Solved PUP.Optional.ASK and PUP.Optional.Delta won't go away.

DeadpixeI

DeadpixeI

Posts: 53   +0
Ever since the latest Malwarebytes update it's been flagging these files as malicious. Every scan they keep showing up no matter how many quarantines. No idea how to get rid of them. I assume they have something to do with Ask Toolbars and Delta Search garbage

I'm getting 'nam flashbacks right now because I dealt with a really nasty virus before when I installed a program I shouldn't of, and thankfully was able to get rid of it thanks to this forum. Since then, I've been way more careful, haven't installed any shady programs, then after updating Malwarebytes to the latest version, this shows up.

Log is below.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 11/29/17
Scan Time: 7:41 PM
Log File: a222f6e8-d56f-11e7-b910-0250f2362f00.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.236
Update Package Version: 1.0.3375
License: Premium

-System Information-
OS: Windows 10 (Build 15063.726)
CPU: x64
File System: NTFS
User: CHRISTOPHERPC\ChristopherAubert

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 527299
Threats Detected: 3
Threats Quarantined: 3
Time Elapsed: 8 min, 41 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 3
PUP.Optional.Delta, C:\USERS\CHRISTOPHER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [3663], [455070],1.0.3375
PUP.Optional.Delta, C:\USERS\CHRISTOPHER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [3663], [455070],1.0.3375
PUP.Optional.ASK, C:\USERS\CHRISTOPHER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [528], [454827],1.0.3375

Physical Sector: 0
(No malicious items detected)


(end)
 
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===================================

Regarding MBAM log. Those three files come from Chrome so it looks like some addon keep bringing them back in.

Reset Chrome...
Click on "Customize and control Google Chrome":
p22003758.gif

Click "Settings" then "Show advanced settings" at the bottom of the screen.
Click "Reset browser settings" button.
Restart Chrome.

If the above didn't help....

Reinstall Chrome...
If you want to save your bookmarks...
How to Backup Bookmarks in Google Chrome
If you want to save your passwords as well see here: http://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/
  • Close all Chrome windows and tabs.
  • Go to the Start menu > Control Panel. (Windows 8 users: Learn how to access the Control Panel)
  • Click Programs and Features.
  • Double-click Google Chrome.
  • Click Uninstall from the confirmation dialog. Delete your user profile information, like your browser preferences, bookmarks, and history, by selecting the "Also delete your browsing data" checkbox.
Install fresh copy.

Then...

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.
 
First, FRST won't work and appears bugged/broken or something:
When I followed the link you provided, then following that link to download FRST, when it would run, it would say in the top right that it was updating, then it would say that it was updated and now I can use the software (https://prntscr.com/hhgi6g) Then, after clicking "OK" in the little window popping up after it updates, it would close out of FRST, reopen, then start the same process of "updating", little window popping up saying it's done updating (while I can't click on "Scan" or anything in the software) me clicking OK, then the software auto-closing, then auto-opening in this infinite loop. I tried downloading from a different source (https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/), but nothing changed.

So no logs to paste because the software seems like it has a bug preventing me from scanning.

BTW
Hey it's you! Judging by the insane amount of posts you reply to (and solve :D) you probably don't remember me, but you helped me out when I had a nasty virus that took many replies and many log copy-and-pastes. Since then, I've been much more careful about what I install and nothing led up to this issue. I hadn't installed anything, just one day Malwarebytes was updated and BAM! Those files flagged as PUPs. (Though my hunch is it's leftover files from the virus that took so much to get rid of) If this turns into another saga I just want to say that I greatly appreciate what you do on this site, and thank you for spending the time. :D(y)
 
Normally there is no problem with running FRST.
Delete your copy(copies), download fresh copy and try again.
 
I did, and it still worked the same way.
Here's a little video of me trying to use it:
I tried downloading it from a different source, but the same thing persisted.
 
See, if disconnecting from the internet will help.
Hopefully it won't try to update.
 
Huh. Never thought about doing that. Sounds kinda obvious when I think about it.
Here's the two logs:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-11-2017
Ran by ChristopherAubert (administrator) on CHRISTOPHERPC (03-12-2017 18:28:36)
Running from C:\Users\Christopher\Desktop
Loaded Profiles: ChristopherAubert (Available Profiles: ChristopherAubert)
Platform: Windows 10 Pro Version 1709 16299.98 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\63.0.3239.32\remoting_host.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
() C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Electrical\server\EwServer.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
() C:\Windows\runSW.exe
(Mentor Graphics Corporation) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Mentor Graphics Corporation) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\dispatcher.exe
(Realtek) C:\Windows\SwUSB.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\63.0.3239.32\remoting_host.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(REALiX) C:\Program Files (x86)\HWiNFO32\HWiNFO32.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
() C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Discord Inc.) C:\Users\Christopher\AppData\Local\Discord\app-0.0.298\Discord.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Discord Inc.) C:\Users\Christopher\AppData\Local\Discord\app-0.0.298\Discord.exe
(HP Inc.) C:\Program Files\HP\HP OfficeJet 4650 series\Bin\ScanToPCActivationApp.exe
(Spotify Ltd) C:\Users\Christopher\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Discord Inc.) C:\Users\Christopher\AppData\Local\Discord\app-0.0.298\Discord.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\sldworks_fs.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.10\Lightshot.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.5\bin\TrayPopupE\TrayTipAgentE.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11710.1001.27.0_x64__8wekyb3d8bbwe\WinStore.App.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(HP Inc.) C:\Program Files\HP\HP OfficeJet 4650 series\Bin\HPNetworkCommunicatorCom.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596664 2017-08-30] (Razer Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5885352 2017-06-29] (LogMeIn Inc.)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.5\bin\TrayPopupE\TrayTipAgentE.exe [256144 2017-09-13] ()
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3319825686-2643767977-2016650390-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3102496 2017-10-30] (Valve Corporation)
HKU\S-1-5-21-3319825686-2643767977-2016650390-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [40417680 2017-11-01] ()
HKU\S-1-5-21-3319825686-2643767977-2016650390-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4299968 2016-06-22] (Disc Soft Ltd)
HKU\S-1-5-21-3319825686-2643767977-2016650390-1001\...\Run: [Discord] => C:\Users\Christopher\AppData\Local\Discord\app-0.0.298\Discord.exe [57477112 2017-08-08] (Discord Inc.)
HKU\S-1-5-21-3319825686-2643767977-2016650390-1001\...\Run: [HP OfficeJet 4650 series (NET)] => C:\Program Files\HP\HP OfficeJet 4650 series\Bin\ScanToPCActivationApp.exe [3770504 2017-04-06] (HP Inc.)
HKU\S-1-5-21-3319825686-2643767977-2016650390-1001\...\Run: [Spotify Web Helper] => C:\Users\Christopher\AppData\Roaming\Spotify\SpotifyWebHelper.exe [777840 2017-09-08] (Spotify Ltd)
HKU\S-1-5-21-3319825686-2643767977-2016650390-1001\...\Run: [GoogleChromeAutoLaunch_D3EE6E7DA0645F6660E47697F62AE98F] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1556312 2017-11-10] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SOLIDWORKS 2016 Fast Start.lnk [2017-09-24]
ShortcutTarget: SOLIDWORKS 2016 Fast Start.lnk -> C:\Windows\Installer\{768F3B65-1695-47B7-9002-B11400CB111D}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SOLIDWORKS Background Downloader.lnk [2017-09-24]
ShortcutTarget: SOLIDWORKS Background Downloader.lnk -> C:\Program Files (x86)\Common Files\SOLIDWORKS Installation Manager\BackgroundDownloading\sldBgDwld.exe (Dassault Systèmes SolidWorks Corp.)
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 138.47.254.3 138.47.254.5
Tcpip\..\Interfaces\{032803e0-8e3d-4074-a603-13ce2fa6be1f}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{401984dc-3453-4b14-8465-91d94fd40f52}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{80d7c140-8ac2-407b-a891-dc1eac91fe58}: [DhcpNameServer] 138.47.254.3 138.47.254.5

Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2017-11-16] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-11-07] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-10-22] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-10-20] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-11-07] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-20] (Oracle Corporation)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxps://qtinstall.apple.com/qtactivex/qtplugin.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-02] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-12-02] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-02] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-12-02] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-02] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-12-02] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-02] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-12-02] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 6wg7kf84.default
FF ProfilePath: C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\6wg7kf84.default [2017-10-07]
FF Homepage: Mozilla\Firefox\Profiles\6wg7kf84.default -> msn.com
FF Extension: (Avira Browser Safety) - C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\6wg7kf84.default\Extensions\abs@avira.com [2017-06-07]
FF Extension: (Chrome Store Foxified) - C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\6wg7kf84.default\Extensions\Chrome-Store-Foxified@jetpack.xpi [2016-11-09] [Lagacy]
FF Extension: (Twitch Now) - C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\6wg7kf84.default\Extensions\jid1-jwVSihNsgAw5jA@jetpack.xpi [2016-10-30] [Lagacy]
FF Extension: (FrankerFaceZ) - C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\6wg7kf84.default\Extensions\jid1-snHdAu6px3p0jA@jetpack.xpi [2016-11-19] [Lagacy]
FF Extension: (Adblock Plus) - C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\6wg7kf84.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23] [Lagacy]
FF Plugin: 3ds.com/ComposerPlayerWebPlugin_x86_64 -> C:\Program Files\SOLIDW~1\SOLIDW~2\Bin\NPCOMP~1.DLL [2016-07-14] (Dassault Systemes)
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2017-11-15] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-10-22] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: 3ds.com/ComposerPlayerWebPlugin -> C:\Program Files\SOLIDW~1\SOLIDW~2\Bin\x86\NPCOMP~1.DLL [2016-07-14] (Dassault Systemes)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-10-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-10-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3319825686-2643767977-2016650390-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Christopher\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-08-30] (Citrix Online)
FF Plugin HKU\S-1-5-21-3319825686-2643767977-2016650390-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Christopher\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-18] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3319825686-2643767977-2016650390-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2017-11-15] ()

Chrome:
=======
CHR HomePage: Default -> hxxps://www.youtube.com/feed/subscriptions
CHR StartupUrls: Default -> "hxxp://msn.com/"
CHR Profile: C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default [2017-12-03]
CHR Extension: (Google Translate) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-11-30]
CHR Extension: (Slides) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-30]
CHR Extension: (BetterTTV) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2017-11-30]
CHR Extension: (Docs) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-30]
CHR Extension: (Google Drive) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-11-30]
CHR Extension: (Turn Off the Lights) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2017-11-30]
CHR Extension: (YouTube) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-30]
CHR Extension: (uBlock Origin) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-11-30]
CHR Extension: (Adobe Acrobat) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-11-30]
CHR Extension: (minerBlock) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\emikbbbebcdfohonlaifafnoanocnebl [2017-12-03]
CHR Extension: (FrankerFaceZ) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadndhdgpmmaapbmfcknlfgcflmmmieb [2017-11-30]
CHR Extension: (Sheets) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-30]
CHR Extension: (Google Docs Offline) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-11-30]
CHR Extension: (IE Tab) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2017-11-30]
CHR Extension: (Google Keep - notes and lists) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2017-11-30]
CHR Extension: (Shrug it off) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmmjglmfijkbblhcdbehpcngbakkgkfl [2017-11-30]
CHR Extension: (Google Play) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2017-11-30]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-11-30]
CHR Extension: (Google Play Books) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2017-11-30]
CHR Extension: (Tom's Hardware - My Threads) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\nddbmgcnelmmhlfibkmfnhnfeccaliip [2017-11-30]
CHR Extension: (Twitch Now) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmbdmpjmlijibeockamioakdpmhjnpk [2017-11-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-11-30]
CHR Extension: (Gmail) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-11-30]
CHR Extension: (Chrome Media Router) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-30]
CHR HKLM\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3319825686-2643767977-2016650390-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

