Solved Computer Running Slow -- IObit\ASCDownloader Won't Delete

Polterdog · May 1, 2017

This has been going on for a little while now for a system that, quite frankly, shouldn't be running into the 100% disk usage problems that it's often hampered by. Various anti-virus and malware problems (and I've tried a lot) have found things, here and there -- and supposedly cleaned them -- but nothing seems to have resolved the problem. The one persistent thing that never seems to go away with multiple attempts at cleaning are these two registry enteries:

C:\ProgramData\IObit\ASCDownloader
C:\Programdata\Application Data\IObit\ASCDownloader

I naively downloaded the BitRemover uninstaller from their website thinking it would help but...

At any rate, here is the Farbar FRST log.

Thanks in advance for all your time and trouble.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-04-2017

Ran by Trevor (administrator) on TREVOR-PC (01-05-2017 05:28:36)

Running from C:\Users\Trevor\Desktop

Loaded Profiles: Trevor (Available Profiles: Trevor & DefaultAppPool)

Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

() C:\Windows\Runservice.exe

(Microsoft Corporation) C:\Windows\System32\mqsvc.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe

(TechSmith Corporation) C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe

(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe

(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Intel Corporation) C:\Windows\System32\igfxEM.exe

(Intel Corporation) C:\Windows\System32\igfxHK.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe

(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe

(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe

(Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

() C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe

(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe

(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\CTJckCfg.exe

(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

() C:\Program Files (x86)\Everything\Everything.exe

(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [177936 2012-02-17] (Intel Corporation)

HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [12616 2012-02-09] (Alienware)

HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-03-28] (Microsoft Corporation)

HKLM\...\Run: [WinPrivacy] => C:\Program Files\Ruiware\WinPrivacy\WinPrivacyTrayApp.exe [2300128 2017-01-31] (WinPatrol)

HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14522512 2017-04-03] (Copyright 2017.)

HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-19] (Intel Corporation)

HKLM-x32\...\Run: [AlienwareOn-ScreenDisplay] => C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe [1636208 2011-12-01] ()

HKLM-x32\...\Run: [Sound Blaster Recon3Di Control Panel] => c:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe [880640 2011-12-21] (Creative Technology Ltd)

HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw

HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.rar*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.png*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.7z*.js <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.js <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx*.bat <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.docx*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf*.bat <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\*.js <====== ATTENTION

HKLM Group Policy restriction on software: C:\Users\*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*\*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg*.js <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.avi*.bat <====== ATTENTION

HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.docx*.jse <====== ATTENTION

HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.pub*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4*.js <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.divx*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION

HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.zip*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*\*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION

HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %allusersprofile%\*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.wma*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.zip*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.wma*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.divx*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.divx*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.zip*.js <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.7z*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*.js <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.doc*.bat <====== ATTENTION

HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.xls*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.pub*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION

HKLM Group Policy restriction on software: C:\Users\*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.xls*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.doc*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.avi*.jse <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.avi*.js <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.js <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg*.js <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.gif*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.txt*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.pub*.bat <====== ATTENTION

HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.docx*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\*.jse <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.gif*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.xls*.bat <====== ATTENTION

HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION

HKLM Group Policy restriction on software: ** <====== ATTENTION

HKLM Group Policy restriction on software: *.txt*.js <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.7z*.bat <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %allusersprofile%\*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.wav*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION

HKLM Group Policy restriction on software: %allusersprofile%\*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.bat <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp*.bat <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.jse <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.txt*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.xls*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.doc*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.docx*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*.jse <====== ATTENTION

HKLM Group Policy restriction on software: C:\Users\*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION

HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.bat <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.wav*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.wav*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.pub*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf*.bat <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.png*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.7z*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.jse <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.divx*.jse <====== ATTENTION

HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.txt*.bat <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.gif*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.wma*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf*.jse <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.rar*.js <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.png*.jse <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.wma*.bat <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.rar*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.gif*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: C:\Users\*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.rar*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.js <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx*.js <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp*.js <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.avi*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.bat <====== ATTENTION

HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*\*.jse <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.wav*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.zip*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.png*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*.bat <====== ATTENTION

HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.doc*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*\*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg*.cmd <====== ATTENTION

HKU\S-1-5-21-1178657114-3178268977-3299830424-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe

HKU\S-1-5-21-1178657114-3178268977-3299830424-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7946656 2017-04-06] (SUPERAntiSpyware)

HKU\S-1-5-21-1178657114-3178268977-3299830424-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [3019552 2017-04-25] (Valve Corporation)

HKU\S-1-5-21-1178657114-3178268977-3299830424-1001\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)

HKU\S-1-5-21-1178657114-3178268977-3299830424-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2011-06-05] (Acresso Corporation)

HKU\S-1-5-21-1178657114-3178268977-3299830424-1001\...\Run: [Chromium] => c:\users\trevor\appdata\local\chromium\application\chrome.exe --auto-launch-at-startup --profile-directory=Default --restore-last-session

HKU\S-1-5-21-1178657114-3178268977-3299830424-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1231240 2016-11-13] (Ruiware)

HKU\S-1-5-21-1178657114-3178268977-3299830424-1001\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [5791696 2017-03-21] (SecureMix LLC)

HKU\S-1-5-21-1178657114-3178268977-3299830424-1001\Control Panel\Desktop\\SCRNSAVE.EXE ->

AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [176904 2015-07-23] (NVIDIA Corporation)

AppInit_DLLs: , C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [176904 2015-07-23] (NVIDIA Corporation)

ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Trevor\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()

ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Trevor\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()

ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Trevor\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()

ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Trevor\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()

ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Trevor\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()

ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Trevor\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()

GroupPolicy: Restriction - Chrome <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Tcpip\..\Interfaces\{88f2cb24-c3f6-4acc-9235-e74bb7597bb7}: [DhcpNameServer] 192.168.2.1

Internet Explorer:

==================

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKU\S-1-5-21-1178657114-3178268977-3299830424-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-1178657114-3178268977-3299830424-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-1178657114-3178268977-3299830424-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://outlook.live.com/owa/

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 -> DefaultScope value is missing

BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll => No File

BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File

BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)

StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:

========

FF DefaultProfile: onsugnew.default

FF ProfilePath: C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\onsugnew.default [2017-05-01]

FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\onsugnew.default -> Secure Search

FF Homepage: Mozilla\Firefox\Profiles\onsugnew.default -> hxxps://outlook.live.com/owa/

FF Keyword.URL: Mozilla\Firefox\Profiles\onsugnew.default -> user_pref("keyword.URL", true);

FF Extension: (Adblock Plus Pop-up Addon) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\onsugnew.default\Extensions\adblockpopups@jessehakanen.net.xpi [2016-04-27]

FF Extension: (Add to Amazon Wish List Button) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\onsugnew.default\Extensions\amznUWL2@amazon.com.xpi [2016-06-05]

FF Extension: (Ghostery) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\onsugnew.default\Extensions\firefox@ghostery.com.xpi [2017-03-03]

FF Extension: (YouTube™ Enhancer Plus) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\onsugnew.default\Extensions\firefoxaddon@youtubeenhancer.com.xpi [2016-12-26]

FF Extension: (FlashStopper) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\onsugnew.default\Extensions\flashstopper@byo.co.il.xpi [2017-03-09]

FF Extension: (FoxyProxy Standard) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\onsugnew.default\Extensions\foxyproxy@eric.h.jung [2017-01-29]

FF Extension: (Webmail Ad Blocker) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\onsugnew.default\Extensions\gmailnoads@mywebber.com.xpi [2017-03-03]

FF Extension: (Image and Flash Blocker) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\onsugnew.default\Extensions\imgflashblocker@shimon.chohen.xpi [2016-04-27]

FF Extension: (Netflix Plus) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\onsugnew.default\Extensions\jid0-thbzZj1IIKe4A7ggnuyqMnmaa5U@jetpack.xpi [2017-03-03]

FF Extension: (Location Guard) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\onsugnew.default\Extensions\jid1-HdwPLukcGQeOSh@jetpack.xpi [2016-10-09]

FF Extension: (YouTube™ Downloader Plus) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\onsugnew.default\Extensions\jid1-HfCj61J5q2gaGQ@jetpack.xpi [2015-12-13]

FF Extension: (Link Alert) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\onsugnew.default\Extensions\linkalert.conlan@addons.mozilla.com [2017-03-30]

FF Extension: (Outlook Web App Notifications) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\onsugnew.default\Extensions\owa_notifications@mihai-chezan.github.com.xpi [2016-10-06]

FF Extension: (YouTube Plus) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\onsugnew.default\Extensions\particle@particlecore.github.io.xpi [2017-04-25]

FF Extension: (Status-4-Evar) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\onsugnew.default\Extensions\status4evar@caligonstudios.com.xpi [2017-03-03]

FF Extension: (LastPass) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\onsugnew.default\Extensions\support@lastpass.com [2017-03-30]

FF Extension: (TinyURL Generator) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\onsugnew.default\Extensions\tinyurl.addon@fast-chat.co.uk.xpi [2016-04-27]

FF Extension: (Google Translator for Firefox) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\onsugnew.default\Extensions\translator@zoli.bod.xpi [2017-02-02]

FF Extension: (UnPlug) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\onsugnew.default\Extensions\unplug@compunach.xpi [2015-12-22]

FF Extension: (View as text) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\onsugnew.default\Extensions\viewastext@john.tyree.xpi [2016-04-27]

FF Extension: (1-Click YouTube Video Downloader) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\onsugnew.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2016-08-29]

FF Extension: (Forecastfox) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\onsugnew.default\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2016-04-27]

FF Extension: (Clean Links) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\onsugnew.default\Extensions\{158d7cb3-7039-4a75-8e0b-3bd0a464edd2}.xpi [2017-03-26]

FF Extension: (Webutation) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\onsugnew.default\Extensions\{15fe27f3-e5ab-2d59-4c5c-dadc7945bdbd}.xpi [2016-04-27]

FF Extension: (LinkChecker) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\onsugnew.default\Extensions\{49f3fc85-dcfe-4e42-9301-226ebe658509}.xpi [2017-03-30]

FF Extension: (Print Hint) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\onsugnew.default\Extensions\{4ca88e02-7bbb-43fe-ae41-5103893fa10c}.xpi [2016-04-27]

FF Extension: (Updated Ad Blocker for Firefox 11+) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\onsugnew.default\Extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi [2016-04-29]

FF Extension: (EPUBReader) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\onsugnew.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2017-02-18]

FF Extension: (NoScript) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\onsugnew.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-04-25]

FF Extension: (Adblock Plus) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\onsugnew.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24]

FF Extension: (Clean Video) - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\onsugnew.default\Extensions\{d62bb6fa-7192-47fd-b640-ad8855c444f3}.xpi [2016-04-29]

FF ProfilePath: C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\d3uqaxat.default-1483528431884 [2017-04-30]

FF Extension: (No Name) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-06-16] [not signed]

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-11] ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-11] ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-02-01] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-02-01] (Intel Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npLegitCheckPlugin.dll [2009-06-25] (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2008-10-24] (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)

StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:

=======

CHR Profile: C:\Users\Trevor\AppData\Local\Google\Chrome\User Data\Default [2017-04-15]

CHR Extension: (Google Slides) - C:\Users\Trevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-28]

CHR Extension: (Google Docs) - C:\Users\Trevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-28]

CHR Extension: (Google Drive) - C:\Users\Trevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-28]

CHR Extension: (YouTube) - C:\Users\Trevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-28]

CHR Extension: (Google Sheets) - C:\Users\Trevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-28]

CHR Extension: (Google Docs Offline) - C:\Users\Trevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-28]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Trevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-28]

CHR Extension: (Gmail) - C:\Users\Trevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-28]

CHR Extension: (Chrome Media Router) - C:\Users\Trevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-28]

CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx

CHR HKU\S-1-5-21-1178657114-3178268977-3299830424-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx

Opera:

=======

OPR Extension: (LastPass) - C:\Users\Trevor\AppData\Roaming\Opera Software\Opera Stable\Extensions\hnjalnkldgigidggphhmacmimbdlafdo [2013-10-27]

OPR Extension: (Adblock Plus) - C:\Users\Trevor\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2013-10-27]

Polterdog · May 1, 2017

Here is the second part of the FRST log:

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-02-09] (SUPERAntiSpyware.com)

S2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L)

S4 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2012-07-17] (Creative Labs) [File not signed]

S4 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-07-17] (Creative Labs) [File not signed]

R2 CTAudSvcService; c:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2011-10-19] (Creative Technology Ltd) [File not signed]

R2 CtHdaSvc; C:\WINDOWS\sysWow64\CtHdaSvc.exe [133640 2015-06-12] (Creative Technology Ltd)

S2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-12-13] (Dell Inc.)

S2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-12-13] (Dell Inc.)

S3 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [284224 2016-11-03] (GOG.com)

S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6581824 2016-11-03] (GOG.com)

S2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [4393424 2017-03-21] (SecureMix LLC)

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]

R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-01] (Intel Corporation)

R2 LDrvSvc; C:\Program Files (x86)\OSTotoSoft\DriverTalent\LDrvSvc.dll [181928 2017-01-20] ()

R2 LicCtrlService; C:\Windows\runservice.exe [2560 2013-03-28] () [File not signed]

R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-29] (IObit)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)

S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2141192 2016-09-29] (Electronic Arts)

S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2206224 2016-09-29] (Electronic Arts)

R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [32728 2017-04-13] (Dell Inc.)

R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [263264 2017-02-24] (Synaptics Incorporated)

R2 TechSmith Uploader Service; C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3661096 2015-09-14] (TechSmith Corporation)

R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2017-03-28] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2017-03-28] (Microsoft Corporation)

S2 WinPrivacySvc; C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe [478944 2017-01-31] (WinPatrol)

S2 WPWDSvc; C:\Program Files\Ruiware\WinPrivacy\WPWDSvc.exe [420576 2017-01-31] (WinPatrol)

R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14522512 2017-04-03] (Copyright 2017.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cthda; C:\WINDOWS\system32\drivers\cthda.sys [1075496 2015-06-12] (Creative Technology Ltd)

S3 CySmb; C:\WINDOWS\System32\drivers\cysmb.sys [10752 2016-09-11] (Cypress Semiconductor, Inc.)

R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32352 2016-10-13] (Dell Inc.)

R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)

R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [19440 2015-05-08] (OSR Open Systems Resources, Inc.)

R0 gfibto; C:\WINDOWS\System32\drivers\gfibto.sys [14456 2013-07-03] (GFI Software)

R1 gwdrv; C:\WINDOWS\system32\DRIVERS\gwdrv.sys [33152 2015-05-29] (SecureMix LLC)

R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-07-14] (REALiX(tm))

R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [140672 2016-03-10] (Malwarebytes)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)

R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2017-05-01] (Malwarebytes)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)

S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()

R3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew01.sys [3354384 2016-09-11] (Intel Corporation)

R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvdmwu.inf_amd64_26aa6356770b2e86\nvlddmkm.sys [13754936 2016-09-12] (NVIDIA Corporation)

S3 ptun0901; C:\WINDOWS\System32\DRIVERS\ptun0901.sys [27136 2015-01-26] (The OpenVPN Project)

R4 rwpvcy; C:\WINDOWS\System32\drivers\rwpvcy.sys [49944 2015-09-10] (Ruiware, LLC)

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R3 ST_ACCEL; C:\WINDOWS\system32\DRIVERS\ST_ACCEL.sys [67184 2012-01-03] (STMicroelectronics)

S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)

R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)

R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)

R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-04-18] (Zemana Ltd.)

R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-04-18] (Zemana Ltd.)

