-Dreampath - Curse of the Swamps) (Version: - )
Dynomite! (HKLM-x32\...\{E6463554-B26B-452A-AE58-441AB0D70DBA}) (Version: 2.71.0.0 - PopCap Games)
Elevated Installer (HKLM-x32\...\{1052502B-4C91-43F9-B160-AE39ED57C9F0}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Elf Bowling 7 1/7: The Last Insult (HKLM-x32\...\BFG-Elf Bowling 7 1-7 - The Last Insult) (Version: - )
Elf Bowling: Hawaiian Vacation (HKLM-x32\...\BFG-Elf Bowling - Hawaiian Vacation) (Version: - )
Fairway Solitaire (HKLM-x32\...\BFG-Fairway Solitaire) (Version: - )
Fairway ™ Collector's Edition (HKLM-x32\...\BFG-Fairway Collector's Edition) (Version: - )
Fairy Godmother Tycoon (HKLM-x32\...\BFG-Fairy Godmother Tycoon) (Version: - )
Farm Frenzy 3: Ice Age (HKLM-x32\...\BFG-Farm Frenzy 3 - Ice Age) (Version: - )
Fear For Sale: The Curse of Whitefall Collector's Edition (HKLM-x32\...\BFG-Fear For Sale - The Curse of Whitefall Collector's Edition) (Version: - )
Feeding Frenzy (HKLM-x32\...\BFG-Feeding Frenzy) (Version: - )
Gardenscapes 2 (HKLM-x32\...\BFG-Gardenscapes 2) (Version: - )
Garmin Express (HKLM-x32\...\{BCC7CA85-E57F-452D-BB44-15A1CE018BD0}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{bd8bd200-9a60-4969-b267-6b565f36e3da}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express Tray (HKLM-x32\...\{DA9C865D-6762-4931-8588-0B13B7A0796B}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Halloween Stories: Invitation Collector's Edition (HKLM-x32\...\BFG-Halloween Stories - Invitation Collectors Edition) (Version: - )
Haunted Hotel: Death Sentence (HKLM-x32\...\BFG-Haunted Hotel - Death Sentence) (Version: - )
House of 1000 Doors: Evil Inside (HKLM-x32\...\BFG-House of 1000 Doors - Evil Inside) (Version: - )
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.13.1402 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.2.1001 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
King Oddball (HKLM-x32\...\BFG-King Oddball) (Version: - )
Lexmark 730 Series (HKLM\...\Lexmark 730 Series) (Version: - )
Living Legends: Beasts of Bremen Collector's Edition (HKLM-x32\...\BFG-Living Legends - Beasts of Bremen Collectors Edition) (Version: - )
Lost Head (HKLM-x32\...\BFG-Lost Head) (Version: - )
Lost Lands: Ice Spell (HKLM-x32\...\BFG-Lost Lands - Ice Spell) (Version: - )
Lost Lands: The Four Horsemen Collector's Edition (HKLM-x32\...\BFG-Lost Lands - The Four Horsemen Collectors Edition) (Version: - )
Lost Souls: Timeless Fables Collector's Edition (HKLM-x32\...\BFG-Lost Souls - Timeless Fables Collectors Edition) (Version: - )
Magic Encyclopedia: Illusions (HKLM-x32\...\BFG-Magic Encyclopedia - Illusions) (Version: - )
Magic Encyclopedia: Moon Light (HKLM-x32\...\BFG-Magic Encyclopedia - Moon Light) (Version: - )
Medisoft Advanced 17 Demo (HKLM-x32\...\{1FC9EE64-CF99-451e-AA25-D3B35AD7CD41}) (Version: 17.3.2.430 - Mckesson Corp)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4971.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-860533698-1946648191-3752025309-1002\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Mozilla Firefox 56.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 56.0.2 (x64 en-US)) (Version: 56.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 56.0.2.6506 - Mozilla)
Mozilla Thunderbird 52.4.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.4.0 (x86 en-US)) (Version: 52.4.0 - Mozilla)
Nightmares from the Deep: Davy Jones Collector's Edition (HKLM-x32\...\BFG-Nightmares from the Deep - Davy Jones Collector's Edition) (Version: - )
NVIDIA 3D Vision Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.53 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.53 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4971.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4971.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4971.1002 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.5.5.6040 - Electronic Arts, Inc.)
Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)
PuppetShow: Poetic Justice Collector's Edition (HKLM-x32\...\BFG-PuppetShow - Poetic Justice Collectors Edition) (Version: - )
QBeez 2 (HKLM-x32\...\BFG-QBeez 2) (Version: - )
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
Realtek USB Audio (HKLM-x32\...\{0A46A65D-89AC-464C-8026-3CD44960BD04}) (Version: 6.3.9600.41 - Realtek Semiconductor Corp.)
Redemption Cemetery: Bitter Frost (HKLM-x32\...\BFG-Redemption Cemetery - Bitter Frost) (Version: - )
Redemption Cemetery: Clock of Fate Collector's Edition (HKLM-x32\...\BFG-Redemption Cemetery - Clock of Fate Collectors Edition) (Version: - )
Redemption Cemetery: The Island of the Lost (HKLM-x32\...\BFG-Redemption Cemetery - The Island of the Lost) (Version: - )
Revenue Management for Medisoft Advanced 17 Demo (HKLM-x32\...\{54F89267-AA01-4dcc-8377-9248B0AE0C09}) (Version: 17.3.2.430 - Mckesson Corp)
SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.999 - SAMSUNG Electronics Co., Ltd.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Stray Souls: Stolen Memories (HKLM-x32\...\BFG-Stray Souls - Stolen Memories) (Version: - )
Stray Souls: Stolen Memories Collector's Edition (HKLM-x32\...\BFG-Stray Souls - Stolen Memories Collector's Edition) (Version: - )
Twilight Phenomena: Strange Menagerie (HKLM-x32\...\BFG-Twilight Phenomena - Strange Menagerie) (Version: - )
Understanding Health Insurance Sim Claim (HKLM-x32\...\Understanding Health Insurance Sim Claim_is1) (Version: - Delmar Learning)
Vampire Legends: The Untold Story of Elizabeth Bathory (HKLM-x32\...\BFG-Vampire Legends - The Untold Story of Elizabeth Bathory) (Version: - )
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{69258FD1-F4EE-475A-83D1-BF68C8029592}) (Version: 2.14.0402 - Samsung Electronics Co., Ltd.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Wandering Willows (HKLM-x32\...\BFG-Wandering Willows) (Version: - )
Weird Park: The Final Show (HKLM-x32\...\BFG-Weird Park - The Final Show) (Version: - )
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Witches' Legacy: The City That Isn't There Collector's Edition (HKLM-x32\...\BFG-Witches Legacy - The City That Isnt There Collectors Edition) (Version: - )
Word Whomp ™ Underground (HKLM-x32\...\BFG-Word Whomp Underground) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-16] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-16] (AVAST Software)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-16] (AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-16] (AVAST Software)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-16] (AVAST Software)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00B86510-66F3-497C-953A-2C9846D520D8} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-09-05] (Microsoft Corporation)
Task: {04ACFFB6-810F-4359-91F8-DEDB34F7EF1E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0E1784B3-B331-4910-A926-2CA78A4D4940} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {182FA78E-A57E-4F21-A8DC-230A199F461F} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {25D9C75E-5407-41D1-AB0D-E77CF131168B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {26A5E551-6E87-415B-A5BB-8C5FA11BCA4D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2B2027AC-8619-402F-A38A-E504687231C8} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {2DC1F689-F360-471D-AEF7-A82C1AEE5D80} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {30A72F5C-73AC-451E-955E-20CFA26F9A3A} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {30AEFC67-F451-41D0-9107-9E3C062295CE} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {34C31891-7EBA-45B8-9234-B801B0E83331} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {364E5EB3-8868-4FF6-85F5-19C294CAD34A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {3D1B8B0E-6642-4134-B72D-F76D88BE4544} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3E772720-7B0E-44E9-B4E2-E415DB477E78} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {4CE4033A-BEB9-45F8-9ACE-085A50C2E917} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4D060EF6-C9AF-4BEB-9DE1-6889AACD3B6D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-09-05] (Microsoft Corporation)
Task: {4DF89D9A-E914-4A1F-9976-E01B2D2115DD} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-03-28] ()
Task: {56EF4A60-BC5D-4A4E-B2F4-DAC363F05C25} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {585C2F7D-FDF3-402E-AC69-AA5AD455F2CD} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {61F655F8-95BD-4DB3-8ED4-1E46AFDA3A7B} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {62CD5F12-2156-440D-BE8B-E128153E58A2} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {672FE1B1-35BA-4F3D-9AD4-B1CAFF9F7E96} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {7A14CA65-B2A2-4788-B4F3-D25BEFE56933} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {862FF9A3-3C0D-4061-B618-5D934BB755A3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {89924211-D912-4533-ADA6-731C788180F9} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => c:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {8A36EAA2-B54E-45E0-BC84-3B84FF91460E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {8B3454B0-E5CB-4BEA-9D5F-DC36E6E6A619} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8CC764A0-B47D-4174-9FED-261CA4736C55} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {930D6E9A-BE5A-4969-8B62-E8774FDAFACF} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {970E7DB8-A83C-4F3B-ADC4-929538D02186} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {A45031B4-CE64-45E6-A290-E46EE19ED9FE} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {ADD03001-7A97-40CA-A777-A2F023EE7CE5} - System32\Tasks\SafeZone scheduled Autoupdate 1468395287 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
Task: {B80B82BB-EF32-41FC-82B7-78EA124485F8} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {B8541BDC-C229-498C-9F4F-02E7897007D0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BAEE117B-20B4-49EA-94A2-D757CE74E18B} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C0A62DD1-8D88-461C-9C33-F2C8D95B7E96} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {C46D555E-5316-4225-A0CB-AFAB83884B92} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {CA209243-FFD3-4C33-8101-CF53D720C344} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {CF6BACCB-9D76-40B6-856B-CECD23D41A98} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-15] (Adobe Systems Incorporated)
Task: {D33852CA-C423-4FD3-AC01-697759769829} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D782539E-54DF-45F8-90F6-951427FFC7B4} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-10-16] (AVAST Software)
Task: {DEF151C3-B59E-4422-A179-525AAFD37BD9} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {E0D19953-D892-471E-961F-B2658F4AC061} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2017-09-14] (PC-Doctor, Inc.)
Task: {E62DE1F3-BD84-487F-A707-A79B2ABBACDA} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {E7CE2F71-A981-4344-A9D2-3CF6FE79E734} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {ECB6050B-1EED-402B-8686-244B9ACDCB1D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EF27317C-6B18-49A2-BD32-B213F6AD303B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {EF62269D-A795-4E81-B886-6C8C9588251C} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F1CE8E25-1616-48BE-B86E-5C84858F44AB} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => c:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {F30E92D8-2E02-4AC5-9676-2306A554DA32} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2017-09-14] (PC-Doctor, Inc.)
Task: {F365DE6C-571F-4B97-B178-88BE6EF6442A} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F42C484E-407B-4ADC-B50D-222B99AEEB7F} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2017-09-22] (Dell Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-07-21 12:07 - 2017-05-01 15:51 - 000133752 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-06-21 11:36 - 2016-01-25 10:55 - 000084616 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2014-03-23 02:43 - 2017-01-17 03:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2017-10-16 18:53 - 2017-10-16 18:53 - 000067408 _____ () C:\Program Files\AVAST Software\Avast\x64\module_lifetime.dll
2017-03-18 15:58 - 2017-03-18 15:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-19 17:34 - 2017-01-31 07:34 - 008909512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2017-03-18 15:59 - 2017-03-18 21:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-11-11 15:49 - 2017-11-11 15:52 - 000087552 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-11-11 15:49 - 2017-11-11 15:52 - 000206336 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-11-11 15:49 - 2017-11-11 15:52 - 025461760 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-11-07 02:26 - 2017-11-07 02:28 - 002552832 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\skypert.dll
2013-05-22 13:17 - 2013-05-22 13:17 - 000400704 _____ () C:\Users\Julie\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
2017-10-24 18:14 - 2017-11-02 07:51 - 000021848 _____ () C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
2013-05-09 17:58 - 2013-05-09 17:58 - 000119808 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
2017-09-13 17:35 - 2017-09-13 17:40 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11710.1001.27.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-10-10 14:46 - 2017-10-10 14:46 - 004252672 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1709.2703.0_x64__8wekyb3d8bbwe\Calculator.exe
2017-09-26 09:55 - 2017-09-26 09:56 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1709.2703.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-11-15 14:46 - 2017-11-15 15:00 - 000022016 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-11-15 14:46 - 2017-11-15 15:00 - 055109120 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-10-05 09:23 - 2017-10-05 09:27 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2017-11-15 14:46 - 2017-11-15 15:01 - 000164864 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\VideoPlugin.dll
2017-10-05 09:23 - 2017-10-05 09:24 - 000675328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\IPPNativePlugin.dll
2017-11-15 14:46 - 2017-11-15 14:55 - 003740160 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2017-11-15 14:46 - 2017-11-15 15:01 - 002051584 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2017-11-15 14:46 - 2017-11-15 15:00 - 020759040 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2017-11-15 14:46 - 2017-11-15 14:55 - 003607040 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-11-15 14:46 - 2017-11-15 14:49 - 003150848 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2017-08-29 14:28 - 2017-08-29 14:28 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-11-15 14:46 - 2017-11-15 15:00 - 000046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2017-11-15 14:46 - 2017-11-15 14:56 - 002493440 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Microsoft.People.AutoSuggest.dll
2017-11-15 14:46 - 2017-11-15 14:56 - 000919040 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Microsoft.People.PeoplePicker.dll
2017-11-15 14:46 - 2017-11-15 15:00 - 001363968 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-11-15 14:46 - 2017-11-15 14:55 - 000084480 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\MediaEngineVideoDataProvider.UWP.dll
2017-05-01 14:27 - 2017-05-01 14:27 - 000133992 _____ () C:\Program Files (x86)\Dell Update\ServiceTagPlusPlus.dll
2014-03-14 19:33 - 2013-07-16 20:39 - 001199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2017-10-16 18:53 - 2017-10-16 18:53 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-10-16 18:53 - 2017-10-16 18:53 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-07-12 23:39 - 2017-07-12 23:39 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-10-16 18:53 - 2017-10-16 18:53 - 000217088 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-10-16 18:53 - 2017-10-16 18:53 - 000244584 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-10-16 18:53 - 2017-10-16 18:53 - 000234280 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-11-15 13:17 - 2017-11-15 13:17 - 000703336 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-10-24 18:14 - 2017-11-02 07:50 - 000015360 _____ () C:\Program Files (x86)\Origin\libEGL.DLL
2017-10-24 18:14 - 2017-11-02 07:50 - 003090944 _____ () C:\Program Files (x86)\Origin\libGLESv2.dll
2010-12-17 12:56 - 2010-12-17 12:56 - 002603520 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtCore4.dll
2013-03-07 12:53 - 2013-03-07 12:53 - 000015872 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\featureController.dll
2010-12-17 12:56 - 2010-12-17 12:56 - 001006592 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtNetwork4.dll
2010-12-17 12:56 - 2010-12-17 12:56 - 000382464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtXml4.dll
2010-01-12 16:55 - 2010-01-12 16:55 - 000400384 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\sqlite3.dll
2010-01-12 16:55 - 2010-01-12 16:55 - 000322048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\log4cplus.dll
2010-12-16 12:16 - 2010-12-16 12:16 - 000195584 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\libgsoap.dll
2010-01-17 23:34 - 2010-01-17 23:34 - 000062464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\zlib1.dll
2013-03-07 12:55 - 2013-03-07 12:55 - 000472576 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\DeviceProfile.dll
2013-03-07 12:58 - 2013-03-07 12:58 - 000499488 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\plugin\PServerPlugin.dll
2013-03-07 12:54 - 2013-03-07 12:54 - 000013824 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\eventsSender.dll
2010-12-17 12:56 - 2010-12-17 12:56 - 014978048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtWebKit4.dll
2010-12-17 12:56 - 2010-12-17 12:56 - 009224704 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtGui4.dll
2010-12-17 12:56 - 2010-12-17 12:56 - 000317952 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\phonon4.dll