Opera:
=======
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-03] ()
R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2297104 2015-10-12] (Broadcom Corporation.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6988296 2017-12-01] ()
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\63.0.3239.32\remoting_host.exe [71512 2017-11-02] (Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8063664 2017-11-22] (Microsoft Corporation)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-06-22] (Disc Soft Ltd)
R2 ewserver; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Electrical\server\EwServer.exe [180272 2016-07-14] ()
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3418024 2017-06-29] (LogMeIn Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 MSSQL$TEW_SQLEXPRESS; C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe [372408 2017-07-06] (Microsoft Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-11-15] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-11-15] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-10-27] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [460736 2017-11-15] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2123104 2017-11-02] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3002728 2017-11-02] (Electronic Arts)
R2 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe [435328 2017-10-09] (Razer Inc.)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [916096 2017-10-16] (Razer Inc.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2017-07-19] ()
R2 RemoteSolverDispatcher; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe [240904 2016-07-14] (Mentor Graphics Corporation)
R2 RunSwUSB; C:\Windows\runSW.exe [44760 2014-12-12] ()
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-12-01] (Microsoft Corporation)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2017-09-24] (SolidWorks) [File not signed]
S4 SQLAgent$TEW_SQLEXPRESS; C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [613056 2017-07-06] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803952 2017-11-09] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-03] ()
S3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [227144 2015-10-12] (Broadcom Corporation.)
R3 CMUSBDAC; C:\WINDOWS\system32\DRIVERS\CMUSBDAC.sys [3778592 2015-11-25] (C-MEDIA)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-07-11] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-07-11] (Disc Soft Ltd)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [33448 2016-12-07] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [21496 2016-01-14] ()
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77432 2017-11-01] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2016-07-11] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2016-07-11] () [File not signed]
R3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2016-04-05] (LogMeIn Inc.)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-06-23] (REALiX(tm))
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193464 2017-11-11] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2017-12-03] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2017-12-03] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2017-12-03] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-12-03] (Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f936d37e592b25aa\nvlddmkm.sys [16936048 2017-10-28] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-11-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50624 2017-10-10] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-11-15] (NVIDIA Corporation)
S3 ptun0901; C:\WINDOWS\System32\drivers\ptun0901.sys [27136 2016-04-21] (The OpenVPN Project)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
S4 RsFx0310; C:\WINDOWS\System32\DRIVERS\RsFx0310.sys [249024 2015-04-20] (Microsoft Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [887552 2015-07-14] (Realtek )
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14024 2016-10-24] ()
R3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [51736 2016-06-23] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [45752 2017-07-19] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [139704 2017-07-18] (Razer, Inc.)
S3 rzvkeyboard; C:\WINDOWS\System32\drivers\rzvkeyboard.sys [43032 2016-04-08] (Razer Inc)
S3 VBAudioVACMME; C:\WINDOWS\system32\DRIVERS\vbaudio_cable64_win7.sys [41192 2014-09-02] (Windows (R) Win 7 DDK provider)
S3 VBAudioVMVAIOMME; C:\WINDOWS\system32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2017-04-16] (Windows (R) Win 7 DDK provider)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [206976 2017-07-27] (Oracle Corporation)
U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [41472 2017-12-01] (Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-07-11] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-03 18:28 - 2017-12-03 18:28 - 000032371 _____ C:\Users\Christopher\Desktop\FRST.txt
2017-12-03 16:27 - 2017-12-03 16:27 - 000000000 ___HD C:\OneDriveTemp
2017-12-03 13:30 - 2017-12-03 16:27 - 002391552 _____ (Farbar) C:\Users\Christopher\Desktop\FRST64.exe
2017-12-02 23:17 - 2017-12-02 23:31 - 000000000 ____D C:\Users\Christopher\AppData\LocalLow\uTorrent
2017-12-02 18:25 - 2017-12-02 18:25 - 000000000 ____D C:\Users\Christopher\AppData\LocalLow\Creability
2017-12-02 01:38 - 2017-12-02 01:38 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2017-12-01 12:22 - 2017-12-01 10:34 - 000000000 ____D C:\Windows.old
2017-12-01 12:18 - 2017-12-01 12:22 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-12-01 12:17 - 2017-12-01 12:18 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2017-12-01 12:17 - 2017-12-01 12:17 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2017-12-01 12:17 - 2017-12-01 12:17 - 000000000 ____D C:\WINDOWS\containers
2017-12-01 12:16 - 2017-12-01 12:16 - 025247744 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 023659008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 021754368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 021352136 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 019339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 018915840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 017159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 017084416 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 013703168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 013655552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 012829696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 012687360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 011923456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 008590744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-12-01 12:16 - 2017-12-01 12:16 - 008099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 007831248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 007676296 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 007545344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 007386664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 006791472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 006483176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 006466560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 006092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 006036480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 006015200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 005906264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 004814848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 004772352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 004742144 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 004648528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 004487968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 004385280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 004249600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 003903272 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-12-01 12:16 - 2017-12-01 12:16 - 003679232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 003578368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 003484848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-12-01 12:16 - 2017-12-01 12:16 - 003478016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 003331520 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 003186688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 003163648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 003010720 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 002972672 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 002890240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 002864640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 002862080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 002783744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 002717392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 002633216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 002596352 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-12-01 12:16 - 2017-12-01 12:16 - 002573208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 002491112 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 002467840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 002465848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 002446744 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 002412168 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 002395032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 002393600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 002339296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 002269080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 002220952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 002106880 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 001990160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001970520 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001954048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001806336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001778584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001739264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001667584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001664000 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001642520 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001636376 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001634288 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001628056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001615720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001585376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001570816 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-12-01 12:16 - 2017-12-01 12:16 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001554216 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001528904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001509888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001507736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001495040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001490840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001488792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001485824 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001474680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001463856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001454568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001432816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001426160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001425408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll

 
FRST.TXT 2/3
2017-12-01 12:16 - 2017-12-01 12:16 - 001420696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001413760 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-12-01 12:16 - 2017-12-01 12:16 - 001377080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001353728 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001323840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001322496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001307136 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001289216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001280000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001277848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 001261864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001259344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001230848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001208184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-12-01 12:16 - 2017-12-01 12:16 - 001200536 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-12-01 12:16 - 2017-12-01 12:16 - 001170008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001167360 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001148216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001145112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001124760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContentDeliveryManager.Utilities.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001090440 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-12-01 12:16 - 2017-12-01 12:16 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001053592 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-12-01 12:16 - 2017-12-01 12:16 - 001015008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001012120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Services.TargetedContent.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001005568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001003104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000975872 _____ C:\WINDOWS\system32\FaceProcessor.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2017-12-01 12:16 - 2017-12-01 12:16 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000924136 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-12-01 12:16 - 2017-12-01 12:16 - 000902416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000891800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-12-01 12:16 - 2017-12-01 12:16 - 000887296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000840440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Perception.Stub.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000831384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9on12.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000823808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000819096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-12-01 12:16 - 2017-12-01 12:16 - 000813976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000791960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-12-01 12:16 - 2017-12-01 12:16 - 000779440 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-12-01 12:16 - 2017-12-01 12:16 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 000769096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcrt.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000768512 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000754688 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 000746904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Services.TargetedContent.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000744856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000739696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 000720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000713624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 000710920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000705944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000703568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000703536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000677280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 000669592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000666112 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000661664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000660480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000654848 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000654048 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-12-01 12:16 - 2017-12-01 12:16 - 000645528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000630752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcrt.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000618496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000615768 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2017-12-01 12:16 - 2017-12-01 12:16 - 000614912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000612760 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000610712 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-12-01 12:16 - 2017-12-01 12:16 - 000599040 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000597160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000592280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000591872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000590944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000588288 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000566272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000559512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000557056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9on12.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000555416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-12-01 12:16 - 2017-12-01 12:16 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000540672 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000534528 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 000525208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2017-12-01 12:16 - 2017-12-01 12:16 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-12-01 12:16 - 2017-12-01 12:16 - 000516096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000506256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000495000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000479912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000478208 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000474112 _____ (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000471960 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000464408 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000442880 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000436120 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000428952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 000418712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000404888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000398744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 000394752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2017-12-01 12:16 - 2017-12-01 12:16 - 000373656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 000372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000362176 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioIso.exe
2017-12-01 12:16 - 2017-12-01 12:16 - 000361984 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatializerApo.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwaApi.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000354200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000353848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000353688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000351232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DictationManager.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicRuntimes.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-12-01 12:16 - 2017-12-01 12:16 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000319352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000293888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WwaApi.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExecModelClient.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SpatializerApo.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000269696 _____ C:\WINDOWS\system32\FaceProcessorCore.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-12-01 12:16 - 2017-12-01 12:16 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-12-01 12:16 - 2017-12-01 12:16 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 000242176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExecModelClient.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000230296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-12-01 12:16 - 2017-12-01 12:16 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000198888 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000187288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_ContentDeliveryManager.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SIUF.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000166808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 000160256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 000147864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000129432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 000126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptcatsvc.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 000123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000097792 _____ C:\WINDOWS\system32\runexehelper.exe
2017-12-01 12:16 - 2017-12-01 12:16 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceUpdateAgent.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000082840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acppage.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2017-12-01 12:16 - 2017-12-01 12:16 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\acppage.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000060824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\urscx01000.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadjcsp.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000048112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-12-01 12:16 - 2017-12-01 12:16 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdrleakdiag.exe
2017-12-01 12:16 - 2017-12-01 12:16 - 000045464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdrleakdiag.exe
2017-12-01 12:16 - 2017-12-01 12:16 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcVSp1res.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcVSp1res.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-12-01 12:14 - 2017-12-01 12:14 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-12-01 12:14 - 2017-12-01 12:14 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-12-01 12:14 - 2017-12-01 12:14 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-12-01 12:14 - 2017-12-01 12:14 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-12-01 12:14 - 2017-12-01 12:14 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-12-01 12:14 - 2017-12-01 12:14 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-12-01 12:14 - 2017-12-01 12:14 - 000000000 ____D C:\Program Files\Reference Assemblies
2017-12-01 12:14 - 2017-12-01 12:14 - 000000000 ____D C:\Program Files\MSBuild
2017-12-01 12:14 - 2017-12-01 12:14 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-12-01 12:14 - 2017-12-01 12:14 - 000000000 ____D C:\Program Files (x86)\MSBuild
2017-12-01 10:46 - 2017-12-01 10:46 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2017-12-01 10:44 - 2017-12-01 10:44 - 000000020 ___SH C:\Users\Christopher\ntuser.ini
2017-12-01 10:44 - 2017-12-01 10:44 - 000000000 ___HD C:\Users\Christopher\MicrosoftEdgeBackups
2017-12-01 10:34 - 2017-12-01 10:34 - 000000000 ____D C:\ProgramData\USOShared
2017-12-01 10:33 - 2017-12-03 16:26 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-12-01 10:33 - 2017-12-01 10:46 - 000003398 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3319825686-2643767977-2016650390-1001
2017-12-01 10:33 - 2017-12-01 10:33 - 000003584 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-12-01 10:33 - 2017-12-01 10:33 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-12-01 10:33 - 2017-12-01 10:33 - 000003398 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-01 10:33 - 2017-12-01 10:33 - 000003344 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-12-01 10:33 - 2017-12-01 10:33 - 000003302 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1498797898
2017-12-01 10:33 - 2017-12-01 10:33 - 000003278 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-12-01 10:33 - 2017-12-01 10:33 - 000003176 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-01 10:33 - 2017-12-01 10:33 - 000003120 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-12-01 10:33 - 2017-12-01 10:33 - 000003076 _____ C:\WINDOWS\System32\Tasks\update-S-1-5-21-3319825686-2643767977-2016650390-1001
2017-12-01 10:33 - 2017-12-01 10:33 - 000002984 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-01 10:33 - 2017-12-01 10:33 - 000002956 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-01 10:33 - 2017-12-01 10:33 - 000002952 _____ C:\WINDOWS\System32\Tasks\Norton Product InstallerIdle
2017-12-01 10:33 - 2017-12-01 10:33 - 000002940 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3319825686-2643767977-2016650390-1001
2017-12-01 10:33 - 2017-12-01 10:33 - 000002914 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-01 10:33 - 2017-12-01 10:33 - 000002838 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-01 10:33 - 2017-12-01 10:33 - 000002820 _____ C:\WINDOWS\System32\Tasks\update-sys
2017-12-01 10:33 - 2017-12-01 10:33 - 000002786 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-01 10:33 - 2017-12-01 10:33 - 000002744 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-01 10:33 - 2017-12-01 10:33 - 000002590 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2017-12-01 10:33 - 2017-12-01 10:33 - 000002434 _____ C:\WINDOWS\System32\Tasks\MSIAfterburner
2017-12-01 10:33 - 2017-12-01 10:33 - 000002418 _____ C:\WINDOWS\System32\Tasks\RTSS
2017-12-01 10:33 - 2017-12-01 10:33 - 000002382 _____ C:\WINDOWS\System32\Tasks\HWiNFO
2017-12-01 10:33 - 2017-12-01 10:33 - 000002360 _____ C:\WINDOWS\System32\Tasks\CAM
2017-12-01 10:33 - 2017-12-01 10:33 - 000000000 ____D C:\WINDOWS\System32\Tasks\WPD
2017-12-01 10:32 - 2017-12-01 10:32 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2017-12-01 10:32 - 2017-12-01 10:32 - 000007623 _____ C:\WINDOWS\diagerr.xml
2017-12-01 10:30 - 2017-12-03 16:32 - 001066580 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-12-01 10:27 - 2017-12-01 10:27 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-12-01 10:26 - 2017-12-03 13:41 - 000000000 ____D C:\Users\Christopher\AppData\Local\Packages
2017-12-01 10:26 - 2017-12-01 10:44 - 000000000 ____D C:\Users\Christopher
2017-12-01 10:25 - 2017-12-01 10:25 - 000000000 ____H C:\ProgramData\DP45977C.lfl
2017-12-01 10:25 - 2017-09-29 07:41 - 002241024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-12-01 10:24 - 2017-12-03 17:31 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-12-01 10:24 - 2017-12-01 10:28 - 006173928 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-12-01 00:18 - 2017-12-01 10:44 - 000000000 ___DC C:\WINDOWS\Panther
2017-11-30 22:54 - 2017-12-03 18:28 - 000089980 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-11-30 22:52 - 2017-11-30 22:53 - 000001446 _____ C:\WINDOWS\EPMBatch.ept
2017-11-30 22:43 - 2017-11-30 22:43 - 000000028 _____ C:\WINDOWS\OutLog.txt
2017-11-30 22:08 - 2017-11-30 22:51 - 000000000 _____ C:\WINDOWS\BcdLog.txt
2017-11-30 21:37 - 2017-12-01 12:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 12.5
2017-11-30 21:37 - 2017-09-13 11:11 - 004027024 _____ C:\WINDOWS\system32\BootMan.exe
2017-11-30 21:37 - 2017-09-13 11:10 - 003037328 _____ C:\WINDOWS\SysWOW64\BootMan.exe
2017-11-30 21:37 - 2016-12-07 13:26 - 000033448 _____ C:\WINDOWS\system32\epmntdrv.sys
2017-11-30 21:37 - 2016-07-11 10:01 - 000101984 _____ C:\WINDOWS\system32\setupempdrvx64.exe
2017-11-30 21:37 - 2016-07-11 10:01 - 000088160 _____ C:\WINDOWS\SysWOW64\setupempdrv03.exe
2017-11-30 21:37 - 2016-07-11 10:01 - 000010848 _____ C:\WINDOWS\system32\EuGdiDrv.sys
2017-11-30 21:37 - 2016-07-11 10:01 - 000010208 _____ C:\WINDOWS\SysWOW64\EuGdiDrv.sys
2017-11-30 21:37 - 2016-07-08 15:28 - 000248832 _____ C:\WINDOWS\SysWOW64\epmntdrv.pdb
2017-11-30 21:37 - 2016-01-14 10:05 - 000021496 _____ C:\WINDOWS\SysWOW64\epmntdrv.sys
2017-11-30 21:37 - 2014-11-18 14:46 - 000021088 _____ C:\WINDOWS\SysWOW64\EuEpmGdi.dll
2017-11-30 21:37 - 2014-11-18 14:46 - 000017504 _____ C:\WINDOWS\system32\EuEpmGdi.dll
2017-11-30 20:46 - 2017-11-30 21:02 - 000056062 _____ C:\NTFSp.txt
2017-11-30 20:36 - 2017-11-15 19:41 - 000057792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-11-30 20:33 - 2017-12-03 16:27 - 000000000 ____D C:\Users\Christopher\Desktop\FRST-OlderVersion
2017-11-30 15:34 - 2017-12-03 18:28 - 000000000 ____D C:\FRST
2017-11-30 15:21 - 2017-12-01 10:27 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-11-30 15:19 - 2017-12-01 10:30 - 000002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-30 15:19 - 2017-12-01 10:30 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-11-29 19:16 - 2017-11-29 19:18 - 000000000 ____D C:\AdwCleaner
2017-11-29 18:02 - 2017-11-29 18:10 - 144261737 _____ C:\Users\Christopher\Desktop\Psychology 11e - David G. Myers.pdf
2017-11-19 16:21 - 2017-11-19 16:21 - 000000222 _____ C:\Users\Christopher\Desktop\Just Cause 3.url
2017-11-14 12:45 - 2017-12-01 10:27 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z
2017-11-14 12:45 - 2017-11-14 12:45 - 000000000 ____D C:\Program Files (x86)\GPU-Z
2017-11-11 12:43 - 2017-12-03 16:26 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-11-11 12:43 - 2017-12-03 16:26 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-11-11 12:43 - 2017-12-03 16:26 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-11-11 12:43 - 2017-12-03 16:26 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-11-11 12:43 - 2017-12-01 12:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-11 12:43 - 2017-11-11 12:43 - 000193464 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2017-11-11 12:43 - 2017-11-11 12:43 - 000000000 ____D C:\ProgramData\MB3CoreBackup
2017-11-07 14:46 - 2017-11-07 14:46 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-11-07 14:46 - 2017-09-13 17:20 - 000798008 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-11-07 14:46 - 2017-09-13 17:20 - 000490296 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-11-07 14:46 - 2017-09-13 17:19 - 000927544 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-11-07 14:46 - 2017-09-13 17:19 - 000591160 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-11-07 14:44 - 2017-10-27 11:50 - 040237688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 036239480 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 035156928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 029270976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 023262280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 019037416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 013864048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 013254520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 011779328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 010882720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 004485048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 004201592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 003817584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 003614328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 001989056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438813.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 001673848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438813.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 001331200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 001321448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 001135464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 001099712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 001044848 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 001038680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 001031104 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 000981112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 000932288 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 000885680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 000794392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 000739448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 000634224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 000618928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 000615544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 000598464 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 000505976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 000048442 _____ C:\WINDOWS\system32\nvinfo.pb
2017-11-07 14:44 - 2017-10-27 11:50 - 000000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-11-07 14:44 - 2017-10-27 11:50 - 000000669 _____ C:\WINDOWS\system32\nv-vk64.json
 