U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-01 05:28 - 2017-05-01 05:28 - 02428928 _____ (Farbar) C:\Users\Trevor\Desktop\FRST64(1).exe

2017-05-01 05:28 - 2017-05-01 05:28 - 00053923 _____ C:\Users\Trevor\Desktop\FRST.txt

2017-05-01 05:16 - 2017-05-01 05:16 - 00000000 ____D C:\Users\Trevor\Desktop\FRST-OlderVersion

2017-04-29 18:51 - 2017-04-29 18:51 - 00003580 _____ C:\WINDOWS\System32\Tasks\PCDEventLauncherTask

2017-04-28 21:21 - 2017-04-28 21:21 - 00003841 _____ C:\Users\Trevor\Desktop\AdwCleaner[C13].txt

2017-04-28 20:45 - 2017-04-28 20:45 - 00000000 ____D C:\Users\Trevor\AppData\Roaming\ProductData

2017-04-28 19:43 - 2017-04-28 19:43 - 00000087 _____ C:\Users\Trevor\Desktop\Techspot Post ADWCleaner Find.txt

2017-04-28 19:35 - 2017-04-28 20:49 - 00000000 ____D C:\Users\Trevor\AppData\Roaming\TechSmith

2017-04-28 19:35 - 2017-04-28 19:35 - 00000000 ____D C:\Users\Trevor\Documents\Snagit

2017-04-28 19:21 - 2017-04-28 19:21 - 00000000 ____D C:\Users\Trevor\AppData\Local\TechSmith

2017-04-28 19:21 - 2017-04-28 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith

2017-04-28 19:19 - 2017-04-28 19:19 - 00000000 ____D C:\ProgramData\TechSmith

2017-04-28 19:19 - 2017-04-28 19:19 - 00000000 ____D C:\Program Files (x86)\TechSmith

2017-04-28 18:57 - 2017-04-28 18:57 - 04102600 _____ C:\Users\Trevor\Desktop\adwcleaner_6.046.exe

2017-04-26 03:23 - 2017-04-28 19:08 - 106232264 _____ (TechSmith Corporation) C:\Users\Trevor\Desktop\snagit.exe

2017-04-24 05:00 - 2017-04-24 05:00 - 00000000 ____D C:\ProgramData\Dell

2017-04-23 07:16 - 2017-05-01 05:17 - 00000752 _____ C:\Users\Trevor\Desktop\Techspot Post.txt

2017-04-23 07:08 - 2017-05-01 05:28 - 00000000 ____D C:\FRST

2017-04-23 03:35 - 2017-05-01 05:16 - 02428928 _____ (Farbar) C:\Users\Trevor\Desktop\FRST64.exe

2017-04-23 03:12 - 2017-04-23 03:12 - 00000000 ____D C:\Users\Trevor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell

2017-04-23 03:10 - 2017-04-23 03:32 - 00000000 ____D C:\Users\Trevor\AppData\Local\Deployment

2017-04-23 00:37 - 2017-04-23 00:39 - 35331712 _____ (Adlice Software ) C:\Users\Trevor\Desktop\setup.exe

2017-04-19 20:07 - 2017-04-19 20:08 - 00000000 ____D C:\ProgramData\SupportAssistAgent

2017-04-18 10:26 - 2017-05-01 05:28 - 17887808 _____ C:\WINDOWS\ZAM_Guard.krnl.trace

2017-04-18 10:26 - 2017-05-01 05:28 - 03638142 _____ C:\WINDOWS\ZAM.krnl.trace

2017-04-18 10:26 - 2017-04-18 10:26 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys

2017-04-18 10:26 - 2017-04-18 10:26 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys

2017-04-18 10:26 - 2017-04-18 10:26 - 00001223 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk

2017-04-18 10:26 - 2017-04-18 10:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware

2017-04-18 10:26 - 2017-04-18 10:26 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware

2017-04-18 10:25 - 2017-04-18 10:25 - 00000000 ____D C:\Users\Trevor\AppData\Local\Zemana

2017-04-18 08:23 - 2017-04-18 10:25 - 05774688 _____ (Zemana Ltd. ) C:\Users\Trevor\Desktop\Zemana.AntiMalware.Setup.exe

2017-04-18 07:35 - 2017-04-18 07:35 - 00046001 _____ C:\Users\Trevor\Desktop\The Cat in Latex - Celebrities & Fan Fiction - Literotica.com.htm

2017-04-18 07:35 - 2017-04-18 07:35 - 00000000 ____D C:\Users\Trevor\Desktop\The Cat in Latex - Celebrities & Fan Fiction - Literotica.com_files

2017-04-18 00:10 - 2017-04-18 00:10 - 00001076 _____ C:\Users\Public\Desktop\WinPrivacy Explorer.lnk

2017-04-18 00:10 - 2017-04-18 00:10 - 00000000 ____D C:\Users\Trevor\AppData\Local\WinPatrol

2017-04-18 00:10 - 2017-04-18 00:10 - 00000000 ____D C:\ProgramData\WinPatrol

2017-04-18 00:10 - 2017-04-18 00:10 - 00000000 ____D C:\Program Files\WinPatrol

2017-04-18 00:10 - 2017-04-18 00:10 - 00000000 ____D C:\Program Files\Ruiware

2017-04-18 00:10 - 2015-09-10 17:35 - 00049944 _____ (Ruiware, LLC) C:\WINDOWS\system32\Drivers\rwpvcy.sys

2017-04-17 20:37 - 2017-04-18 00:09 - 25272296 _____ (WinPatrol) C:\Users\Trevor\Desktop\winpatrolfirewall-setup.exe

2017-04-17 19:50 - 2017-03-30 10:35 - 00452569 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170417-195021.backup

2017-04-17 19:22 - 2017-04-17 19:23 - 00110080 _____ (Thomas Hoen - T-Tools) C:\Users\Trevor\Desktop\BitRemover.exe

2017-04-17 19:11 - 2017-04-17 19:11 - 00001976 _____ C:\Users\Public\Desktop\GlassWire.lnk

2017-04-17 19:11 - 2017-04-17 19:11 - 00000000 ____D C:\Users\Trevor\AppData\Local\GlassWire

2017-04-17 19:11 - 2017-04-17 19:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GlassWire

2017-04-17 19:11 - 2017-04-17 19:11 - 00000000 ____D C:\ProgramData\GlassWire

2017-04-17 19:11 - 2015-05-29 00:30 - 00008392 _____ C:\WINDOWS\system32\Drivers\gwdrv.cat

2017-04-17 19:11 - 2015-05-29 00:15 - 00033152 _____ (SecureMix LLC) C:\WINDOWS\system32\Drivers\gwdrv.sys

2017-04-17 19:10 - 2017-04-17 19:11 - 00000000 ____D C:\Program Files (x86)\GlassWire

2017-04-17 19:07 - 2017-04-18 00:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol

2017-04-17 19:07 - 2017-04-18 00:10 - 00000000 ____D C:\ProgramData\InstallMate

2017-04-17 19:07 - 2017-04-17 19:08 - 00000000 ____D C:\Users\Trevor\AppData\Roaming\WinPatrol

2017-04-17 19:07 - 2017-04-17 19:07 - 00000000 ____D C:\Program Files (x86)\Ruiware

2017-04-17 04:51 - 2017-04-17 04:52 - 24128280 _____ (Yamicsoft) C:\Users\Trevor\Desktop\windows10manager.exe

2017-04-15 03:45 - 2017-04-15 03:45 - 00000000 ____D C:\ProgramData\F-Secure

2017-04-14 19:45 - 2017-04-14 19:47 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Trevor\Desktop\rkill.exe

2017-04-14 19:01 - 2017-04-14 19:01 - 00000024 _____ C:\ProgramData\serverclasscache.ini

2017-04-14 18:58 - 2017-04-14 19:03 - 00000000 ____D C:\ProgramData\DriverTalent

2017-04-14 18:57 - 2017-04-14 18:58 - 00000000 ____D C:\OSTotoFolder

2017-04-14 18:57 - 2017-04-14 18:57 - 00001279 _____ C:\Users\Public\Desktop\Driver Talent.lnk

2017-04-14 18:57 - 2017-04-14 18:57 - 00000000 ____D C:\Users\Trevor\AppData\Roaming\DriverTalent

2017-04-14 18:57 - 2017-04-14 18:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Talent

2017-04-14 18:56 - 2017-04-14 18:56 - 00000000 ____D C:\Program Files (x86)\OSTotoSoft

2017-04-14 08:54 - 2017-04-14 08:54 - 00000000 ____D C:\Users\Trevor\AppData\Local\UNP

2017-04-14 08:47 - 2017-04-14 08:47 - 00001258 _____ C:\Users\Trevor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update and Privacy Settings.lnk

2017-04-14 06:59 - 2017-04-14 07:00 - 00000000 ____D C:\Program Files\UNP

2017-04-14 06:59 - 2017-04-14 06:59 - 00000000 ____D C:\WINDOWS\system32\UNP

2017-04-13 10:11 - 2017-03-28 01:37 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp

2017-04-13 10:11 - 2017-03-28 01:34 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll

2017-04-13 10:11 - 2017-03-28 01:30 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebcamUi.dll

2017-04-13 10:11 - 2017-03-28 01:18 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll

2017-04-13 10:11 - 2017-03-28 01:14 - 07468544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll

2017-04-13 10:11 - 2017-03-28 01:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RADCUI.dll

2017-04-13 10:10 - 2017-03-28 02:07 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll

2017-04-13 10:10 - 2017-03-28 02:04 - 02262776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2017-04-13 10:10 - 2017-03-28 01:59 - 06667520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll

2017-04-13 10:10 - 2017-03-28 01:52 - 00306800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll

2017-04-13 10:10 - 2017-03-28 01:48 - 05685760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll

2017-04-13 10:10 - 2017-03-28 01:37 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apds.dll

2017-04-13 10:10 - 2017-03-28 01:36 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ipsecsnp.dll

2017-04-13 10:10 - 2017-03-28 01:36 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinRtTracing.dll

2017-04-13 10:10 - 2017-03-28 01:36 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll

2017-04-13 10:10 - 2017-03-28 01:36 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.UserDeviceAssociation.dll

2017-04-13 10:10 - 2017-03-28 01:35 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll

2017-04-13 10:10 - 2017-03-28 01:35 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.XboxLive.Storage.dll

2017-04-13 10:10 - 2017-03-28 01:35 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll

2017-04-13 10:10 - 2017-03-28 01:34 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll

2017-04-13 10:10 - 2017-03-28 01:33 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ipsmsnap.dll

2017-04-13 10:10 - 2017-03-28 01:32 - 01243136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.FaceAnalysis.dll

2017-04-13 10:10 - 2017-03-28 01:32 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll

2017-04-13 10:10 - 2017-03-28 01:30 - 00819200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll

2017-04-13 10:10 - 2017-03-28 01:30 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NaturalLanguage6.dll

2017-04-13 10:10 - 2017-03-28 01:30 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll

2017-04-13 10:10 - 2017-03-28 01:29 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Ocr.dll

2017-04-13 10:10 - 2017-03-28 01:29 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll

2017-04-13 10:10 - 2017-03-28 01:29 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll

2017-04-13 10:10 - 2017-03-28 01:22 - 00516096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll

2017-04-13 10:10 - 2017-03-28 01:17 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll

2017-04-13 10:10 - 2017-03-28 01:13 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Perception.dll

2017-04-13 10:10 - 2017-03-28 01:13 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll

2017-04-13 10:10 - 2017-03-28 01:13 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll

2017-04-13 10:10 - 2017-03-28 01:12 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll

2017-04-13 10:10 - 2017-03-28 01:12 - 02026496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl

2017-04-13 10:10 - 2017-03-28 01:12 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

2017-04-13 10:10 - 2017-03-28 01:11 - 01600000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2017-04-13 10:10 - 2017-03-28 01:10 - 02483200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2017-04-13 10:09 - 2017-03-28 02:21 - 00167848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll

2017-04-13 10:09 - 2017-03-28 02:19 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll

2017-04-13 10:09 - 2017-03-28 02:05 - 01504056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll

2017-04-13 10:09 - 2017-03-28 02:04 - 05721808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll

2017-04-13 10:09 - 2017-03-28 02:04 - 01431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll

2017-04-13 10:09 - 2017-03-28 02:04 - 00975744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll

2017-04-13 10:09 - 2017-03-28 02:04 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll

2017-04-13 10:09 - 2017-03-28 02:02 - 01980768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll

2017-04-13 10:09 - 2017-03-28 01:59 - 04023008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll

2017-04-13 10:09 - 2017-03-28 01:58 - 20967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll

2017-04-13 10:09 - 2017-03-28 01:58 - 01851688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll

2017-04-13 10:09 - 2017-03-28 01:58 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll

2017-04-13 10:09 - 2017-03-28 01:58 - 01344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll

2017-04-13 10:09 - 2017-03-28 01:58 - 01277856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll

2017-04-13 10:09 - 2017-03-28 01:58 - 01202936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll

2017-04-13 10:09 - 2017-03-28 01:58 - 00981888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll

2017-04-13 10:09 - 2017-03-28 01:42 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll

2017-04-13 10:09 - 2017-03-28 01:42 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll

2017-04-13 10:09 - 2017-03-28 01:41 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll

2017-04-13 10:09 - 2017-03-28 01:40 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll

2017-04-13 10:09 - 2017-03-28 01:40 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll

2017-04-13 10:09 - 2017-03-28 01:39 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll

2017-04-13 10:09 - 2017-03-28 01:38 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll

2017-04-13 10:09 - 2017-03-28 01:38 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll

2017-04-13 10:09 - 2017-03-28 01:38 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll

2017-04-13 10:09 - 2017-03-28 01:37 - 00177664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll

2017-04-13 10:09 - 2017-03-28 01:37 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll

2017-04-13 10:09 - 2017-03-28 01:37 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.SystemManagement.dll

2017-04-13 10:09 - 2017-03-28 01:36 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll

2017-04-13 10:09 - 2017-03-28 01:35 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe

2017-04-13 10:09 - 2017-03-28 01:35 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll

2017-04-13 10:09 - 2017-03-28 01:34 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll

2017-04-13 10:09 - 2017-03-28 01:34 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBroker.dll

2017-04-13 10:09 - 2017-03-28 01:33 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Import.dll

2017-04-13 10:09 - 2017-03-28 01:33 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll

2017-04-13 10:09 - 2017-03-28 01:33 - 00265728 _____ C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll

2017-04-13 10:09 - 2017-03-28 01:32 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll

2017-04-13 10:09 - 2017-03-28 01:32 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll

2017-04-13 10:09 - 2017-03-28 01:32 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe

2017-04-13 10:09 - 2017-03-28 01:32 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WwaApi.dll

2017-04-13 10:09 - 2017-03-28 01:32 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vaultcli.dll

2017-04-13 10:09 - 2017-03-28 01:32 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll

2017-04-13 10:09 - 2017-03-28 01:32 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll

2017-04-13 10:09 - 2017-03-28 01:31 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll

2017-04-13 10:09 - 2017-03-28 01:31 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mbsmsapi.dll

2017-04-13 10:09 - 2017-03-28 01:31 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll

2017-04-13 10:09 - 2017-03-28 01:30 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sbe.dll

2017-04-13 10:09 - 2017-03-28 01:30 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll

2017-04-13 10:09 - 2017-03-28 01:29 - 00238080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll

2017-04-13 10:09 - 2017-03-28 01:28 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll

2017-04-13 10:09 - 2017-03-28 01:28 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll

2017-04-13 10:09 - 2017-03-28 01:28 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll

2017-04-13 10:09 - 2017-03-28 01:28 - 00500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll

2017-04-13 10:09 - 2017-03-28 01:26 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll

2017-04-13 10:09 - 2017-03-28 01:26 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll

2017-04-13 10:09 - 2017-03-28 01:25 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll

2017-04-13 10:09 - 2017-03-28 01:25 - 01196544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl

2017-04-13 10:09 - 2017-03-28 01:24 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe

2017-04-13 10:09 - 2017-03-28 01:24 - 04614656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll

2017-04-13 10:09 - 2017-03-28 01:24 - 00675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll

2017-04-13 10:09 - 2017-03-28 01:23 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll

2017-04-13 10:09 - 2017-03-28 01:23 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll

2017-04-13 10:09 - 2017-03-28 01:22 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTMediaFrame.dll

2017-04-13 10:09 - 2017-03-28 01:21 - 01077760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll

2017-04-13 10:09 - 2017-03-28 01:20 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll

2017-04-13 10:09 - 2017-03-28 01:20 - 00795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MiracastReceiver.dll

2017-04-13 10:09 - 2017-03-28 01:20 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll

2017-04-13 10:09 - 2017-03-28 01:19 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll

2017-04-13 10:09 - 2017-03-28 01:19 - 00343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll

2017-04-13 10:09 - 2017-03-28 01:17 - 06109696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll

2017-04-13 10:09 - 2017-03-28 01:17 - 00895488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll

2017-04-13 10:09 - 2017-03-28 01:17 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToReceiver.dll

2017-04-13 10:09 - 2017-03-28 01:16 - 01221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll

2017-04-13 10:09 - 2017-03-28 01:14 - 03520512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe

2017-04-13 10:09 - 2017-03-28 01:14 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll

2017-04-13 10:09 - 2017-03-28 01:14 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll

2017-04-13 10:09 - 2017-03-28 01:14 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll

2017-04-13 10:09 - 2017-03-28 01:13 - 06045184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll

2017-04-13 10:09 - 2017-03-28 01:13 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll

2017-04-13 10:09 - 2017-03-28 01:12 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll

2017-04-13 10:09 - 2017-03-28 01:12 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll

2017-04-13 10:09 - 2017-03-28 01:12 - 00862208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll

2017-04-13 10:09 - 2017-03-28 01:12 - 00827904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll

2017-04-13 10:09 - 2017-03-28 01:12 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll

2017-04-13 10:09 - 2017-03-28 01:12 - 00654336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll

2017-04-13 10:09 - 2017-03-28 01:12 - 00620544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll

2017-04-13 10:09 - 2017-03-28 01:12 - 00598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll

2017-04-13 10:09 - 2017-03-28 01:12 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll

2017-04-13 10:09 - 2017-03-28 01:11 - 02994176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys

2017-04-13 10:09 - 2017-03-28 01:11 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll

2017-04-13 10:09 - 2017-03-28 01:11 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll

2017-04-13 10:09 - 2017-03-28 01:11 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll

2017-04-13 10:09 - 2017-03-28 01:09 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe

2017-04-13 10:09 - 2017-03-28 01:08 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll

2017-04-13 10:08 - 2017-03-28 03:10 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll

2017-04-13 10:08 - 2017-03-28 03:10 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll

2017-04-13 10:08 - 2017-03-28 02:18 - 01705976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll

2017-04-13 10:08 - 2017-03-28 02:15 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll

2017-04-13 10:08 - 2017-03-28 02:04 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll

2017-04-13 10:08 - 2017-03-28 02:04 - 00116568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll

2017-04-13 10:08 - 2017-03-28 02:02 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll

2017-04-13 10:08 - 2017-03-28 02:02 - 00576408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll

2017-04-13 10:08 - 2017-03-28 01:58 - 00961192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll

2017-04-13 10:08 - 2017-03-28 01:53 - 01414728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll

2017-04-13 10:08 - 2017-03-28 01:53 - 00545944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe

2017-04-13 10:08 - 2017-03-28 01:40 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll

2017-04-13 10:08 - 2017-03-28 01:39 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Radios.dll

2017-04-13 10:08 - 2017-03-28 01:38 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll

2017-04-13 10:08 - 2017-03-28 01:37 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll

2017-04-13 10:08 - 2017-03-28 01:36 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SerialCommunication.dll

2017-04-13 10:08 - 2017-03-28 01:35 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe

2017-04-13 10:08 - 2017-03-28 01:35 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.LowLevel.dll

2017-04-13 10:08 - 2017-03-28 01:35 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll

2017-04-13 10:08 - 2017-03-28 01:35 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll

2017-04-13 10:08 - 2017-03-28 01:35 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll

2017-04-13 10:08 - 2017-03-28 01:35 - 00113152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Lights.dll

2017-04-13 10:08 - 2017-03-28 01:33 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll

2017-04-13 10:08 - 2017-03-28 01:33 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll

2017-04-13 10:08 - 2017-03-28 01:33 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll

2017-04-13 10:08 - 2017-03-28 01:32 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll

2017-04-13 10:08 - 2017-03-28 01:32 - 00386048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll

2017-04-13 10:08 - 2017-03-28 01:32 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll

2017-04-13 10:08 - 2017-03-28 01:32 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll

2017-04-13 10:08 - 2017-03-28 01:32 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll

2017-04-13 10:08 - 2017-03-28 01:32 - 00271360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll

2017-04-13 10:08 - 2017-03-28 01:32 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll

2017-04-13 10:08 - 2017-03-28 01:32 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll

2017-04-13 10:08 - 2017-03-28 01:31 - 00390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll

2017-04-13 10:08 - 2017-03-28 01:31 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll

2017-04-13 10:08 - 2017-03-28 01:30 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll

2017-04-13 10:08 - 2017-03-28 01:29 - 00314368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll

2017-04-13 10:08 - 2017-03-28 01:27 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CryptoWinRT.dll

2017-04-13 10:08 - 2017-03-28 01:26 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll

2017-04-13 10:08 - 2017-03-28 01:25 - 18364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll

2017-04-13 10:08 - 2017-03-28 01:25 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll

2017-04-13 10:08 - 2017-03-28 01:24 - 19416576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2017-04-13 10:08 - 2017-03-28 01:24 - 00901120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll

2017-04-13 10:08 - 2017-03-28 01:23 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll

2017-04-13 10:08 - 2017-03-28 01:23 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll

2017-04-13 10:08 - 2017-03-28 01:23 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll

2017-04-13 10:08 - 2017-03-28 01:22 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll

2017-04-13 10:08 - 2017-03-28 01:19 - 00746496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll

2017-04-13 10:08 - 2017-03-28 01:19 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll

2017-04-13 10:08 - 2017-03-28 01:19 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dialclient.dll

2017-04-13 10:08 - 2017-03-28 01:18 - 12181504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2017-04-13 10:08 - 2017-03-28 01:16 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll

2017-04-13 10:08 - 2017-03-28 01:16 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll

2017-04-13 10:08 - 2017-03-28 01:15 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll

2017-04-13 10:08 - 2017-03-28 01:14 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Geolocation.dll

2017-04-13 10:08 - 2017-03-28 01:13 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll

2017-04-13 10:08 - 2017-03-28 01:12 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll

2017-04-13 10:08 - 2017-03-28 01:12 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll

2017-04-13 10:08 - 2017-03-28 01:11 - 01576448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll

2017-04-13 10:08 - 2017-03-28 01:08 - 01564160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll

2017-04-13 10:08 - 2017-03-28 00:48 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll

2017-04-13 10:08 - 2017-03-16 00:38 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CompPkgSup.dll

2017-04-13 09:51 - 2017-03-28 02:12 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll

2017-04-13 09:51 - 2017-03-28 01:36 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll

2017-04-13 09:51 - 2017-03-28 01:33 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.XboxLive.Storage.dll

2017-04-13 09:51 - 2017-03-28 01:33 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinRtTracing.dll

2017-04-13 09:51 - 2017-03-28 01:33 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll

2017-04-13 09:51 - 2017-03-28 01:33 - 00082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.UserDeviceAssociation.dll

2017-04-13 09:51 - 2017-03-28 01:31 - 00547840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Input.dll

2017-04-13 09:51 - 2017-03-28 01:14 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll

2017-04-13 09:51 - 2017-03-28 01:14 - 01080320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Ocr.dll

2017-04-13 09:51 - 2017-03-28 01:10 - 02424320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Perception.dll

2017-04-13 09:50 - 2017-03-28 02:05 - 08168512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll

2017-04-13 09:50 - 2017-03-28 01:33 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Core.dll

2017-04-13 09:50 - 2017-03-28 01:28 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll

2017-04-13 09:50 - 2017-03-28 01:27 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll

2017-04-13 09:49 - 2017-03-28 02:11 - 01738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll

2017-04-13 09:49 - 2017-03-28 01:37 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManagerProxy.dll

2017-04-13 09:49 - 2017-03-28 01:36 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll

2017-04-13 09:49 - 2017-03-28 01:36 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll

2017-04-13 09:49 - 2017-03-28 01:35 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe

2017-04-13 09:49 - 2017-03-28 01:34 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp

2017-04-13 09:49 - 2017-03-28 01:34 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll

2017-04-13 09:49 - 2017-03-28 01:33 - 00196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll

2017-04-13 09:49 - 2017-03-28 01:33 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll

2017-04-13 09:49 - 2017-03-28 01:31 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe

2017-04-13 09:49 - 2017-03-28 01:30 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll

2017-04-13 09:49 - 2017-03-28 01:29 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe

2017-04-13 09:49 - 2017-03-28 01:29 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll

2017-04-13 09:49 - 2017-03-28 01:29 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll

2017-04-13 09:49 - 2017-03-28 01:28 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll

2017-04-13 09:49 - 2017-03-28 01:28 - 00551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll

2017-04-13 09:49 - 2017-03-28 01:27 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll

2017-04-13 09:49 - 2017-03-28 01:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwaApi.dll

2017-04-13 09:49 - 2017-03-28 01:27 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll

2017-04-13 09:49 - 2017-03-28 01:26 - 00642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll

2017-04-13 09:49 - 2017-03-28 01:25 - 00963584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebcamUi.dll

2017-04-13 09:49 - 2017-03-28 01:25 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe

2017-04-13 09:49 - 2017-03-28 01:23 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManMigrationPlugin.dll

2017-04-13 09:49 - 2017-03-28 01:16 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll

2017-04-13 09:49 - 2017-03-28 01:14 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll

2017-04-13 09:49 - 2017-03-28 01:13 - 04596224 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe

2017-04-13 09:49 - 2017-03-28 01:13 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll

2017-04-13 09:49 - 2017-03-28 01:11 - 02914816 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll

2017-04-13 09:49 - 2017-03-28 01:10 - 02316288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll

2017-04-13 09:49 - 2017-03-28 01:10 - 01424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll

2017-04-13 09:49 - 2017-03-28 01:10 - 01266176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll

2017-04-13 09:49 - 2017-03-28 01:10 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll

2017-04-13 09:49 - 2017-03-28 01:10 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll

2017-04-13 09:49 - 2017-03-28 01:09 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys

2017-04-13 09:49 - 2017-03-28 01:09 - 01369088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll

2017-04-13 09:49 - 2017-03-28 01:09 - 01328640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll

2017-04-13 09:49 - 2017-03-28 01:08 - 03612672 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys

2017-04-13 09:49 - 2017-03-28 01:07 - 00908800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll

2017-04-13 09:48 - 2017-03-28 02:32 - 00198856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll

2017-04-13 09:48 - 2017-03-28 02:26 - 00218520 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe

2017-04-13 09:48 - 2017-03-28 02:11 - 01860288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll

2017-04-13 09:48 - 2017-03-28 02:11 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe

2017-04-13 09:48 - 2017-03-28 02:10 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll

2017-04-13 09:48 - 2017-03-28 02:10 - 01157008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll

Polterdog · May 1, 2017

And the third:

2017-04-13 09:48 - 2017-03-28 02:09 - 00097128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Credentials.UI.CredentialPicker.dll

2017-04-13 09:48 - 2017-03-28 02:06 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll

2017-04-13 09:48 - 2017-03-28 02:05 - 22221368 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll

2017-04-13 09:48 - 2017-03-28 02:04 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll

2017-04-13 09:48 - 2017-03-28 01:59 - 02533728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys

2017-04-13 09:48 - 2017-03-28 01:41 - 00372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll

2017-04-13 09:48 - 2017-03-28 01:38 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll

2017-04-13 09:48 - 2017-03-28 01:37 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll

2017-04-13 09:48 - 2017-03-28 01:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpRelayTransport.dll

2017-04-13 09:48 - 2017-03-28 01:35 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe

2017-04-13 09:48 - 2017-03-28 01:35 - 00156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.Client.dll

2017-04-13 09:48 - 2017-03-28 01:35 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.SystemManagement.dll

2017-04-13 09:48 - 2017-03-28 01:34 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.SyncEngine.dll

2017-04-13 09:48 - 2017-03-28 01:34 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_ClosedCaptioning.dll

2017-04-13 09:48 - 2017-03-28 01:32 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll

2017-04-13 09:48 - 2017-03-28 01:31 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll

2017-04-13 09:48 - 2017-03-28 01:31 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll

2017-04-13 09:48 - 2017-03-28 01:31 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll

2017-04-13 09:48 - 2017-03-28 01:30 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll

2017-04-13 09:48 - 2017-03-28 01:29 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll

2017-04-13 09:48 - 2017-03-28 01:29 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll

2017-04-13 09:48 - 2017-03-28 01:29 - 00293888 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll

2017-04-13 09:48 - 2017-03-28 01:29 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll

2017-04-13 09:48 - 2017-03-28 01:28 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll

2017-04-13 09:48 - 2017-03-28 01:27 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll

2017-04-13 09:48 - 2017-03-28 01:26 - 01145344 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll

2017-04-13 09:48 - 2017-03-28 01:26 - 00549376 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll

2017-04-13 09:48 - 2017-03-28 01:25 - 00966144 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbe.dll

2017-04-13 09:48 - 2017-03-28 01:24 - 06288384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll

2017-04-13 09:48 - 2017-03-28 01:24 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl

2017-04-13 09:48 - 2017-03-28 01:23 - 09130496 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll

2017-04-13 09:48 - 2017-03-28 01:23 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll

2017-04-13 09:48 - 2017-03-28 01:22 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll

2017-04-13 09:48 - 2017-03-28 01:21 - 01403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll

2017-04-13 09:48 - 2017-03-28 01:21 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll

2017-04-13 09:48 - 2017-03-28 01:18 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll

2017-04-13 09:48 - 2017-03-28 01:17 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll

2017-04-13 09:48 - 2017-03-28 01:15 - 02390016 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe

2017-04-13 09:48 - 2017-03-28 01:15 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll

2017-04-13 09:48 - 2017-03-28 01:14 - 08126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll

2017-04-13 09:48 - 2017-03-28 01:14 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll

2017-04-13 09:48 - 2017-03-28 01:13 - 01359872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll

2017-04-13 09:48 - 2017-03-28 01:11 - 01981440 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll

2017-04-13 09:48 - 2017-03-28 01:11 - 00765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll

2017-04-13 09:48 - 2017-03-28 01:10 - 08076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll

2017-04-13 09:48 - 2017-03-28 01:10 - 00875520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll

2017-04-13 09:48 - 2017-03-28 01:09 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll

2017-04-13 09:48 - 2017-03-28 01:09 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll

2017-04-13 09:48 - 2017-03-28 01:06 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll

2017-04-13 09:48 - 2017-03-28 01:06 - 00999424 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll

2017-04-13 09:47 - 2017-03-28 02:28 - 07786336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2017-04-13 09:47 - 2017-03-28 02:28 - 00773720 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll

2017-04-13 09:47 - 2017-03-28 02:20 - 01181024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys

2017-04-13 09:47 - 2017-03-28 01:34 - 00113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll

2017-04-13 09:47 - 2017-03-28 01:31 - 00418304 _____ C:\WINDOWS\system32\Windows.Perception.Stub.dll

2017-04-13 09:47 - 2017-03-28 01:31 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll

2017-04-13 09:47 - 2017-03-28 01:29 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll

2017-04-13 09:47 - 2017-03-28 01:29 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll

2017-04-13 09:47 - 2017-03-28 01:29 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll

2017-04-13 09:47 - 2017-03-28 01:28 - 00456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll

2017-04-13 09:47 - 2017-03-28 01:27 - 00645120 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll

2017-04-13 09:47 - 2017-03-28 01:19 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll

2017-04-13 09:47 - 2017-03-28 01:19 - 00442368 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll

2017-04-13 09:47 - 2017-03-28 01:18 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll

2017-04-13 09:47 - 2017-03-28 01:17 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll

2017-04-13 09:47 - 2017-03-28 01:15 - 00945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll

2017-04-13 09:47 - 2017-03-28 01:15 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll

2017-04-13 09:47 - 2017-03-28 01:14 - 00913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll

2017-04-13 09:47 - 2017-03-28 01:14 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll

2017-04-13 09:47 - 2017-03-28 01:13 - 01040896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalLanguage6.dll

2017-04-13 09:47 - 2017-03-28 01:13 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll

2017-04-13 09:47 - 2017-03-28 01:13 - 00611328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.dll

2017-04-13 09:47 - 2017-03-28 01:12 - 02208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll

2017-04-13 09:47 - 2017-03-28 01:09 - 01131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll

2017-04-13 09:47 - 2017-03-28 01:07 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll

2017-04-13 09:47 - 2017-03-28 01:06 - 00924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll

2017-04-13 09:46 - 2017-03-28 02:11 - 02187616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys

2017-04-13 09:46 - 2017-03-28 02:11 - 00402784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys

2017-04-13 09:46 - 2017-03-28 02:10 - 07220184 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll

2017-04-13 09:46 - 2017-03-28 02:09 - 02446704 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll

2017-04-13 09:46 - 2017-03-28 02:09 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys

2017-04-13 09:46 - 2017-03-28 02:05 - 04260576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll

2017-04-13 09:46 - 2017-03-28 02:05 - 01988048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll

2017-04-13 09:46 - 2017-03-28 02:05 - 01848584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll

2017-04-13 09:46 - 2017-03-28 02:05 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll

2017-04-13 09:46 - 2017-03-28 02:05 - 01302136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll

2017-04-13 09:46 - 2017-03-28 02:05 - 01072248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll

2017-04-13 09:46 - 2017-03-28 01:58 - 00387872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll

2017-04-13 09:46 - 2017-03-28 01:36 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll

2017-04-13 09:46 - 2017-03-28 01:29 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Import.dll

2017-04-13 09:46 - 2017-03-28 01:27 - 00671744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mbsmsapi.dll

2017-04-13 09:46 - 2017-03-28 01:27 - 00441856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll

2017-04-13 09:46 - 2017-03-28 01:26 - 00284160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll

2017-04-13 09:46 - 2017-03-28 01:21 - 03778048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll

2017-04-13 09:46 - 2017-03-28 01:20 - 01105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll

2017-04-13 09:46 - 2017-03-28 01:20 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll

2017-04-13 09:46 - 2017-03-28 01:19 - 07655424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll

2017-04-13 09:46 - 2017-03-28 01:18 - 01078784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll

2017-04-13 09:46 - 2017-03-28 01:16 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll

2017-04-13 09:46 - 2017-03-28 01:15 - 00937984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll

2017-04-13 09:46 - 2017-03-28 01:15 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll

2017-04-13 09:46 - 2017-03-28 01:15 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll

2017-04-13 09:46 - 2017-03-28 01:14 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll

2017-04-13 09:46 - 2017-03-28 01:12 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll

2017-04-13 09:45 - 2017-03-28 02:29 - 02213248 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll

2017-04-13 09:45 - 2017-03-28 02:10 - 02758648 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2017-04-13 09:45 - 2017-03-28 01:37 - 22568960 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll

2017-04-13 09:45 - 2017-03-28 01:31 - 00276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll

2017-04-13 09:45 - 2017-03-28 01:31 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

2017-04-13 09:45 - 2017-03-28 01:29 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll

2017-04-13 09:45 - 2017-03-28 01:29 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll

2017-04-13 09:45 - 2017-03-28 01:28 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll

2017-04-13 09:45 - 2017-03-28 01:27 - 00472064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll

2017-04-13 09:45 - 2017-03-28 01:25 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll

2017-04-13 09:45 - 2017-03-28 01:21 - 23681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2017-04-13 09:45 - 2017-03-28 01:17 - 13087232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2017-04-13 09:45 - 2017-03-28 01:13 - 00759296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2017-04-13 09:45 - 2017-03-28 01:10 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll

2017-04-13 09:45 - 2017-03-28 01:08 - 02895872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2017-04-13 09:44 - 2017-03-28 02:35 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll

2017-04-13 09:44 - 2017-03-28 02:09 - 00682816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll

2017-04-13 09:44 - 2017-03-28 02:00 - 01569184 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll

2017-04-13 09:44 - 2017-03-28 02:00 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe

2017-04-13 09:44 - 2017-03-28 01:36 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll

2017-04-13 09:44 - 2017-03-28 01:32 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll

2017-04-13 09:44 - 2017-03-28 01:28 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll

2017-04-13 09:44 - 2017-03-28 01:19 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll

2017-04-13 09:44 - 2017-03-28 01:15 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll

2017-04-13 09:44 - 2017-03-28 01:14 - 00975872 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe

2017-04-13 09:44 - 2017-03-28 01:13 - 02095616 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2017-04-13 09:44 - 2017-03-28 01:10 - 01783296 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2017-04-13 09:44 - 2017-03-28 01:10 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll

2017-04-13 09:44 - 2017-03-28 01:08 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll

2017-04-13 09:43 - 2017-03-28 02:36 - 01617760 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll

2017-04-13 09:43 - 2017-03-28 02:36 - 00142176 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll

2017-04-13 09:43 - 2017-03-28 02:26 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll

2017-04-13 09:43 - 2017-03-28 02:22 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll

2017-04-13 09:43 - 2017-03-28 02:08 - 01267504 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll

2017-04-13 09:43 - 2017-03-28 02:04 - 01276760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll

2017-04-13 09:43 - 2017-03-28 02:04 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll

2017-04-13 09:43 - 2017-03-28 02:04 - 00160088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll

2017-04-13 09:43 - 2017-03-28 01:44 - 07216640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll

2017-04-13 09:43 - 2017-03-28 01:37 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DdcWnsListener.dll

2017-04-13 09:43 - 2017-03-28 01:35 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll

2017-04-13 09:43 - 2017-03-28 01:35 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Printers.dll

2017-04-13 09:43 - 2017-03-28 01:34 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe

2017-04-13 09:43 - 2017-03-28 01:33 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFi.dll

2017-04-13 09:43 - 2017-03-28 01:33 - 00182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceDirectoryClient.dll

2017-04-13 09:43 - 2017-03-28 01:32 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Radios.dll

2017-04-13 09:43 - 2017-03-28 01:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.Phone.dll

2017-04-13 09:43 - 2017-03-28 01:31 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SerialCommunication.dll

2017-04-13 09:43 - 2017-03-28 01:31 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Lights.dll

2017-04-13 09:43 - 2017-03-28 01:30 - 00568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.LowLevel.dll

2017-04-13 09:43 - 2017-03-28 01:30 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll

2017-04-13 09:43 - 2017-03-28 01:30 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafpos.dll

2017-04-13 09:43 - 2017-03-28 01:29 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.dll

2017-04-13 09:43 - 2017-03-28 01:29 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll

2017-04-13 09:43 - 2017-03-28 01:28 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll

2017-04-13 09:43 - 2017-03-28 01:28 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Picker.dll

2017-04-13 09:43 - 2017-03-28 01:27 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.PointOfService.dll

2017-04-13 09:43 - 2017-03-28 01:26 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll

2017-04-13 09:43 - 2017-03-28 01:25 - 01010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll

2017-04-13 09:43 - 2017-03-28 01:21 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll

2017-04-13 09:43 - 2017-03-28 01:21 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CastLaunch.dll

2017-04-13 09:43 - 2017-03-28 01:17 - 05114368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll

2017-04-13 09:43 - 2017-03-28 01:13 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll

2017-04-13 09:43 - 2017-03-28 01:13 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll

2017-04-13 09:43 - 2017-03-28 01:12 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll

2017-04-13 09:43 - 2017-03-28 01:12 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll

2017-04-13 09:43 - 2017-03-28 01:11 - 01275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll

2017-04-13 09:43 - 2017-03-28 01:10 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll

2017-04-13 09:43 - 2017-03-28 01:07 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll

2017-04-13 09:43 - 2017-03-28 01:05 - 01633792 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll

2017-04-13 09:43 - 2017-03-16 00:47 - 00038768 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSup.dll

2017-04-13 09:42 - 2017-03-28 02:36 - 01294688 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll

2017-04-13 09:42 - 2017-03-28 02:36 - 00565088 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll

2017-04-13 09:42 - 2017-03-28 02:36 - 00343904 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll

2017-04-13 09:42 - 2017-03-28 01:58 - 00372440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll

2017-04-13 09:42 - 2017-03-28 01:31 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll

2017-04-13 09:42 - 2017-03-28 01:30 - 00692224 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll

2017-04-13 09:42 - 2017-03-28 01:30 - 00651264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll

2017-04-13 09:42 - 2017-03-28 01:29 - 00379904 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll

2017-04-13 09:42 - 2017-03-28 01:29 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll

2017-04-13 09:42 - 2017-03-28 01:28 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll

2017-04-13 09:42 - 2017-03-28 01:25 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll

2017-04-13 09:42 - 2017-03-28 01:24 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll

2017-04-13 09:42 - 2017-03-28 01:14 - 01692160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll

2017-04-13 09:42 - 2017-03-28 01:08 - 03542016 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll

2017-04-13 09:42 - 2017-03-18 12:50 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll

2017-04-13 09:42 - 2017-03-18 12:35 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll

2017-04-13 09:41 - 2017-03-28 02:20 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll

2017-04-13 09:41 - 2017-03-28 02:10 - 00178528 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll

2017-04-13 09:41 - 2017-03-28 02:10 - 00146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll

2017-04-13 09:41 - 2017-03-28 02:08 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe

2017-04-13 09:41 - 2017-03-28 02:08 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe

2017-04-13 09:41 - 2017-03-28 02:04 - 00277344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys

2017-04-13 09:41 - 2017-03-28 01:30 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll

2017-04-13 09:41 - 2017-03-28 01:26 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll

2017-04-13 09:41 - 2017-03-28 01:19 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll

2017-04-13 09:41 - 2017-03-28 01:16 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll

2017-04-13 09:41 - 2017-03-28 01:09 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll

2017-04-13 09:39 - 2017-03-28 01:37 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys

2017-04-13 09:39 - 2017-03-28 01:36 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicDisplay.sys

2017-04-13 07:09 - 2017-04-14 18:56 - 12095640 _____ (OSToto Co., Ltd.) C:\Users\Trevor\Desktop\DriverTalent_setup.exe

2017-04-12 06:21 - 2017-04-12 06:21 - 02793495 _____ C:\Users\Trevor\Desktop\geek.zip

2017-04-10 05:32 - 2017-04-10 05:32 - 00875012 _____ C:\Users\Trevor\Desktop\add_gpedit_msc_by_jwils876-d3kh6vm.zip

2017-04-10 01:50 - 2017-04-10 05:34 - 59272008 _____ (Malwarebytes ) C:\Users\Trevor\Desktop\mb3-setup-consumer-3.0.6.1469-1096.exe

2017-04-09 03:20 - 2017-04-09 03:26 - 110110067 _____ C:\Users\Trevor\Desktop\720p__mp4.flv

2017-04-09 03:20 - 2017-04-09 03:21 - 00034431 _____ C:\Users\Trevor\Desktop\Omega Girl 3 (1 of 10).html

2017-04-09 03:20 - 2017-04-09 03:20 - 00000000 ____D C:\Users\Trevor\Desktop\Omega Girl 3 (1 of 10)_files

2017-04-09 03:07 - 2017-04-09 03:07 - 00004492 _____ C:\Users\Trevor\Desktop\Omega Girl.html

2017-04-09 03:07 - 2017-04-09 03:07 - 00000000 ____D C:\Users\Trevor\Desktop\Omega Girl_files

2017-04-08 06:31 - 2017-04-08 06:31 - 00076432 _____ C:\Users\Trevor\Desktop\Top 10 Text To Speech (TTS) Software For eLearning - eLearning Industry.html

2017-04-08 06:31 - 2017-04-08 06:31 - 00000000 ____D C:\Users\Trevor\Desktop\Top 10 Text To Speech (TTS) Software For eLearning - eLearning Industry_files

2017-04-07 12:09 - 2017-04-07 12:09 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf

2017-04-06 06:27 - 2017-04-06 06:27 - 00057759 _____ C:\Users\Trevor\Desktop\Fortean Folk Devilry Human Interpretation of Strange Phenomena _ Mysterious Universe.html

2017-04-06 06:27 - 2017-04-06 06:27 - 00000000 ____D C:\Users\Trevor\Desktop\Fortean Folk Devilry Human Interpretation of Strange Phenomena _ Mysterious Universe_files

2017-04-04 03:43 - 2017-04-04 03:43 - 00001045 _____ C:\Users\Trevor\Desktop\Online Passwords(2).txt - Shortcut.lnk

2017-04-02 08:15 - 2017-04-02 08:15 - 00087904 _____ (Microsoft Corporation) C:\WINDOWS\system32\UNPUXWorker.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-01 05:19 - 2012-04-02 16:56 - 00000000 ____D C:\Program Files (x86)\Everything

2017-05-01 05:10 - 2017-01-14 04:52 - 00000000 ____D C:\Users\Trevor\Desktop\Cryptozoology-Related Material

2017-05-01 05:10 - 2014-08-21 06:03 - 00000000 ____D C:\Users\Trevor\Desktop\Superpowers Book

2017-05-01 05:07 - 2017-01-14 04:53 - 00000000 ____D C:\Users\Trevor\Desktop\Cosmology Stuff

2017-05-01 05:06 - 2017-01-16 12:20 - 00000000 ____D C:\Users\Trevor\Desktop\Misc. Paranormal and Supernatural High Strangeness

2017-05-01 04:28 - 2014-04-29 21:50 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2017-05-01 04:24 - 2012-08-01 01:55 - 00000000 ____D C:\Users\Trevor\AppData\Roaming\vlc

2017-05-01 04:17 - 2016-09-10 19:57 - 00000000 ____D C:\WINDOWS\system32\SleepStudy

2017-04-29 21:28 - 2012-07-29 22:45 - 00000000 ____D C:\Users\Trevor\AppData\LocalLow\LastPass

2017-04-29 21:27 - 2017-03-02 09:50 - 00000000 ____D C:\Users\Trevor\AppData\LocalLow\Mozilla

2017-04-28 20:45 - 2015-07-14 11:23 - 00000000 ____D C:\ProgramData\IObit

2017-04-28 20:44 - 2016-09-10 20:13 - 00000000 ____D C:\Users\Trevor

2017-04-28 20:44 - 2016-06-28 19:00 - 00000000 __SHD C:\Users\Trevor\IntelGraphicsProfiles

2017-04-28 19:56 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\AppReadiness

2017-04-28 19:47 - 2013-03-28 05:01 - 00002137 ___SH C:\WINDOWS\SysWOW64\mmf.sys

2017-04-28 19:46 - 2016-09-10 20:50 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2017-04-28 19:44 - 2016-07-16 02:04 - 01310720 _____ C:\WINDOWS\system32\config\BBI

2017-04-28 19:43 - 2013-10-16 21:41 - 00000000 ____D C:\AdwCleaner

2017-04-28 19:21 - 2016-07-16 07:45 - 00000000 ____D C:\WINDOWS\INF

2017-04-28 19:19 - 2013-12-13 17:08 - 00000000 ____D C:\ProgramData\Package Cache

2017-04-28 05:59 - 2013-01-28 17:53 - 00000000 ____D C:\Program Files (x86)\Steam

2017-04-28 05:54 - 2007-01-14 01:18 - 00000000 ____D C:\mIRC

2017-04-28 04:50 - 2016-10-28 13:42 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA

2017-04-28 04:50 - 2016-10-28 13:42 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

2017-04-27 06:08 - 2016-07-16 07:47 - 00000000 ___HD C:\Program Files\WindowsApps

2017-04-25 20:53 - 2016-10-28 13:46 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2017-04-25 20:53 - 2016-10-28 13:46 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2017-04-24 04:46 - 2016-11-10 03:37 - 00000000 ____D C:\WINDOWS\Minidump

2017-04-24 04:45 - 2017-01-04 08:42 - 00492220 ____N C:\WINDOWS\Minidump\042417-262921-01.dmp

2017-04-23 07:21 - 2015-11-04 06:03 - 00001084 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk

2017-04-23 07:21 - 2015-11-04 06:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro

2017-04-23 03:32 - 2017-01-14 04:51 - 00000000 ____D C:\Users\Trevor\Desktop\UFO-related Material

2017-04-22 04:03 - 2016-07-16 07:36 - 00000000 ____D C:\WINDOWS\CbsTemp

2017-04-22 04:02 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\appraiser

2017-04-21 08:11 - 2016-10-14 02:54 - 00000000 ____D C:\Users\Trevor\AppData\Local\CrashDumps

2017-04-18 06:55 - 2017-01-14 08:51 - 00000000 ____D C:\Users\Trevor\Desktop\Ancient Mysteries Material

2017-04-18 06:38 - 2016-06-28 18:59 - 00000000 ____D C:\Users\Trevor\AppData\Local\Packages

2017-04-17 19:51 - 2012-07-25 14:53 - 00000000 ____D C:\ProgramData\TEMP

2017-04-17 19:51 - 2010-07-29 17:02 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster

2017-04-17 19:49 - 2012-07-24 10:28 - 00001264 _____ C:\Users\Trevor\Desktop\Spybot - Search & Destroy.lnk

2017-04-17 19:25 - 2014-08-21 06:26 - 00000000 ____D C:\Program Files\7-Zip

2017-04-14 19:38 - 2016-09-10 20:12 - 01212770 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2017-04-14 09:11 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\rescache

2017-04-14 08:15 - 2016-09-10 20:02 - 00000000 ____D C:\ProgramData\NVIDIA

2017-04-14 05:56 - 2016-09-10 20:02 - 00000000 ____D C:\ProgramData\NVIDIA Corporation

2017-04-14 05:55 - 2016-09-10 20:01 - 00000000 ____D C:\Program Files\NVIDIA Corporation

2017-04-14 00:48 - 2016-04-27 02:39 - 00000000 __RHD C:\Users\Public\AccountPictures

2017-04-13 23:47 - 2016-09-10 19:56 - 00416384 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2017-04-13 23:47 - 2013-03-13 08:05 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2017-04-13 23:47 - 2010-11-26 17:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2017-04-13 17:35 - 2016-07-16 07:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12

2017-04-13 17:35 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\SysWOW64\setup

2017-04-13 17:31 - 2016-07-16 07:47 - 00000000 ___SD C:\WINDOWS\system32\F12

2017-04-13 17:31 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\setup

2017-04-13 17:31 - 2016-07-16 02:04 - 00000000 ____D C:\WINDOWS\system32\Dism

2017-04-13 17:30 - 2016-07-16 07:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel

2017-04-13 17:30 - 2016-07-16 07:47 - 00000000 ___RD C:\Program Files\Windows Defender

2017-04-13 17:30 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\ShellExperiences

2017-04-13 17:30 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\Provisioning

2017-04-13 17:30 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer

2017-04-13 17:30 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer

2017-04-13 17:30 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender

2017-04-13 07:47 - 2013-08-14 03:01 - 00000000 ____D C:\WINDOWS\system32\MRT

2017-04-13 07:32 - 2012-07-31 20:58 - 148601744 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2017-04-13 07:24 - 2013-03-13 08:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2017-04-11 08:50 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed

2017-04-11 08:50 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\Macromed

2017-04-10 05:40 - 2017-03-10 02:57 - 00000000 ____D C:\Users\Trevor\Desktop\Ghost Related Stuff

2017-04-09 03:48 - 2017-01-14 08:59 - 00000000 ____D C:\Users\Trevor\Desktop\Weird Science-Related Material

2017-04-09 02:42 - 2016-09-22 09:53 - 00000000 ____D C:\Users\Trevor\Documents\My Kindle Content

2017-04-09 02:37 - 2016-09-22 09:53 - 00002344 _____ C:\Users\Trevor\Desktop\Kindle.lnk

2017-04-08 11:42 - 2010-11-20 23:27 - 00532136 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

2017-04-07 13:10 - 2016-06-12 05:28 - 00000000 ____D C:\Users\Trevor\Desktop\Showtime Resources

2017-04-07 13:10 - 2016-05-14 02:06 - 00000000 ____D C:\Users\Trevor\Desktop\Things To Show Andrea

2017-04-07 11:50 - 2014-07-25 06:11 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

2017-04-05 00:23 - 2016-12-06 09:33 - 00003280 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2

2017-04-05 00:23 - 2016-06-28 19:12 - 00002413 _____ C:\Users\Trevor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2017-04-05 00:23 - 2016-06-28 19:12 - 00000000 ___RD C:\Users\Trevor\OneDrive