Confusd73 · Nov 16, 2017

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:02548DB5 [132]
AlternateDataStreams: C:\ProgramData\TEMP:02A78DF6 [223]
AlternateDataStreams: C:\ProgramData\TEMP:076F9EF8 [249]
AlternateDataStreams: C:\ProgramData\TEMP:084612C9 [462]
AlternateDataStreams: C:\ProgramData\TEMP:0B3B557D [440]
AlternateDataStreams: C:\ProgramData\TEMP:0E61938B [247]
AlternateDataStreams: C:\ProgramData\TEMP:10E0CEB1 [203]
AlternateDataStreams: C:\ProgramData\TEMP:115EA582 [139]
AlternateDataStreams: C:\ProgramData\TEMP:15684A86 [256]
AlternateDataStreams: C:\ProgramData\TEMP:1604D047 [237]
AlternateDataStreams: C:\ProgramData\TEMP:1740DC47 [111]
AlternateDataStreams: C:\ProgramData\TEMP:27790C06 [442]
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:2E1B8BE7 [146]
AlternateDataStreams: C:\ProgramData\TEMP:2F5A06FD [480]
AlternateDataStreams: C:\ProgramData\TEMP:38D2EA83 [228]
AlternateDataStreams: C:\ProgramData\TEMP:3D887DCC [125]
AlternateDataStreams: C:\ProgramData\TEMP:426D1496 [263]
AlternateDataStreams: C:\ProgramData\TEMP:43D2A298 [232]
AlternateDataStreams: C:\ProgramData\TEMP:46DC30C2 [132]
AlternateDataStreams: C:\ProgramData\TEMP:4E6B8D68 [198]
AlternateDataStreams: C:\ProgramData\TEMP:5118AE69 [125]
AlternateDataStreams: C:\ProgramData\TEMP:52E5A75A [470]
AlternateDataStreams: C:\ProgramData\TEMP:5387C3D4 [128]
AlternateDataStreams: C:\ProgramData\TEMP:54380FEC [240]
AlternateDataStreams: C:\ProgramData\TEMP:58E38390 [218]
AlternateDataStreams: C:\ProgramData\TEMP:5A750E35 [128]
AlternateDataStreams: C:\ProgramData\TEMP:5C28E25F [135]
AlternateDataStreams: C:\ProgramData\TEMP:5E05F78B [486]
AlternateDataStreams: C:\ProgramData\TEMP:614F17D3 [199]
AlternateDataStreams: C:\ProgramData\TEMP:699EFEED [258]
AlternateDataStreams: C:\ProgramData\TEMP:69AF9D20 [201]
AlternateDataStreams: C:\ProgramData\TEMP:6BFA43EB [241]
AlternateDataStreams: C:\ProgramData\TEMP:6C9F5E5E [418]
AlternateDataStreams: C:\ProgramData\TEMP:737160C1 [230]
AlternateDataStreams: C:\ProgramData\TEMP:77D98D08 [442]
AlternateDataStreams: C:\ProgramData\TEMP:7D288858 [245]
AlternateDataStreams: C:\ProgramData\TEMP:831C6B2D [217]
AlternateDataStreams: C:\ProgramData\TEMP:865F21BF [136]
AlternateDataStreams: C:\ProgramData\TEMP:89FC8EEB [514]
AlternateDataStreams: C:\ProgramData\TEMP:8C232F4D [236]
AlternateDataStreams: C:\ProgramData\TEMP:8E783B8E [456]
AlternateDataStreams: C:\ProgramData\TEMP:93F3E4C9 [118]
AlternateDataStreams: C:\ProgramData\TEMP:9597EAFE [474]
AlternateDataStreams: C:\ProgramData\TEMP:9836B5E4 [143]
AlternateDataStreams: C:\ProgramData\TEMP:A31B5E9B [476]
AlternateDataStreams: C:\ProgramData\TEMP:A384652A [412]
AlternateDataStreams: C:\ProgramData\TEMP:A81A3C86 [256]
AlternateDataStreams: C:\ProgramData\TEMP:AC0528D9 [430]
AlternateDataStreams: C:\ProgramData\TEMP:B01EC114 [246]
AlternateDataStreams: C:\ProgramData\TEMP:B2F435C0 [141]
AlternateDataStreams: C:\ProgramData\TEMP:B8791731 [147]
AlternateDataStreams: C:\ProgramData\TEMP:B8EB1B99 [470]
AlternateDataStreams: C:\ProgramData\TEMP:BCFEA004 [112]
AlternateDataStreams: C:\ProgramData\TEMP:C98828D3 [520]
AlternateDataStreams: C:\ProgramData\TEMP:C9AE9C42 [122]
AlternateDataStreams: C:\ProgramData\TEMP

3181BB4 [238]
AlternateDataStreams: C:\ProgramData\TEMP

37B4675 [124]
AlternateDataStreams: C:\ProgramData\TEMP

8AE9DD1 [246]
AlternateDataStreams: C:\ProgramData\TEMP

8D58038 [223]
AlternateDataStreams: C:\ProgramData\TEMP

A9A88B3 [428]
AlternateDataStreams: C:\ProgramData\TEMP

E274A16 [144]
AlternateDataStreams: C:\ProgramData\TEMP:E1D06077 [237]
AlternateDataStreams: C:\ProgramData\TEMP:E4FCDFD9 [224]
AlternateDataStreams: C:\ProgramData\TEMP:EC3A9923 [478]
AlternateDataStreams: C:\ProgramData\TEMP:F18C0087 [234]
AlternateDataStreams: C:\ProgramData\TEMP:F84B8DB5 [218]
AlternateDataStreams: C:\ProgramData\TEMP:F9DA089C [460]
AlternateDataStreams: C:\ProgramData\TEMP:FD4C7AD3 [458]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-860533698-1946648191-3752025309-1000\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-860533698-1946648191-3752025309-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Julie\AppData\Local\Microsoft\Windows\Themes\US-wp1.jpg
DNS Servers: 192.168.0.1 - 205.171.203.226
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{0573CFE6-0277-42AB-B14B-BE74EAFC1158}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{A14334E0-D445-48BE-9825-9CAD0F4F15EB}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{E0054BF4-1C11-420D-A038-08C4FFDBFC1C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B8BC9B37-5078-4940-8E9A-99E24A3DC2AD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{B954E97F-BC8D-42E2-948E-EDC06A700947}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{BA61AEB4-F836-403A-B976-CE0D4BF1498D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{A019EB6E-3867-4352-B84E-794FCA27360C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{328CB191-0002-4E3E-BF36-087F11F80AF0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3EBC9857-0F01-4822-9C65-FDAFDC92A38F}] => (Allow) C:\Users\Julie\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{2A7D74C7-E219-43D6-A8D1-23546C707C24}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{DEC4096E-7F6F-4136-BFB2-492FC9096093}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{E4550F2E-02DD-4909-8C66-A11227C9926C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{7ACB5C29-645B-4DE4-8556-EF53943A3845}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{684F9608-4A74-4AE5-9062-7AB9B175EAF3}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
FirewallRules: [{C3E69A9C-127B-4AAB-8E68-36DBABE93959}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
FirewallRules: [TCP Query User{0B872C8A-5E33-44E3-8FE9-686B975E62CA}C:\users\julie\appdata\local\amazon music\amazon music helper.exe] => (Block) C:\users\julie\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [UDP Query User{3F64B71E-EB0F-4608-BBB1-4A83A130180A}C:\users\julie\appdata\local\amazon music\amazon music helper.exe] => (Block) C:\users\julie\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [{903E5D1C-C7C5-4300-BD0C-6D82A73E3828}] => (Allow) C:\Program Files (x86)\Origin Games\Dynomite!\dynomite.exe
FirewallRules: [{55C5DDD1-8224-4B6A-A97C-2EB29CBBE1CD}] => (Allow) C:\Program Files (x86)\Origin Games\Dynomite!\dynomite.exe

==================== Restore Points =========================

24-10-2017 18:15:58 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
03-11-2017 16:53:29 Scheduled Checkpoint
12-11-2017 12:46:47 Scheduled Checkpoint
14-11-2017 15:25:50 Restore Operation

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/16/2017 01:24:04 AM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Type>System.Xml.XmlException</Type><Message><![CDATA[The '/' character, hexadecimal value 0x2F, cannot be included in a name.]]></Message><Source><![CDATA[System.Xml]]></Source><StackTrace><![CDATA[ at System.Xml.XmlDocument.CheckName(String name)
at System.Xml.XmlElement..ctor(XmlName name, Boolean empty, XmlDocument doc)
at System.Xml.XmlDocument.CreateElement(String prefix, String localName, String namespaceURI)
at System.Xml.XmlDocument.CreateElement(String name)
at eSupport.Common.Client.Core.LastUpdatedHelper.SetLastUpdatedValue(String type, String value)]]></StackTrace><SysInfo STag="BV2CJ02" SMBIOSMajVer="2" SMBIOSMinVer="7" SMBIOSBIOSVer="A06" SMBIOSPresent="True" Rel_Date="20131118000000.000000+000" DSDVersion="" Vendor="Dell Inc." PName="XPS 8700" Ident_Num="JULIE-PC" TimeZone="(UTC-05:00) Eastern Time (US & Canada)" OSName="Microsoft Windows 10 Home"/><Method>UpdateLastUpdatedConfig</Method><HostIP>192.168.0.2</HostIP></Exception>

Error: (11/16/2017 01:24:02 AM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Type>System.Xml.XmlException</Type><Message><![CDATA[The '/' character, hexadecimal value 0x2F, cannot be included in a name.]]></Message><Source><![CDATA[System.Xml]]></Source><StackTrace><![CDATA[ at System.Xml.XmlDocument.CheckName(String name)
at System.Xml.XmlElement..ctor(XmlName name, Boolean empty, XmlDocument doc)
at System.Xml.XmlDocument.CreateElement(String prefix, String localName, String namespaceURI)
at System.Xml.XmlDocument.CreateElement(String name)
at eSupport.Common.Client.Core.LastUpdatedHelper.SetLastUpdatedValue(String type, String value)]]></StackTrace><SysInfo STag="BV2CJ02" SMBIOSMajVer="2" SMBIOSMinVer="7" SMBIOSBIOSVer="A06" SMBIOSPresent="True" Rel_Date="20131118000000.000000+000" DSDVersion="" Vendor="Dell Inc." PName="XPS 8700" Ident_Num="JULIE-PC" TimeZone="(UTC-05:00) Eastern Time (US & Canada)" OSName="Microsoft Windows 10 Home"/><Method>UpdateLastUpdatedConfig</Method><HostIP>192.168.0.2</HostIP></Exception>

Error: (11/16/2017 01:10:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: esu.exe, version: 1.0.0.0, time stamp: 0x58dac8d5
Faulting module name: KERNELBASE.dll, version: 10.0.15063.726, time stamp: 0x32774c02
Exception code: 0xe0434352
Fault offset: 0x000ecbb2
Faulting process id: 0x23c0
Faulting application start time: 0x01d35ea18ce61196
Faulting application path: C:\Program Files (x86)\Garmin\Express SelfUpdater\esu.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 80e9cfcf-92f7-4a0c-bbad-a1a03e6a8137
Faulting package full name:
Faulting package-relative application ID:

Error: (11/16/2017 01:10:09 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: esu.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
at Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61.MoveNext()
at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[[Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61, ExpressSelfUpdater, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]](<UpdateDatacenterOverridesAsync>d__61 ByRef)
at Garmin.Omt.Service.Shared.Overrides.UpdateDatacenterOverridesAsync(Boolean)
at Garmin.Omt.Service.Shared.Overrides..cctor()

Exception Info: System.TypeInitializationException
at Garmin.Omt.Service.Shared.Overrides.get_OmtBaseUrl()
at Garmin.Omt.Express.SelfUpdater.Program.RealMain()
at Garmin.Omt.Express.SelfUpdater.Program.Main(System.String[])

Error: (11/15/2017 08:21:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: bfgclient.exe, version: 3.3.0.2, time stamp: 0x53179a91
Faulting module name: ntdll.dll, version: 10.0.15063.608, time stamp: 0x802f667e
Exception code: 0xc0000005
Fault offset: 0x0004b2e3
Faulting process id: 0x2690
Faulting application start time: 0x01d35e4cf3ed87c8
Faulting application path: C:\Program Files (x86)\bfgclient\bfgclient.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 12ab77e6-d491-4c7c-acf2-5777f53e1ee1
Faulting package full name:
Faulting package-relative application ID:

Error: (11/15/2017 02:37:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vpnui.exe, version: 4.2.1035.0, time stamp: 0x567aa1ef
Faulting module name: vpnui.exe, version: 4.2.1035.0, time stamp: 0x567aa1ef
Exception code: 0xc000041d
Fault offset: 0x0000f5a8
Faulting process id: 0x3198
Faulting application start time: 0x01d35e492b22f24f
Faulting application path: C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
Faulting module path: C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
Report Id: af3cd0df-eff0-4e01-8c42-bce36ac0bc29
Faulting package full name:
Faulting package-relative application ID:

Error: (11/15/2017 02:37:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vpnui.exe, version: 4.2.1035.0, time stamp: 0x567aa1ef
Faulting module name: vpnui.exe, version: 4.2.1035.0, time stamp: 0x567aa1ef
Exception code: 0xc0000005
Fault offset: 0x0000f5a8
Faulting process id: 0x3198
Faulting application start time: 0x01d35e492b22f24f
Faulting application path: C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
Faulting module path: C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
Report Id: 2657805e-7b98-46d2-b903-eb5a35edf45b
Faulting package full name:
Faulting package-relative application ID:

Error: (11/15/2017 01:19:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: esu.exe, version: 1.0.0.0, time stamp: 0x58dac8d5
Faulting module name: KERNELBASE.dll, version: 10.0.15063.674, time stamp: 0x6d16dd24
Exception code: 0xe0434352
Fault offset: 0x000eb872
Faulting process id: 0x1b54
Faulting application start time: 0x01d35e3e468fdb58
Faulting application path: C:\Program Files (x86)\Garmin\Express SelfUpdater\esu.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: f0b37820-3e8c-4ae4-9195-037226aeb42f
Faulting package full name:
Faulting package-relative application ID:

Error: (11/15/2017 01:19:54 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: esu.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
at Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61.MoveNext()
at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[[Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61, ExpressSelfUpdater, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]](<UpdateDatacenterOverridesAsync>d__61 ByRef)
at Garmin.Omt.Service.Shared.Overrides.UpdateDatacenterOverridesAsync(Boolean)
at Garmin.Omt.Service.Shared.Overrides..cctor()

Exception Info: System.TypeInitializationException
at Garmin.Omt.Service.Shared.Overrides.get_OmtBaseUrl()
at Garmin.Omt.Express.SelfUpdater.Program.RealMain()
at Garmin.Omt.Express.SelfUpdater.Program.Main(System.String[])

Error: (11/15/2017 09:41:55 AM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Type>System.Xml.XmlException</Type><Message><![CDATA[The '/' character, hexadecimal value 0x2F, cannot be included in a name.]]></Message><Source><![CDATA[System.Xml]]></Source><StackTrace><![CDATA[ at System.Xml.XmlDocument.CheckName(String name)
at System.Xml.XmlElement..ctor(XmlName name, Boolean empty, XmlDocument doc)
at System.Xml.XmlDocument.CreateElement(String prefix, String localName, String namespaceURI)
at System.Xml.XmlDocument.CreateElement(String name)
at eSupport.Common.Client.Core.LastUpdatedHelper.SetLastUpdatedValue(String type, String value)]]></StackTrace><SysInfo STag="BV2CJ02" SMBIOSMajVer="2" SMBIOSMinVer="7" SMBIOSBIOSVer="A06" SMBIOSPresent="True" Rel_Date="20131118000000.000000+000" DSDVersion="" Vendor="Dell Inc." PName="XPS 8700" Ident_Num="JULIE-PC" TimeZone="(UTC-05:00) Eastern Time (US & Canada)" OSName="Microsoft Windows 10 Home"/><Method>UpdateLastUpdatedConfig</Method><HostIP>192.168.0.2</HostIP></Exception>

System errors:
=============
Error: (11/16/2017 12:02:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (11/16/2017 12:02:55 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.

Error: (11/16/2017 12:01:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/16/2017 12:01:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/15/2017 11:57:54 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Computer Browser service terminated with the following service-specific error:
%%2331 = The operation is invalid for this device.

Error: (11/15/2017 11:56:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (11/15/2017 11:56:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.

Error: (11/15/2017 11:56:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Device Interaction Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (11/15/2017 11:56:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Device Interaction Service service to connect.

Error: (11/15/2017 11:56:12 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

CodeIntegrity:
===================================
Date: 2017-10-17 18:04:44.885
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2017-10-17 18:04:44.866
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2017-10-17 18:04:44.835
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

Date: 2017-10-17 18:04:44.725
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2017-10-17 18:04:44.714
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2017-10-17 18:04:44.703
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

Date: 2017-10-17 18:04:43.722
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

Date: 2017-10-17 18:04:43.419
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

Date: 2017-10-17 18:03:35.822
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2017-10-17 18:03:35.804
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4440 CPU @ 3.10GHz
Percentage of memory in use: 42%
Total physical RAM: 8143.24 MB
Available physical RAM: 4690.72 MB
Total Virtual: 16335.24 MB
Available Virtual: 11813.45 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:909.81 GB) (Free:775.64 GB) NTFS
Drive I: (CENTON USB) (Removable) (Total:7.49 GB) (Free:3.29 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: D1E78664)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=21.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=909.8 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 7.5 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.5 GB) - (Type=0C)

==================== End of Addition.txt ============================

Broni · Nov 16, 2017

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs
Double click on downloaded setup.exe file to install the program.
Click on Start Scan button.
Click on another Start Scan button.
Wait until the Status box shows Scan Finished
Click on Remove Selected.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
Then click Finish.
Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
Restart your computer when prompted to do so.
The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8/10 users right-click and select Run As Administrator
The tool will start to update the database if one is required.
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Logfile button.
A window will open which lists the logs of your scans.
Click on the Scan tab.
Double-click the most recent scan which will be at the top of the list....the log will appear.
Review the results...see note below
After reviewing the log, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

Confusd73 · Nov 20, 2017

When Roguekiller finished there were 5 files showing up but only 2 had check marks beside them so I only did the ones it had selected.
Rogue Killer report:

RogueKiller V12.11.25.0 (x64) [Nov 20 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.15063) 64 bits version
Started in : Normal mode
User : Julie [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 11/20/2017 10:48:30 (Duration : 00:33:54)
Switches : -refid

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-860533698-1946648191-3752025309-1002\Software\Microsoft\Internet Explorer\Main | Start Page : http://dell13.msn.com/?pc=DCJB -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-860533698-1946648191-3752025309-1002\Software\Microsoft\Internet Explorer\Main | Start Page : http://dell13.msn.com/?pc=DCJB -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-860533698-1946648191-3752025309-1002\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell13.msn.com/?pc=DCJB -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-860533698-1946648191-3752025309-1002\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell13.msn.com/?pc=DCJB -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 2 ¤¤¤
[PUP.Gen1][Folder] C:\Users\Julie\AppData\Roaming\Pogo Games -> Deleted
[PUP.Gen1][Folder] C:\Users\Julie\AppData\Roaming\Pogo Games\Common\Cache -> Deleted
[PUP.Gen1][Folder] C:\Users\Julie\AppData\Roaming\Pogo Games\Common -> Deleted
[PUP.Gen1][Folder] C:\Users\Julie\AppData\Roaming\Pogo Games\wordwhomp_cdl\Cache -> Deleted
[PUP.Gen1][File] C:\Users\Julie\AppData\Roaming\Pogo Games\wordwhomp_cdl\Properties\highscores.prod.dat -> Deleted
[PUP.Gen1][File] C:\Users\Julie\AppData\Roaming\Pogo Games\wordwhomp_cdl\Properties\player.prod.dat -> Deleted
[PUP.Gen1][File] C:\Users\Julie\AppData\Roaming\Pogo Games\wordwhomp_cdl\Properties\Registry.properties -> Deleted
[PUP.Gen1][Folder] C:\Users\Julie\AppData\Roaming\Pogo Games\wordwhomp_cdl\Properties -> Deleted
[PUP.Gen1][Folder] C:\Users\Julie\AppData\Roaming\Pogo Games\wordwhomp_cdl -> Deleted
[Adw.WifiHotSpot][Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HotSpot -> Deleted
[Adw.WifiHotSpot][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HotSpot\HotSpot.lnk -> Deleted

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ATA WDC WD10EZEX-75M SCSI Disk Device +++++
--- User ---
[MBR] c4a16dd5c3f18862afea980b04904e60
[BSP] f504964dc2107869a4d29258350f6f91 : HP|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 22186 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 45518848 | Size: 931642 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: CF/MD Card +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: SM/xD Card +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: SD/mini-MMC/RS Card +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: MS/Pro/Duo Card +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

Confusd73 · Nov 20, 2017

Malwarebytes did not have an option for me to delete selected, only to quarantine selected. Also, I was not prompted to restart my computer.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 11/20/17
Scan Time: 11:42 AM
Log File: be869fac-ce11-11e7-afb4-f8b156de84e3.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.236
Update Package Version: 1.0.3303
License: Trial

-System Information-
OS: Windows 10 (Build 15063.726)
CPU: x64
File System: NTFS
User: Julie-PC\Julie

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 474014
Threats Detected: 1
Threats Quarantined: 1
Time Elapsed: 7 min, 50 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
Trojan.Kovter, C:\USERS\JULIE\DOWNLOADS\FIREFOX-UPDATE.JS, Quarantined, [47], [447252],1.0.3303

Physical Sector: 0
(No malicious items detected)

(end)

Edited to add: As I mentioned in my very first post, I did scan my computer on the 15th with Malwarebytes before I found Techspot-I have that report if you need it.

