Inactive Occasional Loss of Signal to Monitors

VvWolverinevV

VvWolverinevV

Posts: 119   +0
Symptoms:
  1. Occasionally (about once per day) while using my computer, the screen will lose its signal for about 10 seconds.
  2. Update History is empty.
  3. The computer will often wake itself from sleep mode.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-08-2017
Ran by tag (administrator) on ARCHIMONDE (18-08-2017 03:56:24)
Running from C:\Users\tag\Desktop
Loaded Profiles: tag (Available Profiles: tag & sshaccess & DefaultAppPool)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Code 42 Software) C:\Program Files\CrashPlan\CrashPlanService.exe
(Broadcom Corporation.) C:\WINDOWS\System32\BtwRSupportService.exe
(Dropbox, Inc.) C:\WINDOWS\System32\DbxSvc.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(Microsoft Corporation) C:\WINDOWS\System32\mqsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(VMware, Inc.) C:\WINDOWS\SysWOW64\vmnat.exe
(VMware, Inc.) C:\WINDOWS\SysWOW64\vmnetdhcp.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\WINDOWS\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Code 42 Software, Inc.) C:\Program Files\CrashPlan\CrashPlanTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Flux Software LLC) C:\Users\tag\AppData\Local\FluxSoftware\Flux\flux.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\WINDOWS\System32\CompatTelRunner.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [CrashPlanTray] => C:\Program Files\CrashPlan\CrashPlanTray.exe [462808 2017-06-08] (Code 42 Software, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213832 2017-07-19] (AVAST Software)
HKLM-x32\...\Run: [APSDaemon] => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3487032 2017-08-10] (Dropbox, Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE*
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [112104 2017-06-19] (VMware, Inc.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-3554478145-5653826-404848212-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25607952 2017-08-04] (Google)
HKU\S-1-5-21-3554478145-5653826-404848212-1000\...\Run: [Google Update] => C:\Users\tag\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-28] (Google Inc.)
HKU\S-1-5-21-3554478145-5653826-404848212-1000\...\Run: [f.lux] => C:\Users\tag\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-3554478145-5653826-404848212-1000\...\Run: [Spotify Web Helper] => C:\Users\tag\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1580144 2017-08-03] (Spotify Ltd)
HKU\S-1-5-21-3554478145-5653826-404848212-1000\...\Run: [GoogleChromeAutoLaunch_A03A8B1B4CFB215D4B1B77B39B8928B6] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1301848 2017-08-11] (Google Inc.)
HKU\S-1-5-21-3554478145-5653826-404848212-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Ribbons.scr [151040 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [CtxfiReg] => CTXFIREG.exe /FAIL2
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Disconnect Desktop.lnk [2015-06-30]
ShortcutTarget: Disconnect Desktop.lnk -> C:\Users\tag\AppData\Roaming\Disconnect\Disconnect Desktop\Disconnect Desktop.exe (No File)
Startup: C:\Users\tag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2016-03-22] ()
Startup: C:\Users\tag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk [2015-09-20]
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
Startup: C:\Users\tag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Slack.lnk [2016-11-20]
ShortcutTarget: Slack.lnk -> C:\Users\tag\AppData\Local\slack\Update.exe ()
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
GroupPolicyScripts: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 199.21.87.140 199.21.87.141 192.80.0.5 192.80.0.6
Tcpip\..\Interfaces\{63f44450-8678-4120-a03a-8791f00b5b3d}: [DhcpNameServer] 128.59.1.3 128.59.1.4 192.168.33.1
Tcpip\..\Interfaces\{6cd93ca1-1204-4b1e-ac06-bf857a411516}: [NameServer] 216.131.94.5,66.218.44.5
Tcpip\..\Interfaces\{6cd93ca1-1204-4b1e-ac06-bf857a411516}: [DhcpNameServer] 199.21.87.140 199.21.87.141 192.80.0.5 192.80.0.6
Tcpip\..\Interfaces\{de6813e2-049f-4db1-9b28-021b07131f51}: [DhcpNameServer] 128.59.1.3 128.59.1.4 192.168.33.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-3554478145-5653826-404848212-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.showtimeanytime.com/#/home
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab

FireFox:
========
FF DefaultProfile: im0svryy.default
FF ProfilePath: C:\Users\tag\AppData\Roaming\Mozilla\Firefox\Profiles\im0svryy.default [2016-12-08]
FF NetworkProxy: Mozilla\Firefox\Profiles\im0svryy.default -> backup.ftp", "127.0.0.1"
FF NetworkProxy: Mozilla\Firefox\Profiles\im0svryy.default -> backup.ftp_port", 80
FF NetworkProxy: Mozilla\Firefox\Profiles\im0svryy.default -> backup.socks", "127.0.0.1"
FF NetworkProxy: Mozilla\Firefox\Profiles\im0svryy.default -> backup.socks_port", 80
FF NetworkProxy: Mozilla\Firefox\Profiles\im0svryy.default -> backup.ssl", "127.0.0.1"
FF NetworkProxy: Mozilla\Firefox\Profiles\im0svryy.default -> backup.ssl_port", 80
FF NetworkProxy: Mozilla\Firefox\Profiles\im0svryy.default -> ftp", "127.0.0.1"
FF NetworkProxy: Mozilla\Firefox\Profiles\im0svryy.default -> ftp_port", 80
FF NetworkProxy: Mozilla\Firefox\Profiles\im0svryy.default -> http", "127.0.0.1"
FF NetworkProxy: Mozilla\Firefox\Profiles\im0svryy.default -> http_port", 80
FF NetworkProxy: Mozilla\Firefox\Profiles\im0svryy.default -> share_proxy_settings", true
FF NetworkProxy: Mozilla\Firefox\Profiles\im0svryy.default -> socks", "127.0.0.1"
FF NetworkProxy: Mozilla\Firefox\Profiles\im0svryy.default -> socks_port", 80
FF NetworkProxy: Mozilla\Firefox\Profiles\im0svryy.default -> ssl", "127.0.0.1"
FF NetworkProxy: Mozilla\Firefox\Profiles\im0svryy.default -> ssl_port", 80
FF Extension: (All Aboard) - C:\Users\tag\AppData\Roaming\Mozilla\Firefox\Profiles\im0svryy.default\Extensions\@all-aboard-v1-5 [2016-12-08]
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-11-03] (LastPass)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-11-03] (LastPass)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-3554478145-5653826-404848212-1000: @tools.google.com/Google Update;version=3 -> C:\Users\tag\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-3554478145-5653826-404848212-1000: @tools.google.com/Google Update;version=9 -> C:\Users\tag\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-3554478145-5653826-404848212-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\tag\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-07-07] (Zoom Video Communications, Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://news.yahoo.com/
CHR StartupUrls: Default -> "hxxp://news.yahoo.com/"
CHR Profile: C:\Users\tag\AppData\Local\Google\Chrome\User Data\Default [2017-08-18]
CHR Extension: (Urban Dictionary Search) - C:\Users\tag\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppomgedpkjjilnlilobnedhapkiolk [2017-06-14]
CHR Extension: (Google Drive) - C:\Users\tag\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\tag\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2017-07-11]
CHR Extension: (YouTube) - C:\Users\tag\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (uBlock Origin) - C:\Users\tag\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-07-24]
CHR Extension: (Email this page (by Google)) - C:\Users\tag\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbeoemfhkdniadbojeencpkgmobndpai [2014-12-28]
CHR Extension: (Google Tasks (by Google)) - C:\Users\tag\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmglolhoplikcoamfgjgammjbgchgjdd [2017-06-11]
CHR Extension: (Google Calendar) - C:\Users\tag\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-01-06]
CHR Extension: (Google Calendar (by Google)) - C:\Users\tag\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2016-08-26]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\tag\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-08-01]
CHR Extension: (Tabs to the front!) - C:\Users\tag\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjaooagfdhdhmbfchnkhggjmacjlacla [2014-12-28]
CHR Extension: (Google Maps) - C:\Users\tag\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-11-03]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\tag\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2017-07-24]
CHR Extension: (Google Hangouts) - C:\Users\tag\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2017-05-07]
CHR Extension: (Awesome Screenshot: Screen Video Recorder) - C:\Users\tag\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2017-08-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\tag\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-11]
CHR Extension: (Gmail) - C:\Users\tag\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\tag\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-26]
CHR Profile: C:\Users\tag\AppData\Local\Google\Chrome\User Data\Profile 1 [2016-09-13]
CHR Extension: (Google Slides) - C:\Users\tag\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-06]
CHR Extension: (Google Docs) - C:\Users\tag\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-06]
CHR Extension: (Google Drive) - C:\Users\tag\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-11]
CHR Extension: (YouTube) - C:\Users\tag\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-11]
CHR Extension: (Google Search) - C:\Users\tag\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-06]
CHR Extension: (Google Sheets) - C:\Users\tag\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-06]
CHR Extension: (Google Docs Offline) - C:\Users\tag\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-11]
CHR Extension: (SingleFile Core) - C:\Users\tag\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jemlklgaibiijojffihnhieihhagocma [2015-09-06]
CHR Extension: (SingleFile) - C:\Users\tag\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mpiodijhokgodhhofbcjdecpffjipkle [2015-09-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\tag\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-11]
CHR Extension: (Gmail) - C:\Users\tag\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-06]
CHR Extension: (Chrome Media Router) - C:\Users\tag\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-11]
CHR Profile: C:\Users\tag\AppData\Local\Google\Chrome\User Data\Profile 2 [2016-09-13]
CHR Extension: (Google Slides) - C:\Users\tag\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-06]
CHR Extension: (Google Docs) - C:\Users\tag\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-06]
CHR Extension: (Google Drive) - C:\Users\tag\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-11]
CHR Extension: (YouTube) - C:\Users\tag\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-06]
CHR Extension: (Google Search) - C:\Users\tag\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-06]
CHR Extension: (Google Sheets) - C:\Users\tag\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-06]
CHR Extension: (Google Docs Offline) - C:\Users\tag\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\tag\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-11]
CHR Extension: (Gmail) - C:\Users\tag\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-06]
CHR Extension: (Chrome Media Router) - C:\Users\tag\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-11]
CHR Profile: C:\Users\tag\AppData\Local\Google\Chrome\User Data\System Profile [2015-10-06]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3554478145-5653826-404848212-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7430992 2017-07-19] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263312 2017-07-19] (AVAST Software)
R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2251992 2015-11-19] (Broadcom Corporation.)
R2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [267736 2017-06-08] (Code 42 Software)
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2016-12-13] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-06] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-06] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [49992 2017-08-10] (Dropbox, Inc.)
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [5132312 2016-08-08] (Binary Fortress Software)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-05-01] (NVIDIA Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1450824 2017-08-02] (Overwolf LTD)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889888 2017-08-01] (Microsoft Corporation)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12482024 2017-06-19] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-08-01] (Microsoft Corporation)
S3 wmiApSrv; C:\WINDOWS\system32\wbem\WmiApSrv.exe [203264 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [320008 2017-07-19] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [198976 2017-07-19] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [343288 2017-07-19] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [57728 2017-07-19] (AVAST Software s.r.o.)
S3 aswHdsKe; C:\WINDOWS\system32\drivers\aswHdsKe.sys [82936 2016-11-15] (AVAST Software)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [46984 2017-07-10] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [146704 2017-08-09] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [110352 2017-07-10] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [84392 2017-07-10] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1015880 2017-08-09] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [585608 2017-07-10] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [198768 2017-07-10] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [361336 2017-07-10] (AVAST Software)
R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [173312 2015-11-19] (Broadcom Corporation.)
S3 BCMH43XX; C:\WINDOWS\system32\DRIVERS\AE1200w764.sys [2576632 2016-12-03] (Broadcom Corporation)
R3 MTsensor; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_a2b0acab06663645\nvlddmkm.sys [14456944 2017-05-02] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-13] (NVIDIA Corporation)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [38376 2017-05-05] (VMware, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 yukonw8; C:\WINDOWS\System32\drivers\yk63x64.sys [288768 2016-07-16] (Marvell)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-18 03:56 - 2017-08-18 03:56 - 000025174 _____ C:\Users\tag\Desktop\FRST.txt
2017-08-18 03:56 - 2017-08-18 03:56 - 000000000 ____D C:\FRST
2017-08-18 03:55 - 2017-08-18 03:56 - 002395648 _____ (Farbar) C:\Users\tag\Desktop\FRST64.exe
2017-08-18 03:31 - 2017-08-18 03:31 - 000262144 ____N C:\WINDOWS\Minidump\081817-8625-01.dmp
2017-08-17 10:21 - 2017-08-17 10:21 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-08-12 13:07 - 2017-08-12 13:07 - 000162839 _____ C:\Users\tag\Desktop\Googles-Ideological-Echo-Chamber.pdf
2017-08-10 20:15 - 2017-08-10 20:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-08-10 10:03 - 2017-08-10 10:03 - 000049992 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-08-10 10:03 - 2017-08-10 10:03 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-08-10 10:03 - 2017-08-10 10:03 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-08-10 10:03 - 2017-08-10 10:03 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-08-09 11:01 - 2017-08-01 12:32 - 000133984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-08-09 11:01 - 2017-08-01 12:27 - 000118112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-08-09 11:01 - 2017-08-01 12:22 - 001860288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-08-09 11:01 - 2017-08-01 12:22 - 000360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-08-09 11:01 - 2017-08-01 12:21 - 000857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-08-09 11:01 - 2017-08-01 12:20 - 000557408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2017-08-09 11:01 - 2017-08-01 12:18 - 008169536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-08-09 11:01 - 2017-08-01 12:18 - 004260064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-08-09 11:01 - 2017-08-01 12:18 - 001983408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-08-09 11:01 - 2017-08-01 12:18 - 001702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-08-09 11:01 - 2017-08-01 12:18 - 000092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-08-09 11:01 - 2017-08-01 12:17 - 022220856 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-08-09 11:01 - 2017-08-01 12:17 - 001072248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-08-09 11:01 - 2017-08-01 12:17 - 000244816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-08-09 11:01 - 2017-08-01 12:13 - 002532192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-08-09 11:01 - 2017-08-01 12:13 - 000387872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-08-09 11:01 - 2017-08-01 11:58 - 000299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinit.exe
2017-08-09 11:01 - 2017-08-01 11:57 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe
2017-08-09 11:01 - 2017-08-01 11:57 - 000372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-08-09 11:01 - 2017-08-01 11:53 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-08-09 11:01 - 2017-08-01 11:52 - 000237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2017-08-09 11:01 - 2017-08-01 11:51 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll
2017-08-09 11:01 - 2017-08-01 11:48 - 000211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-08-09 11:01 - 2017-08-01 11:47 - 000748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-08-09 11:01 - 2017-08-01 11:47 - 000691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-08-09 11:01 - 2017-08-01 11:46 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-08-09 11:01 - 2017-08-01 11:46 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-08-09 11:01 - 2017-08-01 11:46 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2017-08-09 11:01 - 2017-08-01 11:46 - 000260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-08-09 11:01 - 2017-08-01 11:45 - 000561664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll
2017-08-09 11:01 - 2017-08-01 11:45 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-08-09 11:01 - 2017-08-01 11:44 - 000642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll
2017-08-09 11:01 - 2017-08-01 11:43 - 000963584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebcamUi.dll
2017-08-09 11:01 - 2017-08-01 11:42 - 006288384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-08-09 11:01 - 2017-08-01 11:38 - 013441536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-08-09 11:01 - 2017-08-01 11:35 - 001908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-08-09 11:01 - 2017-08-01 11:32 - 004596224 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2017-08-09 11:01 - 2017-08-01 11:32 - 003401216 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-08-09 11:01 - 2017-08-01 11:29 - 004743680 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-08-09 11:01 - 2017-08-01 11:29 - 002852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-08-09 11:01 - 2017-08-01 11:27 - 008076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-08-09 11:01 - 2017-08-01 11:27 - 004149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-08-09 11:01 - 2017-08-01 11:27 - 002538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-08-09 11:01 - 2017-08-01 11:27 - 001984000 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-08-09 11:01 - 2017-08-01 11:27 - 000903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-08-09 11:01 - 2017-08-01 11:27 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2017-08-09 11:01 - 2017-08-01 11:26 - 001949696 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistSvc.dll
2017-08-09 11:01 - 2017-08-01 11:24 - 003299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2017-08-09 11:01 - 2017-08-01 11:24 - 000998912 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-08-09 11:01 - 2017-08-01 10:20 - 002264344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-08-09 11:01 - 2017-08-01 10:20 - 001431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-08-09 11:01 - 2017-08-01 10:20 - 000781144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-08-09 11:01 - 2017-08-01 10:20 - 000116576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-08-09 11:01 - 2017-08-01 10:19 - 001980776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2017-08-09 11:01 - 2017-08-01 10:19 - 000577976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-08-09 11:01 - 2017-08-01 10:19 - 000339896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-08-09 11:01 - 2017-08-01 10:19 - 000266080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-08-09 11:01 - 2017-08-01 10:19 - 000120416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-08-09 11:01 - 2017-08-01 10:18 - 000139104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-08-09 11:01 - 2017-08-01 10:16 - 006665952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-08-09 11:01 - 2017-08-01 10:16 - 004023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-08-09 11:01 - 2017-08-01 10:16 - 001845512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-08-09 11:01 - 2017-08-01 10:15 - 020967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-08-09 11:01 - 2017-08-01 10:15 - 001360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-08-09 11:01 - 2017-08-01 10:15 - 001277856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-08-09 11:01 - 2017-08-01 10:15 - 000981888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-08-09 11:01 - 2017-08-01 10:10 - 000306800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2017-08-09 11:01 - 2017-08-01 10:07 - 005686784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-08-09 11:01 - 2017-08-01 09:59 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
2017-08-09 11:01 - 2017-08-01 09:58 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-08-09 11:01 - 2017-08-01 09:56 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2017-08-09 11:01 - 2017-08-01 09:56 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll
2017-08-09 11:01 - 2017-08-01 09:55 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll
2017-08-09 11:01 - 2017-08-01 09:54 - 000505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-08-09 11:01 - 2017-08-01 09:54 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2017-08-09 11:01 - 2017-08-01 09:54 - 000180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-08-09 11:01 - 2017-08-01 09:53 - 000557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-08-09 11:01 - 2017-08-01 09:52 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSCOMEX.dll
2017-08-09 11:01 - 2017-08-01 09:52 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBroker.dll
2017-08-09 11:01 - 2017-08-01 09:51 - 000483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll
2017-08-09 11:01 - 2017-08-01 09:51 - 000426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll
2017-08-09 11:01 - 2017-08-01 09:51 - 000388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2017-08-09 11:01 - 2017-08-01 09:51 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-08-09 11:01 - 2017-08-01 09:51 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-08-09 11:01 - 2017-08-01 09:51 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-08-09 11:01 - 2017-08-01 09:50 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-08-09 11:01 - 2017-08-01 09:50 - 000284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2017-08-09 11:01 - 2017-08-01 09:50 - 000260096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2017-08-09 11:01 - 2017-08-01 09:50 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2017-08-09 11:01 - 2017-08-01 09:49 - 004615168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-08-09 11:01 - 2017-08-01 09:48 - 000297472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-08-09 11:01 - 2017-08-01 09:48 - 000267776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2017-08-09 11:01 - 2017-08-01 09:47 - 000846336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebcamUi.dll
2017-08-09 11:01 - 2017-08-01 09:47 - 000787968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sbe.dll
2017-08-09 11:01 - 2017-08-01 09:47 - 000525824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintDialogs.dll
2017-08-09 11:01 - 2017-08-01 09:47 - 000396288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-08-09 11:01 - 2017-08-01 09:47 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2017-08-09 11:01 - 2017-08-01 09:45 - 002333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2017-08-09 11:01 - 2017-08-01 09:45 - 001985536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certmgr.dll
2017-08-09 11:01 - 2017-08-01 09:42 - 018364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-08-09 11:01 - 2017-08-01 09:41 - 000248832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2017-08-09 11:01 - 2017-08-01 09:40 - 019415040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-08-09 11:01 - 2017-08-01 09:40 - 012187136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-08-09 11:01 - 2017-08-01 09:39 - 007626240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-08-09 11:01 - 2017-08-01 09:39 - 001255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-08-09 11:01 - 2017-08-01 09:38 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2017-08-09 11:01 - 2017-08-01 09:37 - 012349440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-08-09 11:01 - 2017-08-01 09:37 - 003520512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2017-08-09 11:01 - 2017-08-01 09:37 - 002641920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-08-09 11:01 - 2017-08-01 09:37 - 000647168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comuid.dll
2017-08-09 11:01 - 2017-08-01 09:37 - 000468992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll
2017-08-09 11:01 - 2017-08-01 09:36 - 007468544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-08-09 11:01 - 2017-08-01 09:35 - 000675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2017-08-09 11:01 - 2017-08-01 09:34 - 001170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2017-08-09 11:01 - 2017-08-01 09:34 - 000886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-08-09 11:01 - 2017-08-01 09:34 - 000709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2017-08-09 11:01 - 2017-08-01 09:33 - 006031872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-08-09 11:01 - 2017-08-01 09:33 - 000589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2017-08-09 11:01 - 2017-08-01 09:32 - 002682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2017-08-09 11:01 - 2017-08-01 09:32 - 002648576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-08-09 11:01 - 2017-08-01 09:31 - 003664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-08-09 11:01 - 2017-08-01 09:31 - 001988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-08-09 11:01 - 2017-08-01 09:31 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-08-09 11:01 - 2017-08-01 09:31 - 000690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-08-09 11:01 - 2017-08-01 09:31 - 000598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2017-08-09 11:01 - 2017-08-01 09:31 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-08-09 11:01 - 2017-08-01 09:31 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2017-08-09 11:01 - 2017-08-01 09:30 - 002997248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-08-09 11:01 - 2017-08-01 09:30 - 002482688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-08-09 11:01 - 2017-08-01 09:30 - 001886720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-08-09 11:01 - 2017-08-01 09:30 - 001556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-08-09 11:01 - 2017-08-01 09:30 - 001013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2017-08-09 11:01 - 2017-08-01 09:30 - 000751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2017-08-09 11:01 - 2017-08-01 09:30 - 000711168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2017-08-09 11:01 - 2017-08-01 09:29 - 003106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2017-08-09 11:01 - 2017-08-01 09:28 - 000783360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2017-08-09 11:01 - 2017-08-01 07:15 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2017-08-09 11:01 - 2017-08-01 07:15 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswdat10.dll
2017-08-09 11:01 - 2017-08-01 07:15 - 000641536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-08-09 11:01 - 2017-08-01 07:15 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrepl40.dll
2017-08-09 11:01 - 2017-08-01 07:15 - 000518144 _____ C:\WINDOWS\SysWOW64\msjetoledb40.dll
2017-08-09 11:01 - 2017-08-01 07:15 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2017-08-09 11:01 - 2017-08-01 07:15 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2017-08-09 11:01 - 2017-08-01 07:15 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2017-08-09 11:01 - 2017-08-01 07:15 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-08-09 11:01 - 2017-08-01 07:15 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2017-08-09 11:01 - 2017-08-01 07:15 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjtes40.dll
2017-08-09 11:01 - 2017-08-01 07:15 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstext40.dll
2017-08-09 11:01 - 2017-08-01 07:15 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2017-08-09 11:01 - 2017-08-01 07:15 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-08-09 11:01 - 2017-08-01 07:15 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjter40.dll
2017-08-09 11:01 - 2017-07-11 23:17 - 000081760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2017-08-09 11:01 - 2017-07-11 23:15 - 002213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-08-09 11:01 - 2017-07-11 23:15 - 000496872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-08-09 11:01 - 2017-07-11 23:12 - 001706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-08-09 11:01 - 2017-07-11 23:12 - 001573280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-08-09 11:01 - 2017-07-11 23:09 - 001181024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-08-09 11:01 - 2017-07-11 23:01 - 000715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-08-09 11:01 - 2017-07-11 23:01 - 000156000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2017-08-09 11:01 - 2017-07-11 23:00 - 000160608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pacer.sys
2017-08-09 11:01 - 2017-07-11 23:00 - 000095584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2017-08-09 11:01 - 2017-07-11 22:59 - 000857952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2017-08-09 11:01 - 2017-07-11 22:59 - 000148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2017-08-09 11:01 - 2017-07-11 22:56 - 000277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-08-09 11:01 - 2017-07-11 22:55 - 000607072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2017-08-09 11:01 - 2017-07-11 22:55 - 000111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2017-08-09 11:01 - 2017-07-11 22:52 - 004312760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-08-09 11:01 - 2017-07-11 22:35 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dabapi.dll
2017-08-09 11:01 - 2017-07-11 22:32 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2017-08-09 11:01 - 2017-07-11 22:32 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\frprov.dll
2017-08-09 11:01 - 2017-07-11 22:31 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll
2017-08-09 11:01 - 2017-07-11 22:31 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfnet.dll
2017-08-09 11:01 - 2017-07-11 22:30 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshhttp.dll
2017-08-09 11:01 - 2017-07-11 22:29 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-08-09 11:01 - 2017-07-11 22:29 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\httpapi.dll
2017-08-09 11:01 - 2017-07-11 22:25 - 000364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2017-08-09 11:01 - 2017-07-11 22:24 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scmdisk0101.sys
2017-08-09 11:01 - 2017-07-11 22:24 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfnet.dll
2017-08-09 11:01 - 2017-07-11 22:23 - 000671232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-08-09 11:01 - 2017-07-11 22:23 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-08-09 11:01 - 2017-07-11 22:23 - 000216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpRelayTransport.dll
2017-08-09 11:01 - 2017-07-11 22:23 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-08-09 11:01 - 2017-07-11 22:23 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-08-09 11:01 - 2017-07-11 22:21 - 000711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-08-09 11:01 - 2017-07-11 22:21 - 000250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthLEEnum.sys
2017-08-09 11:01 - 2017-07-11 22:21 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshhttp.dll
2017-08-09 11:01 - 2017-07-11 22:19 - 006474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-08-09 11:01 - 2017-07-11 22:18 - 000525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-08-09 11:01 - 2017-07-11 22:17 - 000552960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-08-09 11:01 - 2017-07-11 22:15 - 000893440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-08-09 11:01 - 2017-07-11 22:15 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsium.dll
2017-08-09 11:01 - 2017-07-11 22:14 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2017-08-09 11:01 - 2017-07-11 22:13 - 000855040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
2017-08-09 11:01 - 2017-07-11 22:12 - 002750464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-08-09 11:01 - 2017-07-11 22:11 - 002154496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2017-08-09 11:01 - 2017-07-11 22:10 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2017-08-09 11:01 - 2017-07-11 22:10 - 000546304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2017-08-09 11:01 - 2017-07-11 22:09 - 000641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-08-09 11:01 - 2017-07-11 22:07 - 001572352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-08-09 11:01 - 2017-07-11 22:06 - 000549376 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-08-09 11:01 - 2017-07-11 22:05 - 000565248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-08-09 11:01 - 2017-07-11 22:03 - 000779776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll
2017-08-09 11:01 - 2017-07-11 22:01 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2017-08-09 11:01 - 2017-07-11 22:00 - 002370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2017-08-09 11:01 - 2017-07-11 21:58 - 001130496 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-08-09 11:01 - 2017-07-11 21:58 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-08-09 11:01 - 2017-07-11 19:49 - 000448629 _____ C:\WINDOWS\system32\ApnDatabase.xml
2017-08-09 11:01 - 2017-03-03 23:05 - 000134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
2017-08-09 11:01 - 2016-09-06 22:24 - 000057400 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-08-09 11:01 - 2016-08-02 01:13 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-08-09 11:00 - 2017-08-01 12:31 - 007780192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-08-09 11:00 - 2017-08-01 12:29 - 000376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-08-09 11:00 - 2017-08-01 12:25 - 000168800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2017-08-09 11:00 - 2017-08-01 12:21 - 002759712 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-08-09 11:00 - 2017-08-01 12:21 - 000624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-08-09 11:00 - 2017-08-01 12:21 - 000295264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-08-09 11:00 - 2017-08-01 12:21 - 000146784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-08-09 11:00 - 2017-08-01 12:21 - 000124072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-08-09 11:00 - 2017-08-01 12:21 - 000026976 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2017-08-09 11:00 - 2017-08-01 12:20 - 002446704 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2017-08-09 11:00 - 2017-08-01 12:20 - 000684344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-08-09 11:00 - 2017-08-01 12:20 - 000383776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-08-09 11:00 - 2017-08-01 12:20 - 000144736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-08-09 11:00 - 2017-08-01 12:20 - 000079712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2017-08-09 11:00 - 2017-08-01 12:17 - 001600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-08-09 11:00 - 2017-08-01 12:17 - 000241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-08-09 11:00 - 2017-08-01 12:13 - 001102176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-08-09 11:00 - 2017-08-01 12:01 - 007218176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-08-09 11:00 - 2017-08-01 11:54 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2017-08-09 11:00 - 2017-08-01 11:52 - 022569472 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-08-09 11:00 - 2017-08-01 11:52 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2017-08-09 11:00 - 2017-08-01 11:50 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-08-09 11:00 - 2017-08-01 11:48 - 000289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-08-09 11:00 - 2017-08-01 11:48 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-08-09 11:00 - 2017-08-01 11:47 - 000651264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll
2017-08-09 11:00 - 2017-08-01 11:47 - 000268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2017-08-09 11:00 - 2017-08-01 11:47 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.HostName.dll
2017-08-09 11:00 - 2017-08-01 11:47 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-08-09 11:00 - 2017-08-01 11:46 - 000379904 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-08-09 11:00 - 2017-08-01 11:46 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-08-09 11:00 - 2017-08-01 11:46 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-08-09 11:00 - 2017-08-01 11:46 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-08-09 11:00 - 2017-08-01 11:46 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-08-09 11:00 - 2017-08-01 11:45 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-08-09 11:00 - 2017-08-01 11:45 - 000472064 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2017-08-09 11:00 - 2017-08-01 11:45 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-08-09 11:00 - 2017-08-01 11:45 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-08-09 11:00 - 2017-08-01 11:45 - 000171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-08-09 11:00 - 2017-08-01 11:44 - 001010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-08-09 11:00 - 2017-08-01 11:44 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebManagement.exe
2017-08-09 11:00 - 2017-08-01 11:43 - 000966144 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbe.dll
2017-08-09 11:00 - 2017-08-01 11:43 - 000945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2017-08-09 11:00 - 2017-08-01 11:43 - 000156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-08-09 11:00 - 2017-08-01 11:42 - 000775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-08-09 11:00 - 2017-08-01 11:41 - 002222080 _____ (Microsoft Corporation) C:\WINDOWS\system32\certmgr.dll
2017-08-09 11:00 - 2017-08-01 11:40 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2017-08-09 11:00 - 2017-08-01 11:40 - 000945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-08-09 11:00 - 2017-08-01 11:40 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2017-08-09 11:00 - 2017-08-01 11:39 - 009129984 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-08-09 11:00 - 2017-08-01 11:39 - 001281536 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-08-09 11:00 - 2017-08-01 11:39 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2017-08-09 11:00 - 2017-08-01 11:39 - 000323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2017-08-09 11:00 - 2017-08-01 11:38 - 001589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2017-08-09 11:00 - 2017-08-01 11:37 - 013091328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-08-09 11:00 - 2017-08-01 11:36 - 023677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-08-09 11:00 - 2017-08-01 11:36 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2017-08-09 11:00 - 2017-08-01 11:34 - 001837056 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2017-08-09 11:00 - 2017-08-01 11:33 - 004749824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-08-09 11:00 - 2017-08-01 11:33 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowslivelogin.dll
2017-08-09 11:00 - 2017-08-01 11:33 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2017-08-09 11:00 - 2017-08-01 11:32 - 008114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-08-09 11:00 - 2017-08-01 11:32 - 000821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\comuid.dll
2017-08-09 11:00 - 2017-08-01 11:30 - 002916864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-08-09 11:00 - 2017-08-01 11:30 - 001643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2017-08-09 11:00 - 2017-08-01 11:30 - 000913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2017-08-09 11:00 - 2017-08-01 11:30 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2017-08-09 11:00 - 2017-08-01 11:29 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-08-09 11:00 - 2017-08-01 11:28 - 002895360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-08-09 11:00 - 2017-08-01 11:28 - 001490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-08-09 11:00 - 2017-08-01 11:27 - 002695680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-08-09 11:00 - 2017-08-01 11:27 - 000774656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2017-08-09 11:00 - 2017-08-01 11:27 - 000716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-08-09 11:00 - 2017-08-01 11:26 - 001513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-08-09 11:00 - 2017-08-01 11:26 - 000701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2017-08-09 11:00 - 2017-08-01 11:25 - 001726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-08-09 11:00 - 2017-08-01 11:24 - 001121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-08-09 11:00 - 2017-08-01 11:24 - 000924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2017-08-09 11:00 - 2017-08-01 11:23 - 003615744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-08-09 11:00 - 2017-08-01 11:23 - 000886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2017-08-09 11:00 - 2017-08-01 09:47 - 000661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-08-09 11:00 - 2017-07-11 23:16 - 000646688 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-08-09 11:00 - 2017-07-11 23:15 - 000101216 _____ (Microsoft Corporation) C:\WINDOWS\system32\apisetschema.dll
2017-08-09 11:00 - 2017-07-11 23:14 - 001886896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-08-09 11:00 - 2017-07-11 23:13 - 002253664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-08-09 11:00 - 2017-07-11 23:02 - 002186592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-08-09 11:00 - 2017-07-11 23:02 - 000402776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-08-09 11:00 - 2017-07-11 23:00 - 000223072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-08-09 11:00 - 2017-07-11 22:59 - 001100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-08-09 11:00 - 2017-07-11 22:59 - 000989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-08-09 11:00 - 2017-07-11 22:59 - 000947040 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-08-09 11:00 - 2017-07-11 22:55 - 004674872 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-08-09 11:00 - 2017-07-11 22:25 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2017-08-09 11:00 - 2017-07-11 22:24 - 000013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\dabapi.dll
2017-08-09 11:00 - 2017-07-11 22:23 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2017-08-09 11:00 - 2017-07-11 22:23 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\frprov.dll
2017-08-09 11:00 - 2017-07-11 22:22 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2017-08-09 11:00 - 2017-07-11 22:21 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-08-09 11:00 - 2017-07-11 22:21 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2017-08-09 11:00 - 2017-07-11 22:20 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpapi.dll
2017-08-09 11:00 - 2017-07-11 22:19 - 000488960 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2017-08-09 11:00 - 2017-07-11 22:19 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-08-09 11:00 - 2017-07-11 22:19 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll
2017-08-09 11:00 - 2017-07-11 22:17 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2017-08-09 11:00 - 2017-07-11 22:16 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-08-09 11:00 - 2017-07-11 22:16 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll
2017-08-09 11:00 - 2017-07-11 22:15 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-08-09 11:00 - 2017-07-11 22:13 - 001478656 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-08-09 11:00 - 2017-07-11 22:12 - 000970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-08-09 11:00 - 2017-07-11 22:12 - 000091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-08-09 11:00 - 2017-07-11 22:12 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsium.dll
2017-08-09 11:00 - 2017-07-11 22:11 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2017-08-09 11:00 - 2017-07-11 22:10 - 000927232 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2017-08-09 11:00 - 2017-07-11 22:09 - 003291136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-08-09 11:00 - 2017-07-11 22:08 - 002861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2017-08-09 11:00 - 2017-07-11 22:07 - 000954880 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2017-08-09 11:00 - 2017-07-11 22:07 - 000629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2017-08-09 11:00 - 2017-07-11 22:06 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-08-09 11:00 - 2017-07-11 22:06 - 000937984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-08-09 11:00 - 2017-07-11 22:03 - 001692160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-08-09 11:00 - 2017-07-11 22:03 - 000826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-08-09 11:00 - 2017-07-11 22:02 - 000869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-08-09 11:00 - 2017-07-11 22:01 - 002279424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-08-09 11:00 - 2017-07-11 21:59 - 006664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-08-09 11:00 - 2017-07-11 21:59 - 002318336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-08-09 11:00 - 2017-07-11 21:59 - 000632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-08-09 11:00 - 2017-07-11 21:58 - 001231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-08-09 11:00 - 2017-07-11 21:57 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-08-09 11:00 - 2017-07-11 21:56 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-08-09 11:00 - 2017-03-03 23:57 - 000372432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2017-08-09 11:00 - 2017-03-03 23:16 - 000187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialclient.dll
2017-08-09 11:00 - 2017-03-03 23:14 - 000588288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2017-08-09 11:00 - 2017-03-03 23:07 - 000909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2017-08-09 11:00 - 2017-03-03 23:05 - 001328640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2017-08-08 17:42 - 2017-08-08 17:42 - 000000000 ____D C:\Users\tag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2017-08-02 18:54 - 2017-04-21 14:53 - 000029376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2017-08-02 18:54 - 2017-04-21 14:50 - 000030912 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2017-08-02 18:53 - 2017-04-21 14:53 - 000018600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100_clr0400.dll
2017-08-02 18:53 - 2017-04-21 14:50 - 000018592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100_clr0400.dll
2017-07-31 09:15 - 2017-07-31 09:15 - 000003368 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3554478145-5653826-404848212-1002
2017-07-25 05:18 - 2017-07-25 05:18 - 004327862 _____ C:\Users\sshaccess\Desktop\small blonde gets it.mp4
2017-07-25 05:02 - 2017-07-25 05:02 - 000000000 ____D C:\Program Files\DIFX
2017-07-19 17:46 - 2017-07-19 17:46 - 000400464 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
 