FRST.TXT 3/3
==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-03 16:28 - 2016-04-21 17:21 - 000000000 ____D C:\Users\Christopher\AppData\Local\LogMeIn Hamachi
2017-12-03 16:27 - 2017-05-23 15:59 - 000000000 ____D C:\ProgramData\NVIDIA
2017-12-03 16:27 - 2015-08-18 20:09 - 000000000 ____D C:\Users\Christopher\AppData\Local\Adobe
2017-12-03 16:27 - 2015-08-12 18:19 - 000000000 ___RD C:\Users\Christopher\Google Drive
2017-12-03 16:27 - 2015-06-20 21:58 - 000000000 ____D C:\Program Files (x86)\Steam
2017-12-03 16:27 - 2015-06-20 21:46 - 000000000 __RDL C:\Users\Christopher\OneDrive
2017-12-03 16:26 - 2017-09-29 02:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2017-12-03 13:33 - 2015-07-01 17:23 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\vlc
2017-12-03 05:08 - 2017-09-29 07:46 - 000000000 ___HD C:\Program Files\WindowsApps
2017-12-03 05:08 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2017-12-03 05:08 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-12-02 23:31 - 2015-12-11 19:30 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\uTorrent
2017-12-02 17:08 - 2017-09-29 07:44 - 000000000 ____D C:\WINDOWS\INF
2017-12-02 11:15 - 2017-09-29 07:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-12-02 04:21 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\appcompat
2017-12-02 01:38 - 2017-09-29 07:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-12-02 01:38 - 2017-09-29 07:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-12-02 01:37 - 2015-10-19 17:57 - 000000000 ____D C:\Program Files\Microsoft Office
2017-12-01 17:56 - 2015-08-18 20:10 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-12-01 12:24 - 2017-09-29 07:46 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-12-01 12:22 - 2017-09-29 07:49 - 000000000 ____D C:\WINDOWS\Setup
2017-12-01 12:22 - 2017-09-29 07:46 - 000000000 __RHD C:\Users\Public\Libraries
2017-12-01 12:22 - 2017-09-29 07:46 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-12-01 12:22 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-12-01 12:22 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-12-01 12:22 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\spool
2017-12-01 12:22 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-12-01 12:22 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-12-01 12:22 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-12-01 12:22 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2017-12-01 12:22 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-12-01 12:22 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\InputMethod
2017-12-01 12:22 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\Help
2017-12-01 12:22 - 2017-09-26 23:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-12-01 12:22 - 2017-09-24 17:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SOLIDWORKS Tools 2016
2017-12-01 12:22 - 2017-09-24 17:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SOLIDWORKS 2016
2017-12-01 12:22 - 2017-09-24 17:29 - 000000000 ____D C:\WINDOWS\SysWOW64\1033
2017-12-01 12:22 - 2017-09-24 17:29 - 000000000 ____D C:\WINDOWS\system32\1033
2017-12-01 12:22 - 2017-09-24 17:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2014
2017-12-01 12:22 - 2017-09-24 17:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SOLIDWORKS Installation Manager
2017-12-01 12:22 - 2017-09-21 21:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2017-12-01 12:22 - 2017-09-11 19:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2017-12-01 12:22 - 2017-08-04 14:16 - 000000000 ____D C:\WINDOWS\SysWOW64\Adobe
2017-12-01 12:22 - 2017-08-03 15:20 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-12-01 12:22 - 2017-07-17 12:26 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2017-12-01 12:22 - 2017-07-10 12:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2017-12-01 12:22 - 2017-07-01 20:11 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.3
2017-12-01 12:22 - 2017-06-29 07:44 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2017-12-01 12:22 - 2017-06-23 17:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO32
2017-12-01 12:22 - 2017-05-23 15:59 - 000000000 ____D C:\Program Files\Intel
2017-12-01 12:22 - 2017-05-23 15:59 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-12-01 12:22 - 2017-05-07 12:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
2017-12-01 12:22 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-12-01 12:22 - 2017-03-08 07:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-12-01 12:22 - 2017-01-24 22:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Twitch Leecher
2017-12-01 12:22 - 2016-09-08 16:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-12-01 12:22 - 2016-09-05 11:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed
2017-12-01 12:22 - 2016-08-20 14:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2017-12-01 12:22 - 2016-08-06 09:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-12-01 12:22 - 2016-07-11 08:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2017-12-01 12:22 - 2016-05-04 19:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch
2017-12-01 12:22 - 2016-04-08 17:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4K Download
2017-12-01 12:22 - 2016-01-02 04:57 - 000000000 ____D C:\Program Files (x86)\Razer
2017-12-01 12:22 - 2015-11-30 21:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2017-12-01 12:22 - 2015-11-07 11:44 - 000000000 ____D C:\WINDOWS\SysWOW64\xlive
2017-12-01 12:22 - 2015-09-02 16:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2017-12-01 12:22 - 2015-08-01 09:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Todo Backup Free 8.5
2017-12-01 12:22 - 2015-07-06 16:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2017-12-01 12:22 - 2015-06-21 21:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2017-12-01 12:22 - 2015-06-20 21:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-12-01 12:22 - 2015-06-20 21:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2017-12-01 12:22 - 2015-06-20 21:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-12-01 12:22 - 2013-08-22 09:36 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-12-01 12:22 - 2013-08-22 09:36 - 000000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2017-12-01 12:22 - 2013-08-22 09:36 - 000000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2017-12-01 12:19 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2017-12-01 12:19 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2017-12-01 12:19 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2017-12-01 12:19 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\SysWOW64\en-GB
2017-12-01 12:19 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2017-12-01 12:19 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2017-12-01 12:19 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\et-EE
2017-12-01 12:19 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\en-GB
2017-12-01 12:19 - 2017-09-24 17:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2017-12-01 12:19 - 2017-09-24 17:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2005
2017-12-01 12:19 - 2017-09-24 17:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
2017-12-01 12:19 - 2017-08-24 13:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2017-12-01 12:19 - 2017-08-04 18:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewBlue
2017-12-01 12:19 - 2017-08-01 22:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2017-12-01 12:19 - 2017-06-29 04:55 - 000000000 ____D C:\Program Files\ASUS
2017-12-01 12:19 - 2017-05-23 20:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ableton
2017-12-01 12:19 - 2017-05-23 15:59 - 000000000 ____D C:\Program Files\Realtek
2017-12-01 12:19 - 2016-06-24 13:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
2017-12-01 12:19 - 2015-11-14 16:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elgato
2017-12-01 12:19 - 2015-07-24 18:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2017-12-01 12:19 - 2015-06-21 13:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2017-12-01 12:17 - 2017-09-29 08:42 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\te-IN
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\ta-IN
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\si-LK
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\or-IN
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\km-KH
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\is-IS
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\id-ID
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\be-BY
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\as-IN
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\am-ET
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2017-12-01 12:17 - 2017-09-29 07:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-12-01 12:17 - 2017-09-29 07:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-12-01 12:17 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\TextInput
2017-12-01 12:17 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2017-12-01 12:17 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-12-01 12:17 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2017-12-01 12:17 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-12-01 12:17 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-12-01 12:17 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-12-01 12:17 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\Provisioning
2017-12-01 12:17 - 2017-09-29 07:46 - 000000000 ____D C:\Program Files\Windows Defender
2017-12-01 12:17 - 2017-09-29 07:46 - 000000000 ____D C:\PerfLogs
2017-12-01 12:17 - 2017-09-29 02:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2017-12-01 10:46 - 2015-07-30 18:06 - 000002385 _____ C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-12-01 10:44 - 2017-10-25 17:31 - 000000000 ___RD C:\Users\Christopher\3D Objects
2017-12-01 10:44 - 2015-07-30 18:02 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-12-01 10:44 - 2015-07-30 18:02 - 000000000 ____D C:\Users\Christopher\AppData\Local\TileDataLayer
2017-12-01 10:34 - 2017-09-29 07:46 - 000000000 ____D C:\ProgramData\USOPrivate
2017-12-01 10:34 - 2017-05-07 09:15 - 000000410 __RSH C:\ProgramData\ntuser.pol
2017-12-01 10:32 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\Registration
2017-12-01 10:32 - 2015-07-30 17:55 - 000022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-12-01 10:30 - 2015-06-21 14:07 - 000904310 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2017-12-01 10:27 - 2017-09-29 07:46 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-12-01 10:27 - 2017-08-16 17:40 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SnakeBite
2017-12-01 10:27 - 2017-07-22 16:45 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WiiU_USB_Helper
2017-12-01 10:27 - 2017-06-23 17:50 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server
2017-12-01 10:27 - 2017-06-23 17:23 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2017-12-01 10:27 - 2017-05-07 12:03 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2017-12-01 10:27 - 2017-05-07 12:02 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2017-12-01 10:27 - 2016-12-14 19:44 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Balabolka
2017-12-01 10:27 - 2016-10-22 11:57 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WBFS Manager
2017-12-01 10:27 - 2016-06-27 19:42 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
2017-12-01 10:27 - 2015-09-20 14:28 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BlueJ
2017-12-01 10:27 - 2015-06-20 21:58 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-12-01 10:26 - 2016-05-23 13:36 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2017-12-01 10:26 - 2015-12-31 22:38 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-12-01 10:26 - 2015-06-24 11:44 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2017-12-01 10:25 - 2017-09-29 02:45 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2017-12-01 10:25 - 2017-06-29 04:55 - 000000000 ____D C:\WINDOWS\system32\DAX2
2017-12-01 10:25 - 2017-05-23 15:59 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-12-01 10:25 - 2017-05-23 15:59 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-12-01 10:25 - 2015-08-07 14:16 - 000000000 ____D C:\Temp
2017-12-01 00:21 - 2015-11-25 12:54 - 000000000 ____D C:\Users\Christopher\AppData\Local\CrashDumps
2017-11-30 22:54 - 2017-05-23 15:59 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-11-30 21:37 - 2015-08-01 09:29 - 000000000 ____D C:\Program Files (x86)\EaseUS
2017-11-30 20:36 - 2017-05-23 15:59 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-11-30 15:19 - 2015-06-20 21:48 - 000000000 ____D C:\Users\Christopher\AppData\Local\Google
2017-11-30 15:19 - 2015-06-20 21:48 - 000000000 ____D C:\Program Files (x86)\Google
2017-11-29 19:20 - 2016-05-03 17:57 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2017-11-29 00:56 - 2017-10-14 18:35 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\nhm2
2017-11-25 21:16 - 2016-09-05 11:14 - 000000000 ____D C:\Program Files\WhoCrashed
2017-11-25 21:16 - 2016-05-23 13:36 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\discord
2017-11-24 11:58 - 2017-06-29 22:44 - 000001078 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2017-11-24 11:58 - 2017-06-29 22:44 - 000000000 ____D C:\Program Files\Opera
2017-11-20 22:31 - 2015-07-06 16:24 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\.minecraft
2017-11-20 11:22 - 2017-06-23 17:23 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner
2017-11-20 01:14 - 2015-06-24 11:44 - 000000000 ____D C:\Users\Christopher\AppData\Local\Ubisoft Game Launcher
2017-11-19 21:36 - 2016-10-09 07:34 - 000000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2017-11-19 14:55 - 2017-02-14 20:15 - 000001040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-11-18 20:04 - 2015-06-24 11:54 - 000281688 _____ C:\WINDOWS\SysWOW64\PnkBstrB.xtr
2017-11-18 16:27 - 2015-06-22 18:04 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-11-18 16:21 - 2017-10-10 14:52 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-11-18 16:21 - 2015-06-22 18:04 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-11-17 00:02 - 2015-06-24 11:44 - 000281688 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2017-11-16 20:37 - 2015-11-30 21:53 - 000000000 ____D C:\Program Files (x86)\Origin
2017-11-15 19:41 - 2017-06-29 07:12 - 000186304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2017-11-15 19:41 - 2017-06-29 07:12 - 000152512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2017-11-15 19:41 - 2016-09-08 16:09 - 002404800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2017-11-15 19:41 - 2016-09-08 16:09 - 002070976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2017-11-15 19:41 - 2016-09-08 16:09 - 001309120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll
2017-11-15 18:53 - 2017-01-07 11:00 - 000001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2017-11-12 16:34 - 2017-02-24 19:24 - 000780328 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2017-11-11 19:19 - 2015-06-20 22:13 - 000000000 ____D C:\Users\Christopher\AppData\Local\NVIDIA
2017-11-11 19:17 - 2015-07-06 16:23 - 000000000 ____D C:\Program Files (x86)\Minecraft
2017-11-11 12:43 - 2017-10-07 22:03 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-07 18:34 - 2017-08-04 14:11 - 000000000 ____D C:\Users\Christopher\AppData\Local\IE Tab
2017-11-07 15:12 - 2017-09-15 15:14 - 000000000 ____D C:\Users\Christopher\AppData\Local\Arduino15
2017-11-04 19:27 - 2015-07-26 18:45 - 000000000 ____D C:\Users\Christopher\AppData\Local\Spotify
2017-11-04 19:27 - 2015-07-26 18:44 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\Spotify
2017-11-03 19:25 - 2017-09-29 07:49 - 000835568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-11-03 19:25 - 2017-09-29 07:49 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2017-10-18 12:17 - 2017-10-18 12:17 - 000007605 _____ () C:\Users\Christopher\AppData\Local\Resmon.ResmonCfg
2017-09-11 19:41 - 2017-09-11 19:41 - 000000003 _____ () C:\Users\Christopher\AppData\Local\updater.log
2017-09-11 19:41 - 2017-09-11 19:41 - 000000425 _____ () C:\Users\Christopher\AppData\Local\UserProducts.xml