Confusd73 · Nov 20, 2017

# AdwCleaner 7.0.4.0 - Logfile created on Mon Nov 20 17:15:19 2017
# Updated on 2017/27/10 by Malwarebytes
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

No malicious registry entries deleted.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [945 B] - [2017/11/20 17:13:59]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

Broni · Nov 20, 2017

You did fine

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

Double click to run it.
Make sure you checkmark Addition.txt box.
Press Scan button.
Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

Confusd73 · Nov 21, 2017

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-09-2017 01 (ATTENTION: ====> FRSTversion is 65 days old and could be outdated)
Ran by Julie (administrator) on JULIE-PC (21-11-2017 13:32:51)
Running from C:\Users\Julie\Desktop\Techspot\FRST-OlderVersion
Loaded Profiles: UpdatusUser & Julie & DefaultAppPool (Available Profiles: UpdatusUser & Julie & DefaultAppPool)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Users\Julie\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Amazon Services LLC) C:\Users\Julie\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\nvapiw.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.XboxIdentityProvider_11.29.23003.0_x64__8wekyb3d8bbwe\XboxIdp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
() C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\AppVShNotify.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11710.1001.27.0_x64__8wekyb3d8bbwe\WinStore.App.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1709.2703.0_x64__8wekyb3d8bbwe\Calculator.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\imstrayicon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\bfgclient\bfggameservices.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-03] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-02-06] (Intel Corporation)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\athbttray.exe [801920 2012-12-27] (Atheros Commnucations)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-10-16] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1285704 2014-08-08] (CANON INC.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-860533698-1946648191-3752025309-1000\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517120 2017-03-18] (Microsoft Corporation)
HKU\S-1-5-21-860533698-1946648191-3752025309-1002\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Julie\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-860533698-1946648191-3752025309-1002\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421736 2017-03-28] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-860533698-1946648191-3752025309-1002\...\Run: [Amazon Music Helper] => C:\Users\Julie\AppData\Local\Amazon Music\Amazon Music Helper.exe [3981288 2017-11-13] (Amazon Services LLC)
HKU\S-1-5-21-860533698-1946648191-3752025309-1002\...\MountPoints2: {2f3a58a5-b38a-11e7-9daf-9cd21e5b043c} - "J:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-860533698-1946648191-3752025309-1002\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517120 2017-03-18] (Microsoft Corporation)
Startup: C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk [2015-08-24]
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\Julie\AppData\Roaming\VERIZON\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.203.226
Tcpip\..\Interfaces\{7c3e1ef1-f2d1-471c-a893-6d95b24f8432}: [DhcpNameServer] 192.168.0.1 205.171.203.226
Tcpip\..\Interfaces\{8d9c2332-e1b8-4bad-ac4b-91474b9c610b}: [DhcpNameServer] 192.168.0.1 205.171.203.226

Internet Explorer:
==================
HKU\S-1-5-21-860533698-1946648191-3752025309-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-860533698-1946648191-3752025309-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKU\S-1-5-21-860533698-1946648191-3752025309-1002 -> DefaultScope {22A73F88-9445-4103-BAC9-3A3DACC0DF07} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-860533698-1946648191-3752025309-1002 -> {22A73F88-9445-4103-BAC9-3A3DACC0DF07} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-860533698-1946648191-3752025309-1002 -> {B34E0CBB-5D9E-4AA1-8222-E1AA0A9C9439} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-09-05] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2017-09-05] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-09-05] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2012-12-27] (Atheros Commnucations)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Julie\AppData\Roaming\Mozilla\Firefox\Profiles\3tzwc4pk.default [2017-11-21]
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\3tzwc4pk.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\3tzwc4pk.default -> hxxps://www.google.com/
FF Extension: (Activity Stream) - C:\Program Files (x86)\Mozilla Firefox\browser\features\activity-stream@mozilla.org.xpi [2017-11-20] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2017-11-15] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-15] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-07-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-07-16] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-03-23] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-860533698-1946648191-3752025309-1002: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Julie\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7446024 2017-10-16] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-10-16] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [330832 2017-10-16] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058416 2017-09-05] (Microsoft Corporation)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [208760 2017-07-27] (Dell Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3294584 2017-07-27] (Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217464 2017-07-27] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [230248 2017-05-01] (Dell Inc.)
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1099280 2017-03-28] (Garmin Ltd. or its subsidiaries)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-02-06] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [84616 2016-01-25] ()
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-07-16] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-07-16] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-10-27] (NVIDIA Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-08-03] (Realtek Semiconductor)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [53208 2017-09-22] (Dell Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-21] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [327296 2012-12-27] (Atheros) [File not signed]
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2012-12-26] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [183584 2017-11-21] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [321032 2017-11-21] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [198968 2017-11-21] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343288 2017-11-21] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57728 2017-11-21] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [47008 2017-11-21] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [41832 2017-09-01] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [148288 2017-11-21] (AVAST Software)
R1 aswNetSec; C:\WINDOWS\System32\drivers\aswNetSec.sys [570152 2017-11-21] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110376 2017-11-21] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84416 2017-11-21] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1026232 2017-11-21] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [455376 2017-11-21] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [203976 2017-11-21] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [364464 2017-11-21] (AVAST Software)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32960 2017-06-20] (Dell Inc.)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [32568 2017-06-20] (Dell Computer Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2017-11-01] ()
U1 lpsport; C:\Windows\System32\Drivers\lpsport.sys [61304 2017-11-15] ()
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193464 2017-11-20] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2017-11-20] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2017-11-20] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2017-11-20] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-11-21] (Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_desktop_ref4wu.inf_amd64_0109a19b5125cb43\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
U3 idsvc; no ImagePath
S3 vpnva; \SystemRoot\System32\drivers\vpnva64-6.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-21 12:19 - 2017-11-21 12:19 - 000002472 _____ C:\Users\Public\Desktop\Play Mystery Case Files - The Revenants Hunt Collectors Edition.lnk
2017-11-21 12:19 - 2017-11-21 12:19 - 000000000 ____D C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystery Case Files - The Revenants Hunt Collectors Edition
2017-11-21 12:19 - 2017-11-21 12:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mystery Case Files - The Revenants Hunt Collectors Edition
2017-11-21 12:19 - 2017-11-21 12:19 - 000000000 ____D C:\Program Files (x86)\Mystery Case Files - The Revenants Hunt Collectors Edition
2017-11-21 09:21 - 2017-11-21 09:21 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.151127409164002
2017-11-21 09:21 - 2017-11-21 09:20 - 000183584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2017-11-21 09:20 - 2017-11-21 09:20 - 000365168 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-11-20 12:18 - 2017-11-20 12:18 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-11-20 12:12 - 2017-11-20 12:25 - 000000000 ____D C:\AdwCleaner
2017-11-20 12:11 - 2017-11-20 12:12 - 008261584 _____ (Malwarebytes) C:\Users\Julie\Downloads\AdwCleaner.exe
2017-11-20 11:41 - 2017-11-21 12:22 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-11-20 11:41 - 2017-11-20 12:17 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-11-20 11:41 - 2017-11-20 12:17 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-11-20 11:41 - 2017-11-20 12:17 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-11-20 11:41 - 2017-11-20 11:41 - 000193464 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2017-11-20 11:41 - 2017-11-20 11:41 - 000001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-20 11:41 - 2017-11-20 11:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-20 11:41 - 2017-11-01 08:54 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-11-20 11:36 - 2017-11-20 11:39 - 078346672 _____ (Malwarebytes ) C:\Users\Julie\Downloads\mb3-setup-consumer-3.3.1.2183.exe
2017-11-20 10:48 - 2017-11-20 11:42 - 000000000 ____D C:\ProgramData\RogueKiller
2017-11-20 10:48 - 2017-11-20 10:48 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-11-20 10:48 - 2017-11-20 10:48 - 000000901 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-11-20 10:48 - 2017-11-20 10:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-11-20 10:48 - 2017-11-20 10:48 - 000000000 ____D C:\Program Files\RogueKiller
2017-11-20 10:44 - 2017-11-20 10:46 - 036141704 _____ (Adlice Software ) C:\Users\Julie\Downloads\RogueKiller_setup_ref3.exe
2017-11-19 13:24 - 2017-11-19 13:24 - 000002201 _____ C:\Users\Public\Desktop\Play The Timebuilders - Pyramid Rising.lnk
2017-11-19 13:24 - 2017-11-19 13:24 - 000000000 ____D C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Timebuilders - Pyramid Rising
2017-11-19 13:24 - 2017-11-19 13:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Timebuilders - Pyramid Rising
2017-11-19 13:24 - 2017-11-19 13:24 - 000000000 ____D C:\Program Files (x86)\The Timebuilders - Pyramid Rising
2017-11-19 13:23 - 2017-11-19 13:23 - 000000000 ____D C:\Users\Julie\AppData\Roaming\WendigoStudios
2017-11-19 13:21 - 2017-11-21 12:19 - 000001306 _____ C:\Users\Public\Desktop\More Great Games.lnk
2017-11-19 13:21 - 2017-11-19 13:21 - 000002243 _____ C:\Users\Public\Desktop\Play The Timebuilders - Caveman's Prophecy.lnk
2017-11-19 13:21 - 2017-11-19 13:21 - 000000000 ____D C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Timebuilders - Caveman's Prophecy
2017-11-19 13:21 - 2017-11-19 13:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Timebuilders - Caveman's Prophecy
2017-11-19 13:21 - 2017-11-19 13:21 - 000000000 ____D C:\Program Files (x86)\The Timebuilders - Caveman's Prophecy
2017-11-19 13:04 - 2017-11-19 13:04 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p114428393_s1_l1.exe
2017-11-19 13:04 - 2017-11-19 13:04 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p114160218_s1_l1.exe
2017-11-18 00:25 - 2017-11-18 02:23 - 000000000 ____D C:\ProgramData\FarmFrenzy3_Arctica
2017-11-17 22:20 - 2017-11-17 22:20 - 000000000 ____D C:\Users\Julie\AppData\Local\NVIDIA
2017-11-17 17:45 - 2017-11-17 17:45 - 000002491 _____ C:\Users\Public\Desktop\Play Redemption Cemetery - One Foot in the Grave Collector's Edition.lnk
2017-11-17 17:43 - 2017-11-17 17:45 - 000000000 ____D C:\Program Files (x86)\Redemption Cemetery - One Foot in the Grave Collector's Edition
2017-11-17 17:43 - 2017-11-17 17:43 - 000000000 ____D C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Redemption Cemetery - One Foot in the Grave Collector's Edition
2017-11-17 17:43 - 2017-11-17 17:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Redemption Cemetery - One Foot in the Grave Collector's Edition
2017-11-17 16:15 - 2017-11-17 16:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-11-17 16:14 - 2017-11-17 16:14 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-11-17 16:14 - 2017-11-09 05:39 - 000540784 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-11-17 16:14 - 2017-11-09 05:39 - 000446392 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2017-11-17 16:14 - 2017-10-27 11:06 - 000136312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-11-17 16:14 - 2017-09-13 18:20 - 000798008 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-11-17 16:14 - 2017-09-13 18:20 - 000490296 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-11-17 16:14 - 2017-09-13 18:19 - 000927544 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-11-17 16:14 - 2017-09-13 18:19 - 000591160 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-11-17 00:55 - 2017-11-17 00:55 - 000000000 ____D C:\Users\Julie\AppData\Roaming\AMAX Interactive
2017-11-16 11:46 - 2017-11-16 11:46 - 000662083 _____ C:\Users\Julie\Desktop\7 apps that are quietly killing your data plan - CNET.html
2017-11-16 11:46 - 2017-11-16 11:46 - 000000000 ____D C:\Users\Julie\Desktop\7 apps that are quietly killing your data plan - CNET_files
2017-11-16 09:57 - 2017-11-21 13:32 - 000000000 ____D C:\FRST
2017-11-16 09:56 - 2017-11-20 12:07 - 000000000 ____D C:\Users\Julie\Desktop\Techspot
2017-11-16 00:02 - 2017-11-16 00:02 - 000001212 _____ C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Music.lnk
2017-11-15 20:20 - 2017-11-15 20:20 - 000000000 ____D C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adelantado Trilogy - Book Two
2017-11-15 20:20 - 2017-11-15 20:20 - 000000000 ____D C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adelantado Trilogy - Book One
2017-11-15 20:20 - 2017-11-15 20:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adelantado Trilogy - Book Two
2017-11-15 20:20 - 2017-11-15 20:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adelantado Trilogy - Book One
2017-11-15 20:20 - 2017-11-15 20:20 - 000000000 ____D C:\Program Files (x86)\Adelantado Trilogy - Book Two
2017-11-15 20:20 - 2017-11-15 20:20 - 000000000 ____D C:\Program Files (x86)\Adelantado Trilogy - Book One
2017-11-15 20:19 - 2017-11-15 20:19 - 000000000 ____D C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adelantado Trilogy - Book Three
2017-11-15 20:19 - 2017-11-15 20:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adelantado Trilogy - Book Three
2017-11-15 20:19 - 2017-11-15 20:19 - 000000000 ____D C:\Program Files (x86)\Adelantado Trilogy - Book Three
2017-11-15 16:18 - 2017-11-15 16:18 - 000000000 ____D C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vampire Legends - The Untold Story of Elizabeth Bathory
2017-11-15 16:18 - 2017-11-15 16:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vampire Legends - The Untold Story of Elizabeth Bathory
2017-11-15 16:07 - 2017-11-02 00:13 - 000095640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2017-11-15 16:07 - 2017-11-02 00:04 - 001292360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-11-15 16:07 - 2017-11-02 00:03 - 000223640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-11-15 16:07 - 2017-11-01 23:49 - 001838848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-11-15 16:07 - 2017-11-01 23:45 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-11-15 16:07 - 2017-11-01 23:45 - 000613136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-11-15 16:07 - 2017-11-01 23:45 - 000362144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-11-15 16:07 - 2017-11-01 23:45 - 000354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-11-15 16:07 - 2017-11-01 23:45 - 000283544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-11-15 16:07 - 2017-11-01 23:45 - 000172952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-11-15 16:07 - 2017-11-01 23:45 - 000133896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-11-15 16:07 - 2017-11-01 23:44 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-11-15 16:07 - 2017-11-01 23:44 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-11-15 16:07 - 2017-11-01 23:43 - 020372896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-11-15 16:07 - 2017-11-01 23:35 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2017-11-15 16:07 - 2017-11-01 23:35 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-11-15 16:07 - 2017-11-01 23:30 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-11-15 16:07 - 2017-11-01 23:30 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-11-15 16:07 - 2017-11-01 23:30 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-11-15 16:07 - 2017-11-01 23:28 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-11-15 16:07 - 2017-11-01 23:27 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-11-15 16:07 - 2017-11-01 23:27 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertPKICmdlet.dll
2017-11-15 16:07 - 2017-11-01 23:26 - 005963776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-11-15 16:07 - 2017-11-01 23:26 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-11-15 16:07 - 2017-11-01 23:26 - 000371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-11-15 16:07 - 2017-11-01 23:26 - 000068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2017-11-15 16:07 - 2017-11-01 23:25 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-11-15 16:07 - 2017-11-01 23:25 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-11-15 16:07 - 2017-11-01 23:25 - 000364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-11-15 16:07 - 2017-11-01 23:24 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-11-15 16:07 - 2017-11-01 23:24 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-11-15 16:07 - 2017-11-01 23:24 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-11-15 16:07 - 2017-11-01 23:24 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2017-11-15 16:07 - 2017-11-01 23:23 - 000680960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2017-11-15 16:07 - 2017-11-01 23:23 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-11-15 16:07 - 2017-11-01 23:23 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-11-15 16:07 - 2017-11-01 23:22 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-11-15 16:07 - 2017-11-01 23:22 - 001494528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-11-15 16:07 - 2017-11-01 23:21 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-11-15 16:07 - 2017-11-01 23:21 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-11-15 16:07 - 2017-10-25 02:40 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-11-15 16:07 - 2017-10-15 10:09 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-11-15 16:07 - 2017-10-15 10:03 - 006765728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-11-15 16:07 - 2017-10-15 10:01 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-11-15 16:07 - 2017-10-15 09:49 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-11-15 16:07 - 2017-10-15 09:45 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-11-15 16:07 - 2017-10-15 09:45 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-11-15 16:07 - 2017-10-15 09:44 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-11-15 16:07 - 2017-10-15 09:44 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-11-15 16:07 - 2017-10-15 09:42 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-11-15 16:07 - 2017-10-15 09:42 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-11-15 16:07 - 2017-10-15 09:41 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-11-15 16:07 - 2017-10-15 09:41 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-11-15 16:07 - 2017-10-15 09:38 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-11-15 16:06 - 2017-11-02 00:13 - 000546712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-11-15 16:06 - 2017-11-01 23:36 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-11-15 16:06 - 2017-11-01 23:34 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-11-15 16:06 - 2017-11-01 23:34 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-11-15 16:06 - 2017-11-01 23:34 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2017-11-15 16:06 - 2017-11-01 23:32 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-11-15 16:06 - 2017-11-01 23:30 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-11-15 16:06 - 2017-11-01 23:26 - 001937408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2017-11-15 16:06 - 2017-11-01 23:23 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-11-15 16:06 - 2017-11-01 23:22 - 001884160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2017-11-15 16:05 - 2017-11-02 00:16 - 002398696 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-11-15 16:05 - 2017-11-02 00:15 - 001239448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-11-15 16:05 - 2017-11-02 00:10 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-11-15 16:05 - 2017-11-01 23:44 - 023680000 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-11-15 16:05 - 2017-11-01 23:34 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-11-15 16:05 - 2017-11-01 23:31 - 020512256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-11-15 16:05 - 2017-11-01 23:30 - 013381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-11-15 16:05 - 2017-11-01 23:29 - 019338240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-11-15 16:05 - 2017-11-01 23:29 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-11-15 16:05 - 2017-11-01 23:29 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-11-15 16:05 - 2017-11-01 23:28 - 023684096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-11-15 16:05 - 2017-11-01 23:27 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-11-15 16:05 - 2017-11-01 23:26 - 008197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-11-15 16:05 - 2017-11-01 23:26 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-11-15 16:05 - 2017-11-01 23:25 - 012227072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-11-15 16:05 - 2017-11-01 23:25 - 004727808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-11-15 16:05 - 2017-11-01 23:24 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-11-15 16:05 - 2017-11-01 23:22 - 006254080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-11-15 16:05 - 2017-11-01 23:21 - 003653120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-11-15 16:05 - 2017-11-01 23:21 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-11-15 16:05 - 2017-10-15 09:53 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-11-15 16:05 - 2017-10-15 09:49 - 000094616 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-11-15 16:05 - 2017-10-15 09:14 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-11-15 16:05 - 2017-10-15 09:10 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-11-15 16:04 - 2017-11-02 00:16 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-11-15 16:04 - 2017-11-02 00:16 - 002327448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-11-15 16:04 - 2017-11-02 00:13 - 000212888 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-11-15 16:04 - 2017-11-02 00:12 - 000727336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-11-15 16:04 - 2017-11-02 00:12 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-11-15 16:04 - 2017-11-02 00:12 - 000430848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2017-11-15 16:04 - 2017-11-02 00:12 - 000412752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-11-15 16:04 - 2017-11-02 00:12 - 000319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-11-15 16:04 - 2017-11-02 00:12 - 000144248 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-11-15 16:04 - 2017-11-02 00:05 - 000187800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-11-15 16:04 - 2017-11-01 23:34 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-11-15 16:04 - 2017-11-01 23:34 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-11-15 16:04 - 2017-11-01 23:30 - 000719872 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-11-15 16:04 - 2017-11-01 23:30 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-11-15 16:04 - 2017-11-01 23:30 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-11-15 16:04 - 2017-11-01 23:29 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-11-15 16:04 - 2017-11-01 23:28 - 000939008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2017-11-15 16:04 - 2017-11-01 23:27 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-11-15 16:04 - 2017-11-01 23:27 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-11-15 16:04 - 2017-11-01 23:25 - 011888128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-11-15 16:04 - 2017-11-01 23:25 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-11-15 16:04 - 2017-11-01 23:23 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-11-15 16:04 - 2017-11-01 23:22 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-11-15 16:04 - 2017-10-15 09:53 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-11-15 16:04 - 2017-10-15 09:13 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-11-15 16:04 - 2017-10-15 09:05 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-11-15 16:04 - 2017-10-15 09:04 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-11-15 16:04 - 2017-10-15 09:02 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2017-11-15 16:03 - 2017-11-02 00:21 - 001578904 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-11-15 16:03 - 2017-11-02 00:21 - 000678808 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-11-15 16:03 - 2017-11-02 00:21 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-11-15 16:03 - 2017-11-02 00:21 - 000379288 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-11-15 16:03 - 2017-11-02 00:21 - 000190360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-11-15 16:03 - 2017-11-02 00:21 - 000136088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-11-15 16:03 - 2017-11-02 00:20 - 002032536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-11-15 16:03 - 2017-11-02 00:20 - 001144728 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-11-15 16:03 - 2017-11-02 00:20 - 001015704 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-11-15 16:03 - 2017-11-02 00:20 - 000965016 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-11-15 16:03 - 2017-11-02 00:20 - 000821656 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-11-15 16:03 - 2017-11-02 00:20 - 000613784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-11-15 16:03 - 2017-11-02 00:20 - 000543640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe

Confusd73 · Nov 21, 2017

(Continued)

84248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-11-15 16:03 - 2017-11-02 00:20 - 000469568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2017-11-15 16:03 - 2017-11-02 00:20 - 000259992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-11-15 16:03 - 2017-11-02 00:20 - 000034712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-11-15 16:03 - 2017-11-02 00:15 - 000503704 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2017-11-15 16:03 - 2017-11-02 00:14 - 000667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-11-15 16:03 - 2017-11-02 00:14 - 000067992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2017-11-15 16:03 - 2017-11-02 00:13 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-11-15 16:03 - 2017-11-02 00:13 - 002443672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-11-15 16:03 - 2017-11-02 00:13 - 001345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-11-15 16:03 - 2017-11-02 00:12 - 000714648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-11-15 16:03 - 2017-11-02 00:12 - 000643192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-11-15 16:03 - 2017-11-02 00:12 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
2017-11-15 16:03 - 2017-11-02 00:12 - 000026472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-11-15 16:03 - 2017-11-02 00:11 - 021353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-11-15 16:03 - 2017-11-02 00:05 - 000871408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-11-15 16:03 - 2017-11-01 23:37 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-11-15 16:03 - 2017-11-01 23:37 - 001278976 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-11-15 16:03 - 2017-11-01 23:37 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-11-15 16:03 - 2017-11-01 23:37 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-11-15 16:03 - 2017-11-01 23:37 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-11-15 16:03 - 2017-11-01 23:36 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-11-15 16:03 - 2017-11-01 23:35 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-11-15 16:03 - 2017-11-01 23:35 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2017-11-15 16:03 - 2017-11-01 23:35 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-11-15 16:03 - 2017-11-01 23:34 - 000438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2017-11-15 16:03 - 2017-11-01 23:34 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageLiveTileTask.exe
2017-11-15 16:03 - 2017-11-01 23:34 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-11-15 16:03 - 2017-11-01 23:33 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-11-15 16:03 - 2017-11-01 23:33 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageHandlers.dll
2017-11-15 16:03 - 2017-11-01 23:33 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2017-11-15 16:03 - 2017-11-01 23:33 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-11-15 16:03 - 2017-11-01 23:33 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertPKICmdlet.dll
2017-11-15 16:03 - 2017-11-01 23:32 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2017-11-15 16:03 - 2017-11-01 23:32 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Storage.dll
2017-11-15 16:03 - 2017-11-01 23:31 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-11-15 16:03 - 2017-11-01 23:31 - 000411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-11-15 16:03 - 2017-11-01 23:31 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
2017-11-15 16:03 - 2017-11-01 23:30 - 007339008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-11-15 16:03 - 2017-11-01 23:30 - 000635392 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-11-15 16:03 - 2017-11-01 23:30 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2017-11-15 16:03 - 2017-11-01 23:30 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-11-15 16:03 - 2017-11-01 23:29 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-11-15 16:03 - 2017-11-01 23:29 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-11-15 16:03 - 2017-11-01 23:28 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-11-15 16:03 - 2017-11-01 23:28 - 000799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-11-15 16:03 - 2017-11-01 23:28 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-11-15 16:03 - 2017-11-01 23:27 - 000565248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-11-15 16:03 - 2017-11-01 23:27 - 000537600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2017-11-15 16:03 - 2017-11-01 23:26 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-11-15 16:03 - 2017-11-01 23:26 - 003060224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-11-15 16:03 - 2017-11-01 23:26 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-11-15 16:03 - 2017-11-01 23:26 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-11-15 16:03 - 2017-11-01 23:25 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-11-15 16:03 - 2017-11-01 23:25 - 002052608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-11-15 16:03 - 2017-11-01 23:25 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-11-15 16:03 - 2017-11-01 23:25 - 001713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-11-15 16:03 - 2017-11-01 23:25 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-11-15 16:03 - 2017-11-01 23:25 - 000877568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2017-11-15 16:03 - 2017-11-01 23:25 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-11-15 16:03 - 2017-11-01 23:23 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-11-15 16:03 - 2017-11-01 23:23 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-11-15 16:03 - 2017-11-01 23:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2017-11-15 16:03 - 2017-10-15 09:59 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-11-15 16:03 - 2017-10-15 09:57 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-11-15 16:03 - 2017-10-15 09:57 - 000409496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-11-15 16:03 - 2017-10-15 09:56 - 000872464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-11-15 16:03 - 2017-10-15 09:55 - 007910960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-11-15 16:03 - 2017-10-15 09:51 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-11-15 16:03 - 2017-10-15 09:15 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-11-15 16:03 - 2017-10-15 09:09 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-11-15 16:03 - 2017-10-15 09:09 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-11-15 16:03 - 2017-10-15 09:08 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-11-15 16:03 - 2017-10-15 09:08 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-11-15 16:03 - 2017-10-15 09:07 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-11-15 16:03 - 2017-10-15 09:05 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-11-15 16:03 - 2017-10-15 09:00 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-11-15 16:02 - 2017-11-01 23:24 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-11-15 15:13 - 2017-11-15 15:13 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p220292716_s1_l1.exe
2017-11-15 15:13 - 2017-11-15 15:13 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p204748311_s1_l1.exe
2017-11-15 15:13 - 2017-11-15 15:13 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p204748261_s1_l1.exe
2017-11-15 15:10 - 2017-11-15 15:11 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p276595098_s1_l1.exe
2017-11-15 13:16 - 2017-11-15 13:16 - 005996544 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2017-11-15 10:29 - 2017-11-15 10:29 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-11-15 10:29 - 2017-11-15 10:29 - 000000000 ____D C:\Program Files\Malwarebytes
2017-11-14 20:33 - 2017-11-15 13:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Urban Legends - The Maze
2017-11-14 20:33 - 2017-11-15 13:11 - 000000000 ____D C:\Program Files (x86)\Urban Legends - The Maze
2017-11-14 20:31 - 2017-11-15 13:11 - 000000000 ____D C:\Program Files (x86)\PuppetShow - Lost Town Collector's Edition
2017-11-14 20:30 - 2017-11-15 13:11 - 000000000 ____D C:\Program Files (x86)\PuppetShow - Souls of the Innocent Collectors Edition
2017-11-14 20:29 - 2017-11-15 13:11 - 000000000 ____D C:\Program Files (x86)\PuppetShow - Mystery of Joyville
2017-11-14 11:41 - 2017-11-14 23:55 - 000000000 ____D C:\Users\Julie\AppData\Roaming\Organic 2 Digital
2017-11-13 22:49 - 2017-11-13 22:49 - 000000000 ____D C:\Users\Julie\AppData\Roaming\Home Sweet Home
2017-11-13 22:41 - 2017-11-14 15:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Home Sweet Home 2 - Kitchens and Baths
2017-11-13 22:41 - 2017-11-14 15:39 - 000000000 ____D C:\Program Files (x86)\Home Sweet Home 2 - Kitchens and Baths
2017-11-13 22:40 - 2017-11-14 15:39 - 000000000 ____D C:\Program Files (x86)\Home Sweet Home - Christmas Edition
2017-11-13 22:35 - 2017-11-14 15:39 - 000000000 ____D C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Magic Encyclopedia
2017-11-13 22:35 - 2017-11-14 15:39 - 000000000 ____D C:\Program Files (x86)\Magic Encyclopedia
2017-11-13 22:33 - 2017-11-14 15:39 - 000000000 ____D C:\Program Files (x86)\Home Sweet Home
2017-11-13 22:32 - 2017-11-14 15:39 - 000000000 ____D C:\Program Files (x86)\Vampire Legends - The True Story of Kisilova
2017-11-13 22:13 - 2017-11-15 16:19 - 000000000 ____D C:\Program Files (x86)\Vampire Legends - The Untold Story of Elizabeth Bathory
2017-11-12 21:40 - 2017-11-12 21:40 - 000000000 ____D C:\Users\Julie\AppData\Roaming\bigwig_media
2017-11-12 14:36 - 2017-11-12 14:36 - 000000000 ____D C:\Users\Julie\AppData\LocalLow\Jumb_O_Fun Games Inc
2017-11-12 13:02 - 2017-11-14 15:39 - 000000000 ____D C:\Program Files (x86)\Campgrounds - The Endorus Expedition
2017-11-11 13:20 - 2017-11-11 13:20 - 000000000 ____D C:\Users\Julie\AppData\Roaming\Jumb-O-Fun Games
2017-11-10 20:41 - 2017-11-10 20:41 - 000000000 ____D C:\Users\Julie\AppData\Roaming\dingogames
2017-11-10 19:27 - 2017-11-10 19:27 - 000000000 ____D C:\ProgramData\BigFishGames
2017-11-09 05:32 - 2017-11-09 05:32 - 036248176 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-11-09 05:32 - 2017-11-09 05:32 - 029279672 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-11-09 05:32 - 2017-11-09 05:32 - 000989808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-11-09 05:32 - 2017-11-09 05:32 - 000624240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-11-09 05:32 - 2017-11-09 05:32 - 000514672 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-11-09 05:31 - 2017-11-09 05:31 - 000940984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-11-09 05:31 - 2017-11-09 05:31 - 000054192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2017-11-09 05:30 - 2017-11-09 05:30 - 004210288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-11-09 05:30 - 2017-11-09 05:30 - 001997744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438813.dll
2017-11-09 05:30 - 2017-11-09 05:30 - 001682544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438813.dll
2017-11-09 05:30 - 2017-11-09 05:30 - 001108408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-11-09 05:30 - 2017-11-09 05:30 - 001039800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-11-09 05:30 - 2017-11-09 05:30 - 000748144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2017-11-09 05:30 - 2017-11-09 05:30 - 000607160 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2017-11-09 05:29 - 2017-11-09 05:29 - 040246384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2017-11-09 05:29 - 2017-11-09 05:29 - 035165624 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-11-09 05:29 - 2017-11-09 05:29 - 003623024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-11-09 04:48 - 2017-11-09 04:48 - 023474480 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-11-09 04:48 - 2017-11-09 04:48 - 019212720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-11-09 04:48 - 2017-11-09 04:48 - 013379352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-11-09 04:48 - 2017-11-09 04:48 - 010986776 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-11-09 04:48 - 2017-11-09 04:48 - 001154288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-11-09 04:48 - 2017-11-09 04:48 - 000902312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-11-09 04:47 - 2017-11-09 04:47 - 013994128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-11-09 04:47 - 2017-11-09 04:47 - 011891200 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-11-09 04:47 - 2017-11-09 04:47 - 003859848 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-11-09 04:47 - 2017-11-09 04:47 - 001342000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-11-09 04:47 - 2017-11-09 04:47 - 001056720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-11-09 04:47 - 2017-11-09 04:47 - 000810304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-11-09 04:47 - 2017-11-09 04:47 - 000648728 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-11-09 04:08 - 2017-11-09 04:08 - 000000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-11-09 04:08 - 2017-11-09 04:08 - 000000669 _____ C:\WINDOWS\system32\nv-vk64.json
2017-11-08 23:25 - 2017-11-08 23:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chuzzle - Christmas Edition
2017-11-08 23:25 - 2017-11-08 23:25 - 000000000 ____D C:\Program Files (x86)\Chuzzle - Christmas Edition
2017-11-08 21:19 - 2017-11-08 21:19 - 000000000 ____D C:\Users\Julie\AppData\Roaming\PlayFirst
2017-11-08 21:19 - 2017-11-08 21:19 - 000000000 ____D C:\ProgramData\PlayFirst
2017-11-08 21:18 - 2017-11-08 21:18 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p214632098_s1_l1.exe
2017-11-08 21:16 - 2017-11-08 21:16 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p245503921_s1_l1.exe
2017-11-08 21:08 - 2017-11-08 21:08 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p242144338_s1_l1.exe
2017-11-08 21:08 - 2017-11-08 21:08 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p209912651_s1_l1.exe
2017-11-08 21:07 - 2017-11-08 21:07 - 000000000 ____D C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wandering Willows
2017-11-08 21:07 - 2017-11-08 21:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wandering Willows
2017-11-08 21:07 - 2017-11-08 21:07 - 000000000 ____D C:\Program Files (x86)\Wandering Willows
2017-11-08 21:04 - 2017-11-08 21:04 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p40281896_s1_l1.exe
2017-11-08 20:37 - 2017-11-08 20:45 - 000000000 ____D C:\Users\Julie\Desktop\New folder (2)
2017-10-31 21:41 - 2017-10-31 21:41 - 000000000 ____D C:\Users\Public\Documents\BigFish
2017-10-29 15:06 - 2017-10-29 15:07 - 000000000 ____D C:\Program Files (x86)\Drawn - Trail of Shadows Collector's Edition
2017-10-29 15:06 - 2017-10-29 15:06 - 000000000 ____D C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Drawn - Trail of Shadows Collector's Edition
2017-10-29 15:06 - 2017-10-29 15:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drawn - Trail of Shadows Collector's Edition
2017-10-29 00:29 - 2017-10-29 00:30 - 000000000 ____D C:\Program Files (x86)\Drawn - Dark Flight Collector's Edition
2017-10-29 00:29 - 2017-10-29 00:29 - 000000000 ____D C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Drawn - Dark Flight Collector's Edition
2017-10-29 00:29 - 2017-10-29 00:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drawn - Dark Flight Collector's Edition
2017-10-29 00:02 - 2017-10-29 00:02 - 000000000 ____D C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Magic Encyclopedia - Illusions
2017-10-29 00:02 - 2017-10-29 00:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magic Encyclopedia - Illusions
2017-10-29 00:02 - 2017-10-29 00:02 - 000000000 ____D C:\Program Files (x86)\Magic Encyclopedia - Illusions
2017-10-28 23:55 - 2017-10-28 23:56 - 000000000 ____D C:\Program Files (x86)\Drawn - The Painted Tower
2017-10-28 23:55 - 2017-10-28 23:55 - 000000000 ____D C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Drawn - The Painted Tower
2017-10-28 23:55 - 2017-10-28 23:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drawn - The Painted Tower
2017-10-28 23:47 - 2017-10-28 23:47 - 000000000 ____D C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Magic Encyclopedia - Moon Light
2017-10-28 23:47 - 2017-10-28 23:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magic Encyclopedia - Moon Light
2017-10-28 23:47 - 2017-10-28 23:47 - 000000000 ____D C:\Program Files (x86)\Magic Encyclopedia - Moon Light
2017-10-28 23:32 - 2017-10-28 23:32 - 000000000 ____D C:\Users\Julie\AppData\Roaming\10tons
2017-10-28 23:32 - 2017-10-28 23:32 - 000000000 ____D C:\ProgramData\10tons
2017-10-28 23:31 - 2017-10-28 23:31 - 000000000 ____D C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\King Oddball
2017-10-28 23:31 - 2017-10-28 23:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\King Oddball
2017-10-28 23:31 - 2017-10-28 23:31 - 000000000 ____D C:\Program Files (x86)\King Oddball
2017-10-28 23:28 - 2017-10-28 23:28 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p167482147_s1_l1.exe
2017-10-28 23:25 - 2017-10-28 23:25 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p81900529_s1_l1.exe
2017-10-28 23:25 - 2017-10-28 23:25 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p64941726_s1_l1.exe
2017-10-28 23:25 - 2017-10-28 23:25 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p163576333_s1_l1.exe
2017-10-28 23:24 - 2017-10-28 23:24 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p72878659_s1_l1.exe
2017-10-28 23:24 - 2017-10-28 23:24 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p47944533_s1_l1.exe
2017-10-28 23:14 - 2017-10-28 23:19 - 000000000 ____D C:\Users\Julie\AppData\Roaming\Ancient Quest of Saqqarah__bfg
2017-10-28 00:26 - 2017-10-28 00:26 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p201579695_s1_l1.exe
2017-10-27 23:25 - 2017-10-27 23:25 - 000000000 ____D C:\ProgramData\Playrix Entertainment
2017-10-27 23:21 - 2017-10-27 23:22 - 000000000 ____D C:\Program Files (x86)\Gardenscapes 2