==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-18 03:54 - 2016-09-30 08:03 - 000007162 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-08-18 03:49 - 2014-12-28 16:11 - 000000000 ___RD C:\Users\tag\Google Drive
2017-08-18 03:48 - 2016-10-02 09:53 - 000000000 ____D C:\ProgramData\NVIDIA
2017-08-18 03:48 - 2016-09-30 08:23 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-08-18 03:48 - 2014-12-28 21:39 - 000000000 ____D C:\ProgramData\VMware
2017-08-18 03:45 - 2016-07-15 23:04 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2017-08-18 03:33 - 2016-09-30 08:06 - 000000000 ____D C:\Users\tag
2017-08-18 03:33 - 2016-07-16 04:47 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-08-18 03:31 - 2016-10-14 03:31 - 000000000 ____D C:\WINDOWS\Minidump
2017-08-18 03:31 - 2016-09-30 07:59 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-08-17 23:54 - 2016-09-30 08:02 - 000062260 _____ C:\WINDOWS\system32\BMXStateBkp-{00000006-00000000-00000002-00001102-00000005-00211102}.rfx
2017-08-17 23:54 - 2016-09-30 08:02 - 000062260 _____ C:\WINDOWS\system32\BMXState-{00000006-00000000-00000002-00001102-00000005-00211102}.rfx
2017-08-17 23:54 - 2016-09-30 08:02 - 000000788 _____ C:\WINDOWS\system32\DVCState-{00000006-00000000-00000002-00001102-00000005-00211102}.rfx
2017-08-17 23:49 - 2014-12-29 09:55 - 000000000 ____D C:\Users\sshaccess\AppData\Roaming\vlc
2017-08-17 23:47 - 2014-12-29 09:59 - 000000000 ____D C:\Users\sshaccess\AppData\Roaming\Skype
2017-08-17 23:26 - 2016-07-16 04:47 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-08-17 20:00 - 2016-07-16 04:47 - 000000000 ___HD C:\Program Files\WindowsApps
2017-08-17 14:02 - 2015-11-02 11:50 - 000002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-17 09:08 - 2016-09-30 08:06 - 000000000 ____D C:\Users\sshaccess
2017-08-16 21:50 - 2015-12-05 11:55 - 000000000 ____D C:\Users\tag\AppData\Local\Battle.net
2017-08-16 21:50 - 2014-12-28 15:01 - 000000000 ____D C:\Users\tag\AppData\Local\Spotify
2017-08-16 21:45 - 2014-12-28 15:01 - 000000000 ____D C:\Users\tag\AppData\Roaming\Spotify
2017-08-16 12:59 - 2014-12-28 16:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2017-08-15 22:28 - 2016-08-06 14:11 - 000000000 ____D C:\Users\tag\AppData\Local\Overwolf
2017-08-15 19:04 - 2016-07-16 04:45 - 000000000 ____D C:\WINDOWS\INF
2017-08-15 00:52 - 2017-03-19 12:40 - 000000000 ____D C:\Users\tag\AppData\Roaming\uChat
2017-08-14 22:01 - 2017-04-15 20:35 - 000000000 ____D C:\Users\tag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Innkeeper
2017-08-14 22:01 - 2017-04-15 20:33 - 000000000 ____D C:\Users\tag\AppData\Local\Innkeeper
2017-08-14 22:01 - 2015-09-18 02:21 - 000000000 ____D C:\Users\tag\AppData\Local\SquirrelTemp
2017-08-13 10:55 - 2016-10-22 06:39 - 000000000 __SHD C:\Users\tag\AppData\Local\lxss
2017-08-12 10:17 - 2016-07-16 04:47 - 000000000 ____D C:\WINDOWS\rescache
2017-08-11 21:38 - 2016-09-02 18:42 - 000000000 ____D C:\Users\tag\AppData\Local\HearthSim
2017-08-11 20:01 - 2016-03-08 08:14 - 000000000 ____D C:\Program Files (x86)\Heroes of the Storm
2017-08-10 20:15 - 2015-09-16 10:09 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-08-10 15:53 - 2016-08-04 05:11 - 000000000 ___HD C:\Users\tag\Google Drive\.tmp.drivedownload
2017-08-09 21:06 - 2015-10-14 09:36 - 000000000 ___RD C:\Users\sshaccess\Google Drive
2017-08-09 21:06 - 2015-09-09 06:19 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-08-09 18:36 - 2017-05-28 18:17 - 000000000 ____D C:\Program Files (x86)\Overwatch
2017-08-09 17:37 - 2016-03-08 14:35 - 000000000 ____D C:\Program Files (x86)\StarCraft II
2017-08-09 16:36 - 2015-12-05 11:59 - 000000000 ____D C:\Program Files (x86)\Hearthstone
2017-08-09 16:34 - 2016-08-06 14:06 - 000000000 ____D C:\Users\tag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HearthSim
2017-08-09 16:34 - 2016-08-06 14:06 - 000000000 ____D C:\Users\tag\AppData\Local\HearthstoneDeckTracker
2017-08-09 13:01 - 2016-09-30 19:22 - 001015880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2017-08-09 13:01 - 2016-09-30 19:22 - 000146704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2017-08-09 12:53 - 2016-09-30 07:59 - 000345840 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-08-09 12:51 - 2016-07-16 07:29 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2017-08-09 12:51 - 2016-07-16 04:47 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-08-09 12:51 - 2016-07-16 04:47 - 000000000 ___RD C:\Program Files\Windows Defender
2017-08-09 12:51 - 2016-07-16 04:47 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2017-08-09 12:51 - 2016-07-16 04:47 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-08-09 12:51 - 2016-07-16 04:47 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2017-08-09 12:51 - 2016-07-16 04:47 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-08-09 12:51 - 2016-07-16 04:47 - 000000000 ____D C:\WINDOWS\Provisioning
2017-08-09 12:51 - 2016-07-16 04:47 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2017-08-09 12:51 - 2016-07-16 04:47 - 000000000 ____D C:\WINDOWS\bcastdvr
2017-08-09 12:51 - 2016-07-16 04:47 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-08-09 12:51 - 2016-07-16 04:47 - 000000000 ____D C:\Program Files\Common Files\System
2017-08-09 12:51 - 2016-07-16 04:47 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-08-09 12:51 - 2016-07-16 04:47 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2017-08-09 11:14 - 2016-07-16 04:36 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-08-09 11:06 - 2014-12-28 12:12 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-08-09 11:03 - 2014-12-28 12:12 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-08-08 17:42 - 2017-03-15 17:53 - 000000000 ____D C:\Users\tag\AppData\Roaming\discord
2017-08-08 17:41 - 2017-03-15 17:53 - 000000000 ____D C:\Users\tag\AppData\Local\Discord
2017-08-08 14:12 - 2016-08-06 14:12 - 000000000 ____D C:\Program Files (x86)\Overwolf
2017-08-05 12:17 - 2015-09-09 06:19 - 000000000 ____D C:\Users\tag\AppData\Local\Packages
2017-08-04 07:46 - 2014-12-28 16:14 - 000000000 ____D C:\Users\tag\Google Drive\Health
2017-08-04 07:05 - 2015-02-02 19:45 - 000000000 ____D C:\Users\sshaccess\AppData\Local\Spotify
2017-08-04 07:04 - 2015-02-02 19:45 - 000000000 ____D C:\Users\sshaccess\AppData\Roaming\Spotify
2017-08-03 20:21 - 2016-01-03 00:28 - 000000000 ____D C:\Program Files (x86)\World of Warcraft
2017-08-03 12:41 - 2014-12-29 09:34 - 000000000 ____D C:\ProgramData\Skype
2017-08-03 01:47 - 2016-09-26 22:42 - 000000000 ____D C:\Users\sshaccess\AppData\Roaming\VMware
2017-08-03 01:47 - 2016-09-26 22:42 - 000000000 ____D C:\Users\sshaccess\AppData\Local\VMware
2017-08-03 01:12 - 2017-03-18 01:45 - 000000000 ____D C:\Users\Default\AppData\Roaming\VMware
2017-08-03 01:12 - 2017-03-18 01:45 - 000000000 ____D C:\Users\Default User\AppData\Roaming\VMware
2017-08-02 19:19 - 2015-04-30 11:16 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-07-31 09:15 - 2015-09-09 07:17 - 000002371 _____ C:\Users\sshaccess\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-07-31 09:15 - 2015-09-09 07:17 - 000000000 ___RD C:\Users\sshaccess\OneDrive
2017-07-31 08:14 - 2016-07-16 04:49 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-07-31 08:14 - 2016-07-16 04:49 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-07-27 10:05 - 2009-07-13 19:34 - 000000478 _____ C:\WINDOWS\win.ini
2017-07-25 05:15 - 2014-12-29 22:55 - 000000000 ____D C:\Users\tag\AppData\Roaming\vlc
2017-07-25 04:34 - 2016-03-08 14:35 - 000000000 ____D C:\Program Files (x86)\Diablo III
2017-07-24 19:37 - 2016-12-13 03:16 - 000001080 _____ C:\WINDOWS\system32\settingsbkup.sfm
2017-07-24 19:37 - 2016-12-13 03:16 - 000001080 _____ C:\WINDOWS\system32\settings.sfm
2017-07-22 14:26 - 2014-12-28 16:20 - 000000000 ____D C:\Program Files (x86)\Steam
2017-07-19 17:56 - 2014-12-28 15:06 - 000000000 ____D C:\Users\tag\AppData\Local\ElevatedDiagnostics
2017-07-19 17:46 - 2017-06-06 23:38 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2017-07-19 17:46 - 2017-03-16 02:04 - 000343288 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-07-19 17:46 - 2017-03-16 02:04 - 000320008 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-07-19 17:46 - 2017-03-16 02:04 - 000198976 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-07-19 17:46 - 2017-03-16 02:04 - 000057728 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-07-19 17:46 - 2017-03-16 02:04 - 000003994 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update