Some files in TEMP:
====================
2017-12-01 21:52 - 2017-12-03 15:15 - 000000000 _____ () C:\Users\Christopher\AppData\Local\Temp\00e481b5e22dbe1f649fcddd505d3eb7.dll
2017-12-01 21:52 - 2017-12-03 15:15 - 000000017 _____ () C:\Users\Christopher\AppData\Local\Temp\424b07c3213a8af58f56a73cb248247b.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-12-01 10:24

==================== End of FRST.txt ============================
 
ADDITION.TXT 1/3
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-11-2017
Ran by ChristopherAubert (03-12-2017 18:29:07)
Running from C:\Users\Christopher\Desktop
Windows 10 Pro Version 1709 16299.98 (X64) (2017-12-01 16:34:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3319825686-2643767977-2016650390-500 - Administrator - Disabled)
ChristopherAubert (S-1-5-21-3319825686-2643767977-2016650390-1001 - Administrator - Enabled) => C:\Users\Christopher
DefaultAccount (S-1-5-21-3319825686-2643767977-2016650390-503 - Limited - Disabled)
Guest (S-1-5-21-3319825686-2643767977-2016650390-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3319825686-2643767977-2016650390-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3319825686-2643767977-2016650390-1001\...\uTorrent) (Version: 3.5.0.44294 - BitTorrent Inc.)
4K Video Downloader 4.2 (HKLM-x32\...\4K Video Downloader_is1) (Version: 4.2.0.2175 - Open Media LLC)
4K YouTube to MP3 3.0 (HKLM-x32\...\4K YouTube to MP3_is1) (Version: 3.0.1.1636 - Open Media LLC)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.1.2 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.2.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.9.199 - Adobe Systems, Inc.)
Arduino (HKLM-x32\...\Arduino) (Version: 1.8.4 - Arduino LLC)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
Backup and Sync from Google (HKLM-x32\...\{604582EB-8259-4ED6-9B1B-6F2494D4B640}) (Version: 3.37.7411.4599 - Google, Inc.)
Balabolka (HKLM-x32\...\Balabolka) (Version: 2.11.0.616 - Ilya Morozov)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
Blackboard Collaborate Launcher (HKLM-x32\...\{C4F79F84-C509-48B0-81B8-3C2FA2182406}) (Version: 1.6.0.0 - Blackboard)
BlueJ (HKLM-x32\...\{7D66971C-652B-4065-A6B1-B3EE313C254B}) (Version: 3.1.5 - BlueJ Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Chrome Remote Desktop Host (HKLM-x32\...\{D61C8E6E-A4F3-4CD8-8568-51CEB5660C89}) (Version: 63.0.3239.32 - Google Inc.)
CPUID HWMonitor 1.32 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.32 - )
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0192 - Disc Soft Ltd)
Discord (HKU\S-1-5-21-3319825686-2643767977-2016650390-1001\...\Discord) (Version: 0.0.298 - Discord Inc.)
EaseUS Partition Master 12.5 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
Elgato Game Capture HD (HKLM-x32\...\{FAC1D41C-C800-467B-8C8D-97FBF6F5BBF1}) (Version: 2.20.9.1066 - Elgato Systems GmbH)
Epic Games Launcher (HKLM-x32\...\{F7118EF5-320C-4340-99F4-25F970B428A3}) (Version: 1.1.125.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version: - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line)
Fraps (HKLM-x32\...\Fraps) (Version: - )
Game Capture HD60 Pro v1.1.0.149 (HKLM-x32\...\Software_Elgato_Game Capture HD60 Pro) (Version: 1.1.0.149 - Elgato Systems)
Game Capture HD60 v2.1.1.3 (HKLM-x32\...\Software_Elgato_Game Capture HD60) (Version: 2.1.1.3 - Elgato Systems)
GDR 4237 for SQL Server 2014 (KB4019091) (64-bit) (HKLM\...\KB4019091) (Version: 12.1.4237.0 - Microsoft Corporation)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - )
HP OfficeJet 4650 series Basic Device Software (HKLM\...\{F68DF314-BD12-4549-941C-521CB8D16DDE}) (Version: 40.11.1122.1796 - HP Inc.)
HWiNFO32 Version 5.52 (HKLM-x32\...\HWiNFO32_is1) (Version: 5.52 - Martin Malík - REALiX)
Intel(R) Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel(R) Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Lernout & Hauspie TruVoice American English TTS Engine (HKLM-x32\...\tv_enua) (Version: - )
Lightshot-5.4.0.10 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.10 - Skillbrains)
Live 8.2.2 (HKLM-x32\...\Live 8.2.2) (Version: - )
LogMeIn Hamachi (HKLM-x32\...\{BE82D2D7-6CA2-43B3-8C22-CCF6405806E7}) (Version: 2.2.0.579 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.579 - LogMeIn, Inc.)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{BE00C353-3529-4C31-AED2-AE3598D2CD2B}) (Version: 12.1.4237.0 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.8625.2139 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3319825686-2643767977-2016650390-1001\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{C79A7EAB-9D6F-4072-8A6D-F8F54957CD93}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2014) (Version: - Microsoft Corporation)
Microsoft SQL Server 2014 Setup (English) (HKLM\...\{EDB86AFA-B3AA-45F6-BEEB-DA14A47FC1FB}) (Version: 12.1.4237.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{FF7DDA05-6EA7-4C01-B44A-3E57F8B9B97B}) (Version: 12.1.4100.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2014 (HKLM\...\{366CD715-2FF4-40B4-A8B4-A05E5D21A945}) (Version: 12.1.4100.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 54.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 54.0.1 (x64 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0.1 - Mozilla)
MSI Afterburner 4.4.0 (HKLM-x32\...\Afterburner) (Version: 4.4.0 - MSI Co., LTD)
NewBlue 3D Explosions for Windows (HKLM-x32\...\NewBlue 3D Explosions for Windows) (Version: 3.0 - NewBlue)
NewBlue 3D Transformations for Windows (HKLM-x32\...\NewBlue 3D Transformations for Windows) (Version: 3.0 - NewBlue)
NewBlue Art Blends for Windows (HKLM-x32\...\NewBlue Art Blends for Windows) (Version: 3.0 - NewBlue)
NewBlue Art Effects for Windows (HKLM-x32\...\NewBlue Art Effects for Windows) (Version: 3.0 - NewBlue)
NewBlue ColorFast for Windows (HKLM-x32\...\NewBlue ColorFast for Windows) (Version: 3.0 - NewBlue)
NewBlue Film Effects for Windows (HKLM-x32\...\NewBlue Film Effects for Windows) (Version: 3.0 - NewBlue)
NewBlue Light Blends for Windows (HKLM-x32\...\NewBlue Light Blends for Windows) (Version: 3.0 - NewBlue)
NewBlue Light Effects for Windows (HKLM-x32\...\NewBlue Light Effects for Windows) (Version: 3.0 - NewBlue)
NewBlue Motion Blends for Windows (HKLM-x32\...\NewBlue Motion Blends for Windows) (Version: 2.4 - NewBlue)
NewBlue Motion Effects for Windows (HKLM-x32\...\NewBlue Motion Effects for Windows) (Version: 3.0 - NewBlue)
NewBlue Paint Blends for Windows (HKLM-x32\...\NewBlue Paint Blends for Windows) (Version: 3.0 - NewBlue)
NewBlue Paint Effects for Windows (HKLM-x32\...\NewBlue Paint Effects for Windows) (Version: 3.0 - NewBlue)
NewBlue Video Essentials for Windows (HKLM-x32\...\NewBlue Video Essentials for Windows) (Version: 3.0 - NewBlue)
NewBlue Video Essentials II for Windows (HKLM-x32\...\NewBlue Video Essentials II for Windows) (Version: 3.0 - NewBlue)
NewBlue Video Essentials III for Windows (HKLM-x32\...\NewBlue Video Essentials III for Windows) (Version: 3.0 - NewBlue)
NewBlue Video Essentials IV for Windows (HKLM-x32\...\NewBlue Video Essentials IV for Windows) (Version: 3.0 - NewBlue)
NewBlue Video Essentials V for Windows (HKLM-x32\...\NewBlue Video Essentials V for Windows) (Version: 3.0 - NewBlue)
NewBlue Video Essentials VI for Windows (HKLM-x32\...\NewBlue Video Essentials VI for Windows) (Version: 3.0 - NewBlue)
NewBlue Video Essentials VII for Windows (HKLM-x32\...\NewBlue Video Essentials VII for Windows) (Version: 3.0 - NewBlue)
NextUp-ScanSoft Daniel British Voice (HKLM-x32\...\{BE916006-E144-44CF-B467-F733D0F86200}) (Version: 4.0.0 - NextUp.com)
NiceHash Miner 2 0.1.3 (only current user) (HKU\S-1-5-21-3319825686-2643767977-2016650390-1001\...\08059810-bc78-5c10-942c-2092eebb5ec8) (Version: 0.1.3 - NiceHash)
NVIDIA GeForce Experience 3.11.0.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.11.0.73 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 20.0.1 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.8326.2076 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Opera Stable 49.0.2725.47 (HKLM-x32\...\Opera 49.0.2725.47) (Version: 49.0.2725.47 - Opera Software)
Oracle VM VirtualBox 5.1.26 (HKLM\...\{11A88BD5-F059-4743-81D9-1432AC9C3D4E}) (Version: 5.1.26 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.6.6235 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
Overwatch Test (HKLM-x32\...\Overwatch Test) (Version: - Blizzard Entertainment)
paint.net (HKLM\...\{02D89175-E08F-401B-BA30-8B7512B57724}) (Version: 4.0.17 - dotPDN LLC)
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 2.7.5 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.21.00.830 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.2.703.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{B63CCD1C-A133-4DF8-8306-DA0387231152}) (Version: 1.00.0269 - REALTEK Semiconductor Corp.)
RivaTuner Statistics Server 7.0.0 Beta 19 (HKLM-x32\...\RTSS) (Version: 7.0.0 Beta 19 - Unwinder)
Service Pack 1 for SQL Server 2014 (KB3058865) (64-bit) (HKLM\...\KB3058865) (Version: 12.1.4100.1 - Microsoft Corporation)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.)
SOLIDWORKS 2016 x64 Edition SP04 (HKLM\...\{768F3B65-1695-47B7-9002-B11400CB111D}) (Version: 24.140.86 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS 2016 x64 Edition SP04 (HKLM-x32\...\SolidWorks Installation Manager 20160-40400-1100-100) (Version: 24.4.0.86 - SolidWorks Corporation)
SOLIDWORKS Composer Player 2016 SP04 x64 Edition (HKLM\...\{8537E059-C18B-4DE6-AED6-CD9B90240C35}) (Version: 24.40.86 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS eDrawings 2016 x64 Edition SP04 (HKLM\...\{B3DDA3FF-C213-42EA-808B-274C1E88EABD}) (Version: 16.4.0053 - Dassault Systèmes SolidWorks Corp) Hidden
SOLIDWORKS Electrical 2016 SP04 x64 Edition (HKLM\...\{064914EF-A0D8-447D-8E5C-E888CA8FD467}) (Version: 24.40.86 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS Flow Simulation 2016 SP04 x64 Edition (HKLM\...\{0B7C2320-1D2F-42F1-9941-C88C6B7AB0D5}) (Version: 24.40.87 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS Plastics 2016 SP04 x64 Edition (HKLM\...\{DF6A3557-CE70-4357-81CF-E33CCB5E750D}) (Version: 24.40.86 - Dassault Systemes SolidWorks Corp) Hidden
Spotify (HKU\S-1-5-21-3319825686-2643767977-2016650390-1001\...\Spotify) (Version: 1.0.62.508.g2c497f24 - Spotify AB)
SQL Server 2014 Common Files (HKLM\...\{BD1CD96B-FE4B-4EAE-83D4-6EF55AB5779C}) (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (HKLM\...\{F7012F84-80F5-4C25-852E-B1BA03276FE6}) (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{17531BCD-C627-46A2-9F1E-7CC920E0E94A}) (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{5082A9F3-AEE5-4639-9BA7-C19661BA7331}) (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM\...\{ACC530B8-B6B4-40D6-B59B-152468CF47D0}) (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM\...\{D1B847A9-B06B-4264-9EF0-78E6E1571E65}) (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2014 (HKLM-x32\...\{3204DE95-97D2-4261-A286-98A262E171D4}) (Version: 12.1.4100.1 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (HKLM\...\{6476DB81-F263-4C04-8574-AAD31136C304}) (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab Detection (HKLM-x32\...\{541E382C-8DBF-44C5-BB7A-00E01526184E}) (Version: 6.1.6.0 - Husdawg, LLC)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.88438 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
Trials Fusion (HKLM-x32\...\Uplay Install 297) (Version: - Ubisoft)
Twitch Leecher 1.3.5 (HKLM\...\{C7081120-8F65-46B6-85A4-3200AB1B5AAA}) (Version: 1.3.5.0 - Fake Smile Revolution) Hidden
Twitch Leecher 1.3.5 (HKLM-x32\...\{dbdcd040-9099-4490-80a2-0a617c83df14}) (Version: 1.3.5.0 - Fake Smile Revolution)
Unity Web Player (HKU\S-1-5-21-3319825686-2643767977-2016650390-1001\...\UnityWebPlayer) (Version: 5.1.3f1 - Unity Technologies ApS)
Unlocker (HKLM\...\{5993C960-4E90-4A00-A2F3-D0C4020A6992}) (Version: 1.9.2 - ajua Custom Installers)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
Vegas Pro 13.0 (64-bit) (HKLM\...\{D0360940-CCC6-11E3-B9C6-F04DA23A5C58}) (Version: 13.0.310 - Sony)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
WBFS Manager 3.0 (HKLM-x32\...\WBFS Manager 3.0) (Version: 3.0 - AlexDP)
WhoCrashed 5.52 (HKLM\...\WhoCrashed_is1) (Version: - Resplendence Software Projects Sp.)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WPTx64 (HKLM-x32\...\{0B2C58EB-67A2-225B-60B2-D1990E55DD33}) (Version: 8.100.26866 - Microsoft)
Zoo Tycoon: Complete Collection (HKLM-x32\...\Zoo Tycoon 1.0) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3319825686-2643767977-2016650390-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Christopher\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-01] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-01] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-01] (Google)
ContextMenuHandlers1: [Balabolka] -> {6CB83A5A-AA68-4895-9F54-175E789AE149} => C:\Program Files (x86)\Balabolka\BFileExt.dll [2013-02-28] (Ilya Morozov)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-01] (Google)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-01] (Google)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {018DDBE5-D919-4488-B41D-05A4B6D47D36} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {146E9603-DC8F-4E37-9E1A-52563B54F8B7} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-11-15] (NVIDIA Corporation)
Task: {1729B123-DE6D-4835-9CB3-403640369924} - System32\Tasks\update-S-1-5-21-3319825686-2643767977-2016650390-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {1E0B3DCB-D58E-4772-8B7D-333400D3FCD2} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NOUACCHECK
Task: {2478B127-7F78-413A-B0B1-60F5EFD02EBE} - System32\Tasks\Opera scheduled Autoupdate 1498797898 => C:\Program Files\Opera\launcher.exe [2017-11-23] (Opera Software)
Task: {2C021CE2-9C47-4373-8222-00E96DA1BF8B} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-26] ()
Task: {32FA0967-A524-4952-A9C8-52E08E780C5B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {3401E304-5AD4-4C43-B04A-B2B142387883} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-11-15] (NVIDIA Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3A24B074-058C-45D2-A2D5-745B09BE0F90} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-15] (Adobe Systems Incorporated)
Task: {495A9FA3-E3D0-4099-B625-CB4334A7363C} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_187_pepper.exe [2017-11-15] (Adobe Systems Incorporated)
Task: {4C9EB26E-F7D4-4559-9E9C-B2218C0441C4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-11-22] (Microsoft Corporation)
Task: {4E291B42-58AC-4793-B5EA-B07FAE1A1D99} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-11-15] (NVIDIA Corporation)
Task: {4EAFCE38-4438-4CB9-A28B-678EE408FFF0} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-11-15] (NVIDIA Corporation)
Task: {5796CC6E-F940-449A-9710-5B9422045688} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-12-02] (Microsoft Corporation)
Task: {5D6C7344-D9B9-46B9-B818-1E40D7397AE6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-20] (Google Inc.)
Task: {5FF7702E-1C2F-4BD5-BC84-9106B1A948E5} - System32\Tasks\HWiNFO => C:\Program Files (x86)\HWiNFO32\HWiNFO32.EXE [2017-05-23] (REALiX)
Task: {66955745-9E14-483C-B746-DF23BE5B70C4} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-11-15] (NVIDIA Corporation)
Task: {6B567D2A-7B20-4D85-A580-7C3ADF58213F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-12-02] (Microsoft Corporation)
Task: {6F8B5632-20BD-4A59-9B7D-DC5A30242A9C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-12-02] (Microsoft Corporation)
Task: {796BE913-D989-4A68-8A39-978447A124A6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-11-22] (Microsoft Corporation)
Task: {7B352C5D-D240-4CAE-A425-A85C3AE96334} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2017-10-31] ()
Task: {89F941D5-3685-4BDB-A169-0A6C79C2249A} - System32\Tasks\RTSS => C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe [2017-04-08] ()
Task: {8C332A71-9306-4ACC-8C69-A1F7CA8DF00C} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-26] ()
Task: {92C65BCC-3DA0-4800-A912-D7DDBEB0CA2A} - System32\Tasks\Norton Product InstallerIdle => C:\WINDOWS\SysWOW64\Adobe\Shockwave 12\SymInstallStub.exe
Task: {A5221AB8-4AAF-4B6C-B258-9C357380C604} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-11-15] (NVIDIA Corporation)
Task: {BD61B490-330B-43A7-AFF9-8D15094F83DE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-20] (Google Inc.)
Task: {D599F332-3E79-403F-8F80-37BC8C3ABAF5} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-11-15] (NVIDIA Corporation)
Task: {DBD48C8D-396C-472B-877B-DF39B7302637} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-11-15] (NVIDIA Corporation)
Task: {E201DDEC-9FED-4027-99E7-086C257F70B4} - System32\Tasks\CAM => C:\Program Files (x86)\NZXT\CAM\CAM_V3.exe
Task: {EAF7B160-6AF5-44DC-9796-266BCC6151A1} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-11-18] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
Task: C:\WINDOWS\Tasks\Norton Product InstallerIdle.job => C:\WINDOWS\SysWOW64\Adobe\Shockwave 12\SymInstallStub.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-3319825686-2643767977-2016650390-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - notes and lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki

==================== Loaded Modules (Whitelisted) ==============

2017-09-29 07:41 - 2017-09-29 07:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-06-29 04:55 - 2013-07-03 19:32 - 000936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2016-07-14 18:46 - 2016-07-14 18:46 - 000180272 _____ () C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Electrical\server\EwServer.exe
2017-10-07 22:03 - 2017-11-01 08:54 - 002358736 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-10-07 22:03 - 2017-11-01 08:55 - 002299344 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2016-09-08 16:09 - 2017-11-15 19:41 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-07-19 16:09 - 2017-07-19 16:09 - 000189264 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2016-11-14 18:12 - 2014-12-12 17:24 - 000044760 _____ () C:\Windows\runSW.exe
2017-02-14 09:40 - 2017-04-08 08:40 - 000428232 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks64.dll
2017-04-08 08:35 - 2017-04-08 08:35 - 000241152 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
2017-09-26 21:21 - 2017-11-07 15:30 - 008931496 _____ () C:\Program Files\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-11-30 09:07 - 2017-11-30 09:08 - 000087040 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-11-30 09:07 - 2017-11-30 09:08 - 000202752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-11-30 09:07 - 2017-11-30 09:08 - 025600000 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-11-30 09:07 - 2017-11-30 09:08 - 002546176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\skypert.dll
2017-11-30 09:07 - 2017-11-30 09:08 - 000672256 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2017-04-08 08:35 - 2017-04-08 08:35 - 000027136 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe
2017-04-08 08:35 - 2017-04-08 08:35 - 000088576 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
2017-11-01 04:49 - 2017-11-01 04:49 - 040417680 _____ () C:\Program Files (x86)\Google\Drive\googledrivesync.exe
2017-11-30 15:19 - 2017-11-10 03:57 - 004135768 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libglesv2.dll
2017-11-30 15:19 - 2017-11-10 03:57 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libegl.dll
2016-07-15 00:45 - 2016-07-15 00:45 - 000267672 _____ () C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\sldBodyDiffu.dll
2017-11-30 21:37 - 2017-09-13 11:12 - 000256144 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.5\bin\TrayPopupE\TrayTipAgentE.exe
2017-09-13 19:37 - 2017-09-13 19:44 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11710.1001.27.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-11-14 01:34 - 2017-11-14 01:35 - 000022016 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-11-14 01:34 - 2017-11-14 01:35 - 055109120 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-10-04 15:21 - 2017-10-04 15:22 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2017-11-14 01:34 - 2017-11-14 01:35 - 000164864 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\VideoPlugin.dll
2017-10-04 15:21 - 2017-10-04 15:22 - 000675328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\IPPNativePlugin.dll
2017-11-14 01:34 - 2017-11-14 01:35 - 003740160 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2017-11-14 01:34 - 2017-11-14 01:35 - 002051584 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2017-11-14 01:34 - 2017-11-14 01:35 - 020759040 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2017-11-14 01:34 - 2017-11-14 01:35 - 003607040 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-11-14 01:34 - 2017-11-14 01:35 - 003150848 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2017-08-29 11:26 - 2017-08-29 11:26 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
 