2017-10-27 23:21 - 2017-10-27 23:21 - 000000000 ____D C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gardenscapes 2
2017-10-27 23:21 - 2017-10-27 23:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gardenscapes 2
2017-10-27 22:58 - 2017-10-27 23:13 - 000000000 ____D C:\ProgramData\MumboJumbo
2017-10-27 22:42 - 2017-10-27 22:42 - 000000000 ____D C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ancient Quest of Saqqarah
2017-10-27 22:42 - 2017-10-27 22:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ancient Quest of Saqqarah
2017-10-27 22:42 - 2017-10-27 22:42 - 000000000 ____D C:\Program Files (x86)\Ancient Quest of Saqqarah
2017-10-27 22:36 - 2017-10-27 22:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fairy Godmother Tycoon
2017-10-27 22:35 - 2017-11-02 16:51 - 000000000 ____D C:\Program Files (x86)\Fairy Godmother Tycoon
2017-10-27 22:30 - 2017-10-27 22:31 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p18131780_s1_l1(1).exe
2017-10-27 22:30 - 2017-10-27 22:30 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p13570346_s1_l1(1).exe
2017-10-27 22:29 - 2017-10-27 22:29 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p18131780_s1_l1.exe
2017-10-27 22:29 - 2017-10-27 22:29 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p13570346_s1_l1.exe
2017-10-24 18:18 - 2017-10-24 18:18 - 000001248 _____ C:\Users\Public\Desktop\Dynomite!.lnk
2017-10-24 18:18 - 2017-10-24 18:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dynomite!
2017-10-24 18:18 - 2017-10-24 18:18 - 000000000 ____D C:\ProgramData\Electronic Arts
2017-10-24 18:17 - 2017-10-24 18:17 - 000000000 ____D C:\Program Files (x86)\Origin Games
2017-10-24 18:10 - 2017-11-20 13:44 - 000000000 ____D C:\ProgramData\Origin
2017-10-24 18:10 - 2017-10-24 18:10 - 000000000 ____D C:\Users\Julie\.QtWebEngineProcess
2017-10-24 18:10 - 2017-10-24 18:10 - 000000000 ____D C:\Users\Julie\.Origin
2017-10-24 18:08 - 2017-10-24 18:09 - 062399560 _____ (Electronic Arts) C:\Users\Julie\Downloads\OriginThinSetup.exe
2017-10-24 16:23 - 2017-10-24 16:23 - 000000000 ____D C:\ProgramData\Grey Alien Games
2017-10-24 16:22 - 2017-10-24 16:22 - 000000000 ____D C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fairway Solitaire
2017-10-24 16:22 - 2017-10-24 16:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fairway Solitaire
2017-10-24 16:22 - 2017-10-24 16:22 - 000000000 ____D C:\Program Files (x86)\Fairway Solitaire
2017-10-24 16:19 - 2017-10-24 16:19 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p15140841_s1_l1(1).exe
2017-10-24 15:34 - 2017-10-24 15:34 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p15140841_s1_l1.exe
2017-10-23 23:05 - 2017-10-29 00:10 - 000000000 ____D C:\Users\Julie\AppData\Roaming\Big Fish Games
2017-10-23 22:49 - 2017-10-23 22:50 - 000000000 ____D C:\Program Files (x86)\Fairway Collector's Edition
2017-10-23 22:49 - 2017-10-23 22:49 - 000000000 ____D C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fairway Collector's Edition
2017-10-23 22:49 - 2017-10-23 22:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fairway Collector's Edition
2017-10-23 22:42 - 2017-10-23 22:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elf Bowling 7 1-7 - The Last Insult
2017-10-23 22:42 - 2017-10-23 22:42 - 000000000 ____D C:\Program Files (x86)\Elf Bowling 7 1-7 - The Last Insult
2017-10-23 22:41 - 2017-10-23 22:41 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p119187012_s1_l1.exe
2017-10-23 22:41 - 2017-10-23 22:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elf Bowling - Hawaiian Vacation
2017-10-23 22:41 - 2017-10-23 22:41 - 000000000 ____D C:\Program Files (x86)\Elf Bowling - Hawaiian Vacation
2017-10-23 22:40 - 2017-10-23 22:40 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p65286339_s1_l1.exe
2017-10-23 22:40 - 2017-10-23 22:40 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p13394287_s1_l1.exe
2017-10-23 22:19 - 2017-10-23 22:19 - 000000000 ____D C:\ProgramData\Word Whomp Underground
2017-10-23 20:31 - 2017-10-23 20:31 - 000000000 ____D C:\Users\Julie\AppData\Roaming\AlawarEntertainment
2017-10-23 20:23 - 2017-10-23 20:23 - 000000110 _____ C:\WINDOWS\wininit.ini
2017-10-23 20:23 - 2017-10-23 20:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word Whomp Underground
2017-10-23 20:23 - 2017-10-23 20:23 - 000000000 ____D C:\Program Files (x86)\Word Whomp Underground
2017-10-23 20:22 - 2017-10-23 20:22 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p150406917_s1_l1.exe
2017-10-23 20:21 - 2017-10-23 22:16 - 000000000 ____D C:\Program Files (x86)\QBeez 2
2017-10-23 20:21 - 2017-10-23 20:21 - 000000000 ____D C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lost Head
2017-10-23 20:21 - 2017-10-23 20:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QBeez 2
2017-10-23 20:21 - 2017-10-23 20:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lost Head
2017-10-23 20:21 - 2017-10-23 20:21 - 000000000 ____D C:\Program Files (x86)\Lost Head
2017-10-23 20:20 - 2017-10-23 20:21 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p154180485_s1_l1.exe
2017-10-23 20:19 - 2017-10-23 20:19 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p158192941_s1_l1.exe
2017-10-23 18:40 - 2017-10-23 18:40 - 000000000 ____D C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Farm Frenzy 3 - Ice Age
2017-10-23 18:40 - 2017-10-23 18:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Feeding Frenzy
2017-10-23 18:40 - 2017-10-23 18:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Farm Frenzy 3 - Ice Age
2017-10-23 18:40 - 2017-10-23 18:40 - 000000000 ____D C:\Program Files (x86)\Feeding Frenzy
2017-10-23 18:40 - 2017-10-23 18:40 - 000000000 ____D C:\Program Files (x86)\Farm Frenzy 3 - Ice Age
2017-10-23 18:32 - 2017-10-23 18:32 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p91573531_s1_l1.exe
2017-10-23 18:32 - 2017-10-23 18:32 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p164468804_s1_l1.exe
2017-10-22 22:34 - 2017-10-22 22:34 - 000237568 _____ (Big Fish Games) C:\Users\Julie\Downloads\bigfishgames_p172546036_s1_l1.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-21 13:33 - 2016-12-05 21:25 - 000000000 ____D C:\Users\Julie\AppData\LocalLow\Mozilla
2017-11-21 13:29 - 2014-03-30 00:07 - 000000000 ____D C:\ProgramData\TEMP
2017-11-21 12:19 - 2009-07-14 00:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-11-21 12:03 - 2014-03-30 00:05 - 000000000 ____D C:\BigFishCache
2017-11-21 12:02 - 2017-07-21 12:04 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-11-21 09:21 - 2017-07-21 12:22 - 000003994 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-11-21 09:21 - 2014-03-21 10:55 - 000455376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-11-21 09:20 - 2017-07-21 12:22 - 000004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FF1E2CB9-9DF1-4F8D-872E-4E811BE6AA9E}
2017-11-21 09:20 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-21 09:20 - 2014-08-07 10:29 - 000047008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-11-21 09:20 - 2014-03-21 10:55 - 000455384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys.151127409375003
2017-11-21 09:20 - 2014-03-21 10:55 - 000364464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-11-21 09:20 - 2014-03-21 10:55 - 000203976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-11-21 09:20 - 2014-03-21 10:55 - 000148288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-11-21 09:20 - 2014-03-21 10:55 - 000110376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-11-21 09:20 - 2014-03-21 10:55 - 000084416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-11-21 09:19 - 2017-03-24 18:26 - 000343288 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-11-21 09:19 - 2017-03-24 18:26 - 000321032 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-11-21 09:19 - 2017-03-24 18:26 - 000198968 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-11-21 09:19 - 2017-03-24 18:26 - 000057728 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-11-21 09:19 - 2016-07-11 14:37 - 000570152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetSec.sys
2017-11-21 09:19 - 2014-03-21 10:55 - 001026232 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-11-21 01:17 - 2017-03-18 15:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-11-20 13:07 - 2017-03-18 16:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-11-20 13:06 - 2014-03-21 10:25 - 000000000 ____D C:\Program Files\Microsoft Office 15
2017-11-20 12:22 - 2017-07-21 12:07 - 001291740 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-20 12:19 - 2015-07-22 13:29 - 000000000 ____D C:\Users\Julie\AppData\Local\CrashDumps
2017-11-20 12:16 - 2017-07-21 12:22 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-20 12:16 - 2017-07-21 12:06 - 000000000 ____D C:\ProgramData\NVIDIA
2017-11-20 12:16 - 2016-12-04 19:08 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-11-20 12:16 - 2014-03-21 10:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-11-20 12:15 - 2017-03-18 06:40 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2017-11-20 11:27 - 2014-03-21 10:23 - 000001161 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-11-20 11:21 - 2009-07-13 22:20 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-11-20 10:54 - 2017-03-18 16:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-19 01:05 - 2017-01-09 22:14 - 000000000 ____D C:\Users\Julie\Desktop\SAVE-important
2017-11-17 16:15 - 2017-07-21 12:06 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-11-17 16:15 - 2017-07-21 12:06 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-11-17 16:15 - 2017-03-18 16:01 - 000000000 ____D C:\WINDOWS\INF
2017-11-17 16:15 - 2014-03-14 19:41 - 000000000 ____D C:\Temp
2017-11-17 16:13 - 2017-07-21 12:06 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-11-16 13:07 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\rescache
2017-11-16 10:50 - 2014-03-22 06:22 - 000000000 ____D C:\Users\Julie\Desktop\funnies_inspiration
2017-11-16 00:02 - 2016-06-22 09:40 - 000000000 ____D C:\Users\Julie\AppData\Local\Amazon Music
2017-11-16 00:01 - 2016-02-13 08:20 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-11-15 23:56 - 2017-07-21 12:04 - 000263488 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-11-15 23:54 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-11-15 23:54 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-11-15 23:54 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\Provisioning
2017-11-15 23:54 - 2017-03-18 16:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-11-15 23:54 - 2017-03-18 16:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-11-15 23:08 - 2017-09-17 19:36 - 000000000 ____D C:\Users\Julie\Desktop\WOODBURNING
2017-11-15 15:06 - 2014-03-14 19:37 - 000000000 ____D C:\Program Files (x86)\Cisco
2017-11-15 14:57 - 2016-06-22 09:40 - 000001301 _____ C:\Users\Julie\Desktop\Amazon Music.lnk
2017-11-15 13:17 - 2017-07-21 12:08 - 000000000 ____D C:\Users\UpdatusUser
2017-11-15 13:17 - 2017-07-21 12:08 - 000000000 ____D C:\Users\Julie
2017-11-15 13:17 - 2017-06-13 21:17 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2017-11-15 13:17 - 2017-03-18 06:40 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-11-15 13:17 - 2016-07-11 14:38 - 000001981 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Internet Security.lnk
2017-11-15 13:17 - 2015-07-01 16:34 - 000001969 _____ C:\Users\Public\Desktop\Avast Internet Security.lnk
2017-11-15 13:17 - 2014-03-21 10:55 - 001029872 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw146f70eabbf7cd2e.tmp
2017-11-15 13:16 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-11-15 13:16 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-11-15 13:16 - 2014-03-21 10:55 - 001020536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys.151076986295307
2017-11-15 13:14 - 2017-03-18 16:03 - 000000000 ___RD C:\Program Files\Windows Defender
2017-11-15 13:13 - 2017-07-21 12:08 - 000000000 ____D C:\Users\DefaultAppPool
2017-11-15 13:13 - 2017-03-18 16:03 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-11-15 13:13 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2017-11-15 13:13 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-11-15 13:13 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2017-11-15 13:13 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-11-15 13:12 - 2017-03-18 16:03 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-11-15 13:12 - 2017-03-18 16:03 - 000000000 ___RD C:\WINDOWS\PrintDialog
2017-11-15 13:12 - 2017-03-18 16:03 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-11-15 13:12 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2017-11-15 13:12 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml
2017-11-15 13:12 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\setup
2017-11-15 13:12 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-11-15 13:12 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\migwiz
2017-11-15 13:12 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\icsxml
2017-11-15 13:12 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\schemas
2017-11-15 13:12 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2017-11-15 13:12 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\appcompat
2017-11-15 13:12 - 2017-03-18 16:03 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2017-11-15 13:12 - 2017-03-18 06:40 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2017-11-15 13:12 - 2017-03-18 06:40 - 000000000 ____D C:\WINDOWS\system32\Dism
2017-11-15 13:12 - 2017-03-18 06:40 - 000000000 ____D C:\WINDOWS\servicing
2017-11-15 13:12 - 2016-06-22 09:40 - 000000000 ____D C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Music
2017-11-15 13:12 - 2014-03-30 00:37 - 000000000 ____D C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nightmares from the Deep - Davy Jones Collector's Edition
2017-11-15 13:12 - 2014-03-30 00:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nightmares from the Deep - Davy Jones Collector's Edition
2017-11-15 13:11 - 2014-03-30 00:37 - 000000000 ____D C:\Program Files (x86)\Nightmares from the Deep - Davy Jones Collector's Edition
2017-11-15 12:56 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\registration
2017-11-15 12:54 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\SystemResources
2017-11-15 12:50 - 2014-03-21 10:23 - 000000000 ____D C:\Users\Julie\AppData\Roaming\Mozilla
2017-11-15 12:09 - 2017-01-04 17:50 - 000000000 ____D C:\ProgramData\Cisco
2017-11-15 10:42 - 2016-05-26 09:34 - 000000000 ____D C:\Users\Julie\AppData\Local\Packages
2017-11-14 23:46 - 2016-06-21 11:10 - 000000000 ____D C:\ProgramData\CanonIJPLM
2017-11-14 21:57 - 2017-01-20 21:08 - 000000000 ____D C:\Users\Julie\AppData\Roaming\Elephant Games
2017-11-09 05:31 - 2017-05-19 18:22 - 001624168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2017-11-09 05:30 - 2017-05-19 18:22 - 000233904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2017-11-09 04:47 - 2017-05-19 17:00 - 004533184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-11-09 04:08 - 2017-05-19 13:39 - 000048442 _____ C:\WINDOWS\system32\nvinfo.pb
2017-11-08 20:20 - 2017-02-06 15:30 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-11-07 18:18 - 2017-07-09 16:28 - 000000111 _____ C:\WINDOWS\SysWOW64\SmartFlow.txt
2017-11-04 20:40 - 2017-03-18 16:06 - 000835568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-11-04 20:40 - 2017-03-18 16:06 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-02 21:44 - 2017-07-27 12:41 - 000003362 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-860533698-1946648191-3752025309-1002
2017-11-02 21:44 - 2016-05-26 09:39 - 000002405 _____ C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-11-02 21:44 - 2016-05-26 09:39 - 000000000 ___RD C:\Users\Julie\OneDrive
2017-10-28 09:24 - 2017-07-21 12:22 - 000003560 _____ C:\WINDOWS\System32\Tasks\PCDEventLauncherTask
2017-10-27 22:42 - 2014-03-30 00:07 - 000000000 ____D C:\ProgramData\Big Fish
2017-10-27 11:36 - 2017-07-21 12:06 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-10-27 11:12 - 2017-07-21 12:07 - 005960824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-10-27 11:12 - 2017-07-21 12:07 - 002587768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-10-27 11:12 - 2017-07-21 12:07 - 001766520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-10-27 11:12 - 2017-07-21 12:07 - 000607168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-10-27 11:12 - 2017-07-21 12:07 - 000449656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-10-27 11:12 - 2017-07-21 12:07 - 000123000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-10-27 11:12 - 2017-07-21 12:07 - 000081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-10-25 23:43 - 2017-07-21 12:22 - 000004374 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-10-25 05:33 - 2017-07-21 12:07 - 007802921 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-10-25 01:01 - 2017-07-21 12:22 - 000003826 _____ C:\WINDOWS\System32\Tasks\PCDoctorBackgroundMonitorTask
2017-10-25 01:01 - 2017-07-21 12:22 - 000003356 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1468395287
2017-10-25 01:01 - 2017-07-21 12:22 - 000003256 _____ C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2017-10-25 01:01 - 2017-07-21 12:22 - 000003254 _____ C:\WINDOWS\System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d
2017-10-25 01:01 - 2017-07-21 12:22 - 000003136 _____ C:\WINDOWS\System32\Tasks\PCDDataUploadTask
2017-10-25 01:01 - 2017-07-21 12:22 - 000003016 _____ C:\WINDOWS\System32\Tasks\SystemToolsDailyTest
2017-10-25 01:01 - 2017-07-21 12:22 - 000002876 _____ C:\WINDOWS\System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon
2017-10-25 01:01 - 2017-07-21 12:22 - 000002702 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask
2017-10-24 23:14 - 2017-07-21 12:22 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2017-10-24 19:56 - 2014-03-21 10:17 - 000000000 ____D C:\Users\Julie\AppData\Local\VirtualStore
2017-10-24 18:16 - 2016-04-18 11:34 - 000000000 ____D C:\ProgramData\Package Cache