2017-04-03 09:06 - 2017-01-16 08:00 - 00000179 _____ C:\Users\Trevor\Desktop\Cat Burglar Opening.txt

2017-04-03 05:10 - 2017-01-14 09:06 - 00000000 ____D C:\Users\Trevor\Desktop\Mysterious Disappearances and Vanishings Material

2017-04-01 15:42 - 2017-03-30 03:46 - 00000000 ____D C:\Users\Trevor\Desktop\Soul Book Material

2017-04-01 14:52 - 2016-07-16 07:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2017-04-01 14:52 - 2016-07-16 07:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2012-09-18 21:00 - 2015-11-08 07:53 - 0007605 _____ () C:\Users\Trevor\AppData\Local\resmon.resmoncfg

2017-04-14 19:01 - 2017-04-14 19:01 - 0000024 _____ () C:\ProgramData\serverclasscache.ini

Files to move or delete:

====================

C:\Users\QUICKENW\alrtpkg.dll

C:\Users\QUICKENW\bgtbrwsr.dat

C:\Users\QUICKENW\BILLMIND.EXE

C:\Users\QUICKENW\CHANNEL.DLL

C:\Users\QUICKENW\custprof.dll

C:\Users\QUICKENW\ddao35.dll

C:\Users\QUICKENW\DECAPI.DLL

C:\Users\QUICKENW\EMC.dll

C:\Users\QUICKENW\FRCAST.DLL

C:\Users\QUICKENW\fri.dat

C:\Users\QUICKENW\GRAPHS6.DLL

C:\Users\QUICKENW\ichan.dll

C:\Users\QUICKENW\IcRsrc32.dll

C:\Users\QUICKENW\IMVENG7.DLL

C:\Users\QUICKENW\LFBMP70N.DLL

C:\Users\QUICKENW\LFCMP70N.DLL

C:\Users\QUICKENW\LFPNG70N.DLL

C:\Users\QUICKENW\LTFIL70N.DLL

C:\Users\QUICKENW\LTKRN70N.DLL

C:\Users\QUICKENW\MSFILE.DLL

C:\Users\QUICKENW\MVBK14N.DLL

C:\Users\QUICKENW\MVCL14N.DLL

C:\Users\QUICKENW\MVMG14N.DLL

C:\Users\QUICKENW\MVUT14N.DLL

C:\Users\QUICKENW\ONLN32.DLL

C:\Users\QUICKENW\ONLNCALL.DLL

C:\Users\QUICKENW\patchw32.dll

C:\Users\QUICKENW\PLAN.DLL

C:\Users\QUICKENW\pnf.dll

C:\Users\QUICKENW\QACCES32.DLL

C:\Users\QUICKENW\QDB.DLL

C:\Users\QUICKENW\QDBBASE.DLL

C:\Users\QUICKENW\QFILE.DLL

C:\Users\QUICKENW\QIDLL.DLL

C:\Users\QUICKENW\QIHNDLR.DLL

C:\Users\QUICKENW\QPWDLL.DLL

C:\Users\QUICKENW\QREP.DLL

C:\Users\QUICKENW\QREQST.DAT

C:\Users\QUICKENW\QSAPI.DLL

C:\Users\QUICKENW\QSAPIENG.DLL

C:\Users\QUICKENW\QSNAPENG.DLL

C:\Users\QUICKENW\qtaxutil.dll

C:\Users\QUICKENW\QVERSION.DLL

C:\Users\QUICKENW\QW.EXE

C:\Users\QUICKENW\qwapp.dll

C:\Users\QUICKENW\QWCF.EXE

C:\Users\QUICKENW\QWDIB.DLL

C:\Users\QUICKENW\QWDLLS.EXE

C:\Users\QUICKENW\QWENC.DLL

C:\Users\QUICKENW\QWOESDK.DLL

C:\Users\QUICKENW\qwonline.dll

C:\Users\QUICKENW\QWPLAN.DLL

C:\Users\QUICKENW\QWPR.DLL

C:\Users\QUICKENW\QWRMND.DLL

C:\Users\QUICKENW\QWRS.DAT

C:\Users\QUICKENW\QWUTIL7.DLL

C:\Users\QUICKENW\qwver.dll

C:\Users\QUICKENW\QWWIN.DLL

C:\Users\QUICKENW\QW_IBILL.DLL

C:\Users\QUICKENW\SAVGOL.DLL

C:\Users\QUICKENW\TAXPROF.DLL

C:\Users\QUICKENW\TechHelp.exe

C:\Users\QUICKENW\TLA.EXE

C:\Users\QUICKENW\ttaxexpt.dat

C:\Users\QUICKENW\ttaximp.dll

C:\Users\QUICKENW\WPR.DAT

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-04-22 21:59

==================== End of FRST.txt ============================

Polterdog · May 1, 2017

This is the first part of the Addition log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-04-2017

Ran by Trevor (01-05-2017 05:29:18)

Running from C:\Users\Trevor\Desktop

Windows 10 Home Version 1607 (X64) (2016-09-11 01:15:21)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1178657114-3178268977-3299830424-500 - Administrator - Disabled)

DefaultAccount (S-1-5-21-1178657114-3178268977-3299830424-503 - Limited - Disabled)

Guest (S-1-5-21-1178657114-3178268977-3299830424-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-1178657114-3178268977-3299830424-1003 - Limited - Enabled)

Trevor (S-1-5-21-1178657114-3178268977-3299830424-1001 - Administrator - Enabled) => C:\Users\Trevor

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1178657114-3178268977-3299830424-1001\...\uTorrent) (Version: 3.3.2.30303 - BitTorrent Inc.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)

Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)

Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)

Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)

AlienRespawn - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Alienware)

AlienRespawn (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Alienware)

Alienware Command Center (HKLM-x32\...\InstallShield_{CD4B350A-9328-4C1F-91D3-255EF2DA58FA}) (Version: 2.7.28.0 - Alienware Corp.)

Alienware Command Center (Version: 2.7.28.0 - Alienware Corp.) Hidden

Alienware On-Screen Display (HKLM-x32\...\InstallShield_{0D69462F-99CC-4F8D-942E-666E21CE59F8}) (Version: 0.32.0.2C - )

Alienware On-Screen Display (x32 Version: 0.32.0.2C - ) Hidden

Amazon Kindle (HKU\S-1-5-21-1178657114-3178268977-3299830424-1001\...\Amazon Kindle) (Version: 1.20.1.47037 - Amazon)

AutoSizer (HKLM-x32\...\AutoSizer) (Version: - )

AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.6.255 - AVG Technologies)

Baldur's Gate Enhanced Edition (HKLM-x32\...\Baldur's Gate Enhanced Edition) (Version: 0.2.6.2 - Beamdog)

Baldur's Gate: Siege of Dragonspear (HKLM-x32\...\Baldur's Gate: Siege of Dragonspear) (Version: 0.2.8.0 - Beamdog)

Beamdog Launcher 1.9.5.0 (HKLM-x32\...\Beamdog Launcher) (Version: 1.9.5.0 - Beamdog)

calibre 64bit (HKLM\...\{56E65A82-39F0-4FB3-9E06-B58CCCA4E6D6}) (Version: 0.9.32 - Kovid Goyal)

CCleaner (HKLM\...\CCleaner) (Version: 5.23 - Piriform)

CryptoPrevent v4.3.0 (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: - Foolish IT LLC)

CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version: - CyberGhost S.R.L.)

Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)

Dell Data Vault (Version: 4.4.1.0 - Dell Inc.) Hidden

Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6855.72 - Dell)

Dell SupportAssistAgent (HKLM-x32\...\{1AE53ECE-2255-4191-998B-07741E5EFCDA}) (Version: 1.4.1.8 - Dell)

Dell System Detect (HKU\S-1-5-21-1178657114-3178268977-3299830424-1001\...\d24084d039586cae) (Version: 8.4.0.5 - Dell)

Doodle God (HKLM-x32\...\Steam App 348360) (Version: - JoyBits, LTD)

Dragon Age Journeys (HKLM-x32\...\Dragon Age Journeys_is1) (Version: - Shmehao.com)

Dragon Age Legends (HKLM-x32\...\com.bwsf.DragonAgeLegends) (Version: 1.0.14 - Electronic Arts)

Dragon Age Legends (x32 Version: 1.0.14 - Electronic Arts) Hidden

Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.00 - Electronic Arts, Inc.)

Dragon NaturallySpeaking 11 (HKLM-x32\...\{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}) (Version: 11.50.100 - Nuance Communications Inc.)

Driver Booster 3.4 (HKLM-x32\...\Driver Booster_is1) (Version: 3.4 - IObit)

Driver Talent (HKLM-x32\...\{29FE44D7-BC89-4188-8B0E-F6BA073C15A5}_is1) (Version: 6.4.49.150 - OSToto Co., Ltd.)

Eastside Hockey Manager v1.16 (HKLM-x32\...\Eastside Hockey Manager v1.16_is1) (Version: - )

EMSC (x32 Version: 0.0.0.22C - Compal Electronics, Inc.) Hidden

Final Draft 6 (HKLM-x32\...\{CC8B19D1-91D2-4D5B-B331-F885F432745E}) (Version: 6.0.10 - Final Draft, Inc.)

Final Draft v6.0.2.5 Update (HKLM-x32\...\Final Draft v6.0.2.5 Update) (Version: - )

Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )

Free Alarm Clock 3.1.0 (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 3.1 - Comfort Software Group)

FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version: - )

Furcadia (HKLM-x32\...\Furcadia) (Version: 31.0 - Dragon's Eye Productions, Inc.)

Gabriel Knight - Sins of the Fathers (HKLM-x32\...\GOGPACKGABRIELKNIGHT_is1) (Version: 2.0.0.16 - GOG.com)

GlassWire 1.2 (remove only) (HKLM-x32\...\GlassWire 1.2) (Version: 1.2.100 - SecureMix LLC)

GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)

GOG.com Downloader version 3.6.0 (HKLM-x32\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.6.0 - GOG.com)

GOG.com Heroes of Might and Magic 3 (HKLM\...\{1d3c859c-1028-4822-b0a7-da4f7bbc18bc}.sdb) (Version: - )

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.81 - Google Inc.)

Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden

GWX Control Panel (HKLM-x32\...\UltimateOutsider_GwxControlPanel) (Version: - UltimateOutsider)

Heroes of Might and Magic 3 Complete (HKLM-x32\...\GOGPACKHOMM3COMPLETE_is1) (Version: 2.0.0.16 - GOG.com)

Indiana Jones and the Last Crusade (HKLM-x32\...\Steam App 32310) (Version: - LucasArts)

Indy Cat (HKLM-x32\...\Indy Cat_is1) (Version: - GamesPub Ltd.)

Integrated Webcam Live! Central (HKLM-x32\...\Integrated Webcam Live! Central) (Version: 2.01.15 - Creative Technology Ltd)

Intel Processor Diagnostic Tool 64bit (HKLM\...\{F24BC99D-3FC1-4503-BEFA-5DDD16C6265A}) (Version: 2.20.0.0 - Intel Corporation)

Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel Corporation)

Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)

Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{520C4DD4-2BC7-409B-BA48-E1A4F832662D}) (Version: 2.1.0.0140 - Intel Corporation)

Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)

Intel® PROSet/Wireless WiFi Software (HKLM\...\{E97F409F-9E1C-42A0-B72D-765A78DF3696}) (Version: 15.01.0000.0830 - Intel Corporation)

Intel® Trusted Connect Service Client (HKLM\...\{538B98C3-773F-4F20-9C66-802D104DCBE2}) (Version: 1.23.219.2 - Intel Corporation)

Invisible, Inc. (HKLM-x32\...\Steam App 243970) (Version: - Klei Entertainment)

King's Bounty: Armored Princess (HKLM-x32\...\Steam App 3170) (Version: - Katauri Interactive)

King's Bounty: The Legend (HKLM-x32\...\Steam App 25900) (Version: - Katauri)

Logo Design Studio Pro (HKLM-x32\...\{58BC2FF4-68A5-4D8A-B0B0-33C2CDCA2F2D}) (Version: 1.5 - Summitsoft Corporation)

Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.10 - Magical Jelly Bean)

Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)

Marvel Heroes 2015 (HKLM-x32\...\Steam App 226320) (Version: - Gazillion Entertainment)

MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)

Microsoft Office Access Runtime (English) 2007 (HKLM-x32\...\{90120000-001C-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-1178657114-3178268977-3299830424-1001\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)

Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)

MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek)

Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1 - Mozilla)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

NEKOPARA Vol. 1 (HKLM-x32\...\Steam App 333600) (Version: - NEKO WORKs)

NFO Reader version 1.0 (HKLM-x32\...\{8B9BD4A4-9669-469B-9AE0-0858B72AAB4D}_is1) (Version: 1.0 - nforeader.com)

NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)

OpenAL (HKLM-x32\...\OpenAL) (Version: - )

Opera 12.16 (HKLM-x32\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)

Origin (HKLM-x32\...\Origin) (Version: 10.0.2.33129 - Electronic Arts, Inc.)

Papers, Please (HKLM-x32\...\Steam App 239030) (Version: - 3909)

Pillars of Eternity (HKLM\...\Steam App 291650) (Version: - Obsidian Entertainment)

Poser 8 (8.0.0.10157) (HKLM-x32\...\Poser 8_is1) (Version: 8.0.0 - Smith Micro Software, Inc.)

Poser Pro 2012 (HKLM\...\Poser Pro 2012_is1) (Version: 9.0.0 - Smith Micro Software, Inc.)

PoserContent2012 (HKLM\...\Poser Pro_is1) (Version: 9.0.0 - Smith Micro Software, Inc.)

PzDB1.2022e (HKLM-x32\...\{3FE19FF5-B7C1-430F-A7EA-BAC52D20F9FB}) (Version: 1.2.22 - Rocketship Software)

Revo Uninstaller Pro 3.1.9 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.9 - VS Revo Group, Ltd.)

RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)

Scribblenauts Unmasked (HKLM-x32\...\Steam App 249870) (Version: - 5th Cell Media)

Scrivener Update (HKLM-x32\...\Scrivener 102) (Version: 1710 - )

Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)

Showtime! (HKLM\...\Steam App 285050) (Version: - Myrtilus Entertainment)

Sid Meier's Civilization V (HKLM\...\Steam App 8930) (Version: - Firaxis Games)

Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version: - 2K Games, Inc.)

Small World 2 (HKLM-x32\...\Steam App 235620) (Version: - Days of Wonder)

Snagit 13 (HKLM-x32\...\{507c35df-03b5-4452-a86c-f50425c2c6ab}) (Version: 13.1.2.7933 - TechSmith Corporation)

Snagit 13 (x32 Version: 13.1.2 - TechSmith Corporation) Hidden

Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)

Sound Blaster Recon3Di (HKLM-x32\...\{C8AAFCDC-CD3A-40AD-9FA9-07FB70F08224}) (Version: 1.00.08 - Creative Technology Limited)

Sound Blaster Recon3Di Extras (HKLM-x32\...\{C45E715E-442E-4D82-BD46-A08A0870957C}) (Version: 1.0 - Creative Technology Limited)

SPORE™ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.00.0000 - Electronic Arts)

SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)

ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.12.0018 - ST Microelectronics)

Star Wars: Knights of the Old Republic (HKLM-x32\...\Steam App 32370) (Version: - BioWare)

Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)

Stardew Valley (HKLM\...\Steam App 413150) (Version: - ConcernedApe)

Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)

SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1222 - SUPERAntiSpyware.com)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.55 - Synaptics Incorporated)

TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )

TEW2008 (HKLM-x32\...\TEW2008) (Version: - )

The Aquatic Adventure of the Last Human (HKLM\...\Steam App 401360) (Version: - YCJY)

The Sims™ 2 Deluxe (HKLM-x32\...\{9C244239-ED8E-40f1-937F-51C706CD2160}) (Version: - )

Torchlight (HKLM-x32\...\Steam App 41500) (Version: - Runic Games)

Triple Town (HKLM-x32\...\Steam App 209950) (Version: - )

Ultra Defragmenter (HKLM-x32\...\UltraDefrag) (Version: 6.1.1 - UltraDefrag Development Team)

Universe Sandbox (HKLM-x32\...\Steam App 72200) (Version: - Giant Army)

Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64) (HKLM\...\{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}) (Version: 11.0.200 - Nuance Communications Inc.)

Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)

Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)

Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)

WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 34.11.2016.27 - Ruiware)

WinPrivacy (HKLM-x32\...\{18605281-BFFE-4968-9B86-05322D5FBB33}) (Version: 2017.1.941 - WinPatrol)

XCOM: Enemy Unknown (HKLM\...\Steam App 200510) (Version: - Firaxis Games)

Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.72.0.388 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1178657114-3178268977-3299830424-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {020C710C-6267-4CFD-BB9A-670F9EB86294} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-09-28] (Piriform Ltd)

Task: {04ACFFB6-810F-4359-91F8-DEDB34F7EF1E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe

Task: {0D49FE1A-E1F1-4B4B-93AA-429E4B24DC68} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION

Task: {1599CA50-8577-4585-B49C-CED80FC25AA7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-28] (Microsoft Corporation)

Task: {19D13582-428E-4EED-9577-67279AD743B1} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION

Task: {1C7EE1E2-BABF-4F1C-ADBC-6A1B54231834} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION

Task: {25D9C75E-5407-41D1-AB0D-E77CF131168B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe

Task: {26A5E551-6E87-415B-A5BB-8C5FA11BCA4D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe

Task: {2A19336B-680C-43F1-8366-4619104B1F3F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-28] (Microsoft Corporation)

Task: {30AEFC67-F451-41D0-9107-9E3C062295CE} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe

Task: {362CA436-EB92-4903-B2F9-5AC5F5E4BA0C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)

Task: {3B7E6B98-428D-45A0-A6A4-55E306B2872D} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe

Task: {3D1B8B0E-6642-4134-B72D-F76D88BE4544} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe

Task: {3FD35691-5DC9-4ADA-B8AA-39DCBA9B98C0} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe

Task: {4CE4033A-BEB9-45F8-9ACE-085A50C2E917} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe

Task: {532B541C-92B8-42F3-AE03-645A0A3F9E64} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-28] (Google Inc.)