ADDITION.TXT 2/3
2017-11-14 01:34 - 2017-11-14 01:35 - 000046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2017-11-14 01:34 - 2017-11-14 01:35 - 002493440 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Microsoft.People.AutoSuggest.dll
2017-11-14 01:34 - 2017-11-14 01:35 - 000919040 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Microsoft.People.PeoplePicker.dll
2017-11-14 01:34 - 2017-11-14 01:35 - 001363968 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-11-14 01:34 - 2017-11-14 01:35 - 000084480 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\MediaEngineVideoDataProvider.UWP.dll
2017-06-29 04:55 - 2017-12-03 16:26 - 000035984 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2017-06-29 04:55 - 2013-07-03 19:32 - 000104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2017-04-08 08:34 - 2017-04-08 08:34 - 000055808 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTFC.dll
2017-04-08 08:35 - 2017-04-08 08:35 - 000071680 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTMUI.dll
2017-04-08 08:35 - 2017-04-08 08:35 - 000353792 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTUI.dll
2017-02-14 09:40 - 2017-04-08 08:40 - 000400072 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks.dll
2016-09-08 16:09 - 2017-11-15 19:41 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-09-08 16:09 - 2017-11-15 19:40 - 066906560 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2017-09-26 21:34 - 2017-11-07 15:32 - 008930992 _____ () C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2015-06-20 22:16 - 2017-09-09 13:25 - 000688416 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-06-20 22:16 - 2016-08-31 19:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-06-20 22:16 - 2017-10-30 21:22 - 002546976 _____ () C:\Program Files (x86)\Steam\video.dll
2015-06-20 22:16 - 2016-01-27 01:49 - 000332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-06-20 22:16 - 2016-01-27 01:49 - 000491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-06-20 22:16 - 2016-01-27 01:49 - 002549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-06-20 22:16 - 2016-01-27 01:49 - 000442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-06-20 22:16 - 2016-01-27 01:49 - 000485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-06-20 22:16 - 2016-08-31 19:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-06-20 22:16 - 2016-08-31 19:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-06-20 22:16 - 2017-10-30 21:22 - 000901408 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-09 16:45 - 2016-07-04 16:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-12-12 22:27 - 2017-08-16 16:28 - 073130272 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-06-09 10:12 - 2017-09-06 20:04 - 000678400 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2015-06-20 22:16 - 2015-09-24 17:52 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2017-12-03 16:27 - 2017-12-03 16:27 - 000088064 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI93402\_ctypes.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000918528 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI93402\_hashlib.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000098816 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI93402\win32api.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000110080 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI93402\pywintypes27.dll
2017-12-03 16:27 - 2017-12-03 16:27 - 000364544 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI93402\pythoncom27.dll
2017-12-03 16:27 - 2017-12-03 16:27 - 000686080 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI93402\unicodedata.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000320512 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI93402\win32com.shell.shell.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 001177088 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI93402\wx._core_.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000806912 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI93402\wx._gdi_.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000816640 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI93402\wx._windows_.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 001067520 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI93402\wx._controls_.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000733696 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI93402\wx._misc_.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000736256 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI93402\pysqlite2._sqlite.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000119808 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI93402\win32file.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000108544 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI93402\win32security.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000007168 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI93402\hashobjs_ext.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000017920 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI93402\thumbnails_ext.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000082432 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI93402\usb_ext.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000013824 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI93402\common.time34.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000018432 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI93402\win32event.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000027648 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI93402\windows.conditional.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000017408 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI93402\windows.winwrap.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000089088 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI93402\windows.volumes.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000167936 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI93402\win32gui.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000046080 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI93402\_socket.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 001309696 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI93402\_ssl.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000129536 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI93402\_elementtree.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000127488 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI93402\pyexpat.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000038912 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI93402\win32inet.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000077824 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI93402\wx._html2.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000036864 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI93402\_psutil_windows.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000524248 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI93402\windows._lib_cacheinvalidation.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000011264 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI93402\win32crypt.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000218624 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI93402\PIL._imaging.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000027648 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI93402\_multiprocessing.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000020480 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI93402\_yappi.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000035840 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI93402\win32process.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000024064 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI93402\win32pipe.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000010240 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI93402\select.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000025600 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI93402\win32pdh.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000059392 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI93402\windows.device_monitor.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000017408 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI93402\win32profile.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000022528 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI93402\win32ts.pyd
2017-08-08 17:22 - 2017-08-08 14:13 - 001893880 _____ () C:\Users\Christopher\AppData\Local\Discord\app-0.0.298\ffmpeg.dll
2017-08-09 10:07 - 2017-08-09 10:07 - 001577976 _____ () \\?\C:\Users\Christopher\AppData\Roaming\discord\0.0.298\modules\discord_toaster\discord_toaster.node
2017-08-08 17:22 - 2017-08-08 14:13 - 001938424 _____ () C:\Users\Christopher\AppData\Local\Discord\app-0.0.298\libglesv2.dll
2017-08-08 17:22 - 2017-08-08 14:13 - 000095736 _____ () C:\Users\Christopher\AppData\Local\Discord\app-0.0.298\libegl.dll
2017-08-09 10:07 - 2017-10-06 09:24 - 009722360 _____ () \\?\C:\Users\Christopher\AppData\Roaming\discord\0.0.298\modules\discord_voice\discord_voice.node
2017-08-09 10:07 - 2017-11-23 06:17 - 001494520 _____ () \\?\C:\Users\Christopher\AppData\Roaming\discord\0.0.298\modules\discord_utils\discord_utils.node
2017-12-03 16:27 - 2017-12-03 16:27 - 000148992 _____ () \\?\C:\Users\Christopher\AppData\Local\Temp\CF27.tmp.node
2017-08-09 10:07 - 2017-08-09 10:07 - 002658296 _____ () \\?\C:\Users\Christopher\AppData\Roaming\discord\0.0.298\modules\discord_rpc\discord_rpc.node
2017-11-21 20:07 - 2017-11-21 20:07 - 001505272 _____ () \\?\C:\Users\Christopher\AppData\Roaming\discord\0.0.298\modules\discord_game_utils\discord_game_utils.node
2017-08-09 10:07 - 2017-11-28 10:17 - 002739192 _____ () \\?\C:\Users\Christopher\AppData\Roaming\discord\0.0.298\modules\discord_contact_import\discord_contact_import.node
2017-05-22 04:13 - 2017-05-22 04:13 - 000143824 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2015-12-25 13:11 - 2014-05-19 17:19 - 000137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2015-12-25 13:11 - 2014-09-11 18:09 - 001498112 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2017-12-03 16:27 - 2017-12-03 16:27 - 000088064 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI141562\_ctypes.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000918528 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI141562\_hashlib.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000098816 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI141562\win32api.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000110080 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI141562\pywintypes27.dll
2017-12-03 16:27 - 2017-12-03 16:27 - 000364544 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI141562\pythoncom27.dll
2017-12-03 16:27 - 2017-12-03 16:27 - 000686080 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI141562\unicodedata.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000320512 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI141562\win32com.shell.shell.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 001177088 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI141562\wx._core_.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000806912 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI141562\wx._gdi_.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000816640 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI141562\wx._windows_.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 001067520 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI141562\wx._controls_.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000733696 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI141562\wx._misc_.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000736256 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI141562\pysqlite2._sqlite.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000119808 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI141562\win32file.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000108544 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI141562\win32security.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000007168 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI141562\hashobjs_ext.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000017920 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI141562\thumbnails_ext.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000082432 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI141562\usb_ext.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000013824 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI141562\common.time34.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000018432 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI141562\win32event.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000027648 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI141562\windows.conditional.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000017408 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI141562\windows.winwrap.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000089088 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI141562\windows.volumes.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000167936 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI141562\win32gui.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000046080 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI141562\_socket.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 001309696 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI141562\_ssl.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000129536 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI141562\_elementtree.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000127488 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI141562\pyexpat.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000038912 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI141562\win32inet.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000077824 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI141562\wx._html2.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000036864 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI141562\_psutil_windows.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000524248 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI141562\windows._lib_cacheinvalidation.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000011264 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI141562\win32crypt.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000218624 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI141562\PIL._imaging.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000027648 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI141562\_multiprocessing.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000020480 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI141562\_yappi.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000035840 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI141562\win32process.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000024064 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI141562\win32pipe.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000010240 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI141562\select.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000025600 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI141562\win32pdh.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000059392 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI141562\windows.device_monitor.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000017408 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI141562\win32profile.pyd