==================== Files in the root of some directories =======

2017-07-21 12:06 - 2017-07-21 12:06 - 000000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
2017-11-20 10:48 - 2017-09-05 00:26 - 001930840 _____ (Microsoft Corporation) C:\Users\Julie\AppData\Local\Temp\dllnt_dump.dll
2017-10-28 23:26 - 2017-10-28 23:26 - 000000460 _____ () C:\Users\Julie\AppData\Local\Temp\tempmessage.bfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-11-15 13:47

==================== End of FRST.txt ============================

Confusd73 · Nov 21, 2017

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-09-2017 01
Ran by Julie (21-11-2017 13:33:58)
Running from C:\Users\Julie\Desktop\Techspot\FRST-OlderVersion
Windows 10 Home Version 1703 (X64) (2017-07-21 17:28:59)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-860533698-1946648191-3752025309-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-860533698-1946648191-3752025309-503 - Limited - Disabled)
Guest (S-1-5-21-860533698-1946648191-3752025309-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-860533698-1946648191-3752025309-1003 - Limited - Enabled)
Julie (S-1-5-21-860533698-1946648191-3752025309-1002 - Administrator - Enabled) => C:\Users\Julie
UpdatusUser (S-1-5-21-860533698-1946648191-3752025309-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adelantado Trilogy: Book One (HKLM-x32\...\BFG-Adelantado Trilogy - Book One) (Version: - )
Adelantado Trilogy: Book Three (HKLM-x32\...\BFG-Adelantado Trilogy - Book Three) (Version: - )
Adelantado Trilogy: Book Two (HKLM-x32\...\BFG-Adelantado Trilogy - Book Two) (Version: - )
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Adobe Reader XI MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Amazon MP3 Downloader 1.0.18 (HKU\S-1-5-21-860533698-1946648191-3752025309-1002\...\Amazon MP3 Downloader) (Version: 1.0.18 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-860533698-1946648191-3752025309-1002\...\Amazon Amazon Music) (Version: 6.1.3.1192 - Amazon Services LLC)
Ancient Quest of Saqqarah (HKLM-x32\...\BFG-Ancient Quest of Saqqarah) (Version: - )
ANT Drivers Installer x64 (HKLM\...\{7664AF65-7B0D-4171-9F0F-50455278B428}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Aquascapes (HKLM-x32\...\BFG-Aquascapes) (Version: - )
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.170 - Atheros)
Avast Internet Security (HKLM-x32\...\Avast Antivirus) (Version: 17.8.2318 - AVAST Software)
Azada: Elementa (HKLM-x32\...\BFG-Azada - Elementa) (Version: - )
Azada: In Libro (HKLM-x32\...\BFG-Azada - In Libro) (Version: - )
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Build-a-lot: Fairy Tales (HKLM-x32\...\BFG-Build-a-lot - Fairy Tales) (Version: - )
Build-a-Lot: Mysteries 2 (HKLM-x32\...\BFG-Build-a-Lot - Mysteries 2) (Version: - )
Build-a-lot: On Vacation (HKLM-x32\...\BFG-Build-a-lot - On Vacation) (Version: - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.15.23 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.3.0 - Canon Inc.)
Canon MX490 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX490_series) (Version: 1.02 - Canon Inc.)
Canon MX490 series On-screen Manual (HKLM-x32\...\Canon MX490 series On-screen Manual) (Version: 7.7.1 - Canon Inc.)
Canon MX490 series User Registration (HKLM-x32\...\Canon MX490 series User Registration) (Version: - ‭Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.1.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.1.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.5.0 - Canon Inc.)
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: 1.6.0 - Canon Inc.)
Christmas Stories 3: Hans Christian Andersen's Tin Soldier Collector's Edition (HKLM-x32\...\BFG-Christmas Stories 3 - Hans Christian Andersens Tin Soldier Collectors Edition) (Version: - )
Christmas Stories: A Christmas Carol Collector's Edition (HKLM-x32\...\BFG-Christmas Stories - A Christmas Carol Collectors Edition) (Version: - )
Chuzzle: Christmas Edition (HKLM-x32\...\BFG-Chuzzle - Christmas Edition) (Version: - )
Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Dark Parables: Ballad of Rapunzel (HKLM-x32\...\BFG-Dark Parables - Ballad of Rapunzel) (Version: - )
Dark Parables: Jack and the Sky Kingdom Collector's Edition (HKLM-x32\...\BFG-Dark Parables - Jack and the Sky Kingdom Collectors Edition) (Version: - )
Dark Parables: Queen of Sands (HKLM-x32\...\BFG-Dark Parables - Queen of Sands) (Version: - )
Dark Parables: Rise of the Snow Queen Collector's Edition (HKLM-x32\...\BFG-Dark Parables - Rise of the Snow Queen Collector's Edition) (Version: - )
Dark Parables: The Little Mermaid and the Purple Tide (HKLM-x32\...\BFG-Dark Parables - The Little Mermaid and the Purple Tide) (Version: - )
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{03A9F528-A754-460F-B2C1-AC125A147114}) (Version: 2.8.5000.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 2.0.6875.668 - Dell)
Dell SupportAssistAgent (HKLM\...\{18EF001B-B005-46CB-917B-112BA69ED85E}) (Version: 2.0.3.10 - Dell)
Dell Update (HKLM-x32\...\{F91263FA-BE4D-439D-9C0A-2E7204E0E9E3}) (Version: 1.9.20.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Dell Inc.)
Drawn®: The Painted Tower ™ (HKLM-x32\...\BFG-Drawn - The Painted Tower) (Version: - )
Drawn®: Dark Flight ™ Collector's Edition (HKLM-x32\...\BFG-Drawn - Dark Flight Collector's Edition) (Version: - )
Drawn™: Trail of Shadows Collector's Edition (HKLM-x32\...\BFG-Drawn - Trail of Shadows Collector's Edition) (Version: - )
Dreampath: Curse of the Swamps (HKLM-x32\...\BFG-Dreampath - Curse of the Swamps) (Version: - )
Dynomite! (HKLM-x32\...\{E6463554-B26B-452A-AE58-441AB0D70DBA}) (Version: 2.71.0.0 - PopCap Games)
Elevated Installer (HKLM-x32\...\{1052502B-4C91-43F9-B160-AE39ED57C9F0}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Elf Bowling 7 1/7: The Last Insult (HKLM-x32\...\BFG-Elf Bowling 7 1-7 - The Last Insult) (Version: - )
Elf Bowling: Hawaiian Vacation (HKLM-x32\...\BFG-Elf Bowling - Hawaiian Vacation) (Version: - )
Fairway Solitaire (HKLM-x32\...\BFG-Fairway Solitaire) (Version: - )
Fairway ™ Collector's Edition (HKLM-x32\...\BFG-Fairway Collector's Edition) (Version: - )
Fairy Godmother Tycoon (HKLM-x32\...\BFG-Fairy Godmother Tycoon) (Version: - )
Farm Frenzy 3: Ice Age (HKLM-x32\...\BFG-Farm Frenzy 3 - Ice Age) (Version: - )
Fear For Sale: The Curse of Whitefall Collector's Edition (HKLM-x32\...\BFG-Fear For Sale - The Curse of Whitefall Collector's Edition) (Version: - )
Feeding Frenzy (HKLM-x32\...\BFG-Feeding Frenzy) (Version: - )
Gardenscapes 2 (HKLM-x32\...\BFG-Gardenscapes 2) (Version: - )
Garmin Express (HKLM-x32\...\{BCC7CA85-E57F-452D-BB44-15A1CE018BD0}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{bd8bd200-9a60-4969-b267-6b565f36e3da}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express Tray (HKLM-x32\...\{DA9C865D-6762-4931-8588-0B13B7A0796B}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Halloween Stories: Invitation Collector's Edition (HKLM-x32\...\BFG-Halloween Stories - Invitation Collectors Edition) (Version: - )
Haunted Hotel: Death Sentence (HKLM-x32\...\BFG-Haunted Hotel - Death Sentence) (Version: - )
House of 1000 Doors: Evil Inside (HKLM-x32\...\BFG-House of 1000 Doors - Evil Inside) (Version: - )
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.13.1402 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.2.1001 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
King Oddball (HKLM-x32\...\BFG-King Oddball) (Version: - )
Lexmark 730 Series (HKLM\...\Lexmark 730 Series) (Version: - )
Living Legends: Beasts of Bremen Collector's Edition (HKLM-x32\...\BFG-Living Legends - Beasts of Bremen Collectors Edition) (Version: - )
Lost Head (HKLM-x32\...\BFG-Lost Head) (Version: - )
Lost Lands: Ice Spell (HKLM-x32\...\BFG-Lost Lands - Ice Spell) (Version: - )
Lost Lands: The Four Horsemen Collector's Edition (HKLM-x32\...\BFG-Lost Lands - The Four Horsemen Collectors Edition) (Version: - )
Lost Souls: Timeless Fables Collector's Edition (HKLM-x32\...\BFG-Lost Souls - Timeless Fables Collectors Edition) (Version: - )
Magic Encyclopedia: Illusions (HKLM-x32\...\BFG-Magic Encyclopedia - Illusions) (Version: - )
Magic Encyclopedia: Moon Light (HKLM-x32\...\BFG-Magic Encyclopedia - Moon Light) (Version: - )
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Medisoft Advanced 17 Demo (HKLM-x32\...\{1FC9EE64-CF99-451e-AA25-D3B35AD7CD41}) (Version: 17.3.2.430 - Mckesson Corp)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4981.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-860533698-1946648191-3752025309-1002\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Mozilla Firefox 57.0 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0 (x64 en-US)) (Version: 57.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.0.6525 - Mozilla)
Mozilla Thunderbird 52.4.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.4.0 (x86 en-US)) (Version: 52.4.0 - Mozilla)
Mystery Case Files: The Revenant's Hunt Collector's Edition (HKLM-x32\...\BFG-Mystery Case Files - The Revenants Hunt Collectors Edition) (Version: - )
Nightmares from the Deep: Davy Jones Collector's Edition (HKLM-x32\...\BFG-Nightmares from the Deep - Davy Jones Collector's Edition) (Version: - )
NVIDIA 3D Vision Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.13 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.13 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4981.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4981.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4981.1001 - Microsoft Corporation) Hidden
Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)
PuppetShow: Poetic Justice Collector's Edition (HKLM-x32\...\BFG-PuppetShow - Poetic Justice Collectors Edition) (Version: - )
QBeez 2 (HKLM-x32\...\BFG-QBeez 2) (Version: - )
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
Realtek USB Audio (HKLM-x32\...\{0A46A65D-89AC-464C-8026-3CD44960BD04}) (Version: 6.3.9600.41 - Realtek Semiconductor Corp.)
Redemption Cemetery: Bitter Frost (HKLM-x32\...\BFG-Redemption Cemetery - Bitter Frost) (Version: - )
Redemption Cemetery: Clock of Fate Collector's Edition (HKLM-x32\...\BFG-Redemption Cemetery - Clock of Fate Collectors Edition) (Version: - )
Redemption Cemetery: One Foot in the Grave Collector's Edition (HKLM-x32\...\BFG-Redemption Cemetery - One Foot in the Grave Collector's Edition) (Version: - )
Redemption Cemetery: The Island of the Lost (HKLM-x32\...\BFG-Redemption Cemetery - The Island of the Lost) (Version: - )
Revenue Management for Medisoft Advanced 17 Demo (HKLM-x32\...\{54F89267-AA01-4dcc-8377-9248B0AE0C09}) (Version: 17.3.2.430 - Mckesson Corp)
RogueKiller version 12.11.25.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.25.0 - Adlice Software)
SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.999 - SAMSUNG Electronics Co., Ltd.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Stray Souls: Stolen Memories (HKLM-x32\...\BFG-Stray Souls - Stolen Memories) (Version: - )
Stray Souls: Stolen Memories Collector's Edition (HKLM-x32\...\BFG-Stray Souls - Stolen Memories Collector's Edition) (Version: - )
The Timebuilders: Caveman's Prophecy (HKLM-x32\...\BFG-The Timebuilders - Caveman's Prophecy) (Version: - )
The Timebuilders: Pyramid Rising (HKLM-x32\...\BFG-The Timebuilders - Pyramid Rising) (Version: - )
Twilight Phenomena: Strange Menagerie (HKLM-x32\...\BFG-Twilight Phenomena - Strange Menagerie) (Version: - )
Understanding Health Insurance Sim Claim (HKLM-x32\...\Understanding Health Insurance Sim Claim_is1) (Version: - Delmar Learning)
Vampire Legends: The Untold Story of Elizabeth Bathory (HKLM-x32\...\BFG-Vampire Legends - The Untold Story of Elizabeth Bathory) (Version: - )
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{69258FD1-F4EE-475A-83D1-BF68C8029592}) (Version: 2.14.0402 - Samsung Electronics Co., Ltd.)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Wandering Willows (HKLM-x32\...\BFG-Wandering Willows) (Version: - )
Weird Park: The Final Show (HKLM-x32\...\BFG-Weird Park - The Final Show) (Version: - )
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Witches' Legacy: The City That Isn't There Collector's Edition (HKLM-x32\...\BFG-Witches Legacy - The City That Isnt There Collectors Edition) (Version: - )
Word Whomp ™ Underground (HKLM-x32\...\BFG-Word Whomp Underground) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-860533698-1946648191-3752025309-1002_Classes\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InprocServer32 -> C:\Users\Julie\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\amd64\FileCoAuthLib64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-16] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-16] (AVAST Software)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-16] (AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-16] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-16] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04ACFFB6-810F-4359-91F8-DEDB34F7EF1E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0E1784B3-B331-4910-A926-2CA78A4D4940} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {182FA78E-A57E-4F21-A8DC-230A199F461F} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {25D9C75E-5407-41D1-AB0D-E77CF131168B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {26A5E551-6E87-415B-A5BB-8C5FA11BCA4D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2B2027AC-8619-402F-A38A-E504687231C8} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {2DC1F689-F360-471D-AEF7-A82C1AEE5D80} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {30A72F5C-73AC-451E-955E-20CFA26F9A3A} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {30AEFC67-F451-41D0-9107-9E3C062295CE} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {34C31891-7EBA-45B8-9234-B801B0E83331} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {364E5EB3-8868-4FF6-85F5-19C294CAD34A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {3D1B8B0E-6642-4134-B72D-F76D88BE4544} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3E772720-7B0E-44E9-B4E2-E415DB477E78} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {4CE4033A-BEB9-45F8-9ACE-085A50C2E917} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4DF89D9A-E914-4A1F-9976-E01B2D2115DD} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-03-28] ()
Task: {56EF4A60-BC5D-4A4E-B2F4-DAC363F05C25} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {585C2F7D-FDF3-402E-AC69-AA5AD455F2CD} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {61F655F8-95BD-4DB3-8ED4-1E46AFDA3A7B} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {62CD5F12-2156-440D-BE8B-E128153E58A2} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {672FE1B1-35BA-4F3D-9AD4-B1CAFF9F7E96} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {7A14CA65-B2A2-4788-B4F3-D25BEFE56933} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {862FF9A3-3C0D-4061-B618-5D934BB755A3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {89924211-D912-4533-ADA6-731C788180F9} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => c:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {8A36EAA2-B54E-45E0-BC84-3B84FF91460E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {8B3454B0-E5CB-4BEA-9D5F-DC36E6E6A619} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8CC764A0-B47D-4174-9FED-261CA4736C55} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {930D6E9A-BE5A-4969-8B62-E8774FDAFACF} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {970E7DB8-A83C-4F3B-ADC4-929538D02186} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {A45031B4-CE64-45E6-A290-E46EE19ED9FE} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A7027259-FFE1-428B-8FFA-B823344DA597} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-09-05] (Microsoft Corporation)
Task: {ADD03001-7A97-40CA-A777-A2F023EE7CE5} - System32\Tasks\SafeZone scheduled Autoupdate 1468395287 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
Task: {B80B82BB-EF32-41FC-82B7-78EA124485F8} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {B8541BDC-C229-498C-9F4F-02E7897007D0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BAEE117B-20B4-49EA-94A2-D757CE74E18B} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C0A62DD1-8D88-461C-9C33-F2C8D95B7E96} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {C1AA3A7D-C827-4CF6-8688-4EB8F3A168F5} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-11-21] (AVAST Software)
Task: {C46D555E-5316-4225-A0CB-AFAB83884B92} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {CA209243-FFD3-4C33-8101-CF53D720C344} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {CF6BACCB-9D76-40B6-856B-CECD23D41A98} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-15] (Adobe Systems Incorporated)
Task: {D33852CA-C423-4FD3-AC01-697759769829} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DEF151C3-B59E-4422-A179-525AAFD37BD9} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {E0D19953-D892-471E-961F-B2658F4AC061} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2017-09-14] (PC-Doctor, Inc.)
Task: {E62DE1F3-BD84-487F-A707-A79B2ABBACDA} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {E7CE2F71-A981-4344-A9D2-3CF6FE79E734} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {ECB6050B-1EED-402B-8686-244B9ACDCB1D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EF27317C-6B18-49A2-BD32-B213F6AD303B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {EF62269D-A795-4E81-B886-6C8C9588251C} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F1CE8E25-1616-48BE-B86E-5C84858F44AB} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => c:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {F30E92D8-2E02-4AC5-9676-2306A554DA32} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2017-09-14] (PC-Doctor, Inc.)
Task: {F32A37BA-E557-495F-B4ED-EF0CA8080084} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-09-05] (Microsoft Corporation)
Task: {F365DE6C-571F-4B97-B178-88BE6EF6442A} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F42C484E-407B-4ADC-B50D-222B99AEEB7F} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2017-09-22] (Dell Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-07-21 12:07 - 2017-10-27 11:12 - 000133752 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-06-21 11:36 - 2016-01-25 10:55 - 000084616 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2017-11-20 11:41 - 2017-11-01 08:55 - 002299344 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-11-20 11:41 - 2017-11-01 08:54 - 002358736 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2014-03-23 02:43 - 2017-01-17 03:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2017-10-16 18:53 - 2017-10-16 18:53 - 000067408 _____ () C:\Program Files\AVAST Software\Avast\x64\module_lifetime.dll
2017-03-19 17:34 - 2017-01-31 07:34 - 008909512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2017-03-18 15:58 - 2017-03-18 15:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 15:59 - 2017-03-18 21:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-11-11 15:49 - 2017-11-11 15:52 - 000087552 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-11-11 15:49 - 2017-11-11 15:52 - 000206336 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-11-11 15:49 - 2017-11-11 15:52 - 025461760 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-11-07 02:26 - 2017-11-07 02:28 - 002552832 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\skypert.dll
2013-05-22 13:17 - 2013-05-22 13:17 - 000400704 _____ () C:\Users\Julie\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
2017-07-12 17:14 - 2017-07-12 17:15 - 000015360 _____ () C:\Program Files\WindowsApps\Microsoft.XboxIdentityProvider_11.29.23003.0_x64__8wekyb3d8bbwe\XboxIdp.exe
2017-07-12 17:14 - 2017-07-12 17:15 - 004321280 _____ () C:\Program Files\WindowsApps\Microsoft.XboxIdentityProvider_11.29.23003.0_x64__8wekyb3d8bbwe\XboxIdp.dll
2017-07-12 17:14 - 2017-07-12 17:15 - 000055296 _____ () C:\Program Files\WindowsApps\Microsoft.XboxIdentityProvider_11.29.23003.0_x64__8wekyb3d8bbwe\XboxIdp.Native.dll
2013-05-09 17:58 - 2013-05-09 17:58 - 000119808 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
2017-09-13 17:35 - 2017-09-13 17:40 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11710.1001.27.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-10-10 14:46 - 2017-10-10 14:46 - 004252672 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1709.2703.0_x64__8wekyb3d8bbwe\Calculator.exe
2017-09-26 09:55 - 2017-09-26 09:56 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1709.2703.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-11-15 14:46 - 2017-11-15 15:00 - 000022016 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-11-15 14:46 - 2017-11-15 15:00 - 055109120 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-10-05 09:23 - 2017-10-05 09:27 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2017-11-15 14:46 - 2017-11-15 15:01 - 000164864 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\VideoPlugin.dll
2017-10-05 09:23 - 2017-10-05 09:24 - 000675328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\IPPNativePlugin.dll
2017-11-15 14:46 - 2017-11-15 14:55 - 003740160 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2017-11-15 14:46 - 2017-11-15 15:01 - 002051584 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2017-11-15 14:46 - 2017-11-15 15:00 - 020759040 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2017-11-15 14:46 - 2017-11-15 14:55 - 003607040 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-11-15 14:46 - 2017-11-15 14:49 - 003150848 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2017-08-29 14:28 - 2017-08-29 14:28 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-11-15 14:46 - 2017-11-15 15:00 - 000046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2017-11-15 14:46 - 2017-11-15 14:56 - 002493440 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Microsoft.People.AutoSuggest.dll
2017-11-15 14:46 - 2017-11-15 14:56 - 000919040 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Microsoft.People.PeoplePicker.dll
2017-11-15 14:46 - 2017-11-15 15:00 - 001363968 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-11-15 14:46 - 2017-11-15 14:55 - 000084480 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\MediaEngineVideoDataProvider.UWP.dll
2014-03-05 16:44 - 2014-03-05 16:44 - 000274208 _____ () C:\Program Files (x86)\bfgclient\bfggameservices.exe
2017-10-16 18:53 - 2017-10-16 18:53 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-10-16 18:53 - 2017-10-16 18:53 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-07-12 23:39 - 2017-07-12 23:39 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-10-16 18:53 - 2017-10-16 18:53 - 000217088 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-10-16 18:53 - 2017-10-16 18:53 - 000244584 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-10-16 18:53 - 2017-10-16 18:53 - 000234280 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-11-15 13:17 - 2017-11-15 13:17 - 000703336 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-05-01 14:27 - 2017-05-01 14:27 - 000133992 _____ () C:\Program Files (x86)\Dell Update\ServiceTagPlusPlus.dll
2014-03-14 19:33 - 2013-07-16 20:39 - 001199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2010-12-17 12:56 - 2010-12-17 12:56 - 002603520 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtCore4.dll
2013-03-07 12:53 - 2013-03-07 12:53 - 000015872 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\featureController.dll
2010-12-17 12:56 - 2010-12-17 12:56 - 001006592 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtNetwork4.dll
2010-01-12 16:55 - 2010-01-12 16:55 - 000400384 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\sqlite3.dll
2010-01-12 16:55 - 2010-01-12 16:55 - 000322048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\log4cplus.dll
2010-12-17 12:56 - 2010-12-17 12:56 - 000382464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtXml4.dll
2010-12-16 12:16 - 2010-12-16 12:16 - 000195584 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\libgsoap.dll
2010-01-17 23:34 - 2010-01-17 23:34 - 000062464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\zlib1.dll
2013-03-07 12:55 - 2013-03-07 12:55 - 000472576 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\DeviceProfile.dll
2013-03-07 12:58 - 2013-03-07 12:58 - 000499488 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\plugin\PServerPlugin.dll
2013-03-07 12:54 - 2013-03-07 12:54 - 000013824 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\eventsSender.dll
2010-12-17 12:56 - 2010-12-17 12:56 - 014978048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtWebKit4.dll
2010-12-17 12:56 - 2010-12-17 12:56 - 009224704 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtGui4.dll
2010-12-17 12:56 - 2010-12-17 12:56 - 000317952 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\phonon4.dll
2014-03-05 16:44 - 2014-03-05 16:44 - 001568032 _____ () C:\Program Files (x86)\bfgclient\bfgcommon.dll