==================== Files in the root of some directories =======

2015-07-07 08:43 - 2015-07-07 08:43 - 000000046 _____ () C:\Users\tag\AppData\Roaming\Camdata.ini
2015-07-07 08:43 - 2015-07-07 08:43 - 000000408 _____ () C:\Users\tag\AppData\Roaming\CamLayout.ini
2015-07-07 08:43 - 2015-07-07 08:43 - 000000408 _____ () C:\Users\tag\AppData\Roaming\CamShapes.ini
2015-07-07 08:43 - 2015-07-07 08:43 - 000004510 _____ () C:\Users\tag\AppData\Roaming\CamStudio.cfg
2016-03-10 08:57 - 2016-03-10 08:57 - 000037839 _____ () C:\Users\tag\AppData\Roaming\Comma Separated Values (Windows).ADR
2014-12-28 22:41 - 2017-06-29 23:09 - 000000600 _____ () C:\Users\tag\AppData\Roaming\winscp.rnd
2016-03-23 20:16 - 2016-03-23 20:16 - 000004534 _____ () C:\Users\tag\AppData\Local\recently-used.xbel
2014-12-28 11:09 - 2016-09-04 21:53 - 000007604 _____ () C:\Users\tag\AppData\Local\Resmon.ResmonCfg
2016-04-13 13:16 - 2016-04-18 17:54 - 000000469 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Some files in TEMP:
====================
2017-03-14 18:06 - 2017-03-14 18:06 - 057547224 _____ (Skype Technologies S.A.) C:\Users\sshaccess\AppData\Local\Temp\SkypeSetup.exe
2016-10-30 22:30 - 2016-10-30 22:30 - 002842320 _____ () C:\Users\tag\AppData\Local\Temp\npp.7.1.Installer.exe
2016-12-31 01:13 - 2016-12-31 01:13 - 002858376 _____ () C:\Users\tag\AppData\Local\Temp\npp.7.2.2.Installer.exe
2017-03-14 05:55 - 2017-03-14 05:55 - 002903480 _____ () C:\Users\tag\AppData\Local\Temp\npp.7.3.2.Installer.exe
2017-04-05 21:38 - 2017-04-05 21:38 - 002982992 _____ () C:\Users\tag\AppData\Local\Temp\npp.7.3.3.Installer.exe
2017-06-07 08:55 - 2017-06-07 08:55 - 002990616 _____ () C:\Users\tag\AppData\Local\Temp\npp.7.4.1.Installer.exe
2017-06-29 23:20 - 2017-06-29 23:20 - 003051288 _____ () C:\Users\tag\AppData\Local\Temp\npp.7.4.2.Installer.exe
2016-10-01 10:11 - 2016-05-30 08:07 - 001408944 _____ (NVIDIA Corporation) C:\Users\tag\AppData\Local\Temp\nvSCPAPI64.dll
2016-09-30 20:42 - 2016-11-14 02:45 - 000834104 _____ (NVIDIA Corporation) C:\Users\tag\AppData\Local\Temp\nvStInst.exe
2016-11-20 05:15 - 2017-04-08 13:46 - 057827288 _____ (Skype Technologies S.A.) C:\Users\tag\AppData\Local\Temp\SkypeSetup.exe
2017-03-18 10:00 - 2017-03-18 10:00 - 133537600 _____ (Twitch) C:\Users\tag\AppData\Local\Temp\TwitchLauncherInstaller.exe
2017-03-14 18:09 - 2017-04-09 04:25 - 014456872 _____ (Microsoft Corporation) C:\Users\tag\AppData\Local\Temp\vc_redist.x86.exe
2017-05-29 19:12 - 2017-06-07 18:17 - 008331264 _____ () C:\Users\tag\AppData\Local\Temp\vlc-2.2.6-win32.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-10 10:12