Task: {5DB165A5-629C-406A-B58C-9165E1E75F54} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe

Task: {5E3E847E-8515-4A49-947F-F27D36A3EE54} - System32\Tasks\{E7F28CC2-C35A-4E0B-9E1C-70D1BC864856} => pcalua.exe -a C:\Users\Trevor\Desktop\MEI_Intel_VFP83_A00-Setup_ZPE.exe -d C:\Users\Trevor\Desktop

Task: {61F655F8-95BD-4DB3-8ED4-1E46AFDA3A7B} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe

Task: {62CD5F12-2156-440D-BE8B-E128153E58A2} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe

Task: {7A14CA65-B2A2-4788-B4F3-D25BEFE56933} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe

Task: {7ECE6722-1BF7-4EC7-888E-E6A16F5AF8E6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-11] (Adobe Systems Incorporated)

Task: {822DF0F3-ED8C-419A-997D-574D7DAF0430} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION

Task: {8B3454B0-E5CB-4BEA-9D5F-DC36E6E6A619} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe

Task: {8CC764A0-B47D-4174-9FED-261CA4736C55} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe

Task: {8CCCE9B6-90BF-4AFC-B028-4A5867F2F293} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-28] (Microsoft Corporation)

Task: {99EF32B4-8050-4B46-907D-238AFEAC90AD} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe

Task: {9A493618-FA24-4CD2-A53B-C37441E47626} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION

Task: {A45031B4-CE64-45E6-A290-E46EE19ED9FE} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe

Task: {B0B399AA-C11E-47B4-AF75-576B987FD32E} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2017-04-13] (Dell Inc.)

Task: {B80B82BB-EF32-41FC-82B7-78EA124485F8} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe

Task: {B815EC0B-D837-4E66-986E-964ED3A2BAA2} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe

Task: {B8541BDC-C229-498C-9F4F-02E7897007D0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe

Task: {B920D0A1-F1B5-446F-9528-FC102DD2F0B6} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION

Task: {BAEE117B-20B4-49EA-94A2-D757CE74E18B} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe

Task: {BCA4310F-534C-42E4-B884-61F3428ACEC1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-28] (Microsoft Corporation)

Task: {C64072E7-6CEA-4AEC-A44A-5084FCA95752} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION

Task: {CA209243-FFD3-4C33-8101-CF53D720C344} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe

Task: {CA496620-68EE-440E-9EA7-209B9490894E} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe

Task: {D33852CA-C423-4FD3-AC01-697759769829} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe

Task: {DA8D221C-848B-4D47-8A09-A9E67A6CADAD} - System32\Tasks\SUPERAntiSpyware Scheduled Task 87f7cdbe-1bec-4823-9e63-18fce7f81c4a => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)

Task: {E7CE2F71-A981-4344-A9D2-3CF6FE79E734} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe

Task: {ECB6050B-1EED-402B-8686-244B9ACDCB1D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe

Task: {EF5BAE3E-05D1-433C-8F78-0E5E27B13B93} - System32\Tasks\SUPERAntiSpyware Scheduled Task 43348cf4-5f3e-4819-b6c4-86d19a68f5ea => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)

Task: {EF62269D-A795-4E81-B886-6C8C9588251C} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe

Task: {F027A2D1-2E1C-4C72-B4B9-9FFC250EFFC5} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION

Task: {F02DBB49-FB27-49E0-85DD-8A06D1D304EE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-28] (Google Inc.)

Task: {F2EA7ED5-EA0E-4161-8138-8C174063472B} - System32\Tasks\{AD182CAE-6B13-4225-A2AF-FA90D657BE05} => pcalua.exe -a C:\Users\Trevor\Desktop\Chipset_Intel_W74_MG1JJ_A00-Setup_ZPE.exe -d C:\Users\Trevor\Desktop

Task: {F365DE6C-571F-4B97-B178-88BE6EF6442A} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe

Task: {F4131FE3-DC0F-440E-8341-E4DC0F1E7ED5} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Trevor\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe

Task: {F606CE13-31C7-4295-8E66-7DEF5616D25D} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Alienware\SupportAssist\sessionchecker.exe [2017-02-17] (PC-Doctor, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 43348cf4-5f3e-4819-b6c4-86d19a68f5ea.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 87f7cdbe-1bec-4823-9e63-18fce7f81c4a.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Trevor\Favorites\PSPVC PSP Video Converter.lnk -> hxxp://pspvc.nswardh.com

Shortcut: C:\Users\Trevor\Favorites\PSPVC on Twitter.lnk -> hxxp://twitter.com/sward

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 07:42 - 2016-07-16 07:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll

2017-04-13 09:43 - 2017-03-28 02:22 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll

2016-09-10 20:02 - 2015-07-22 21:10 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2013-03-28 05:01 - 2013-03-28 05:01 - 00002560 _____ () C:\Windows\runservice.exe

2017-04-13 09:43 - 2017-03-28 02:22 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll

2014-05-01 10:13 - 2014-05-01 10:13 - 00470016 _____ () C:\Users\Trevor\AppData\Local\MEGAsync\ShellExtX64.dll

2017-04-18 10:26 - 2017-04-18 10:26 - 00154480 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll

2016-09-19 00:45 - 2016-09-07 00:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll

2017-03-20 18:49 - 2017-03-04 02:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll

2017-03-20 18:49 - 2017-03-04 02:30 - 00693248 _____ () C:\Windows\ShellExperiences\MtcUvc.dll

2017-03-20 18:29 - 2017-03-04 02:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll

2017-03-20 18:29 - 2017-03-04 02:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll

2017-03-20 18:29 - 2017-03-04 02:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll

2017-04-13 09:43 - 2017-03-28 01:07 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll

2017-04-13 09:43 - 2017-03-28 01:08 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll

2017-04-13 09:43 - 2017-03-28 01:11 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll

2011-12-01 21:00 - 2011-12-01 21:00 - 01636208 _____ () C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe

2009-03-12 21:18 - 2009-03-12 21:18 - 00602624 _____ () C:\Program Files (x86)\Everything\Everything.exe

2013-03-28 05:01 - 2013-03-28 05:01 - 00048640 _____ () C:\Windows\mmfs.dll

2017-04-14 18:57 - 2017-01-20 02:34 - 00181928 _____ () c:\program files (x86)\ostotosoft\drivertalent\ldrvsvc.dll

2017-04-14 18:56 - 2017-01-20 02:34 - 00254824 _____ () c:\program files (x86)\ostotosoft\drivertalent\updater\checkupdate.dll

2017-04-14 18:57 - 2017-01-20 02:34 - 00172200 _____ () c:\program files (x86)\ostotosoft\drivertalent\substat.dll

2017-04-14 18:57 - 2017-01-20 02:34 - 00112296 _____ () c:\program files (x86)\ostotosoft\drivertalent\dstudp.dll

2017-04-14 18:57 - 2017-01-20 02:34 - 00117088 _____ () c:\program files (x86)\ostotosoft\drivertalent\udp.dll

2017-04-14 19:00 - 2017-03-23 04:26 - 00068744 _____ () c:\program files (x86)\ostotosoft\drivertalent\DTLPlugs\InstallPlugV2\InstallPlugV2.dll

2015-10-30 07:28 - 2014-10-16 10:26 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll

2009-12-18 12:07 - 2009-12-18 12:07 - 00577536 _____ () C:\Program Files (x86)\Alienware On-Screen Display\EMSC.dll

2017-03-26 01:54 - 2017-03-26 01:54 - 01114136 _____ () C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\onsugnew.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll

2014-05-01 10:15 - 2014-05-01 10:15 - 00463360 _____ () C:\Users\Trevor\AppData\Local\MEGAsync\ShellExtX32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8 [123]

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\.scr: CryptoPreventSCR => "C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" "%1" /S %*

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com

IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com

IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com

IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com

IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com

IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com

IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com

IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com

IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com

IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com

IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com

IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com

IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com

IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com

IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net

IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net

IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info

IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com

IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com

IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7933 more sites.

IE trusted site: HKU\S-1-5-21-1178657114-3178268977-3299830424-1001\...\localhost -> localhost

IE restricted site: HKU\S-1-5-21-1178657114-3178268977-3299830424-1001\...\007guard.com -> install.007guard.com

IE restricted site: HKU\S-1-5-21-1178657114-3178268977-3299830424-1001\...\008i.com -> 008i.com

IE restricted site: HKU\S-1-5-21-1178657114-3178268977-3299830424-1001\...\008k.com -> www.008k.com

IE restricted site: HKU\S-1-5-21-1178657114-3178268977-3299830424-1001\...\00hq.com -> www.00hq.com

IE restricted site: HKU\S-1-5-21-1178657114-3178268977-3299830424-1001\...\010402.com -> 010402.com

IE restricted site: HKU\S-1-5-21-1178657114-3178268977-3299830424-1001\...\0190-dialers.com -> 0190-dialers.com

IE restricted site: HKU\S-1-5-21-1178657114-3178268977-3299830424-1001\...\01i.info -> 01i.info

IE restricted site: HKU\S-1-5-21-1178657114-3178268977-3299830424-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com

IE restricted site: HKU\S-1-5-21-1178657114-3178268977-3299830424-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com

IE restricted site: HKU\S-1-5-21-1178657114-3178268977-3299830424-1001\...\0411dd.com -> 0411dd.com

IE restricted site: HKU\S-1-5-21-1178657114-3178268977-3299830424-1001\...\0511zfhl.com -> 0511zfhl.com

IE restricted site: HKU\S-1-5-21-1178657114-3178268977-3299830424-1001\...\05p.com -> 05p.com

IE restricted site: HKU\S-1-5-21-1178657114-3178268977-3299830424-1001\...\0632qyw.com -> 0632qyw.com

IE restricted site: HKU\S-1-5-21-1178657114-3178268977-3299830424-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com

IE restricted site: HKU\S-1-5-21-1178657114-3178268977-3299830424-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com

IE restricted site: HKU\S-1-5-21-1178657114-3178268977-3299830424-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com

IE restricted site: HKU\S-1-5-21-1178657114-3178268977-3299830424-1001\...\0calories.net -> 0calories.net

IE restricted site: HKU\S-1-5-21-1178657114-3178268977-3299830424-1001\...\0cj.net -> 0cj.net

IE restricted site: HKU\S-1-5-21-1178657114-3178268977-3299830424-1001\...\0scan.com -> www.0scan.com

IE restricted site: HKU\S-1-5-21-1178657114-3178268977-3299830424-1001\...\1-2005-search.com -> www.1-2005-search.com

There are 12751 more sites.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2017-04-17 19:50 - 00453653 ____R C:\WINDOWS\system32\Drivers\etc\hosts

12# Start of entries inserted by Spybot - Search & Destroy

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 www.100sexlinks.com

127.0.0.1 100sexlinks.com

127.0.0.1 10sek.com

127.0.0.1 www.10sek.com

127.0.0.1 www.1-2005-search.com

127.0.0.1 1-2005-search.com

127.0.0.1 123fporn.info

127.0.0.1 www.123fporn.info

127.0.0.1 123haustiereundmehr.com

127.0.0.1 www.123haustiereundmehr.com

127.0.0.1 123moviedownload.com

There are 15593 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1178657114-3178268977-3299830424-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Trevor\AppData\Local\Microsoft\Windows\Themes\wheretheworldends wallpaper 1280 x 960.jpg

DNS Servers: 192.168.2.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: !SASCORE => 2

MSCONFIG\Services: CGVPNCliService => 2

MSCONFIG\Services: Creative ALchemy AL6 Licensing Service => 3

MSCONFIG\Services: Creative Audio Engine Licensing Service => 3

MSCONFIG\Services: DAUpdaterSvc => 3

MSCONFIG\Services: DragonSvc => 2

MSCONFIG\Services: GalaxyClientService => 3

MSCONFIG\Services: GalaxyCommunication => 3

MSCONFIG\Services: WMPNetworkSvc => 2

MSCONFIG\Services: WPCSvc => 3

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk => C:\Windows\pss\WinZip Quick Pick.lnk.CommonStartup

MSCONFIG\startupfolder: C:^Users^Trevor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MEGAsync.lnk => C:\Windows\pss\MEGAsync.lnk.Startup

MSCONFIG\startupfolder: C:^Users^Trevor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

MSCONFIG\startupreg: Advanced SystemCare 8 => "C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe" /Auto

MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 5\CyberGhost.EXE" /autostart

MSCONFIG\startupreg: DNS7reminder => "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini"

MSCONFIG\startupreg: GalaxyClient => C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe /launchViaAutoStart

MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

MSCONFIG\startupreg: Integrated Webcam Live! Central => "C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" /mode2

MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler

MSCONFIG\startupreg: UpdReg => C:\Windows\UpdReg.EXE

MSCONFIG\startupreg: uTorrent => "C:\Users\Trevor\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED

HKLM\...\StartupApproved\Run: => "SynTPEnh"

HKLM\...\StartupApproved\Run32: => "AvgUi"

HKU\S-1-5-21-1178657114-3178268977-3299830424-1001\...\StartupApproved\Run: => "Steam"

HKU\S-1-5-21-1178657114-3178268977-3299830424-1001\...\StartupApproved\Run: => "RESTART_STICKY_NOTES"

Polterdog · May 1, 2017

And the second part of the Addition log:

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{FC511044-5E9A-47E6-9EFF-2323E2BE9AB4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Aquatic Adventure of the Last Human\TheAquaticAdventureOfTheLastHuman.exe

FirewallRules: [{D2707BD8-184C-4218-B02C-60571F7C7E03}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Aquatic Adventure of the Last Human\TheAquaticAdventureOfTheLastHuman.exe

FirewallRules: [{D51AEC36-7F6B-4AED-A397-EC8AE0DE3243}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

FirewallRules: [{7784F204-A946-4218-A16C-8F32BA512F55}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe

FirewallRules: [{BFD31FA9-BF88-41FE-9401-259056A00659}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe

FirewallRules: [{997FF880-550A-41F2-85D8-322FD245DF50}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daorigins.exe

FirewallRules: [{4B7D40A1-E348-46C7-A32F-A841E0E78367}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daorigins.exe

FirewallRules: [{73518142-967E-42D7-9286-C2D5813BBE4D}] => (Allow) C:\Program Files (x86)\Dragon Age\DAOriginsLauncher.exe

FirewallRules: [{910BC659-91C5-4F05-AA28-D1394D1CACA4}] => (Allow) C:\Program Files (x86)\Dragon Age\DAOriginsLauncher.exe

FirewallRules: [{4ED56E66-1E93-44C6-9413-1620EED078B2}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe

FirewallRules: [{6C3805A0-CB79-4305-95DD-4AC77414FBE6}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe

FirewallRules: [{D5260E65-902F-42F8-BFF8-4E4BD4556FE5}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\swtor\retailclient\swtor.exe

FirewallRules: [{BAC32FFE-D718-46A2-9E1F-F00D06A95F63}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\swtor\retailclient\swtor.exe

FirewallRules: [{B64CE5B0-4621-4294-859D-5C94D7954592}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\swtor\retailclient\swtor.exe

FirewallRules: [{667FD2BE-A9CC-4775-8DD2-1A83294246A1}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\swtor\retailclient\swtor.exe

FirewallRules: [{E6ED7D83-4E96-4D9D-A34D-8E6C56A4FED2}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe

FirewallRules: [{08660904-4C6A-4EC0-B793-4A94DF3B2E0B}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe

FirewallRules: [{FD9AFED2-F441-46D6-94A3-F6E2AA235B19}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe

FirewallRules: [{22EE9096-17B4-46D6-8B3B-5376B8FCBFD9}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe

FirewallRules: [{90B9C18C-7824-48DA-82BF-9EEB96D168B8}] => (Allow) C:\Program Files (x86)\HollywoodMogul3\hm3.exe

FirewallRules: [{BCC4521A-CA95-450C-A74F-4943CC2F363E}] => (Allow) C:\Program Files (x86)\HollywoodMogul3\hm3.exe

FirewallRules: [{DE855D9E-D2B3-44BE-B0F8-1B550132155C}] => (Allow) C:\Program Files (x86)\HollywoodMogul3\hm3.exe

FirewallRules: [{27D63166-39A1-4C55-A7E9-2DBA81D663C7}] => (Allow) C:\Program Files (x86)\HollywoodMogul3\hm3.exe

FirewallRules: [TCP Query User{43B7D0F7-08B7-4263-ADD4-EA985000E3E0}C:\mirc\mirc.exe] => (Allow) C:\mirc\mirc.exe