2017-12-03 16:27 - 2017-12-03 16:27 - 000022528 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI141562\win32ts.pyd
2017-11-30 21:37 - 2014-02-13 15:27 - 000222792 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.5\bin\TrayPopupE\traynet.dll
2017-11-30 21:37 - 2014-02-13 15:27 - 000275528 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.5\bin\TrayPopupE\libcurl.dll
2017-11-30 21:37 - 2014-02-13 15:27 - 000113166 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.5\bin\TrayPopupE\zlib1.dll
2017-11-30 21:37 - 2014-02-13 15:27 - 000249928 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.5\bin\TrayPopupE\uexper.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3319825686-2643767977-2016650390-1001\...\sharepoint.com -> hxxps://sshc.sharepoint.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:25 - 2017-07-11 19:36 - 000000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3319825686-2643767977-2016650390-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Christopher\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\855990.png
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{65C3F726-66A1-4F73-97D9-D550D57A27CE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{7107AE17-D6C8-44D4-9331-4C501BFCA2A3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{1A5A854D-ABA9-4391-87E1-06C5D1AB0B8B}] => (Allow) D:\SteamLibrary\steamapps\common\Just Cause 3\JustCause3.exe
FirewallRules: [{B1ED445D-4E82-41B4-8FDC-760C26DC7C5E}] => (Allow) D:\SteamLibrary\steamapps\common\Just Cause 3\JustCause3.exe
FirewallRules: [{656C326B-92E7-4A2D-875C-D97FE81158ED}] => (Allow) C:\Program Files\Opera\49.0.2725.47\opera.exe
FirewallRules: [{DD1B37BC-7893-4432-9FE4-22620EBE869A}] => (Allow) D:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{D9CB647D-1119-4FE2-ABA1-F2BB89995FDF}] => (Allow) D:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{25F5188C-2B24-4E10-A5F5-CC87F7BD229C}] => (Allow) D:\SteamLibrary\steamapps\common\Just Cause 3\JustCause3.exe
FirewallRules: [{7C7EEBEF-68EB-4728-A76A-C7F744289D2C}] => (Allow) D:\SteamLibrary\steamapps\common\Just Cause 3\JustCause3.exe
FirewallRules: [{3B0043D4-CD88-4891-B3F0-A38F3F836770}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{947713E6-930C-4264-A860-57161C6300BA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{BF3B9927-C87C-40C3-AEF6-D6ED6CDFAB15}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{1FFC4DDA-8D11-4BEB-9A86-649FD4698756}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{8212EA14-DF66-4E9C-99B5-523528B2E1B2}] => (Allow) C:\Program Files\Opera\49.0.2725.39\opera.exe
FirewallRules: [{A98863D3-921F-494E-82E4-162691846851}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{F5094095-972D-4B44-A892-594307BF2A4E}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{B05753E1-0F29-4FDC-B3F7-CDCBD3B2FF52}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{0FB06817-6DE1-4CBD-9D66-8533A42BA7C6}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{1E04033B-5429-420C-A1D1-E51AC14E0E40}] => (Allow) D:\SteamLibrary\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{840E6D03-EB87-4CF3-897B-D4C3A4CC5FD6}] => (Allow) D:\SteamLibrary\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{0BD16809-D67D-44C9-9ED5-F4F245A96C55}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\63.0.3239.32\remoting_host.exe
FirewallRules: [UDP Query User{070A6FF3-E525-4D9D-9C45-408E14AE92F1}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [TCP Query User{0C7EEDB0-F118-4536-A322-6BDA1DD5C145}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{CBEA7B18-5DEB-487A-A3A4-3C678CFD3D6A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{54DC31F0-3091-4E7B-AE45-2938CC55B6C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [UDP Query User{756B9E50-E300-4F12-B929-91D282E2B905}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{4DD13556-3F63-4592-B419-C6EDBDA2D06D}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{24E8C9DE-D95B-4BC9-86E6-A4B0F566F241}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{7AC4E1F6-A3FE-4241-BE3B-ADA386A68C57}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [{F42F4B56-7956-4329-BAC8-4157922623F2}] => (Allow) D:\SteamLibrary\steamapps\common\Call of Duty WWII Beta\s2_mp64_ship.exe
FirewallRules: [{201E0A15-9E19-4CFF-B3C6-CE72643B1E2D}] => (Allow) D:\SteamLibrary\steamapps\common\Call of Duty WWII Beta\s2_mp64_ship.exe
FirewallRules: [{BEC7CCAA-2912-49AA-846B-3546E146F074}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{70B7FD2C-687C-4989-89F4-78FC05C6E302}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{13563B36-F90A-4813-85E3-49ABD1805E06}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{3AA5BAE2-A8CD-4D60-BE51-8E3E2F004D91}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{C58DEDC4-5168-475D-B8D3-083C003F1EC9}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [UDP Query User{5978A80C-6518-4C03-ADB8-7007FCA4C0AA}D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [TCP Query User{3A49AADE-6D94-40FF-825A-3C00B019E2B1}D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{49348C3F-7A93-46A9-A73D-86593DB28A12}] => (Allow) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{EA875A48-E70E-41AD-B21C-CA34496DC79B}] => (Allow) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{4797D850-287D-408F-ABA4-5C3835AAD84E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8486C070-2C40-4732-BBAC-4939DCEC94EC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{70663716-7FF4-41F8-8B64-8DAF2BFA30C7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A1BB85DF-F96B-490C-B6F8-00EC41667BFB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FC842014-1468-40F5-B97D-080CB061B046}] => (Allow) D:\SteamLibrary\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{2A396F7F-ACE4-4A52-9521-2E1EC255F30F}] => (Allow) D:\SteamLibrary\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [UDP Query User{F438D318-0AC0-4501-8E56-391125907AC6}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [TCP Query User{BE5645D7-A6C6-4C20-9FB7-21FA345DC149}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [{F37B914E-DE1B-4252-BA38-9AAD0431CE8B}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{386B4D06-9908-41D4-AF46-B6B1CBF985EF}] => (Allow) LPort=5357
FirewallRules: [{4A51C17C-1969-485A-A744-C78CAC84AE99}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\Bin\DeviceSetup.exe
FirewallRules: [{3BF275B7-86F7-4FC9-B1E3-1A560603D974}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\SendAFax.exe
FirewallRules: [{42182F2E-6BA2-4C51-9550-4941201186BE}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\DigitalWizards.exe
FirewallRules: [{7C924615-20F2-4567-9AAA-E510CD7448B9}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\FaxApplications.exe
FirewallRules: [{1723205F-D989-4539-B526-AB3FB3689CA7}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\FaxPrinterUtility.exe
FirewallRules: [{A3C303AF-48A9-44AE-95EB-36624FADD28E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{59E4C014-F45C-464C-BDF8-2E4983119F20}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E793ACA8-26F1-449F-93C8-DAE173631286}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C54638BE-C96D-4AFC-B70A-78AED7BA243D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{68329295-3737-4878-A01B-5A4EC4FA9446}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{3E09A4B8-AADC-4E03-BE1E-2B5BEB2AA76C}] => (Allow) D:\SteamLibrary\steamapps\common\No Time To Explain Remastered\NoTimeToExplain.exe
FirewallRules: [{5AC959A9-8A02-4601-9657-00B8D146A531}] => (Allow) D:\SteamLibrary\steamapps\common\No Time To Explain Remastered\NoTimeToExplain.exe
FirewallRules: [UDP Query User{8B969B84-B085-4CDA-9327-1400082397AF}D:\documents\saviine1.1b\server\saviine_server.exe] => (Allow) D:\documents\saviine1.1b\server\saviine_server.exe
FirewallRules: [TCP Query User{C67F79D1-7532-4670-BC95-6332C472F923}D:\documents\saviine1.1b\server\saviine_server.exe] => (Allow) D:\documents\saviine1.1b\server\saviine_server.exe
FirewallRules: [UDP Query User{7A5268F8-F934-4F1D-8E8A-3D45EB4007A1}D:\documents\wii u usb helper\wiiu_usb_helper.exe] => (Allow) D:\documents\wii u usb helper\wiiu_usb_helper.exe
FirewallRules: [TCP Query User{B152E498-5261-409E-8EAA-3010F40BB529}D:\documents\wii u usb helper\wiiu_usb_helper.exe] => (Allow) D:\documents\wii u usb helper\wiiu_usb_helper.exe
FirewallRules: [{4FB92047-EB0B-42C8-9413-C7956FB69501}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2AE0F34F-7E3A-4E79-A143-B7D7901B8641}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{5BDD6B08-8B6F-47EB-A250-9E4233171E6D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{64B72BDE-B793-4606-B831-B357D6E44D7F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{10794BCE-D039-44F7-BA92-3BF7FF0DB7E9}] => (Allow) C:\Program Files\Sony\Vegas Pro 13.0\vegas130.exe
FirewallRules: [{6E03E3E6-E374-4681-8CB5-94C812882754}] => (Allow) C:\Program Files\Sony\Vegas Pro 13.0\vegas130.exe
FirewallRules: [UDP Query User{C782221B-07F3-4A59-B935-64B89977F090}C:\helper\wiiu_usb_helper.exe] => (Allow) C:\helper\wiiu_usb_helper.exe
FirewallRules: [TCP Query User{17C80747-FA3A-434D-B8F1-82B53643B92C}C:\helper\wiiu_usb_helper.exe] => (Allow) C:\helper\wiiu_usb_helper.exe
FirewallRules: [{26711FC5-BEDD-4FD0-B353-D8917EE932BC}] => (Allow) D:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{B7623041-B773-47F4-B455-D1618CA14CE5}] => (Allow) D:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{72F66C74-D893-4CEB-94C4-0B875DCE87B0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{778A0481-53AB-4450-8846-1B58B2B40709}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{2DF042B3-56DC-401B-A8A6-40528B0FB930}C:\users\christopher\desktop\saviine1.1b\server\saviine_server.exe] => (Allow) C:\users\christopher\desktop\saviine1.1b\server\saviine_server.exe
FirewallRules: [TCP Query User{0822C701-66D0-45BD-B729-F4F1051ABDAD}C:\users\christopher\desktop\saviine1.1b\server\saviine_server.exe] => (Allow) C:\users\christopher\desktop\saviine1.1b\server\saviine_server.exe
FirewallRules: [{FD0656E8-F212-45CD-BF9A-671F7F7EFDF4}] => (Allow) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
FirewallRules: [{95CD88DB-4B65-4E11-A6EC-2249E62973D7}] => (Allow) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
FirewallRules: [{7BDB19E0-1DBE-4E38-8FAD-6978FD5DD8D9}] => (Allow) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
FirewallRules: [{CF6552FB-09FA-4E35-BADE-E6394881F6FF}] => (Allow) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
FirewallRules: [UDP Query User{7622717D-8EF6-4B64-9261-646F0AF48C63}C:\users\christopher\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\christopher\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{FC2FCA9F-A828-43B5-B08F-B7E43381481E}C:\users\christopher\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\christopher\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{5B1E16D5-95AA-47BA-B3EB-8C68B7B1C345}C:\users\christopher\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\christopher\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{192DF325-576F-43C6-AEA3-49236CFE2A83}C:\users\christopher\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\christopher\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [{D5A81C4A-86F6-4FFE-8E13-F0D06D53BBF1}] => (Allow) D:\SteamLibrary\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{C1AC8B3F-DCFA-4ACF-B5F3-05C5790203F2}] => (Allow) D:\SteamLibrary\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{D0BFD3D3-403B-4DD7-B91F-69E2094CEE02}] => (Allow) D:\SteamLibrary\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{F1AAB3B7-711A-4DF1-AEEA-B6DE2F1F1FCA}] => (Allow) D:\SteamLibrary\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{1E1DE3D8-E75B-465B-9337-E35E8AC0F711}] => (Allow) D:\SteamLibrary\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{AF69112A-CA65-4260-B8A5-9C7389275607}] => (Allow) D:\SteamLibrary\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{5BFB1072-AFF9-447A-AA40-1A65954A5BCD}] => (Allow) D:\SteamLibrary\steamapps\common\Portal Stories Mel\portal2.exe
FirewallRules: [{F6C0A671-B8B0-4158-9D72-A5A71CFBCF23}] => (Allow) D:\SteamLibrary\steamapps\common\Portal Stories Mel\portal2.exe
FirewallRules: [{055AEC9F-869A-4879-A65F-BA4A7D6EC804}] => (Allow) D:\SteamLibrary\steamapps\common\BioShock Remastered\Build\Final\Bioshock.exe
FirewallRules: [{C64E8EA6-236B-4865-BD50-FEE9FDF9F8DD}] => (Allow) D:\SteamLibrary\steamapps\common\BioShock Remastered\Build\Final\Bioshock.exe
FirewallRules: [{C21AD1FE-971A-4D8C-8B46-53E40BD7726C}] => (Allow) D:\SteamLibrary\steamapps\common\American Truck Simulator Demo\bin\win_x64\amtrucks.exe
FirewallRules: [{C6C1A113-6701-4F2E-BB55-431361BBDA9B}] => (Allow) D:\SteamLibrary\steamapps\common\American Truck Simulator Demo\bin\win_x64\amtrucks.exe
FirewallRules: [UDP Query User{351ECA6D-48B0-4F20-B9EA-CF9D67DDDA20}C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [TCP Query User{2B27379D-B8C8-4682-8F36-9D057FACE607}C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [{8887F747-E9D1-4EBE-AD83-AE42D8AC00B8}] => (Block) D:\star citizen\cloud imperium games\starcitizen\public\bin64\starcitizen.exe
FirewallRules: [{62520C17-A31C-4CB7-84AD-BDC129410715}] => (Block) D:\star citizen\cloud imperium games\starcitizen\public\bin64\starcitizen.exe
FirewallRules: [UDP Query User{2F632AA3-C834-4505-B3C3-BCAAFA1DDE4C}D:\star citizen\cloud imperium games\starcitizen\public\bin64\starcitizen.exe] => (Allow) D:\star citizen\cloud imperium games\starcitizen\public\bin64\starcitizen.exe
FirewallRules: [TCP Query User{571E57FA-BC89-4B1F-8F4C-82CFF76A69F4}D:\star citizen\cloud imperium games\starcitizen\public\bin64\starcitizen.exe] => (Allow) D:\star citizen\cloud imperium games\starcitizen\public\bin64\starcitizen.exe
FirewallRules: [{C71139DA-CABA-4ADE-9A67-658CD70BC4CD}] => (Block) D:\star citizen\cloud imperium games\patcher\cigpatcher.exe
FirewallRules: [{9E1B782E-7EA3-44E4-9B27-6A7EBDF1F788}] => (Block) D:\star citizen\cloud imperium games\patcher\cigpatcher.exe
FirewallRules: [UDP Query User{9E8323B7-8051-4591-A3FE-D0296738D786}D:\star citizen\cloud imperium games\patcher\cigpatcher.exe] => (Allow) D:\star citizen\cloud imperium games\patcher\cigpatcher.exe
FirewallRules: [TCP Query User{CC155594-3923-47F4-9B78-BCF2EFF4A6F5}D:\star citizen\cloud imperium games\patcher\cigpatcher.exe] => (Allow) D:\star citizen\cloud imperium games\patcher\cigpatcher.exe
FirewallRules: [{A93FB243-88D9-44AA-ADFE-8DB2E15D8DE9}] => (Block) C:\program files\cloud imperium games\patcher\cigpatcher.exe
FirewallRules: [{3A36CE03-3F3F-4DA8-B12F-8F6C997C0336}] => (Block) C:\program files\cloud imperium games\patcher\cigpatcher.exe
FirewallRules: [UDP Query User{C3EB61ED-61DA-4832-9433-8F1DCE44A959}C:\program files\cloud imperium games\patcher\cigpatcher.exe] => (Allow) C:\program files\cloud imperium games\patcher\cigpatcher.exe
FirewallRules: [TCP Query User{85A915BA-3B8B-433C-87F4-038A31764A32}C:\program files\cloud imperium games\patcher\cigpatcher.exe] => (Allow) C:\program files\cloud imperium games\patcher\cigpatcher.exe
FirewallRules: [{5C8310E4-B4B8-48B7-80FA-2436258B46AE}] => (Block) D:\overwatch test\overwatch.exe
 