==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2017
Ran by tag (18-08-2017 03:57:16)
Running from C:\Users\tag\Desktop
Windows 10 Pro Version 1607 (X64) (2016-09-30 15:25:26)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3554478145-5653826-404848212-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3554478145-5653826-404848212-503 - Limited - Disabled)
Guest (S-1-5-21-3554478145-5653826-404848212-501 - Limited - Disabled)
sshaccess (S-1-5-21-3554478145-5653826-404848212-1002 - Limited - Enabled) => C:\Users\sshaccess
tag (S-1-5-21-3554478145-5653826-404848212-1000 - Administrator - Enabled) => C:\Users\tag

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
AIDA64 Extreme v5.92 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.92 - FinalWire Ltd.)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.05 - NVIDIA Corporation) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.5.2303 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
Charles 3.11.7 (HKLM\...\{0FC11191-E28E-49D6-B356-EEE25458F11D}) (Version: 3.11.7.1 - XK72 Ltd)
CPUID CPU-Z 1.79.1 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
CPUID HWMonitor 1.31 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
CrashPlan (HKLM\...\{82DD9B45-C8B7-4786-A733-4D76CA572AA6}) (Version: 4.8.3.15 - Code 42 Software)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: 1.03 - Creative Technology Limited)
Curse Client (HKU\S-1-5-21-3554478145-5653826-404848212-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Discord (HKU\S-1-5-21-3554478145-5653826-404848212-1000\...\Discord) (Version: 0.0.298 - Discord Inc.)
DisplayFusion 8.0 (HKLM-x32\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 8.0.0.0 - Binary Fortress Software)
Dropbox (HKLM-x32\...\Dropbox) (Version: 32.4.23 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
f.lux (HKU\S-1-5-21-3554478145-5653826-404848212-1000\...\Flux) (Version: - )
Faeria (HKLM\...\Steam App 397060) (Version: - Abrakam SA)
Fallout 4 (HKLM-x32\...\Steam App 377160) (Version: - Bethesda Game Studios)
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.101 - Google Inc.)
Google Drive (HKLM-x32\...\{A90339B3-2C3F-492E-B3A7-0BDFC691E526}) (Version: 2.34.6425.2548 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Hearthstone Deck Tracker (HKU\S-1-5-21-3554478145-5653826-404848212-1000\...\HearthstoneDeckTracker) (Version: 1.4.0 - HearthSim)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
Innkeeper (HKU\S-1-5-21-3554478145-5653826-404848212-1000\...\Innkeeper) (Version: 0.4.10 - Curse Inc.)
JetBrains PyCharm Community Edition 2016.3.2 (HKLM-x32\...\PyCharm Community Edition 2016.3.2) (Version: 163.10154.50 - JetBrains s.r.o.)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mendeley Desktop 1.13.3 (HKLM-x32\...\Mendeley Desktop) (Version: 1.13.3 - Mendeley Ltd.)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ Build Tools (HKLM-x32\...\{a9528995-e130-4501-ae19-bbfaddb779cc}) (Version: 14.0.25420.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Code (HKLM-x32\...\{F8A2A208-72B3-4D61-95FC-8A65D340689B}_is1) (Version: 1.12.1 - Microsoft Corporation)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.4.2 - Notepad++ Team)
NVIDIA Graphics Driver 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.05 - NVIDIA Corporation)
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.4.8.0 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenShot Video Editor version 2.3.4 (HKLM\...\{4BB0DCDC-BC24-49EC-8937-72956C33A470}_is1) (Version: 2.3.4 - OpenShot Studios, LLC)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.106.20.0 - Overwolf Ltd.)
qBittorrent 3.2.5 (HKLM-x32\...\qBittorrent) (Version: 3.2.5 - The qBittorrent project)
Rocket League (HKLM\...\Steam App 252950) (Version: - Psyonix)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 7.39 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.39.102 - Skype Technologies S.A.)
Slack (HKU\S-1-5-21-3554478145-5653826-404848212-1000\...\slack) (Version: 2.3.2 - Slack Technologies)
Spotify (HKU\S-1-5-21-3554478145-5653826-404848212-1000\...\Spotify) (Version: 1.0.60.492.gbb40dab8 - Spotify AB)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk)
TeXstudio 2.6.6 (HKLM-x32\...\TeXstudio_is1) (Version: 2.6.6 - Benito van der Zander)
uChat (HKU\S-1-5-21-3554478145-5653826-404848212-1000\...\uchat) (Version: 3.4.5 - Uber Technologies Inc.)
UE4 Prerequisites (x64) (HKLM\...\{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{1FBCBC17-4527-2340-0832-B1D49C41FF67}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{8BFBEC30-33CC-13B4-849F-3B036F27466A}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
VMware Workstation (HKLM\...\{878C6FAC-4FF1-4281-A05D-07CDA485C114}) (Version: 12.5.7 - VMware, Inc.)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
WhoCrashed 5.53 (HKLM\...\WhoCrashed_is1) (Version: - Resplendence Software Projects Sp.)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB (03/07/2013 2.4.0.0) (HKLM\...\FB6346ABC58E926B03FC05975B4A9232E5FD8F1D) (Version: 03/07/2013 2.4.0.0 - Cambridge Silicon Radio Ltd.)
WinSCP 5.7.7 (HKLM-x32\...\winscp3_is1) (Version: 5.7.7 - Martin Prikryl)
WizMouse v1.7.0.3 (HKLM-x32\...\WizMouse_is1) (Version: - Antibody Software)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
Zoom (HKU\S-1-5-21-3554478145-5653826-404848212-1000\...\ZoomUMX) (Version: 4.0 - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3554478145-5653826-404848212-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\tag\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3554478145-5653826-404848212-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\tag\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3554478145-5653826-404848212-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\tag\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3554478145-5653826-404848212-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\tag\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3554478145-5653826-404848212-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\tag\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3554478145-5653826-404848212-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\tag\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3554478145-5653826-404848212-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\tag\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3554478145-5653826-404848212-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\tag\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3554478145-5653826-404848212-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\tag\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3554478145-5653826-404848212-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\tag\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3554478145-5653826-404848212-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\tag\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3554478145-5653826-404848212-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\tag\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3554478145-5653826-404848212-1000_Classes\CLSID\{de5780a1-1423-4dbd-be03-9cd69cf99947}\InprocServer32 -> C:\WINDOWS\SYSTEM32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554478145-5653826-404848212-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\tag\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-08-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-08-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-08-04] (Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-19] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-19] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2016-11-27] ()
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-19] (AVAST Software)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-08-04] (Google)
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Workstation\vmdkShellExt.dll [2017-06-19] (VMware, Inc.)
ContextMenuHandlers2-x32: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Workstation\x64\vmdkShellExt64.dll [2017-06-19] (VMware, Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-19] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-08-04] (Google)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-19] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04FEC0C9-18BB-41E6-84DD-2ADE947DE756} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {0674A956-4B20-4066-8D44-5B1B6CDCCABD} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {06DFBE33-F303-4981-98C0-4ACB412F5EE6} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0D988327-ABDB-4DD7-8BCF-927647D53972} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3554478145-5653826-404848212-1000UA => C:\Users\tag\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {10F4C661-0EA1-47DC-8B00-91CA7A0F3830} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1500B2CF-C5C0-4090-8CB4-E323917F9B8B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {163F7713-5DB5-46C1-A5C0-5610A01EC5E3} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {18683D5D-F7C9-4DD2-BB4E-7A0166807468} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {26815C82-F0D4-43A6-BCAC-C5ADF0B248EF} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {27AC7753-32EC-4AD7-A19B-DC4EACBAF3C0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {2BC5323D-9E72-4C2D-AE9D-1BA50BB1D1B6} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2FD590D5-2884-4740-B6D3-EA66358DBA6B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3554478145-5653826-404848212-1000Core1d258006de3d56b => C:\Users\tag\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {397FEF34-1E5D-4B58-9344-0954A05A1C07} - System32\Tasks\{0A8E3FCC-7A0F-4543-AB1F-1AC66713796E} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Paltalk Messenger\uninstall.exe"
Task: {3D11CA66-B8E0-4CAD-BE2A-E85254DB8712} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {475FB135-8204-4B1A-A881-2DDEED895753} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {4D118EDD-2AF1-4367-B8D8-3653A03FB2C1} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {50407676-E778-4C4E-9E23-15DB905EA04C} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {527B01B1-D556-4037-8A83-A646D686EF80} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-08-09] (Microsoft Corporation)
Task: {564E7FAE-74B5-4157-8010-05134EB46134} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {674549F4-A46E-47FE-A41B-C7299142E745} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-06] (Dropbox, Inc.)
Task: {70532A58-7EF2-43D9-9FAB-F102589CAF17} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {7CBCB1EE-34FE-4E5A-8340-66563A874D8A} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-07-12] (AVAST Software)
Task: {7E288296-E39D-4B01-9F4C-9B090E7DD40A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {806E9A99-DFA5-4D47-868C-8644A9F215FF} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {831A07F8-DA4D-49A1-A276-FC39F3080E49} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {84DC59C8-627C-42D9-BA03-01AB8C19595C} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2017-08-02] (Overwolf LTD)
Task: {87A38A3D-8847-482A-A183-BBFC3E69B690} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8C1FD855-19FA-4EC2-AD3C-20D95C8A72A7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3554478145-5653826-404848212-1000Core => C:\Users\tag\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {93C2301A-43D7-41B4-806D-159AB76AB288} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-07-19] (AVAST Software)
Task: {96C1EBC5-34DB-4077-A1E7-57952DBDAC67} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {9C41C8B7-7EF2-46CA-902E-2FD024C21E15} - System32\Tasks\Microsoft\Windows\Windows Subsystem for Linux\AptPackageIndexUpdate => %comspec% [Argument = /c start "AptPackageIndexUpdate" /min %windir%\System32\LxRun.exe /update]
Task: {9D55AA5B-026E-4670-9071-AA8D7BF2ABF2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9E92A653-35C4-48E8-896E-1BB04E627883} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9FF08904-5490-444A-AABB-51E92807109D} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A2826343-1744-4C60-B1C7-2F36054A8A2E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {A869E91B-87D2-4987-9CF2-601EDA634E7F} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3554478145-5653826-404848212-1002 => C:\Users\tag\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {ACE9110E-0B80-4B70-97EC-1024A6206F10} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C6496657-7EFE-41DE-B6D7-A461D91B5CC6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {C67570AC-23A8-443D-818D-73F16DE2D3F0} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {CACEEB52-B9E1-43EC-A91E-4741ED91E574} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {CBCD9FF1-214B-408B-A253-1140EBA2CC58} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {CF23898E-3A2D-4A35-A6E9-460CE04BA590} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {D723C079-7598-4CFC-9F5C-1A2F5E16DF2A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {D933C2ED-EF7C-4A42-B64E-0147EDD22C98} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {DC534ECC-730A-4256-BBD2-4FB62C5BBFF7} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DFE643A3-667A-4972-A630-9596B393E8EA} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E14890C5-67D5-4332-9A60-F3008C9452D6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3554478145-5653826-404848212-1000UA1d258006de89a1c => C:\Users\tag\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {E44C2368-B072-4378-9309-5B51D0751337} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {EB965A56-29C5-411B-B853-F755473D4B53} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {F66AB1C9-20A7-434A-9FC2-D91C3576A386} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-06] (Dropbox, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3554478145-5653826-404848212-1000Core.job => C:\Users\tag\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3554478145-5653826-404848212-1000UA.job => C:\Users\tag\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\tag\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_pjkljhegncpnkpknbcohdijeoejaedia\Gmail.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=pjkljhegncpnkpknbcohdijeoejaedia
ShortcutWithArgument: C:\Users\tag\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\cefc16de8dc311da\Google Calendar.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=ejjicmeblgpmajnghnpcppodonldlgfn
ShortcutWithArgument: C:\Users\tag\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\a3a1d6b8109861c5\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=nckgahadagoaajjgafhacjanaoiihapd
ShortcutWithArgument: C:\Users\tag\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9172847c0c3e7b51\Google Maps.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=lneaknkopdijkpnocmklfnjbeapigfbh
ShortcutWithArgument: C:\Users\tag\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\8dd6c9d7e14aa098\Google Drive.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=apdfllckaahabafndbhieahigkjlhalf
ShortcutWithArgument: C:\Users\tag\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7eafae96818e1883\Gmail.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=pjkljhegncpnkpknbcohdijeoejaedia