FirewallRules: [UDP Query User{723B9390-A87A-47BB-907C-8BB9F72D2C0B}C:\mirc\mirc.exe] => (Allow) C:\mirc\mirc.exe

FirewallRules: [{FD38C454-16C6-4591-8441-919B3F6ECB09}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{81350C49-9920-44AE-AD51-C9331C3F611F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{F7270163-16A8-4EA9-819C-07E11E1261B0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TripleTown\TripleTown.exe

FirewallRules: [{FFDCB4B4-0F8A-477B-9A6C-8ECB3613CB62}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TripleTown\TripleTown.exe

FirewallRules: [{39E91040-230F-4B78-9862-2168021EC61D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\swkotor\swkotor.exe

FirewallRules: [{F3ED44AF-143C-4E6F-9EF7-E5AC6DCFA910}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\swkotor\swkotor.exe

FirewallRules: [{365A8360-8C3A-4A14-B49A-3D880F11DC67}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\King's Bounty - The Legend\kb.exe

FirewallRules: [{CF3B6372-1303-4C16-AFD1-13CC1AA929CF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\King's Bounty - The Legend\kb.exe

FirewallRules: [{9B7DBF19-B674-4692-A46F-646C51ABC0BD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\King's Bounty - The Legend\save_fixer.exe

FirewallRules: [{B051130B-7A38-4BD7-8E91-8B1CA61C8083}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\King's Bounty - The Legend\save_fixer.exe

FirewallRules: [{3742D017-3AF3-44D1-B9D8-59C6C4C84D8D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kings Bounty Armored Princess\kb.exe

FirewallRules: [{85558256-7637-4C40-BA9E-E655624317A7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kings Bounty Armored Princess\kb.exe

FirewallRules: [{023312BD-6B1C-4009-B2DD-9BCB74A20B97}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FTL Faster Than Light\FTLGame.exe

FirewallRules: [{CC66EC41-25E4-4C89-94A8-1057C39BE37B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FTL Faster Than Light\FTLGame.exe

FirewallRules: [{D60DD5E2-83CC-400F-B929-B2E1885906C5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Universe Sandbox\Universe Sandbox.exe

FirewallRules: [{A09A6E9D-D850-4993-B757-C5B4255DDFF3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Universe Sandbox\Universe Sandbox.exe

FirewallRules: [{1DD4CB7A-F45B-4888-BF0C-2C02C4223BF6}] => (Allow) C:\Users\Trevor\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{662158C0-2022-4EDD-89A4-5AB1DF3D6AF5}] => (Allow) C:\Users\Trevor\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{F185392F-5457-4173-AE62-489EC93FE04D}] => (Allow) C:\Program Files (x86)\Opera\opera.exe

FirewallRules: [{C99B0BD4-4E13-4C5E-B960-2D9621D1C5FA}] => (Allow) C:\Program Files (x86)\Opera\opera.exe

FirewallRules: [{C17D3CF6-46E4-4AED-B247-DAEF4A59C4DB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SmallWorld2\SW2Executable.app\Contents\Win32\SW2Executable.exe

FirewallRules: [{9F2615B1-8F26-42DD-A068-D801F853C056}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SmallWorld2\SW2Executable.app\Contents\Win32\SW2Executable.exe

FirewallRules: [{D4EC9A88-B5F5-40D5-8EF1-F18EC9E412BB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SmallWorld2\SW2Executable.app\Contents\Win32\SW2Executable.exe

FirewallRules: [{4E3E9D2C-A204-418C-865F-B7F8DF24361A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SmallWorld2\SW2Executable.app\Contents\Win32\SW2Executable.exe

FirewallRules: [{A11F06E3-C30D-4430-9DC7-93565640E434}] => (Allow) C:\Program Files (x86)\HollywoodMovieStudio\hms.exe

FirewallRules: [{A3D46F47-1EE5-408E-A4AC-113F85490C8D}] => (Allow) C:\Program Files (x86)\HollywoodMovieStudio\hms.exe

FirewallRules: [{36348265-BB70-4265-A294-56BD8D529931}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Scribblenauts Unmasked\Scribble.exe

FirewallRules: [{08D0845E-4D31-440E-82E9-FF0BF14CD6AB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Scribblenauts Unmasked\Scribble.exe

FirewallRules: [{628004EB-8967-4C39-AF56-4E2CE82EDDB9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PapersPlease\PapersPlease.exe

FirewallRules: [{EAC62651-7B98-418D-B1AB-6B2E342118D0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PapersPlease\PapersPlease.exe

FirewallRules: [{96298364-43BB-4FDA-8211-2475F1FD9647}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Indiana Jones and the Last Crusade\Indiana Jones and the Last Crusade.exe

FirewallRules: [{497DB3FE-4BBD-43D7-8FDF-6A8704ED8ECF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Indiana Jones and the Last Crusade\Indiana Jones and the Last Crusade.exe

FirewallRules: [{D80F4AB8-4A52-43D2-B46A-3A90A2ABE4FA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win32\MarvelHeroes2015.exe

FirewallRules: [{720C9222-79CB-4727-9BC2-147DEC88D09C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win32\MarvelHeroes2015.exe

FirewallRules: [{BBCD7BC3-B0FC-434C-8789-BCE213D4409E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

FirewallRules: [{E64B20F3-7159-459F-B25B-4D62E8F4D13D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

FirewallRules: [{D9A272FA-F3A3-4462-9914-C737EB22083F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

FirewallRules: [{8785701C-C95D-4176-8683-4D8AC055A4A3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

FirewallRules: [{D43469A5-7425-4E56-8F52-06D07F1DD928}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{3BEF6746-99D7-4D4F-B0B5-9C65BC21176A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{9CE57630-C373-4F7D-AAEE-40970E5C4EDE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2015.exe

FirewallRules: [{9CBC0D24-045F-4A03-848B-DBEA2CA8FB29}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2015.exe

FirewallRules: [{B47AE576-BBA0-45E5-A114-326FD5CF98BB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\InvisibleInc\invisibleinc.exe

FirewallRules: [{C059DD24-94FE-48B4-8AE3-42104B0642A0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\InvisibleInc\invisibleinc.exe

FirewallRules: [{10684064-F09D-482C-ACB7-03E0579020FA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Torchlight\Torchlight.exe

FirewallRules: [{6255FD39-FDD2-442F-A5FE-09FAAA2765FA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Torchlight\Torchlight.exe

FirewallRules: [TCP Query User{CF5A2001-5952-4B68-B802-065DC0F92DCA}C:\mirc\mirc.exe] => (Allow) C:\mirc\mirc.exe

FirewallRules: [UDP Query User{77ED3EE0-33A6-47F7-993C-6D363349D6A2}C:\mirc\mirc.exe] => (Allow) C:\mirc\mirc.exe

FirewallRules: [{482F2391-6840-4757-ADD6-0E703168CDBD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Doodle God\DoodleGod.exe

FirewallRules: [{6FBB0F1C-3CC2-4A48-9192-C2243685B58E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Doodle God\DoodleGod.exe

FirewallRules: [{B7E3FDC0-C87B-4BD8-87A7-D31F20F33A48}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2016.exe

FirewallRules: [{F240BBBC-EDE7-4343-AD3E-F1866A2ADD2F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2016.exe

FirewallRules: [TCP Query User{2735A937-60A5-4314-9270-6DAD147D9F88}C:\program files\smith micro\poser pro 2012\poserpro.exe] => (Block) C:\program files\smith micro\poser pro 2012\poserpro.exe

FirewallRules: [UDP Query User{51E8B353-5B8E-4D05-B24B-0957F6C56673}C:\program files\smith micro\poser pro 2012\poserpro.exe] => (Block) C:\program files\smith micro\poser pro 2012\poserpro.exe

FirewallRules: [{769418DB-BCC4-4BF8-9EE1-AB5BDFD50CA0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\NEKOPARA Vol. 1\nekopara_vol1.exe

FirewallRules: [{63598751-1ACF-401A-A01E-643775B01237}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\NEKOPARA Vol. 1\nekopara_vol1.exe

FirewallRules: [{EC5F237C-D8DE-448F-955F-2F106F8FCBAC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Showtime\Showtime.exe

FirewallRules: [{F1576877-19C0-4E2A-8786-1736D5BFFD72}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Showtime\Showtime.exe

FirewallRules: [{41C15CA3-BDAC-4D30-AC12-7E1D84176AAA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Showtime\Editor.exe

FirewallRules: [{9403F673-E959-498A-B715-F82EDADA232B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Showtime\Editor.exe

FirewallRules: [{19DAC14F-4E4B-4308-8DA8-EA287E709986}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe

FirewallRules: [{72B27022-5609-4BB7-A476-D6C3584C1F2E}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe

FirewallRules: [{50CDFADF-C4E1-4C52-A5C7-AF6041BED38B}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe

FirewallRules: [{3DA5BD82-A044-47A9-A19E-4CE3CF33EA36}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe

FirewallRules: [{A1C750C4-8D1A-405C-8240-303151A12EB4}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe

FirewallRules: [{33C64F4D-AB8B-4816-B8DE-40E891CFC32A}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe

FirewallRules: [{F599EA90-24DD-4B6C-AF7F-587ABE9898B6}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe

FirewallRules: [{AA8C66CC-F068-46DE-94F5-B1190F6E58D2}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe

FirewallRules: [{3F71C94A-F281-49B4-8FE2-0B91C56F40D3}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe

FirewallRules: [{A07534EA-04ED-4D5B-9237-D419429C8CD9}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe

FirewallRules: [{AAF57D1C-DB84-4B35-9433-4C6E306869E6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stardew Valley\Stardew Valley.exe

FirewallRules: [{3737E95C-20E7-4A4E-A82C-50E610B31DC0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stardew Valley\Stardew Valley.exe

FirewallRules: [{B02D6CEC-7725-4F8F-B264-BA47284DC2BB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe

FirewallRules: [{68A6B1F4-F62F-44CF-9D05-79E3E840B9E4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe

FirewallRules: [{69EAE09F-2F80-43FC-A64B-06311B43273A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe

FirewallRules: [{66AEB31A-0B72-4937-B290-BEF6BB87E311}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe

FirewallRules: [{AAEB3644-0628-49D7-9243-A3C4BBD62B0A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Pillars of Eternity\PillarsOfEternity.exe

FirewallRules: [{45BA7F0A-C915-40E8-9D6E-654B9BEE5293}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Pillars of Eternity\PillarsOfEternity.exe

FirewallRules: [TCP Query User{AA4AD599-2BCD-41A7-A4D3-E16E512F40A8}C:\program files (x86)\beamdog\beamdog.launcher.exe] => (Allow) C:\program files (x86)\beamdog\beamdog.launcher.exe

FirewallRules: [UDP Query User{76805EDF-DA3F-48F5-A074-F6FA4297C1B0}C:\program files (x86)\beamdog\beamdog.launcher.exe] => (Allow) C:\program files (x86)\beamdog\beamdog.launcher.exe

FirewallRules: [{C2FC382F-07F7-4C20-9A8C-A8D30B1A1E4C}] => (Allow) C:\program files (x86)\beamdog\beamdog.launcher.exe

FirewallRules: [{B0B8F151-2DB5-416D-B86E-168F019FEB82}] => (Allow) C:\program files (x86)\beamdog\beamdog.launcher.exe

FirewallRules: [TCP Query User{DEA11CB2-DC63-4DF0-888B-8B6CEEAA1B84}C:\program files (x86)\baldur's gate siege of dragonspear\sod.exe] => (Allow) C:\program files (x86)\baldur's gate siege of dragonspear\sod.exe

FirewallRules: [UDP Query User{8B162C93-61E4-4D9A-A8E3-4B5D74CEA494}C:\program files (x86)\baldur's gate siege of dragonspear\sod.exe] => (Allow) C:\program files (x86)\baldur's gate siege of dragonspear\sod.exe

FirewallRules: [{692517B6-321F-4B74-A4C4-C10933CBA0A5}] => (Block) C:\program files (x86)\baldur's gate siege of dragonspear\sod.exe

FirewallRules: [{C57B0BB9-CB76-4C8E-AA02-49F0DAB6095C}] => (Block) C:\program files (x86)\baldur's gate siege of dragonspear\sod.exe

FirewallRules: [TCP Query User{BDABE905-E61F-46B3-B3D6-4E3FF4AA73FF}C:\program files (x86)\baldur's gate enhanced edition\bgee.exe] => (Allow) C:\program files (x86)\baldur's gate enhanced edition\bgee.exe

FirewallRules: [UDP Query User{4D69E85F-E6C8-433B-8394-6A9F81D5CDBA}C:\program files (x86)\baldur's gate enhanced edition\bgee.exe] => (Allow) C:\program files (x86)\baldur's gate enhanced edition\bgee.exe

FirewallRules: [{EC084E47-F367-4150-81B0-EBEE4C9AB7AA}] => (Block) C:\program files (x86)\baldur's gate enhanced edition\bgee.exe

FirewallRules: [{C2E5703F-1901-4EB5-ADD7-4BDA019502DE}] => (Block) C:\program files (x86)\baldur's gate enhanced edition\bgee.exe

FirewallRules: [TCP Query User{41933BDA-EB79-44BD-8E6A-549ABD00F2DD}C:\program files (x86)\ostotosoft\drivertalent\drivertalent.exe] => (Allow) C:\program files (x86)\ostotosoft\drivertalent\drivertalent.exe

FirewallRules: [UDP Query User{CF4102C2-44FB-4E4B-9A0E-A9552DC4CA50}C:\program files (x86)\ostotosoft\drivertalent\drivertalent.exe] => (Allow) C:\program files (x86)\ostotosoft\drivertalent\drivertalent.exe

FirewallRules: [{229A78F9-23E4-4C07-A6B6-2A423C22A0F3}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe

FirewallRules: [{63E9CFA2-50E1-4CD5-A958-B1F42DAA5155}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLService.exe

FirewallRules: [{B6E882AD-34B6-42A0-A92B-B3DDFA3DE3F5}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\download\MiniThunderPlatform.exe

FirewallRules: [{FF05A940-DEEA-4833-9CB9-A60AC5FA96F5}] => (Block) C:\program files (x86)\ostotosoft\drivertalent\drivertalent.exe

FirewallRules: [{34EA23E1-019E-43B2-B228-42C55ECB88B7}] => (Block) C:\program files (x86)\ostotosoft\drivertalent\drivertalent.exe

FirewallRules: [{84ECB425-0083-4D6A-BFC9-6694F8FC3B85}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe

FirewallRules: [{62C5C62F-BFDB-4E43-9938-115BA78ED95D}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe

FirewallRules: [{4C9BA934-EED2-4D9F-97F7-E61665DFCBE9}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe

FirewallRules: [{35576AFB-B9A0-40DD-8BD6-056DCF1A8CEA}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe

FirewallRules: [{A14663DB-A9D2-4A01-B074-D8DB5AD2E337}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe

FirewallRules: [{3A4FF774-92B2-4ADE-B564-2FC6833E2C70}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe

FirewallRules: [{AFB208F2-7CDB-4A9D-8D5A-146AD43B0C22}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe

FirewallRules: [{804DE3F6-8EAD-4015-B44F-7DDD52D4941A}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe

FirewallRules: [{16994C20-D597-4EC2-B0DF-41D19690939D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

FirewallRules: [{49E49B28-D5C1-4663-8D72-BACDDD858612}] => (Allow) LPort=8298

==================== Restore Points =========================

14-04-2017 18:22:13 JRT Pre-Junkware Removal

22-04-2017 04:01:00 Windows Update

22-04-2017 20:54:23 JRT Pre-Junkware Removal

28-04-2017 18:37:52 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (04/30/2017 07:15:49 PM) (Source: Dell System Detect) (EventID: 0) (User: )

Description: <Exception><Type>System.Xml.XmlException</Type><Message><![CDATA[The '/' character, hexadecimal value 0x2F, cannot be included in a name.]]></Message><Source><![CDATA[System.Xml]]></Source><StackTrace><![CDATA[ at System.Xml.XmlDocument.CheckName(String name)

at System.Xml.XmlElement..ctor(XmlName name, Boolean empty, XmlDocument doc)

at System.Xml.XmlDocument.CreateElement(String prefix, String localName, String namespaceURI)

at System.Xml.XmlDocument.CreateElement(String name)

at eSupport.Common.Client.Core.LastUpdatedHelper.SetLastUpdatedValue(String type, String value)]]></StackTrace><SysInfo STag="6RBYFV1" SMBIOSMajVer="2" SMBIOSMinVer="7" SMBIOSBIOSVer="A09" SMBIOSPresent="True" Rel_Date="20120629000000.000000+000" DSDVersion="" Vendor="Alienware" PName="M17xR4" Ident_Num="TREVOR-PC" TimeZone="(UTC-05:00) Eastern Time (US & Canada)" OSName="Microsoft Windows 10 Home"/><Method>UpdateLastUpdatedConfig</Method><HostIP>169.254.123.37</HostIP></Exception>

Error: (04/30/2017 07:15:47 PM) (Source: Dell System Detect) (EventID: 0) (User: )