Confusd73 · Nov 21, 2017

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:02548DB5 [132]
AlternateDataStreams: C:\ProgramData\TEMP:02A78DF6 [223]
AlternateDataStreams: C:\ProgramData\TEMP:076F9EF8 [249]
AlternateDataStreams: C:\ProgramData\TEMP:084612C9 [462]
AlternateDataStreams: C:\ProgramData\TEMP:0B3B557D [440]
AlternateDataStreams: C:\ProgramData\TEMP:0E61938B [247]
AlternateDataStreams: C:\ProgramData\TEMP:10E0CEB1 [203]
AlternateDataStreams: C:\ProgramData\TEMP:115EA582 [139]
AlternateDataStreams: C:\ProgramData\TEMP:15684A86 [256]
AlternateDataStreams: C:\ProgramData\TEMP:1604D047 [237]
AlternateDataStreams: C:\ProgramData\TEMP:1740DC47 [111]
AlternateDataStreams: C:\ProgramData\TEMP:21CAA383 [508]
AlternateDataStreams: C:\ProgramData\TEMP:27790C06 [442]
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:2E1B8BE7 [146]
AlternateDataStreams: C:\ProgramData\TEMP:2F5A06FD [480]
AlternateDataStreams: C:\ProgramData\TEMP:35629AE6 [235]
AlternateDataStreams: C:\ProgramData\TEMP:38D2EA83 [228]
AlternateDataStreams: C:\ProgramData\TEMP:3D887DCC [125]
AlternateDataStreams: C:\ProgramData\TEMP:426D1496 [263]
AlternateDataStreams: C:\ProgramData\TEMP:43D2A298 [232]
AlternateDataStreams: C:\ProgramData\TEMP:46DC30C2 [132]
AlternateDataStreams: C:\ProgramData\TEMP:4E6B8D68 [198]
AlternateDataStreams: C:\ProgramData\TEMP:50E2DC97 [135]
AlternateDataStreams: C:\ProgramData\TEMP:5118AE69 [125]
AlternateDataStreams: C:\ProgramData\TEMP:52E5A75A [470]
AlternateDataStreams: C:\ProgramData\TEMP:5387C3D4 [128]
AlternateDataStreams: C:\ProgramData\TEMP:54380FEC [240]
AlternateDataStreams: C:\ProgramData\TEMP:58E38390 [218]
AlternateDataStreams: C:\ProgramData\TEMP:5A750E35 [128]
AlternateDataStreams: C:\ProgramData\TEMP:5C28E25F [135]
AlternateDataStreams: C:\ProgramData\TEMP:5E05F78B [486]
AlternateDataStreams: C:\ProgramData\TEMP:614F17D3 [199]
AlternateDataStreams: C:\ProgramData\TEMP:699EFEED [258]
AlternateDataStreams: C:\ProgramData\TEMP:69AF9D20 [201]
AlternateDataStreams: C:\ProgramData\TEMP:6BFA43EB [241]
AlternateDataStreams: C:\ProgramData\TEMP:6C9F5E5E [418]
AlternateDataStreams: C:\ProgramData\TEMP:737160C1 [230]
AlternateDataStreams: C:\ProgramData\TEMP:77D98D08 [442]
AlternateDataStreams: C:\ProgramData\TEMP:7D288858 [245]
AlternateDataStreams: C:\ProgramData\TEMP:831C6B2D [217]
AlternateDataStreams: C:\ProgramData\TEMP:865F21BF [136]
AlternateDataStreams: C:\ProgramData\TEMP:89FC8EEB [514]
AlternateDataStreams: C:\ProgramData\TEMP:8C232F4D [236]
AlternateDataStreams: C:\ProgramData\TEMP:8E783B8E [456]
AlternateDataStreams: C:\ProgramData\TEMP:93F3E4C9 [118]
AlternateDataStreams: C:\ProgramData\TEMP:9597EAFE [474]
AlternateDataStreams: C:\ProgramData\TEMP:9836B5E4 [143]
AlternateDataStreams: C:\ProgramData\TEMP:A31B5E9B [476]
AlternateDataStreams: C:\ProgramData\TEMP:A384652A [412]
AlternateDataStreams: C:\ProgramData\TEMP:A81A3C86 [256]
AlternateDataStreams: C:\ProgramData\TEMP:AC0528D9 [430]
AlternateDataStreams: C:\ProgramData\TEMP:B01EC114 [246]
AlternateDataStreams: C:\ProgramData\TEMP:B2F435C0 [141]
AlternateDataStreams: C:\ProgramData\TEMP:B8791731 [147]
AlternateDataStreams: C:\ProgramData\TEMP:B8EB1B99 [470]
AlternateDataStreams: C:\ProgramData\TEMP:BCFEA004 [112]
AlternateDataStreams: C:\ProgramData\TEMP:C98828D3 [520]
AlternateDataStreams: C:\ProgramData\TEMP:C9AE9C42 [122]
AlternateDataStreams: C:\ProgramData\TEMP

3181BB4 [238]
AlternateDataStreams: C:\ProgramData\TEMP

37B4675 [124]
AlternateDataStreams: C:\ProgramData\TEMP

8AE9DD1 [246]
AlternateDataStreams: C:\ProgramData\TEMP

8D58038 [223]
AlternateDataStreams: C:\ProgramData\TEMP

A9A88B3 [428]
AlternateDataStreams: C:\ProgramData\TEMP

E274A16 [144]
AlternateDataStreams: C:\ProgramData\TEMP:E1D06077 [237]
AlternateDataStreams: C:\ProgramData\TEMP:E4FCDFD9 [224]
AlternateDataStreams: C:\ProgramData\TEMP:EC3A9923 [478]
AlternateDataStreams: C:\ProgramData\TEMP:F18C0087 [234]
AlternateDataStreams: C:\ProgramData\TEMP:F5FC5DCE [247]
AlternateDataStreams: C:\ProgramData\TEMP:F84B8DB5 [218]
AlternateDataStreams: C:\ProgramData\TEMP:F9DA089C [460]
AlternateDataStreams: C:\ProgramData\TEMP:FD4C7AD3 [458]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-860533698-1946648191-3752025309-1000\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-860533698-1946648191-3752025309-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Julie\AppData\Local\Microsoft\Windows\Themes\US-wp1.jpg
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.0.1 - 205.171.203.226
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{0573CFE6-0277-42AB-B14B-BE74EAFC1158}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{A14334E0-D445-48BE-9825-9CAD0F4F15EB}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{E0054BF4-1C11-420D-A038-08C4FFDBFC1C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B8BC9B37-5078-4940-8E9A-99E24A3DC2AD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{B954E97F-BC8D-42E2-948E-EDC06A700947}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{BA61AEB4-F836-403A-B976-CE0D4BF1498D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{A019EB6E-3867-4352-B84E-794FCA27360C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{328CB191-0002-4E3E-BF36-087F11F80AF0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3EBC9857-0F01-4822-9C65-FDAFDC92A38F}] => (Allow) C:\Users\Julie\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{2A7D74C7-E219-43D6-A8D1-23546C707C24}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{DEC4096E-7F6F-4136-BFB2-492FC9096093}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{E4550F2E-02DD-4909-8C66-A11227C9926C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{7ACB5C29-645B-4DE4-8556-EF53943A3845}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{684F9608-4A74-4AE5-9062-7AB9B175EAF3}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
FirewallRules: [{C3E69A9C-127B-4AAB-8E68-36DBABE93959}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
FirewallRules: [TCP Query User{0B872C8A-5E33-44E3-8FE9-686B975E62CA}C:\users\julie\appdata\local\amazon music\amazon music helper.exe] => (Block) C:\users\julie\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [UDP Query User{3F64B71E-EB0F-4608-BBB1-4A83A130180A}C:\users\julie\appdata\local\amazon music\amazon music helper.exe] => (Block) C:\users\julie\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [{903E5D1C-C7C5-4300-BD0C-6D82A73E3828}] => (Allow) C:\Program Files (x86)\Origin Games\Dynomite!\dynomite.exe
FirewallRules: [{55C5DDD1-8224-4B6A-A97C-2EB29CBBE1CD}] => (Allow) C:\Program Files (x86)\Origin Games\Dynomite!\dynomite.exe