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 04:42 - 2016-07-16 04:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-07-11 21:23 - 2017-06-21 00:48 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-08 18:37 - 2017-06-08 18:37 - 000014848 _____ () C:\Program Files\CrashPlan\md564.dll
2017-06-08 18:37 - 2017-06-08 18:37 - 000238592 _____ () \\?\C:\Program Files\CrashPlan\cpnative64.dll
2017-06-08 18:37 - 2017-06-08 18:37 - 000082432 _____ () \\?\C:\Program Files\CrashPlan\c42archive64.dll
2017-06-08 18:37 - 2017-06-08 18:37 - 000484864 _____ () \\?\C:\Program Files\CrashPlan\libleveldb64.dll
2016-09-30 18:34 - 2016-09-30 18:34 - 000959168 _____ () C:\Users\tag\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-09-30 08:51 - 2016-09-30 08:51 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-14 21:12 - 2017-03-03 23:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-14 21:12 - 2017-03-03 23:12 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-14 21:12 - 2017-03-03 23:05 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-14 21:12 - 2017-03-03 23:05 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-08-09 11:00 - 2017-03-03 23:05 - 001033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-08-09 11:00 - 2017-08-01 11:26 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-08-09 11:00 - 2017-08-01 11:31 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-07-17 22:39 - 2017-07-17 22:39 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-07-17 22:39 - 2017-07-17 22:39 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-07-17 22:39 - 2017-07-17 22:39 - 043573248 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-07-17 22:39 - 2017-07-17 22:39 - 002435584 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\skypert.dll
2017-08-17 14:02 - 2017-08-11 00:40 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.101\libglesv2.dll
2017-08-17 14:02 - 2017-08-11 00:40 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.101\libegl.dll
2017-07-19 17:46 - 2017-07-19 17:46 - 000170224 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-07-19 17:46 - 2017-07-19 17:46 - 001065936 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-07-10 17:12 - 2017-07-10 17:12 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-07-19 17:46 - 2017-07-19 17:46 - 000192664 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-07-19 17:46 - 2017-07-19 17:46 - 000224256 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-07-19 17:46 - 2017-07-19 17:46 - 000292920 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-08-18 03:48 - 2017-08-18 03:48 - 000098816 ____R () C:\Users\tag\AppData\Local\Temp\_MEI75522\win32api.pyd
2017-08-18 03:48 - 2017-08-18 03:48 - 000110080 ____R () C:\Users\tag\AppData\Local\Temp\_MEI75522\pywintypes27.dll
2017-08-18 03:48 - 2017-08-18 03:48 - 000364544 ____R () C:\Users\tag\AppData\Local\Temp\_MEI75522\pythoncom27.dll
2017-08-18 03:48 - 2017-08-18 03:48 - 000320512 ____R () C:\Users\tag\AppData\Local\Temp\_MEI75522\win32com.shell.shell.pyd
2017-08-18 03:48 - 2017-08-18 03:48 - 000914432 ____R () C:\Users\tag\AppData\Local\Temp\_MEI75522\_hashlib.pyd
2017-08-18 03:48 - 2017-08-18 03:48 - 001176576 ____R () C:\Users\tag\AppData\Local\Temp\_MEI75522\wx._core_.pyd
2017-08-18 03:48 - 2017-08-18 03:48 - 000806400 ____R () C:\Users\tag\AppData\Local\Temp\_MEI75522\wx._gdi_.pyd
2017-08-18 03:48 - 2017-08-18 03:48 - 000816128 ____R () C:\Users\tag\AppData\Local\Temp\_MEI75522\wx._windows_.pyd
2017-08-18 03:48 - 2017-08-18 03:48 - 001067008 ____R () C:\Users\tag\AppData\Local\Temp\_MEI75522\wx._controls_.pyd
2017-08-18 03:48 - 2017-08-18 03:48 - 000733184 ____R () C:\Users\tag\AppData\Local\Temp\_MEI75522\wx._misc_.pyd
2017-08-18 03:48 - 2017-08-18 03:48 - 000682496 ____R () C:\Users\tag\AppData\Local\Temp\_MEI75522\pysqlite2._sqlite.pyd
2017-08-18 03:48 - 2017-08-18 03:48 - 000088064 ____R () C:\Users\tag\AppData\Local\Temp\_MEI75522\_ctypes.pyd
2017-08-18 03:48 - 2017-08-18 03:48 - 000686080 ____R () C:\Users\tag\AppData\Local\Temp\_MEI75522\unicodedata.pyd
2017-08-18 03:48 - 2017-08-18 03:48 - 000119808 ____R () C:\Users\tag\AppData\Local\Temp\_MEI75522\win32file.pyd
2017-08-18 03:48 - 2017-08-18 03:48 - 000108544 ____R () C:\Users\tag\AppData\Local\Temp\_MEI75522\win32security.pyd
2017-08-18 03:48 - 2017-08-18 03:48 - 000007168 ____R () C:\Users\tag\AppData\Local\Temp\_MEI75522\hashobjs_ext.pyd
2017-08-18 03:48 - 2017-08-18 03:48 - 000017920 ____R () C:\Users\tag\AppData\Local\Temp\_MEI75522\thumbnails_ext.pyd
2017-08-18 03:48 - 2017-08-18 03:48 - 000088064 ____R () C:\Users\tag\AppData\Local\Temp\_MEI75522\usb_ext.pyd
2017-08-18 03:48 - 2017-08-18 03:48 - 000012800 ____R () C:\Users\tag\AppData\Local\Temp\_MEI75522\common.time34.pyd
2017-08-18 03:48 - 2017-08-18 03:48 - 000018432 ____R () C:\Users\tag\AppData\Local\Temp\_MEI75522\win32event.pyd
2017-08-18 03:48 - 2017-08-18 03:48 - 000167936 ____R () C:\Users\tag\AppData\Local\Temp\_MEI75522\win32gui.pyd
2017-08-18 03:48 - 2017-08-18 03:48 - 000046080 ____R () C:\Users\tag\AppData\Local\Temp\_MEI75522\_socket.pyd
2017-08-18 03:48 - 2017-08-18 03:48 - 001303552 ____R () C:\Users\tag\AppData\Local\Temp\_MEI75522\_ssl.pyd
2017-08-18 03:48 - 2017-08-18 03:48 - 000128512 ____R () C:\Users\tag\AppData\Local\Temp\_MEI75522\_elementtree.pyd
2017-08-18 03:48 - 2017-08-18 03:48 - 000127488 ____R () C:\Users\tag\AppData\Local\Temp\_MEI75522\pyexpat.pyd
2017-08-18 03:48 - 2017-08-18 03:48 - 000038912 ____R () C:\Users\tag\AppData\Local\Temp\_MEI75522\win32inet.pyd
2017-08-18 03:48 - 2017-08-18 03:48 - 000036864 ____R () C:\Users\tag\AppData\Local\Temp\_MEI75522\_psutil_windows.pyd
2017-08-18 03:48 - 2017-08-18 03:48 - 000524248 ____R () C:\Users\tag\AppData\Local\Temp\_MEI75522\windows._lib_cacheinvalidation.pyd
2017-08-18 03:48 - 2017-08-18 03:48 - 000011264 ____R () C:\Users\tag\AppData\Local\Temp\_MEI75522\win32crypt.pyd
2017-08-18 03:48 - 2017-08-18 03:48 - 000123392 ____R () C:\Users\tag\AppData\Local\Temp\_MEI75522\wx._wizard.pyd
2017-08-18 03:48 - 2017-08-18 03:48 - 000077312 ____R () C:\Users\tag\AppData\Local\Temp\_MEI75522\wx._html2.pyd
2017-08-18 03:48 - 2017-08-18 03:48 - 000027648 ____R () C:\Users\tag\AppData\Local\Temp\_MEI75522\_multiprocessing.pyd
2017-08-18 03:48 - 2017-08-18 03:48 - 000020480 ____R () C:\Users\tag\AppData\Local\Temp\_MEI75522\_yappi.pyd
2017-08-18 03:48 - 2017-08-18 03:48 - 000035840 ____R () C:\Users\tag\AppData\Local\Temp\_MEI75522\win32process.pyd
2017-08-18 03:48 - 2017-08-18 03:48 - 000078848 ____R () C:\Users\tag\AppData\Local\Temp\_MEI75522\wx._animate.pyd
2017-08-18 03:48 - 2017-08-18 03:48 - 000024064 ____R () C:\Users\tag\AppData\Local\Temp\_MEI75522\win32pipe.pyd
2017-08-18 03:48 - 2017-08-18 03:48 - 000010240 ____R () C:\Users\tag\AppData\Local\Temp\_MEI75522\select.pyd
2017-08-18 03:48 - 2017-08-18 03:48 - 000025600 ____R () C:\Users\tag\AppData\Local\Temp\_MEI75522\win32pdh.pyd
2017-08-18 03:48 - 2017-08-18 03:48 - 000017408 ____R () C:\Users\tag\AppData\Local\Temp\_MEI75522\win32profile.pyd
2017-08-18 03:48 - 2017-08-18 03:48 - 000022528 ____R () C:\Users\tag\AppData\Local\Temp\_MEI75522\win32ts.pyd
 