Description: <Exception><Type>System.Xml.XmlException</Type><Message><![CDATA[The '/' character, hexadecimal value 0x2F, cannot be included in a name.]]></Message><Source><![CDATA[System.Xml]]></Source><StackTrace><![CDATA[ at System.Xml.XmlDocument.CheckName(String name)

at System.Xml.XmlElement..ctor(XmlName name, Boolean empty, XmlDocument doc)

at System.Xml.XmlDocument.CreateElement(String prefix, String localName, String namespaceURI)

at System.Xml.XmlDocument.CreateElement(String name)

at eSupport.Common.Client.Core.LastUpdatedHelper.SetLastUpdatedValue(String type, String value)]]></StackTrace><SysInfo STag="6RBYFV1" SMBIOSMajVer="2" SMBIOSMinVer="7" SMBIOSBIOSVer="A09" SMBIOSPresent="True" Rel_Date="20120629000000.000000+000" DSDVersion="" Vendor="Alienware" PName="M17xR4" Ident_Num="TREVOR-PC" TimeZone="(UTC-05:00) Eastern Time (US & Canada)" OSName="Microsoft Windows 10 Home"/><Method>UpdateLastUpdatedConfig</Method><HostIP>169.254.123.37</HostIP></Exception>

Error: (04/28/2017 07:56:40 PM) (Source: Dell System Detect) (EventID: 0) (User: )

Description: <Exception><Type>System.Xml.XmlException</Type><Message><![CDATA[The '/' character, hexadecimal value 0x2F, cannot be included in a name.]]></Message><Source><![CDATA[System.Xml]]></Source><StackTrace><![CDATA[ at System.Xml.XmlDocument.CheckName(String name)

at System.Xml.XmlElement..ctor(XmlName name, Boolean empty, XmlDocument doc)

at System.Xml.XmlDocument.CreateElement(String prefix, String localName, String namespaceURI)

at System.Xml.XmlDocument.CreateElement(String name)

at eSupport.Common.Client.Core.LastUpdatedHelper.SetLastUpdatedValue(String type, String value)]]></StackTrace><SysInfo STag="6RBYFV1" SMBIOSMajVer="2" SMBIOSMinVer="7" SMBIOSBIOSVer="A09" SMBIOSPresent="True" Rel_Date="20120629000000.000000+000" DSDVersion="" Vendor="Alienware" PName="M17xR4" Ident_Num="TREVOR-PC" TimeZone="(UTC-05:00) Eastern Time (US & Canada)" OSName="Microsoft Windows 10 Home"/><Method>UpdateLastUpdatedConfig</Method><HostIP>169.254.123.37</HostIP></Exception>

Error: (04/28/2017 07:56:39 PM) (Source: Dell System Detect) (EventID: 0) (User: )

Description: <Exception><Type>System.Xml.XmlException</Type><Message><![CDATA[The '/' character, hexadecimal value 0x2F, cannot be included in a name.]]></Message><Source><![CDATA[System.Xml]]></Source><StackTrace><![CDATA[ at System.Xml.XmlDocument.CheckName(String name)

at System.Xml.XmlElement..ctor(XmlName name, Boolean empty, XmlDocument doc)

at System.Xml.XmlDocument.CreateElement(String prefix, String localName, String namespaceURI)

at System.Xml.XmlDocument.CreateElement(String name)

at eSupport.Common.Client.Core.LastUpdatedHelper.SetLastUpdatedValue(String type, String value)]]></StackTrace><SysInfo STag="6RBYFV1" SMBIOSMajVer="2" SMBIOSMinVer="7" SMBIOSBIOSVer="A09" SMBIOSPresent="True" Rel_Date="20120629000000.000000+000" DSDVersion="" Vendor="Alienware" PName="M17xR4" Ident_Num="TREVOR-PC" TimeZone="(UTC-05:00) Eastern Time (US & Canada)" OSName="Microsoft Windows 10 Home"/><Method>UpdateLastUpdatedConfig</Method><HostIP>169.254.123.37</HostIP></Exception>

Error: (04/28/2017 07:53:56 PM) (Source: Perflib) (EventID: 1008) (User: )

Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (04/28/2017 06:38:23 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

.

Error: (04/28/2017 03:53:41 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: TREVOR-PC)

Description: Package Microsoft.WindowsStore_11701.1001.99.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

Error: (04/26/2017 01:23:44 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TREVOR-PC)

Description: Activation of app Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/25/2017 10:27:43 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TREVOR-PC)

Description: Activation of app king.com.CandyCrushSodaSaga_kgqvnymyfvs32!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/25/2017 10:27:43 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: TREVOR-PC)

Description: App king.com.CandyCrushSodaSaga_1.87.900.0_x86__kgqvnymyfvs32+App did not launch within its allotted time.

System errors:

=============

Error: (05/01/2017 04:29:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The WinPrivacySvc service terminated unexpectedly. It has done this 1 time(s).

Error: (05/01/2017 04:28:44 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The GlassWire Control Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/01/2017 04:28:28 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Dell Data Vault Wizard service terminated unexpectedly. It has done this 1 time(s).

Error: (05/01/2017 04:28:21 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Dell Data Vault service terminated unexpectedly. It has done this 1 time(s).

Error: (05/01/2017 04:28:05 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/01/2017 04:27:55 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Alienware Fusion Service service terminated unexpectedly. It has done this 1 time(s).

Error: (04/30/2017 07:52:23 PM) (Source: disk) (EventID: 7) (User: )

Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (04/30/2017 07:52:20 PM) (Source: disk) (EventID: 7) (User: )

Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (04/28/2017 08:44:04 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}

and APPID

{F72671A9-012C-4725-9D2F-2A4D32D65169}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/28/2017 07:48:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The CyberGhost 5 Client Service service failed to start due to the following error:

The service did not respond to the start or control request in a timely fashion.

CodeIntegrity:

===================================

Date: 2017-04-24 11:19:21.882

Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvdmwu.inf_amd64_26aa6356770b2e86\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-04-23 09:43:19.322

Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvdmwu.inf_amd64_26aa6356770b2e86\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-04-21 08:42:51.446

Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvdmwu.inf_amd64_26aa6356770b2e86\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-04-18 08:30:13.007

Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvdmwu.inf_amd64_26aa6356770b2e86\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-04-17 12:41:50.966

Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvdmwu.inf_amd64_26aa6356770b2e86\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-04-15 02:44:14.001

Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvdmwu.inf_amd64_26aa6356770b2e86\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-04-14 08:26:27.522

Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvdmwu.inf_amd64_26aa6356770b2e86\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-04-14 00:02:28.068

Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-04-07 12:35:43.878

Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-03-31 23:30:19.932

Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz

Percentage of memory in use: 51%

Total physical RAM: 8074.3 MB

Available physical RAM: 3917.73 MB

Total Virtual: 20362.3 MB

Available Virtual: 16072.25 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:922.25 GB) (Free:582.88 GB) NTFS

Drive d: (Ancient Aliens S1 D1) (CDROM) (Total:7.43 GB) (Free:0 GB) UDF

Drive e: (Kindle) (Removable) (Total:1.33 GB) (Free:0 GB) FAT32

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: BAAE3A38)

Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)

Partition 2: (Active) - (Size=9.2 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=922.3 GB) - (Type=07 NTFS)

========================================================

Disk: 1 (Size: 1.3 GB) (Disk ID: 00000003)

Partition 1: (Not Active) - (Size=1.3 GB) - (Type=0B)

==================== End of Addition.txt ============================

Broni · May 1, 2017

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=======================================

In the future please use Notepad instead of Wordpad to open logs.
Wordpad creates an extra space and all logs are twice as long and harder for me to read.
Thank you

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs
Double click on downloaded setup.exe file to install the program.
Click on Start Scan button.
Click on another Start Scan button.
Wait until the Status box shows Scan Finished
Click on Delete.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
Then click Finish.
Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
Restart your computer when prompted to do so.
The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
The tool will start to update the database if one is required.
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Logfile button.
A window will open which lists the logs of your scans.
Click on the Scan tab.
Double-click the most recent scan which will be at the top of the list....the log will appear.
Review the results...see note below
After reviewing the log, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Polterdog · May 2, 2017

I apologize about not using Notepad. I'm sure you must've told me that before (you had previously helped me with a problem that I was having with my desktop computer) and I should've been more thoughtful. Again, really sorry about that.

Okay, now onto some weirdness. I ran RogueKiller and, as I periodically checked in on it as it scanned, I noticed it had found something (highlighted in red) as I passed my computer to do other things. The next time I checked in on it, RogueKiller was not running and had closed all by itself. It didn't create any logs, either. I didn't follow through on any of your other instructions thinking that you'd want to know about this before any further action was taken.

Broni · May 2, 2017

Try to re-run it.

Polterdog · May 3, 2017

Apologies, once again, about the amount of time it has taken me to get back to you.

The same thing has occurred. I ran the program multiple times, even running Rkill before running RogueKiller and the same thing keeps happening.

Broni · May 3, 2017

OK. Continue with other steps.

Polterdog · May 4, 2017

Here are all the logs you requested (sans the RogueKiller one which, as I made mention, would just shut down). I'll post them in order. This is the Malwarebytes one:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 04/05/2017
Scan Time: 12:27 PM
Logfile: Malware Bytes Application Log.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2017.05.04.04
Rootkit Database: v2017.04.02.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Trevor

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 440929
Time Elapsed: 1 hr, 37 min, 6 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

Polterdog · May 4, 2017

This is the AdwCleaner one:

# AdwCleaner v6.046 - Logfile created 04/05/2017 at 15:13:12
# Updated on 24/04/2017 by Malwarebytes
# Database : 2017-05-04.1 [Server]
# Operating System : Windows 10 Home (X64)
# Username : Trevor - TREVOR-PC
# Running from : C:\Users\Trevor\Desktop\adwcleaner_6.046.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder deleted: C:\ProgramData\IObit\ASCDownloader
[#] Folder deleted on reboot: C:\ProgramData\Application Data\IObit\ASCDownloader

***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [11015 Bytes] - [28/10/2016 12:03:16]
C:\AdwCleaner\AdwCleaner[C10].txt - [3396 Bytes] - [07/04/2017 12:37:59]
C:\AdwCleaner\AdwCleaner[C11].txt - [3545 Bytes] - [14/04/2017 18:41:17]
C:\AdwCleaner\AdwCleaner[C12].txt - [4067 Bytes] - [22/04/2017 21:58:08]
C:\AdwCleaner\AdwCleaner[C13].txt - [3841 Bytes] - [28/04/2017 19:43:50]
C:\AdwCleaner\AdwCleaner[C14].txt - [1262 Bytes] - [04/05/2017 15:13:12]
C:\AdwCleaner\AdwCleaner[C2].txt - [1639 Bytes] - [03/11/2016 13:24:36]
C:\AdwCleaner\AdwCleaner[C3].txt - [1607 Bytes] - [08/11/2016 13:57:44]
C:\AdwCleaner\AdwCleaner[C4].txt - [1753 Bytes] - [12/11/2016 14:31:21]
C:\AdwCleaner\AdwCleaner[C5].txt - [1899 Bytes] - [19/11/2016 21:10:59]
C:\AdwCleaner\AdwCleaner[C6].txt - [2417 Bytes] - [01/02/2017 21:00:31]
C:\AdwCleaner\AdwCleaner[C7].txt - [2954 Bytes] - [20/03/2017 17:48:18]
C:\AdwCleaner\AdwCleaner[C8].txt - [3101 Bytes] - [26/03/2017 00:32:52]
C:\AdwCleaner\AdwCleaner[C9].txt - [5457 Bytes] - [01/04/2017 15:01:10]
C:\AdwCleaner\AdwCleaner[R0].txt - [16171 Bytes] - [16/10/2013 21:41:04]
C:\AdwCleaner\AdwCleaner[R1].txt - [1118 Bytes] - [27/10/2013 02:24:17]
C:\AdwCleaner\AdwCleaner[S0].txt - [16102 Bytes] - [16/10/2013 21:42:13]
C:\AdwCleaner\AdwCleaner[S10].txt - [2392 Bytes] - [08/01/2017 01:36:03]
C:\AdwCleaner\AdwCleaner[S11].txt - [2466 Bytes] - [14/01/2017 02:39:09]
C:\AdwCleaner\AdwCleaner[S12].txt - [2553 Bytes] - [01/02/2017 19:41:12]
C:\AdwCleaner\AdwCleaner[S13].txt - [2687 Bytes] - [10/02/2017 19:01:23]
C:\AdwCleaner\AdwCleaner[S14].txt - [2761 Bytes] - [24/02/2017 14:45:39]
C:\AdwCleaner\AdwCleaner[S15].txt - [2835 Bytes] - [07/03/2017 21:28:34]
C:\AdwCleaner\AdwCleaner[S16].txt - [2909 Bytes] - [12/03/2017 11:27:30]
C:\AdwCleaner\AdwCleaner[S17].txt - [3073 Bytes] - [20/03/2017 17:46:32]
C:\AdwCleaner\AdwCleaner[S18].txt - [3220 Bytes] - [26/03/2017 00:32:19]
C:\AdwCleaner\AdwCleaner[S19].txt - [5585 Bytes] - [01/04/2017 14:58:58]
C:\AdwCleaner\AdwCleaner[S1].txt - [10076 Bytes] - [28/10/2016 11:02:27]
C:\AdwCleaner\AdwCleaner[S20].txt - [3514 Bytes] - [07/04/2017 12:34:54]
C:\AdwCleaner\AdwCleaner[S21].txt - [3662 Bytes] - [14/04/2017 18:38:36]
C:\AdwCleaner\AdwCleaner[S22].txt - [4070 Bytes] - [22/04/2017 21:27:18]
C:\AdwCleaner\AdwCleaner[S23].txt - [3958 Bytes] - [28/04/2017 19:00:36]
C:\AdwCleaner\AdwCleaner[S24].txt - [4106 Bytes] - [04/05/2017 14:36:41]
C:\AdwCleaner\AdwCleaner[S2].txt - [1672 Bytes] - [03/11/2016 12:52:13]
C:\AdwCleaner\AdwCleaner[S3].txt - [1731 Bytes] - [08/11/2016 10:58:23]
C:\AdwCleaner\AdwCleaner[S4].txt - [1877 Bytes] - [12/11/2016 14:25:25]
C:\AdwCleaner\AdwCleaner[S5].txt - [2023 Bytes] - [19/11/2016 19:59:43]
C:\AdwCleaner\AdwCleaner[S6].txt - [2098 Bytes] - [26/11/2016 12:37:52]
C:\AdwCleaner\AdwCleaner[S7].txt - [2171 Bytes] - [03/12/2016 14:15:52]
C:\AdwCleaner\AdwCleaner[S8].txt - [2246 Bytes] - [16/12/2016 19:42:03]
C:\AdwCleaner\AdwCleaner[S9].txt - [2317 Bytes] - [24/12/2016 19:07:18]

########## EOF - C:\AdwCleaner\AdwCleaner[C14].txt - [3909 Bytes] ##########

Polterdog · May 4, 2017

And, finally, the JRT one:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Home x64
Ran by Trevor (Administrator) on 04/05/2017 at 16:29:56.65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 2

Successfully deleted: C:\Users\Trevor\AppData\Roaming\productdata (Folder)
Successfully deleted: C:\WINDOWS\system32\Tasks\PCDEventLauncherTask (Task)

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04/05/2017 at 16:36:20.38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Broni · May 4, 2017

I don't see anything malicious there but in your Event Viewer I see couple of these:

Error: (04/30/2017 07:52:23 PM) (Source: disk) (EventID: 7) (User: )

Description: The device, \Device\Harddisk0\DR0, has a bad block.

You may have hard drive issue.

Run hard drive diagnostics: http://www.bleepingcomputer.com/forums/topic28744.html/page__view__findpost__p__160520
Make sure, you select tool, which is appropriate for the brand of your hard drive.
Depending on the program, it'll create bootable floppy, or bootable CD.
If downloaded file is of .iso type, use ImgBurn: http://www.imgburn.com/ to burn .iso file to a CD (select "Write image file to disc" option), and make the CD bootable.
For Toshiba hard drives, see here: http://storage.toshiba.com/storage-services-support/warranty-support/software-utilities#diagnostic

Note : If you do not know how to set your computer to boot from CD follow the steps here

Polterdog · May 6, 2017

Many thanks for all the time and effort you put into helping me with my issue. Truth be told, I'm a little disappointed to find that malware wasn't the cause of my computer's slow speed because to my mind, at least, it's an easier fix and far less troublesome -- especially for a borderline computer-illiterate like me. I guess I was just getting paranoid with all the IObit warnings that I was getting from a lot of the anti-malware software that I was using in order to try to diagnose the problem myself. That, combined with the complete RogueKiller fail, and an unexpected connection that GlassWire said my computer was making to China, left me seeking answers where, apparently, there wasn't even a question to begin with.

Thanks again for your time, trouble, and patience with me in all of this.

Broni · May 6, 2017

You're very welcome

Solved Computer Running Slow -- IObit\ASCDownloader Won't Delete

Polterdog

Posts: 42 +0

Polterdog

Posts: 42 +0

Polterdog

Posts: 42 +0

Polterdog

Posts: 42 +0

Polterdog

Posts: 42 +0

Broni

Posts: 56,041 +516

Polterdog

Posts: 42 +0

Broni

Posts: 56,041 +516

Polterdog

Posts: 42 +0

Broni

Posts: 56,041 +516

Polterdog

Posts: 42 +0

Polterdog

Posts: 42 +0

Polterdog

Posts: 42 +0

Broni

Posts: 56,041 +516

Polterdog

Posts: 42 +0

Broni

Posts: 56,041 +516

Similar threads

Latest posts