==================== Restore Points =========================

03-11-2017 16:53:29 Scheduled Checkpoint
12-11-2017 12:46:47 Scheduled Checkpoint
14-11-2017 15:25:50 Restore Operation
17-11-2017 16:11:48 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/21/2017 10:20:51 AM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Type>System.Xml.XmlException</Type><Message><![CDATA[The '/' character, hexadecimal value 0x2F, cannot be included in a name.]]></Message><Source><![CDATA[System.Xml]]></Source><StackTrace><![CDATA[ at System.Xml.XmlDocument.CheckName(String name)
at System.Xml.XmlElement..ctor(XmlName name, Boolean empty, XmlDocument doc)
at System.Xml.XmlDocument.CreateElement(String prefix, String localName, String namespaceURI)
at System.Xml.XmlDocument.CreateElement(String name)
at eSupport.Common.Client.Core.LastUpdatedHelper.SetLastUpdatedValue(String type, String value)]]></StackTrace><SysInfo STag="BV2CJ02" SMBIOSMajVer="2" SMBIOSMinVer="7" SMBIOSBIOSVer="A06" SMBIOSPresent="True" Rel_Date="20131118000000.000000+000" DSDVersion="" Vendor="Dell Inc." PName="XPS 8700" Ident_Num="JULIE-PC" TimeZone="(UTC-05:00) Eastern Time (US & Canada)" OSName="Microsoft Windows 10 Home"/><Method>UpdateLastUpdatedConfig</Method><HostIP>192.168.0.2</HostIP></Exception>

Error: (11/21/2017 10:20:50 AM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Type>System.Xml.XmlException</Type><Message><![CDATA[The '/' character, hexadecimal value 0x2F, cannot be included in a name.]]></Message><Source><![CDATA[System.Xml]]></Source><StackTrace><![CDATA[ at System.Xml.XmlDocument.CheckName(String name)
at System.Xml.XmlElement..ctor(XmlName name, Boolean empty, XmlDocument doc)
at System.Xml.XmlDocument.CreateElement(String prefix, String localName, String namespaceURI)
at System.Xml.XmlDocument.CreateElement(String name)
at eSupport.Common.Client.Core.LastUpdatedHelper.SetLastUpdatedValue(String type, String value)]]></StackTrace><SysInfo STag="BV2CJ02" SMBIOSMajVer="2" SMBIOSMinVer="7" SMBIOSBIOSVer="A06" SMBIOSPresent="True" Rel_Date="20131118000000.000000+000" DSDVersion="" Vendor="Dell Inc." PName="XPS 8700" Ident_Num="JULIE-PC" TimeZone="(UTC-05:00) Eastern Time (US & Canada)" OSName="Microsoft Windows 10 Home"/><Method>UpdateLastUpdatedConfig</Method><HostIP>192.168.0.2</HostIP></Exception>

Error: (11/21/2017 03:16:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: esu.exe, version: 1.0.0.0, time stamp: 0x58dac8d5
Faulting module name: KERNELBASE.dll, version: 10.0.15063.726, time stamp: 0x32774c02
Exception code: 0xe0434352
Fault offset: 0x000ecbb2
Faulting process id: 0x2da4
Faulting application start time: 0x01d362a0fb3a9b75
Faulting application path: C:\Program Files (x86)\Garmin\Express SelfUpdater\esu.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: a9835491-4121-4f9c-9aeb-c52e7a1b8d88
Faulting package full name:
Faulting package-relative application ID:

Error: (11/21/2017 03:16:11 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: esu.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
at Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61.MoveNext()
at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[[Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61, ExpressSelfUpdater, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]](<UpdateDatacenterOverridesAsync>d__61 ByRef)
at Garmin.Omt.Service.Shared.Overrides.UpdateDatacenterOverridesAsync(Boolean)
at Garmin.Omt.Service.Shared.Overrides..cctor()

Exception Info: System.TypeInitializationException
at Garmin.Omt.Service.Shared.Overrides.get_OmtBaseUrl()
at Garmin.Omt.Express.SelfUpdater.Program.RealMain()
at Garmin.Omt.Express.SelfUpdater.Program.Main(System.String[])

Error: (11/20/2017 12:19:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Amazon Music.exe, version: 6.1.3.1192, time stamp: 0x5a0a11cc
Faulting module name: ntdll.dll, version: 10.0.15063.608, time stamp: 0x802f667e
Exception code: 0xc0000374
Fault offset: 0x000d9aba
Faulting process id: 0x1458
Faulting application start time: 0x01d362239c042abf
Faulting application path: C:\Users\Julie\AppData\Local\Amazon Music\Amazon Music.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 0d266b11-1791-4841-87ea-1f1789485414
Faulting package full name:
Faulting package-relative application ID:

Error: (11/20/2017 11:37:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.15063.332, time stamp: 0x591fdafc
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.15063.674, time stamp: 0xaf452875
Exception code: 0xc000027b
Fault offset: 0x00000000005dc03f
Faulting process id: 0x1d58
Faulting application start time: 0x01d35e97f81c3b9e
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll
Report Id: f8e2b034-8711-42e9-96ba-26baa84e26cd
Faulting package full name: Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI

Error: (11/20/2017 11:22:19 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (11/20/2017 11:22:19 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (11/20/2017 11:22:01 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (11/20/2017 01:36:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: esu.exe, version: 1.0.0.0, time stamp: 0x58dac8d5
Faulting module name: KERNELBASE.dll, version: 10.0.15063.726, time stamp: 0x32774c02
Exception code: 0xe0434352
Fault offset: 0x000ecbb2
Faulting process id: 0x2bac
Faulting application start time: 0x01d361c9f05b37da
Faulting application path: C:\Program Files (x86)\Garmin\Express SelfUpdater\esu.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: c7cd5fd6-36bb-4e0a-8cb5-82867810afac
Faulting package full name:
Faulting package-relative application ID:

System errors:
=============
Error: (11/20/2017 12:20:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (11/20/2017 12:20:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.

Error: (11/20/2017 12:17:35 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/20/2017 12:17:35 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/20/2017 12:17:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Device Interaction Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (11/20/2017 12:17:26 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Device Interaction Service service to connect.

Error: (11/20/2017 12:17:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (11/20/2017 12:17:24 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.

Error: (11/20/2017 12:16:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (11/20/2017 12:16:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.

CodeIntegrity:
===================================
Date: 2017-11-20 12:04:34.480
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-11-20 12:04:34.298
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-11-16 13:05:59.509
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2017-11-16 13:05:59.475
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2017-11-16 13:05:59.445
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

Date: 2017-11-16 13:05:58.829
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2017-11-16 13:05:58.799
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2017-11-16 13:05:58.768
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

Date: 2017-11-16 13:05:56.371
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

Date: 2017-11-16 13:05:54.296
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4440 CPU @ 3.10GHz
Percentage of memory in use: 35%
Total physical RAM: 8143.24 MB
Available physical RAM: 5276.46 MB
Total Virtual: 16335.24 MB
Available Virtual: 12229.12 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:909.81 GB) (Free:770.45 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: D1E78664)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=21.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=909.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Broni · Nov 21, 2017

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Confusd73 · Nov 24, 2017

Fix result of Farbar Recovery Scan Tool (x64) Version: 24-11-2017 01
Ran by Julie (24-11-2017 22:15:02) Run:1
Running from C:\Users\Julie\Desktop\Techspot\FRST-OlderVersion
Loaded Profiles: UpdatusUser & Julie (Available Profiles: UpdatusUser & Julie & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-860533698-1946648191-3752025309-1002\...\MountPoints2: {2f3a58a5-b38a-11e7-9daf-9cd21e5b043c} - "J:\VZW_Software_upgrade_assistant.exe"
SearchScopes: HKU\S-1-5-21-860533698-1946648191-3752025309-1002 -> {B34E0CBB-5D9E-4AA1-8222-E1AA0A9C9439} URL =
U3 idsvc; no ImagePath
S3 vpnva; \SystemRoot\System32\drivers\vpnva64-6.sys [X]
2017-07-21 12:06 - 2017-07-21 12:06 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2017-11-20 10:48 - 2017-09-05 00:26 - 001930840 _____ (Microsoft Corporation) C:\Users\Julie\AppData\Local\Temp\dllnt_dump.dll
2017-10-28 23:26 - 2017-10-28 23:26 - 000000460 _____ () C:\Users\Julie\AppData\Local\Temp\tempmessage.bfg
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
Task: {0E1784B3-B331-4910-A926-2CA78A4D4940} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {182FA78E-A57E-4F21-A8DC-230A199F461F} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {2B2027AC-8619-402F-A38A-E504687231C8} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {2DC1F689-F360-471D-AEF7-A82C1AEE5D80} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {34C31891-7EBA-45B8-9234-B801B0E83331} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {364E5EB3-8868-4FF6-85F5-19C294CAD34A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {3E772720-7B0E-44E9-B4E2-E415DB477E78} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {56EF4A60-BC5D-4A4E-B2F4-DAC363F05C25} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {585C2F7D-FDF3-402E-AC69-AA5AD455F2CD} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {862FF9A3-3C0D-4061-B618-5D934BB755A3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {8A36EAA2-B54E-45E0-BC84-3B84FF91460E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {970E7DB8-A83C-4F3B-ADC4-929538D02186} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {C46D555E-5316-4225-A0CB-AFAB83884B92} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {E62DE1F3-BD84-487F-A707-A79B2ABBACDA} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {EF27317C-6B18-49A2-BD32-B213F6AD303B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:02548DB5 [132]
AlternateDataStreams: C:\ProgramData\TEMP:02A78DF6 [223]
AlternateDataStreams: C:\ProgramData\TEMP:076F9EF8 [249]
AlternateDataStreams: C:\ProgramData\TEMP:084612C9 [462]
AlternateDataStreams: C:\ProgramData\TEMP:0B3B557D [440]
AlternateDataStreams: C:\ProgramData\TEMP:0E61938B [247]
AlternateDataStreams: C:\ProgramData\TEMP:10E0CEB1 [203]
AlternateDataStreams: C:\ProgramData\TEMP:115EA582 [139]
AlternateDataStreams: C:\ProgramData\TEMP:15684A86 [256]
AlternateDataStreams: C:\ProgramData\TEMP:1604D047 [237]
AlternateDataStreams: C:\ProgramData\TEMP:1740DC47 [111]
AlternateDataStreams: C:\ProgramData\TEMP:21CAA383 [508]
AlternateDataStreams: C:\ProgramData\TEMP:27790C06 [442]
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:2E1B8BE7 [146]
AlternateDataStreams: C:\ProgramData\TEMP:2F5A06FD [480]
AlternateDataStreams: C:\ProgramData\TEMP:35629AE6 [235]
AlternateDataStreams: C:\ProgramData\TEMP:38D2EA83 [228]
AlternateDataStreams: C:\ProgramData\TEMP:3D887DCC [125]
AlternateDataStreams: C:\ProgramData\TEMP:426D1496 [263]
AlternateDataStreams: C:\ProgramData\TEMP:43D2A298 [232]
AlternateDataStreams: C:\ProgramData\TEMP:46DC30C2 [132]
AlternateDataStreams: C:\ProgramData\TEMP:4E6B8D68 [198]
AlternateDataStreams: C:\ProgramData\TEMP:50E2DC97 [135]
AlternateDataStreams: C:\ProgramData\TEMP:5118AE69 [125]
AlternateDataStreams: C:\ProgramData\TEMP:52E5A75A [470]
AlternateDataStreams: C:\ProgramData\TEMP:5387C3D4 [128]
AlternateDataStreams: C:\ProgramData\TEMP:54380FEC [240]
AlternateDataStreams: C:\ProgramData\TEMP:58E38390 [218]
AlternateDataStreams: C:\ProgramData\TEMP:5A750E35 [128]
AlternateDataStreams: C:\ProgramData\TEMP:5C28E25F [135]
AlternateDataStreams: C:\ProgramData\TEMP:5E05F78B [486]
AlternateDataStreams: C:\ProgramData\TEMP:614F17D3 [199]
AlternateDataStreams: C:\ProgramData\TEMP:699EFEED [258]
AlternateDataStreams: C:\ProgramData\TEMP:69AF9D20 [201]
AlternateDataStreams: C:\ProgramData\TEMP:6BFA43EB [241]
AlternateDataStreams: C:\ProgramData\TEMP:6C9F5E5E [418]
AlternateDataStreams: C:\ProgramData\TEMP:737160C1 [230]
AlternateDataStreams: C:\ProgramData\TEMP:77D98D08 [442]
AlternateDataStreams: C:\ProgramData\TEMP:7D288858 [245]
AlternateDataStreams: C:\ProgramData\TEMP:831C6B2D [217]
AlternateDataStreams: C:\ProgramData\TEMP:865F21BF [136]
AlternateDataStreams: C:\ProgramData\TEMP:89FC8EEB [514]
AlternateDataStreams: C:\ProgramData\TEMP:8C232F4D [236]
AlternateDataStreams: C:\ProgramData\TEMP:8E783B8E [456]
AlternateDataStreams: C:\ProgramData\TEMP:93F3E4C9 [118]
AlternateDataStreams: C:\ProgramData\TEMP:9597EAFE [474]
AlternateDataStreams: C:\ProgramData\TEMP:9836B5E4 [143]
AlternateDataStreams: C:\ProgramData\TEMP:A31B5E9B [476]
AlternateDataStreams: C:\ProgramData\TEMP:A384652A [412]
AlternateDataStreams: C:\ProgramData\TEMP:A81A3C86 [256]
AlternateDataStreams: C:\ProgramData\TEMP:AC0528D9 [430]
AlternateDataStreams: C:\ProgramData\TEMP:B01EC114 [246]
AlternateDataStreams: C:\ProgramData\TEMP:B2F435C0 [141]
AlternateDataStreams: C:\ProgramData\TEMP:B8791731 [147]
AlternateDataStreams: C:\ProgramData\TEMP:B8EB1B99 [470]
AlternateDataStreams: C:\ProgramData\TEMP:BCFEA004 [112]
AlternateDataStreams: C:\ProgramData\TEMP:C98828D3 [520]
AlternateDataStreams: C:\ProgramData\TEMP:C9AE9C42 [122]
AlternateDataStreams: C:\ProgramData\TEMP

3181BB4 [238]
AlternateDataStreams: C:\ProgramData\TEMP

37B4675 [124]
AlternateDataStreams: C:\ProgramData\TEMP

8AE9DD1 [246]
AlternateDataStreams: C:\ProgramData\TEMP

8D58038 [223]
AlternateDataStreams: C:\ProgramData\TEMP

A9A88B3 [428]
AlternateDataStreams: C:\ProgramData\TEMP

E274A16 [144]
AlternateDataStreams: C:\ProgramData\TEMP:E1D06077 [237]
AlternateDataStreams: C:\ProgramData\TEMP:E4FCDFD9 [224]
AlternateDataStreams: C:\ProgramData\TEMP:EC3A9923 [478]
AlternateDataStreams: C:\ProgramData\TEMP:F18C0087 [234]
AlternateDataStreams: C:\ProgramData\TEMP:F5FC5DCE [247]
AlternateDataStreams: C:\ProgramData\TEMP:F84B8DB5 [218]
AlternateDataStreams: C:\ProgramData\TEMP:F9DA089C [460]
AlternateDataStreams: C:\ProgramData\TEMP:FD4C7AD3 [458]

*****************

Confusd73 · Nov 24, 2017

I'm having trouble posting the rest of the fixlog-I keep getting a pop up that reads:

"Your content can not be submitted. This is likely because your content is spam-like or contains inappropriate elements. Please change your content or try again later. If you still have problems, please contact an administrator."

I'll keep trying...

Edited to add: It just isn't letting me post the log. I have no problem with a post like this-just the one for the fixlog.

Broni · Nov 25, 2017

Please attach the file.

Confusd73 · Nov 27, 2017

Thank you-fix-log is attached.

Broni · Nov 27, 2017

Last scans...

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center
Windows Update
Windows Defender
Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

Double click the icon and select Run
Click Next
Select I accept the terms in this license agreement, then click Next twice
Click Install
Click Finish to launch the program
Once the virus database has been updated click Start Scanning
If any threats are found click Details, then View log file... (bottom left hand corner)
Copy and paste the results in your reply
Close the Notepad document, close the Threat Details screen, then click Start cleanup
Click Exit to close the program

Confusd73 · Nov 30, 2017

Broni, Can you please give me until Monday the 4th to finish? I'm sick and just can't seem to concentrate on much of anything right now.
Thank you,
Julie

Broni · Dec 1, 2017

Sure

Confusd73 · Dec 4, 2017

Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avast Antivirus
Windows Defender
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 27.0.0.187
Adobe Reader XI
Mozilla Thunderbird (52.5.0)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamtray.exe
Windows Defender MSASCuiL.exe
Intel iCLS Client AvastSvc.exe -?-
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

Solved Amazon Assistant

Posts: 23 +0

Posts: 56,041 +516

Posts: 23 +0

Posts: 23 +0

Posts: 23 +0

Posts: 23 +0

Posts: 23 +0

Posts: 56,041 +516

Posts: 23 +0

Posts: 23 +0

Posts: 23 +0

Posts: 56,041 +516

Posts: 23 +0

Posts: 23 +0

Posts: 23 +0

Posts: 23 +0

Posts: 56,041 +516

Attachments

Posts: 23 +0

Posts: 23 +0

Posts: 56,041 +516

Posts: 23 +0

Attachments

Posts: 56,041 +516

Posts: 23 +0

Posts: 56,041 +516

Posts: 23 +0

Similar threads