==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3554478145-5653826-404848212-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\tag\AppData\Local\DisplayFusion\Wallpaper_2.png
DNS Servers: 216.131.94.5 - 66.218.44.5
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk => C:\Windows\pss\Ralink Wireless Utility.lnk.CommonStartup
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: CTxfiHlp => CTXFIHLP.EXE
MSCONFIG\startupreg: vmware-tray.exe => "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
HKLM\...\StartupApproved\StartupFolder: => "Disconnect Desktop.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Ralink Wireless Utility.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "Start WingMan Profiler"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run32: => "CTxfiHlp"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
HKLM\...\StartupApproved\Run32: => "LogitechQuickCamRibbon"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "LWS"
HKU\S-1-5-21-3554478145-5653826-404848212-1000\...\StartupApproved\StartupFolder: => "Logitech . Product Registration.lnk"
HKU\S-1-5-21-3554478145-5653826-404848212-1000\...\StartupApproved\StartupFolder: => "Slack.lnk"
HKU\S-1-5-21-3554478145-5653826-404848212-1000\...\StartupApproved\StartupFolder: => "CurseClientStartup.ccip"
HKU\S-1-5-21-3554478145-5653826-404848212-1000\...\StartupApproved\Run: => "Dropbox Update"
HKU\S-1-5-21-3554478145-5653826-404848212-1000\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-3554478145-5653826-404848212-1000\...\StartupApproved\Run: => "Spotify"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B9157146-32F8-4DFC-B1E1-40DC3132F432}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Marvel Puzzle Quest\Binaries\PC\Ship\Marvel Puzzle Quest.exe
FirewallRules: [{AA47D058-D54D-4926-A0C1-4280E05FBA4F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Marvel Puzzle Quest\Binaries\PC\Ship\Marvel Puzzle Quest.exe
FirewallRules: [{2C39D967-BF71-49CF-9887-512011BF2795}] => (Allow) C:\Users\tag\AppData\Roaming\Disconnect\Disconnect Desktop\\openvpn\bin\openvpnserv.exe
FirewallRules: [{4C7BCF38-4AD6-40CC-9F3B-2BC94679E917}] => (Allow) C:\Users\tag\AppData\Roaming\Disconnect\Disconnect Desktop\\openvpn\bin\openvpn.exe
FirewallRules: [{C79B6E6C-8837-4C32-911E-A437235DDB5D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{EE610F13-89C5-434D-89BC-7524BA09872A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{2778590E-7584-475C-8EFE-9E49A2731C90}] => (Allow) C:\Users\tag\AppData\Roaming\Disconnect\Disconnect Desktop\\openvpn\bin\openvpnserv.exe
FirewallRules: [{FA7310CF-3619-422F-A42D-805C58F9909C}] => (Allow) C:\Users\tag\AppData\Roaming\Disconnect\Disconnect Desktop\\openvpn\bin\openvpn.exe
FirewallRules: [{55C10C4F-F45C-4984-AA14-C3BDF0000B5D}] => (Allow) C:\Users\tag\AppData\Roaming\Disconnect\Disconnect Desktop\\openvpn\bin\openvpnserv.exe
FirewallRules: [{E9D9AF31-1EBB-46E7-B19E-85B4EE242B45}] => (Allow) C:\Users\tag\AppData\Roaming\Disconnect\Disconnect Desktop\\openvpn\bin\openvpn.exe
FirewallRules: [{35BC7974-F297-4331-B9D2-A396FCDD1D81}] => (Allow) C:\Users\tag\AppData\Roaming\Disconnect\Disconnect Desktop\\openvpn\bin\openvpnserv.exe
FirewallRules: [{72AF6BA3-2706-4D4B-B234-73ED50E6D69F}] => (Allow) C:\Users\tag\AppData\Roaming\Disconnect\Disconnect Desktop\\openvpn\bin\openvpn.exe
FirewallRules: [{DC00DA15-84F4-446B-B605-6B7035943FAF}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{B334CDD2-1B18-4924-B132-FB582463FEDD}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{DC8CABB5-8596-43AA-9670-F98646DA99EA}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{E9EFFF80-937E-46E7-B1A1-F8D31663C86B}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{30B4FC46-A4FC-472B-A566-B7C491059168}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{3339B3F8-729F-431A-BB94-C0CF66F4C3CA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{746E1017-4C82-486B-81C9-ECAFE115C963}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3A77C4F3-3FEA-4EF2-AD0C-502447021900}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C8C9A846-24A8-4AA0-8274-D1E517B817B9}] => (Allow) C:\Users\tag\AppData\Roaming\Disconnect\Disconnect Desktop\\openvpn\bin\openvpn.exe
FirewallRules: [{C4565327-1968-42E0-826A-2379C4BA753B}] => (Allow) C:\Users\tag\AppData\Roaming\Disconnect\Disconnect Desktop\\openvpn\bin\openvpnserv.exe
FirewallRules: [{6C2C4F15-7015-4C5A-9B1E-F673BC1A6122}] => (Allow) C:\Users\tag\AppData\Roaming\Disconnect\Disconnect Desktop\\openvpn\bin\openvpn.exe
FirewallRules: [{E7E70F84-7DEC-4CA5-A61B-12FE7CAAFFC5}] => (Allow) C:\Users\tag\AppData\Roaming\Disconnect\Disconnect Desktop\\openvpn\bin\openvpnserv.exe
FirewallRules: [{7047D5E9-CA8F-4F73-A1C7-69AD65398970}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{B56423BB-5861-4E35-ADEE-62169CE32CD5}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{29A61320-884D-481A-AA1C-CFAFDC79D15A}C:\users\tag\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tag\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{BF1495F4-9307-4EEF-97E8-A1F54F5037F5}C:\users\tag\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tag\appdata\roaming\spotify\spotify.exe
FirewallRules: [{C05EDD0E-F849-4524-9B5F-4C071E77648F}] => (Block) C:\users\tag\appdata\roaming\spotify\spotify.exe
FirewallRules: [{CEADAB88-9C38-4195-B839-1CA4E5ABAB5E}] => (Block) C:\users\tag\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{E45468EE-52A9-4FBC-A984-2AAD2FF634CA}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{797C41C8-C524-4D4D-B52E-FCD919076F96}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{0DB94A55-8C7F-4582-B2C6-350B9F0E0112}] => (Block) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{0DFA4140-2AE3-45BA-8082-295D02B445B4}] => (Block) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{8256134D-7E7C-4586-98B5-56A76423BE4B}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{F6415BB5-50FA-4DF5-8978-F4772FAA90F0}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{5A6D6768-3489-46A2-B3AF-40C1F346C6B6}C:\users\sshaccess\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sshaccess\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{64EAF9E8-A05A-49F7-87BE-19643D7F4472}C:\users\sshaccess\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sshaccess\appdata\roaming\spotify\spotify.exe
FirewallRules: [{71DF7B18-52AF-41E3-B150-7BC1B878196C}] => (Block) C:\users\sshaccess\appdata\roaming\spotify\spotify.exe
FirewallRules: [{FEC0880F-31DC-4E85-87AD-49285CFB5014}] => (Block) C:\users\sshaccess\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{5C680D8D-AA2F-445B-BB6B-F6A4BE64D9A9}C:\program files (x86)\twitch launcher\games library\d229a310-2468-4f0c-b49b-4a6dcdd47809\hns\binaries\win64\streamline.exe] => (Allow) C:\program files (x86)\twitch launcher\games library\d229a310-2468-4f0c-b49b-4a6dcdd47809\hns\binaries\win64\streamline.exe
FirewallRules: [UDP Query User{2358DB33-8B6C-49AF-A153-B3D0C8469161}C:\program files (x86)\twitch launcher\games library\d229a310-2468-4f0c-b49b-4a6dcdd47809\hns\binaries\win64\streamline.exe] => (Allow) C:\program files (x86)\twitch launcher\games library\d229a310-2468-4f0c-b49b-4a6dcdd47809\hns\binaries\win64\streamline.exe
FirewallRules: [{3A9D6209-79A3-4841-A309-4453DA6DD7B8}] => (Block) C:\program files (x86)\twitch launcher\games library\d229a310-2468-4f0c-b49b-4a6dcdd47809\hns\binaries\win64\streamline.exe
FirewallRules: [{9E3E1C1B-EE4E-4299-9908-B9FF4E30EE17}] => (Block) C:\program files (x86)\twitch launcher\games library\d229a310-2468-4f0c-b49b-4a6dcdd47809\hns\binaries\win64\streamline.exe
FirewallRules: [TCP Query User{193F68AB-0926-4E93-AD59-D32F60FDAC3E}C:\program files (x86)\heroes of the storm\versions\base46889\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base46889\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{234D2239-5CD8-4925-900A-5A59E8FACDB9}C:\program files (x86)\heroes of the storm\versions\base46889\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base46889\heroesofthestorm_x64.exe
FirewallRules: [{E13594E1-E0B9-4633-B331-7F68493DAA06}] => (Block) C:\program files (x86)\heroes of the storm\versions\base46889\heroesofthestorm_x64.exe
FirewallRules: [{8864E164-BEF9-4770-9C44-DB4C19ABE516}] => (Block) C:\program files (x86)\heroes of the storm\versions\base46889\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{98339DD6-3771-4080-BFA1-488A5A62C731}C:\program files (x86)\battle.net\battle.net.8098\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8098\battle.net.exe
FirewallRules: [UDP Query User{358B2B98-8031-4DA8-9D6C-EC4CADCE7EEC}C:\program files (x86)\battle.net\battle.net.8098\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8098\battle.net.exe
FirewallRules: [{43DA221A-5630-4F27-A29A-CF0B01BB8F26}] => (Block) C:\program files (x86)\battle.net\battle.net.8098\battle.net.exe
FirewallRules: [{26E77C92-B4E1-467D-8558-14916DA76625}] => (Block) C:\program files (x86)\battle.net\battle.net.8098\battle.net.exe
FirewallRules: [TCP Query User{67EE50C3-1BFC-42A0-A2F4-09AA85F12A70}C:\program files (x86)\heroes of the storm\versions\base47479\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base47479\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{C2C45C25-A12F-489B-A8D6-C723A1BFBBDC}C:\program files (x86)\heroes of the storm\versions\base47479\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base47479\heroesofthestorm_x64.exe
FirewallRules: [{34FF0923-8A8A-4CB1-A371-8845712E167A}] => (Block) C:\program files (x86)\heroes of the storm\versions\base47479\heroesofthestorm_x64.exe
FirewallRules: [{01A37C62-ED7D-4D21-94AE-5AB57841CB33}] => (Block) C:\program files (x86)\heroes of the storm\versions\base47479\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{371A704D-07B2-4CC8-9A7A-4AA39C92AFC9}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{F1B28834-56A3-44E9-BFF7-ECB8EE3556C5}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{B2105500-8DA3-4195-A4B2-581A7AEC0725}] => (Block) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{C45E22E9-67D6-447C-9631-86BE7BC53DFF}] => (Block) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{887C9A08-9C18-4A2A-B405-4CDBB8CBF219}] => (Allow) C:\Program Files (x86)\Fiddler2\Fiddler.exe
FirewallRules: [TCP Query User{9774BF31-CCF0-4DA8-A325-54F71FFAD7DE}C:\program files\charles\charles.exe] => (Allow) C:\program files\charles\charles.exe
FirewallRules: [UDP Query User{0258CAF8-06FF-4929-AAB8-7B0AEFAC6C08}C:\program files\charles\charles.exe] => (Allow) C:\program files\charles\charles.exe
FirewallRules: [{57D386B5-7793-4F1E-940F-266B31543023}] => (Block) C:\program files\charles\charles.exe
FirewallRules: [{43147CE4-43BE-4D17-A038-D8AB889DC89B}] => (Block) C:\program files\charles\charles.exe
FirewallRules: [TCP Query User{1E9DBC2A-D1B5-40B0-9638-044B2A80BBDC}C:\users\tag\appdata\local\outpost games\games\sos\sos\binaries\win64\sos-win64-shipping.exe] => (Allow) C:\users\tag\appdata\local\outpost games\games\sos\sos\binaries\win64\sos-win64-shipping.exe
FirewallRules: [UDP Query User{F87BC690-2170-4BC4-9138-3A351D2E91C4}C:\users\tag\appdata\local\outpost games\games\sos\sos\binaries\win64\sos-win64-shipping.exe] => (Allow) C:\users\tag\appdata\local\outpost games\games\sos\sos\binaries\win64\sos-win64-shipping.exe
FirewallRules: [{A938FE5C-EFC1-48FC-AFB8-8BB529E54C93}] => (Block) C:\users\tag\appdata\local\outpost games\games\sos\sos\binaries\win64\sos-win64-shipping.exe
FirewallRules: [{12FB82D2-B373-4809-8F8A-21330D9160B0}] => (Block) C:\users\tag\appdata\local\outpost games\games\sos\sos\binaries\win64\sos-win64-shipping.exe
FirewallRules: [TCP Query User{E7284C0F-F9F5-451E-89DB-9D8C4E661DCA}C:\program files (x86)\heroes of the storm\versions\base51375\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base51375\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{C73EFE0A-1762-4DCA-B0FA-7299909B1489}C:\program files (x86)\heroes of the storm\versions\base51375\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base51375\heroesofthestorm_x64.exe
FirewallRules: [{5B62D408-FC7E-4DEF-9249-3AA9AE38F38B}] => (Block) C:\program files (x86)\heroes of the storm\versions\base51375\heroesofthestorm_x64.exe
FirewallRules: [{EDF72F1E-7355-41FF-B8FA-1AE92AD611EA}] => (Block) C:\program files (x86)\heroes of the storm\versions\base51375\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{C7D4D105-F143-44E0-84C1-4A274A4DB454}C:\users\sshaccess\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\sshaccess\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [UDP Query User{C7475F6F-65D0-4637-9B73-DFCB73AF04AC}C:\users\sshaccess\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\sshaccess\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [TCP Query User{91943B5C-8CDE-4C6C-A13B-CB280A8AEB9D}C:\program files (x86)\heroes of the storm\versions\base52124\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base52124\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{D8DE1CD5-BE70-4DBD-86F4-35E342596529}C:\program files (x86)\heroes of the storm\versions\base52124\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base52124\heroesofthestorm_x64.exe
FirewallRules: [{1D37293C-4691-4DBE-9A05-882E05E22FA5}] => (Block) C:\program files (x86)\heroes of the storm\versions\base52124\heroesofthestorm_x64.exe
FirewallRules: [{CD3525DA-8A65-40BF-888C-9350C9D7B7CA}] => (Block) C:\program files (x86)\heroes of the storm\versions\base52124\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{431B0930-B6FE-484A-9404-1CFFE5AEA080}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe
FirewallRules: [UDP Query User{CB4984BA-5C2A-41CD-9C49-335716EC4AAF}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe
FirewallRules: [{ABCF56E2-50BE-48E8-9BFC-AE8B4E8748BC}] => (Block) C:\program files (x86)\diablo iii\x64\diablo iii64.exe
FirewallRules: [{57153AE5-F0CD-458B-8CE2-072BC0AEE365}] => (Block) C:\program files (x86)\diablo iii\x64\diablo iii64.exe
FirewallRules: [TCP Query User{A3D7A433-AEB3-431F-96B0-B9ECF3FF379E}C:\program files (x86)\starcraft ii\versions\base51702\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base51702\sc2_x64.exe
FirewallRules: [UDP Query User{F7F6E709-F0DB-4D17-87BD-BAE8DE76D0FA}C:\program files (x86)\starcraft ii\versions\base51702\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base51702\sc2_x64.exe
FirewallRules: [{525B4E22-719C-48E0-B94A-F1A8DFAAFF03}] => (Block) C:\program files (x86)\starcraft ii\versions\base51702\sc2_x64.exe
FirewallRules: [{1CB45644-3125-4CEA-9CC9-FDC800A412F5}] => (Block) C:\program files (x86)\starcraft ii\versions\base51702\sc2_x64.exe
FirewallRules: [{9B56A998-EC15-4B3E-ACD4-1CF72D7C7980}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{F0230AF1-C499-446C-8260-CD4CC33B6A74}C:\program files (x86)\heroes of the storm\versions\base52351\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base52351\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{67113D32-D9F8-4F4D-B4A5-3DC3243F2206}C:\program files (x86)\heroes of the storm\versions\base52351\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base52351\heroesofthestorm_x64.exe
FirewallRules: [{595587AA-5FD4-4EE9-83D5-4C06F3C569FD}] => (Allow) C:\Users\tag\AppData\Roaming\Zoom\bin\Zoom.exe
FirewallRules: [{06C1111C-1DD5-4114-8D6A-977B98C5ED39}] => (Allow) C:\Users\tag\AppData\Roaming\Zoom\bin\airhost.exe
FirewallRules: [TCP Query User{0CE6109D-5DE5-4C8D-9C43-ABCA929E7856}C:\program files (x86)\heroes of the storm\versions\base52860\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base52860\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{254D1D29-37C7-4BA0-8D2F-DA56CABA0F3C}C:\program files (x86)\heroes of the storm\versions\base52860\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base52860\heroesofthestorm_x64.exe
FirewallRules: [{2C3BCA98-090D-4C36-97B6-06B157A070CF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Faeria\Faeria.exe
FirewallRules: [{7EA3DF67-661D-408E-B90A-BC01FCF33613}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Faeria\Faeria.exe
FirewallRules: [{1C322716-D8B9-49E4-BE5B-97D751DAEB06}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{7A5F3689-DEFB-424B-A441-1C81ECEC54A9}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{4074D7D5-0389-4054-9A8A-15D50F81487C}C:\program files\openshot video editor\launch.exe] => (Allow) C:\program files\openshot video editor\launch.exe
FirewallRules: [UDP Query User{AD8B3B88-4397-40A6-8FBC-FEF85F843359}C:\program files\openshot video editor\launch.exe] => (Allow) C:\program files\openshot video editor\launch.exe
FirewallRules: [{23836CB6-0D37-47B8-AC14-CC4624648DD1}] => (Block) C:\program files\openshot video editor\launch.exe
FirewallRules: [{F68426B5-F451-49B6-AC05-D350316F23D1}] => (Block) C:\program files\openshot video editor\launch.exe
FirewallRules: [{CADE106E-AB9A-4F9A-8D89-BB4FE2C080B6}] => (Allow) C:\Program Files\CrashPlan\CrashPlanService.exe
FirewallRules: [{3AAFE0BA-5F2E-4731-8B31-C482D53FF9BF}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{0F31E2BB-E8C8-4625-AE7E-4AA22690202E}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{AC2F7858-3044-4B05-94D5-69B886BC52F8}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{16C4782F-B215-4F3A-A305-C2F13711ADB3}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [TCP Query User{5C776877-CDF9-4415-927C-C04B576C797C}C:\program files (x86)\heroes of the storm\versions\base55010\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base55010\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{A2A79C1A-EF84-4216-91EA-090B2B57814F}C:\program files (x86)\heroes of the storm\versions\base55010\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base55010\heroesofthestorm_x64.exe
FirewallRules: [{D8E079C4-877F-47B3-97CE-0126CC2F7356}] => (Block) C:\program files (x86)\heroes of the storm\versions\base55010\heroesofthestorm_x64.exe
FirewallRules: [{C1F7D276-48CB-492C-AC7E-95C07C8514D2}] => (Block) C:\program files (x86)\heroes of the storm\versions\base55010\heroesofthestorm_x64.exe
FirewallRules: [{7A6575FC-A8F1-4858-A893-6B5AB42E5AC9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{CAC0EA46-BAFE-42CA-97DC-C584D504E651}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{FA338237-1C0A-42D2-BB8B-BE1C140DB970}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{D2252DFF-4656-481F-A291-6F6C1AAC155F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

27-07-2017 10:05:07 Windows Update
02-08-2017 18:53:26 Windows Update
09-08-2017 11:02:51 Windows Update

==================== Faulty Device Manager Devices =============

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: NVIDIA GeForce 8600 GT
Description: NVIDIA GeForce 8600 GT
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: NVIDIA
Service: nvlddmkm
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

Name: Linksys AE1200
Description: Linksys AE1200
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Linksys, LLC
Service: BCMH43XX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/18/2017 03:32:02 AM) (Source: vmauthd) (EventID: 1000) (User: )
Description: Cannot find perfmon object in array returned by perfDLL, index=0

Error: (08/18/2017 03:31:55 AM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Enumerating user sessions to generate filter pools failed.

Details:
(HRESULT : 0x80040210) (0x80040210)

Error: (08/18/2017 03:31:55 AM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Enumerating user sessions to generate filter pools failed.

Details:
(HRESULT : 0x80040210) (0x80040210)

Error: (08/17/2017 07:53:01 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (08/17/2017 07:30:52 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (08/17/2017 08:52:35 AM) (Source: vmauthd) (EventID: 1000) (User: )
Description: Cannot find perfmon object in array returned by perfDLL, index=0

Error: (08/17/2017 08:52:34 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (08/16/2017 07:30:48 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (08/16/2017 07:24:53 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (08/16/2017 07:59:53 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: ARCHIMONDE)
Description: Package Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.


System errors:
=============
Error: (08/18/2017 03:48:15 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/18/2017 03:48:15 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/18/2017 03:48:14 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/18/2017 03:48:09 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (08/18/2017 03:48:09 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The VMwareHostd service depends on the VMAuthdService service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (08/18/2017 03:48:09 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The VMAuthdService service depends on the vmx86 service which failed to start because of the following error:
The request is not supported.

Error: (08/18/2017 03:48:05 AM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY)
Description: The password notification DLL C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll failed to load with error 126. Please verify that the notification DLL path defined in the registry, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, refers to a correct and absolute path (<drive>:\<path>\<filename>.<ext>) and not a relative or invalid path. If the DLL path is correct, please validate that any supporting files are located in the same directory, and that the system account has read access to both the DLL path and any supporting files. Contact the provider of the notification DLL for additional support. Further details can be found on the web at http://go.microsoft.com/fwlink/?LinkId=245898.

Error: (08/18/2017 03:45:40 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The VMwareHostd service depends on the VMAuthdService service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (08/18/2017 03:45:40 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (08/18/2017 03:45:40 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetMsmqActivator service depends on the MSMQ service which failed to start because of the following error:
The dependency service or group failed to start.


CodeIntegrity:
===================================
Date: 2017-08-02 18:50:41.843
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Overwolf\0.105.324.0\x64\OWExplorer.dll that did not meet the Store signing level requirements.

Date: 2017-08-02 18:50:10.541
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Overwolf\0.105.324.0\x64\OWExplorer.dll that did not meet the Store signing level requirements.

Date: 2017-08-02 18:50:08.099
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Overwolf\0.105.324.0\x64\OWExplorer.dll that did not meet the Store signing level requirements.

Date: 2017-07-30 00:10:14.776
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Overwolf\0.105.324.0\x64\OWExplorer.dll that did not meet the Store signing level requirements.

Date: 2017-07-30 00:09:41.929
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Overwolf\0.105.324.0\x64\OWExplorer.dll that did not meet the Store signing level requirements.

Date: 2017-03-12 22:26:06.133
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-18 08:25:04.868
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-09-30 20:50:52.963
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-09-30 20:50:52.961
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-09-30 20:50:52.957
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 40%
Total physical RAM: 8191.11 MB
Available physical RAM: 4888.23 MB
Total Virtual: 16383.11 MB
Available Virtual: 12475.96 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.22 GB) (Free:114.2 GB) NTFS
Drive e: (Heap) (Fixed) (Total:465.76 GB) (Free:21.48 GB) NTFS
Drive f: (Stack) (Fixed) (Total:465.76 GB) (Free:157.5 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 0009C706)
Partition 1: (Not Active) - (Size=11.4 GB) - (Type=82)
Partition 2: (Active) - (Size=286.7 GB) - (Type=83)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 62794B25)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 2 (Size: 465.8 GB) (Disk ID: 00028087)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 465.8 GB) (Disk ID: 5006804B)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===================================

We can run some checks but I highly doubt it's malware related.
So far I don't see much.
I'm assuming you have more than 1 monitor connected to the same video card?
If so, did you try to reseat video card?


redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.


redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
RogueKiller V12.11.11.0 (x64) [Aug 21 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : tag [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 08/22/2017 01:49:00 (Duration : 01:11:56)
Switches : -refid

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 15 ¤¤¤
[PUP] (X64) HKEY_USERS\S-1-5-21-3554478145-5653826-404848212-1000\Software\eSupport.com -> Not selected
[PUP] (X86) HKEY_USERS\S-1-5-21-3554478145-5653826-404848212-1000\Software\eSupport.com -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3554478145-5653826-404848212-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.showtimeanytime.com/#/home -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3554478145-5653826-404848212-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.showtimeanytime.com/#/home -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 199.21.87.140 199.21.87.141 192.80.0.5 192.80.0.6 ([United States][United States][United States][United States]) -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6cd93ca1-1204-4b1e-ac06-bf857a411516} | DhcpNameServer : 199.21.87.140 199.21.87.141 192.80.0.5 192.80.0.6 ([United States][United States][United States][United States]) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{1E9DBC2A-D1B5-40B0-9638-044B2A80BBDC}C:\users\tag\appdata\local\outpost games\games\sos\sos\binaries\win64\sos-win64-shipping.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\tag\appdata\local\outpost games\games\sos\sos\binaries\win64\sos-win64-shipping.exe|Name=sos-win64-shipping.exe|Desc=sos-win64-shipping.exe|Defer=User| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{F87BC690-2170-4BC4-9138-3A351D2E91C4}C:\users\tag\appdata\local\outpost games\games\sos\sos\binaries\win64\sos-win64-shipping.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\tag\appdata\local\outpost games\games\sos\sos\binaries\win64\sos-win64-shipping.exe|Name=sos-win64-shipping.exe|Desc=sos-win64-shipping.exe|Defer=User| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{C7D4D105-F143-44E0-84C1-4A274A4DB454}C:\users\sshaccess\appdata\local\skypeplugin\pluginhost.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\sshaccess\appdata\local\skypeplugin\pluginhost.exe|Name=pluginhost.exe|Desc=pluginhost.exe|Defer=User| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{C7475F6F-65D0-4637-9B73-DFCB73AF04AC}C:\users\sshaccess\appdata\local\skypeplugin\pluginhost.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\sshaccess\appdata\local\skypeplugin\pluginhost.exe|Name=pluginhost.exe|Desc=pluginhost.exe|Defer=User| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {06C1111C-1DD5-4114-8D6A-977B98C5ED39} : v2.26|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\tag\AppData\Roaming\Zoom\bin\airhost.exe|Name=Airhost service for Zoom Video Meetings|Desc=Allow network traffic for Zoom Video Conference|EmbedCtxt=Zoom Video Conference| [x] -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3554478145-5653826-404848212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3554478145-5653826-404848212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3554478145-5653826-404848212-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3554478145-5653826-404848212-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 1 ¤¤¤
[PUP][Folder] C:\Users\tag\AppData\Local\eSupport.com -> Deleted

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 7 ¤¤¤
[PUP][Chrome:Addon] Default : Google Tasks (by Google) [dmglolhoplikcoamfgjgammjbgchgjdd] -> Not selected
[PUM.Proxy][Firefox:Config] im0svryy.default : user_pref("network.proxy.http", "127.0.0.1"); -> Not selected
[PUM.Proxy][Firefox:Config] im0svryy.default : user_pref("network.proxy.http_port", 80); -> Not selected
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : homepage [http://news.yahoo.com/] -> Not selected
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : session.startup_urls [http://news.yahoo.com/] -> Not selected
[PUM.HomePage][Chrome:Config] Profile 1 [SecurePrefs] : session.startup_urls [https://drive.google.com/drive/my-drive] -> Not selected
[PUM.HomePage][Chrome:Config] Profile 2 [SecurePrefs] : session.startup_urls [https://drive.google.com/drive/my-drive] -> Not selected

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3320620A ATA Device +++++
--- User ---
[MBR] 28cdcf8ad77c025be0f47bf6e5477b0c
[BSP] 75655d0494bfb965f9ce5e8378bec6b2 : Linux|Legit.Unknown|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x82) [VISIBLE] Offset (sectors): 2048 | Size: 11695 MB
1 - [ACTIVE] LINUX (0x83) [VISIBLE] Offset (sectors): 23953408 | Size: 293549 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Samsung SSD 840 EVO 500GB ATA Device +++++
--- User ---
[MBR] 3eef521d4afacfeed96eb1a8ebf6cf4e
[BSP] 9b86b6d209176ddc1fa7af3f9ea6a82e : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476388 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 975849472 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: ST3500320AS ATA Device +++++
--- User ---
[MBR] c7feff2643280c321f506dc446ea52d8
[BSP] b096f498388862dba2e9ef85280da577 : Legit.Unknown|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476939 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive3: ST3500320AS ATA Device +++++
--- User ---
[MBR] c8d769f4215509fc52fb4b2410b9c185
[BSP] b95988b651cc517a3866e43ffd9b95eb : Linux|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 476937 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/22/2017
Scan Time: 5:58 AM
Logfile: mwbam.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2017.08.22.05
Rootkit Database: v2017.08.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: tag

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 410468
Time Elapsed: 15 min, 25 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


# AdwCleaner 7.0.1.0 - Logfile created on Wed Aug 23 01:25:22 2017
# Updated on 2017/05/08 by Malwarebytes
# Running on Windows 10 Pro (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7


***** [ Files ] *****

Deleted: C:\END


***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{ED85578E-018B-411E-9BB0-5B6642D9DA4D}


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [1275 B] - [2017/8/23 1:21:54]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Pro x64
Ran by tag (Administrator) on Tue 08/22/2017 at 18:29:44.89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_A03A8B1B4CFB215D4B1B77B39B8928B6 (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 08/22/2017 at 18:32:20.37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
786
uber_beetle
uber_beetle
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back