ADDITION.TXT 3/3
FirewallRules: [{95C5992B-52DE-4B02-B5C8-29A2C24A4D36}] => (Block) D:\overwatch test\overwatch.exe
FirewallRules: [UDP Query User{42BA0A37-6D50-4D78-9EE1-3C1DDB63E5CA}D:\overwatch test\overwatch.exe] => (Allow) D:\overwatch test\overwatch.exe
FirewallRules: [TCP Query User{CE975A22-6C97-4429-A331-5DDBFDDEAA11}D:\overwatch test\overwatch.exe] => (Allow) D:\overwatch test\overwatch.exe
FirewallRules: [{9548C07C-DD49-4DF9-B37A-575F60883D1F}] => (Allow) C:\Users\Christopher\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B1A29DD4-E33E-402C-8DDC-9C2208E118F1}] => (Allow) C:\Users\Christopher\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{31464897-4A83-4834-BAC5-B67A48FAF4B9}] => (Allow) C:\Users\Christopher\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{66130DFE-D88F-4D14-84CF-E0E2409D0F04}] => (Allow) C:\Users\Christopher\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{74CFC9C7-406F-42A7-B0FD-CE0B30467F6F}] => (Allow) C:\Users\Christopher\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D376116C-2841-4730-A62A-10611C6F0CE3}] => (Allow) C:\Users\Christopher\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EDB952B1-607F-4C44-9F73-873238185156}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{E0346467-8A7D-4F7E-8AE4-DCA81339EABA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{BC79E3F1-2D37-42E3-B5DE-9408777C4A5E}] => (Allow) C:\Program Files\Sony\Vegas Pro 13.0\vegas130.exe
FirewallRules: [{7D4B91E4-4442-4649-9C18-5AC7820A90EA}] => (Allow) C:\Program Files\Sony\Vegas Pro 13.0\vegas130.exe
FirewallRules: [{89430BC3-4C10-4794-94D7-7A0EEC4CE432}] => (Allow) C:\Program Files\Sony\Vegas Pro 13.0\vegas130.exe
FirewallRules: [{A6E6DE5F-287A-4E6D-8D2D-85F04B3A17C4}] => (Allow) C:\Program Files\Sony\Vegas Pro 13.0\vegas130.exe
FirewallRules: [{F7EDC3FC-41FC-4917-995C-E02B8562424A}] => (Block) D:\overwatch\overwatch.exe
FirewallRules: [{D1E42F74-6FC4-47F3-8F4E-23994A969A60}] => (Block) D:\overwatch\overwatch.exe
FirewallRules: [UDP Query User{0595CA69-FFA1-4870-B51A-B79C333F8182}D:\overwatch\overwatch.exe] => (Allow) D:\overwatch\overwatch.exe
FirewallRules: [TCP Query User{D1AB03EE-5EEF-4B49-A338-673202210C3A}D:\overwatch\overwatch.exe] => (Allow) D:\overwatch\overwatch.exe
FirewallRules: [{12E67C13-82B6-4633-B995-9CDB4FB90498}] => (Allow) D:\SteamLibrary\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{44B0614F-03BD-422C-B6FB-F68216A6B99D}] => (Allow) D:\SteamLibrary\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{B67AB9BE-2D80-4494-9A78-97CA75F1866D}] => (Allow) D:\SteamLibrary\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{65A0C97B-A3E2-46BC-A615-7E3D11124028}] => (Allow) D:\SteamLibrary\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{E951BB84-A98E-446C-A49B-5481381E2BF3}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{6865C144-2852-42C5-8A17-E7D96ACE7365}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{AEC73865-0580-4F8C-8A1C-2F3300C55D09}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{44B2C2E4-B5A8-40D3-93CF-782E527F4CAE}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{95DF8893-59C8-495D-8F47-E3EC5EAF8523}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{0BD0518D-F05B-47CB-A27A-9747DFE8F37F}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{3D7F82D2-5081-4CF4-8BEA-256DF89825DE}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{36955DBB-36CA-4A29-B28F-02F5D99D937C}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{3E71C019-EB33-493D-8463-9913BF0B4ED9}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{885BCD85-C809-4131-9641-6C49CC643D89}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{71B27C34-53AE-480D-ACFE-C554EFB92227}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{9820F857-4138-4539-A4C4-238A25621ED0}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [UDP Query User{D1264FAF-0EE1-4D21-A91D-EA9AF74BA14F}C:\users\christopher\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_40\bin\javaw.exe] => (Allow) C:\users\christopher\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_40\bin\javaw.exe
FirewallRules: [TCP Query User{3E9BFCF6-2129-477C-B0A0-B2D6A7B6EC21}C:\users\christopher\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_40\bin\javaw.exe] => (Allow) C:\users\christopher\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_40\bin\javaw.exe
FirewallRules: [{12F92A92-65E9-4E69-B287-4C1B5DDF0D4C}] => (Allow) D:\SteamLibrary\steamapps\common\SNOW\Bin64\playSNOW.exe
FirewallRules: [{A61E66FD-61A9-47E6-8BC3-F941F5638506}] => (Allow) D:\SteamLibrary\steamapps\common\SNOW\Bin64\playSNOW.exe
FirewallRules: [UDP Query User{35B58FF2-4EF3-4907-91EE-FF83BE4F486E}C:\users\christopher\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\christopher\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{B85201E4-EC2A-48FC-8344-2BA99405B33D}C:\users\christopher\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\christopher\appdata\roaming\spotify\spotify.exe
FirewallRules: [{C8C65757-9168-4C86-92DE-B5B01A91AFFC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3 Blood Dragon\bin\FC3BDUpdaterSteam.exe
FirewallRules: [{41CA8AB8-69F1-4A69-9370-5AEA5CF033DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3 Blood Dragon\bin\FC3BDUpdaterSteam.exe
FirewallRules: [{39A9F5B6-4A0A-44C4-888C-5DE0F2853C0E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{4AAE0A24-3B02-4DDB-99E2-8321B3E70E40}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [UDP Query User{CFD853A3-E2B7-406F-8DA2-AA3CBB3843B7}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{0308166D-2E51-4DA0-953A-70DC132BC918}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{EA47CF39-4B9C-4F02-92AC-95349D873A30}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C833A21F-C701-4D81-A399-A86BE07A4B25}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{DD11307D-4574-4C52-9BF0-EB20054D04B5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1EBE062D-A7BF-4C41-96CF-79147C05370C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4D11A366-307A-47E9-91AE-2416B247D52D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{A5A86D9A-91B3-4413-AC73-610076F2C0C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{835EB7EB-9DEE-4819-AC59-F123B20880A0}] => (Allow) F:\SteamLibrary\steamapps\common\BookWorm Deluxe\Bookworm.exe
FirewallRules: [{D06C2296-2104-4EC7-9B89-8DDAD0B9CD8A}] => (Allow) F:\SteamLibrary\steamapps\common\BookWorm Deluxe\Bookworm.exe
FirewallRules: [{5B7F6C00-6C93-4D82-9EB4-083FF817E3DC}] => (Allow) F:\SteamLibrary\steamapps\common\Peggle Deluxe\Peggle.exe
FirewallRules: [{67577B6B-004C-46BB-9A1B-0AA82C27B83E}] => (Allow) F:\SteamLibrary\steamapps\common\Peggle Deluxe\Peggle.exe
FirewallRules: [{2AFD3E77-0BC2-46B4-82E5-7BD1A977F9BC}] => (Allow) F:\SteamLibrary\steamapps\common\Battlefield Bad Company 2\BFBC2Game.exe
FirewallRules: [{E27BE22D-CB8F-4BA6-B171-EAF13ADF6292}] => (Allow) F:\SteamLibrary\steamapps\common\Battlefield Bad Company 2\BFBC2Game.exe
FirewallRules: [{86C800A3-F91D-4CDC-A766-C610761E0B2C}] => (Allow) F:\SteamLibrary\steamapps\common\Fallout 3\FalloutLauncher.exe
FirewallRules: [{6DFC1FCA-FE9F-4A08-A2FD-673B7205C217}] => (Allow) F:\SteamLibrary\steamapps\common\Fallout 3\FalloutLauncher.exe
FirewallRules: [{9943E1D8-2BA0-4D08-BEA3-FE3B9811BDBC}] => (Allow) F:\SteamLibrary\steamapps\common\mirrors edge\Binaries\MirrorsEdge.exe
FirewallRules: [{7AA8A551-C73D-4336-85C5-127C4B931DE2}] => (Allow) F:\SteamLibrary\steamapps\common\mirrors edge\Binaries\MirrorsEdge.exe
FirewallRules: [{E832DC4D-C30D-469B-9A27-801AA1050B45}] => (Allow) D:\SteamLibrary\steamapps\common\Far Cry 3 Blood Dragon\bin\FC3BDUpdaterSteam.exe
FirewallRules: [{9443E0FF-B77B-49F7-8978-81CB848CC2A4}] => (Allow) D:\SteamLibrary\steamapps\common\Far Cry 3 Blood Dragon\bin\FC3BDUpdaterSteam.exe
FirewallRules: [{ECC66F92-AE91-4818-836C-49E3D0945A13}] => (Allow) D:\SteamLibrary\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{7F190939-3B0A-4A73-9201-B59D92BFD672}] => (Allow) D:\SteamLibrary\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{CEA30274-1512-42EB-A8BE-7A99C633F56C}] => (Allow) D:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{14E6CAFF-B24D-4CB1-B7CD-91504B278628}] => (Allow) D:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{3083B153-D348-431E-815A-7B091B24D673}] => (Allow) D:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{A4393425-3A97-4810-9009-4731D167A3D8}] => (Allow) D:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{3F6D217D-9F11-482A-A445-4A322B5381E4}] => (Allow) D:\SteamLibrary\steamapps\common\Rollercoaster Tycoon 2\RCT2.EXE
FirewallRules: [{80B3414F-1A4B-4679-B000-DBD90A1E9AE2}] => (Allow) D:\SteamLibrary\steamapps\common\Rollercoaster Tycoon 2\RCT2.EXE
FirewallRules: [{E8AF1CAC-6B84-4BC8-AA56-45BE20EF483D}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{11E4A933-C7AA-4805-8348-2DF502EB61CD}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{4C8DBC06-179A-45AC-B84B-1E26AE5091BA}] => (Allow) D:\Hearthstone\Hearthstone.exe
FirewallRules: [{C13A6B93-7955-443A-BB66-E582D5DEC484}] => (Allow) D:\Hearthstone\Hearthstone.exe
FirewallRules: [{FBAE74E1-A96C-41CD-A7C8-1A260B61C8CF}] => (Allow) D:\SteamLibrary\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{11E7703D-574B-414E-B28A-7B86A47EAD29}] => (Allow) D:\SteamLibrary\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{1AA1A482-107B-41C8-B060-4599FDCE0413}] => (Allow) D:\OriginLibrary\STAR WARS Battlefront Beta\starwarsbattlefront.exe
FirewallRules: [{76D9A723-3BCB-4611-9A46-557AD49D451F}] => (Allow) D:\OriginLibrary\STAR WARS Battlefront Beta\starwarsbattlefront.exe
FirewallRules: [{8A7AF9D8-0392-45CF-9A62-6228C678BA44}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{065125CD-84D7-46F9-9C9C-07D345A4316C}] => (Allow) C:\Users\Christopher\AppData\Roaming\BitTorrent Sync\BTSync.exe
FirewallRules: [{17E22141-A76C-4D97-AEA1-0F0A9348AA86}] => (Allow) C:\Users\Christopher\AppData\Roaming\BitTorrent Sync\BTSync.exe
FirewallRules: [TCP Query User{0F4F8F65-256A-4643-AC0B-BFC3724F9CD2}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{3989AB71-2E76-4DB9-8EB1-5962C8616A91}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{E0AD8631-C380-4647-BD4C-EDC7E34BD4A2}] => (Allow) D:\UplayLibrary\Trials Fusion\datapack\trials_fusion.exe
FirewallRules: [{6073E52E-25F0-49EB-B0CC-F84B17BACA5C}] => (Allow) D:\UplayLibrary\Trials Fusion\datapack\trials_fusion.exe
FirewallRules: [{4D9A1F75-650C-489D-801E-DF1CBDB8101B}] => (Allow) D:\UplayLibrary\Rainbow Six Siege - Open Beta\RainbowSix.exe
FirewallRules: [{DB3C75B3-93C8-41D3-875B-47D0BF52D0E8}] => (Allow) D:\UplayLibrary\Rainbow Six Siege - Open Beta\RainbowSix.exe
FirewallRules: [{4E8466B1-4112-4D54-9F78-47023ED916F3}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{BA4E9E94-440F-473E-869E-033F4250125A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{B8E33AAF-4DD1-4983-B02C-657D90E64C56}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{11859F1E-FF7D-4F8E-840D-A70C8709AA16}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{652638A2-CE8A-498B-AA8A-D6DF1F43FD47}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{60EF0607-9EC8-4750-85B2-F929F896FA20}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [TCP Query User{FBFFADF6-D887-49C0-A71E-37C42AC559C5}D:\originlibrary\battlefield 4\bf4.exe] => (Allow) D:\originlibrary\battlefield 4\bf4.exe
FirewallRules: [UDP Query User{49CA92ED-2167-43D3-85D5-182AD6C4462F}D:\originlibrary\battlefield 4\bf4.exe] => (Allow) D:\originlibrary\battlefield 4\bf4.exe
FirewallRules: [TCP Query User{4AC57403-279C-42F1-8990-CDD7A93C4FBE}C:\users\christopher\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\christopher\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{088580BA-72FD-4C37-99A6-51B65931CA58}C:\users\christopher\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\christopher\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{4C05D95E-DBF4-49C2-97E0-17443D545D2C}] => (Allow) D:\OriginLibrary\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{99B60844-B7B6-4339-AA67-6903F4A04AD7}] => (Allow) D:\OriginLibrary\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{4EA06039-D087-4863-BADD-2C8D6B628595}] => (Allow) D:\OriginLibrary\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{8E54B50D-8315-43CC-A65A-39502702DA07}] => (Allow) D:\OriginLibrary\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{F74A3F81-B456-41E0-9710-5A7348FD5FD9}] => (Allow) D:\SteamLibrary\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{37DCF281-AD72-4150-9D81-B27859055D22}] => (Allow) D:\SteamLibrary\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [TCP Query User{4078A820-D3C8-4DA8-A51D-759BAACC430E}D:\steamlibrary\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe] => (Allow) D:\steamlibrary\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe
FirewallRules: [UDP Query User{26913D0E-2940-4F2D-9181-8B69238A7DFE}D:\steamlibrary\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe] => (Allow) D:\steamlibrary\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe
FirewallRules: [TCP Query User{564EB225-B2F3-4919-B8C5-AE00BAA5F040}D:\steamlibrary\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) D:\steamlibrary\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [UDP Query User{B058FA66-AC9C-404C-8D59-1F2A87793690}D:\steamlibrary\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) D:\steamlibrary\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [{66474EF9-EA31-4754-A86A-522A93988BC1}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{C932BE1A-77E7-46A7-8545-D6729C33655A}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{BE33CFC0-31F3-4122-B428-E57C70557A4B}] => (Allow) D:\SteamLibrary\steamapps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [{BDC0B291-24C7-4F36-A813-A710F38616B0}] => (Allow) D:\SteamLibrary\steamapps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [{D0928947-9125-4CC6-88D8-4F3DFD539B61}] => (Allow) D:\SteamLibrary\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{17A8C530-7A47-4A02-9820-5E97709F7B24}] => (Allow) D:\SteamLibrary\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{13EB4917-C673-45BF-8A17-F876343C5524}] => (Allow) LPort=9143
FirewallRules: [{7F7417A0-ED03-4FA8-A307-028776018DB6}] => (Allow) LPort=2333
FirewallRules: [{B930EF0D-087C-4975-B5B9-A3F73A715884}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{6E1D62E9-DA8E-420E-8220-EAC1D364BF11}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{2E8B57B4-CB6E-4939-9E99-260FC0C1D686}] => (Allow) D:\SteamLibrary\steamapps\common\Metro Last Light\MetroLL.exe
FirewallRules: [{3259CCA8-5E04-44A4-9980-80EFAF30D94F}] => (Allow) D:\SteamLibrary\steamapps\common\Metro Last Light\MetroLL.exe
FirewallRules: [{1F6908F6-5E98-41A5-8D33-043D1F94498C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{D7F37F6A-9E3F-467C-928A-E88A6F834AF7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{BDD9AC4D-EAA0-4CB7-86AA-BB41F42AFA89}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{3346D216-D211-4F31-9086-E198D060015A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{663CD9C4-DDE3-4D6D-831A-1B7DF0B3FB98}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{EFFFDE53-2BA5-4FBD-8F14-43F845359319}] => (Allow) D:\SteamLibrary\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{121A3F4A-D98F-422C-B3C5-186AD3245C40}] => (Allow) D:\SteamLibrary\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{880354B2-3A20-486E-B280-6AFDF4621382}] => (Allow) D:\SteamLibrary\steamapps\common\SNOW\Bin64\playSNOW.exe
FirewallRules: [{FE14138A-17CA-4DED-B99B-730FC19A0F92}] => (Allow) D:\SteamLibrary\steamapps\common\SNOW\Bin64\playSNOW.exe
FirewallRules: [{F49B677C-4243-43DC-8EBB-9B9F7809B971}] => (Allow) D:\SteamLibrary\steamapps\common\Half-Life\hl.exe
FirewallRules: [{F7F9132E-5069-4DC2-BCA3-71D96C3BBC26}] => (Allow) D:\SteamLibrary\steamapps\common\Half-Life\hl.exe
FirewallRules: [{3715DF90-6847-4CF0-9F07-17AE3C584C4B}] => (Allow) C:\Program Files\PreSonus\Studio One 3\Studio One.exe
FirewallRules: [TCP Query User{C9D53F94-003D-451D-B78D-DA8A20A41627}C:\program files (x86)\image-line\fl studio 12\fl64.exe] => (Allow) C:\program files (x86)\image-line\fl studio 12\fl64.exe
FirewallRules: [UDP Query User{0C1FC304-9CC5-4BD7-A9D9-343E090CC636}C:\program files (x86)\image-line\fl studio 12\fl64.exe] => (Allow) C:\program files (x86)\image-line\fl studio 12\fl64.exe
FirewallRules: [{EA3F837F-DBEF-4316-A22E-7D16B5FE3CD2}] => (Allow) C:\ProgramData\Ableton\Live 9 Suite\Program\Ableton Live 9 Suite.exe
FirewallRules: [{28A5F6ED-F9A2-469B-8458-80C693054BD5}] => (Allow) C:\ProgramData\Ableton\Live 9 Suite\Program\Ableton Live 9 Suite.exe
FirewallRules: [{98DC6575-064F-495B-814A-A2D84AD6257A}] => (Allow) C:\ProgramData\Ableton\Live 9 Suite\Program\Ableton Live 9 Suite.exe
FirewallRules: [{F90F691A-C373-449D-8D89-5DA676AB1367}] => (Allow) C:\ProgramData\Ableton\Live 9 Suite\Program\Ableton Live 9 Suite.exe
FirewallRules: [TCP Query User{15CF71D8-3BE0-4926-A904-A193CCDC4AED}D:\new folder\client\bin\pc\quakechampions.exe] => (Allow) D:\new folder\client\bin\pc\quakechampions.exe
FirewallRules: [UDP Query User{2A1E675F-89C7-4854-BA03-EF670C5B6208}D:\new folder\client\bin\pc\quakechampions.exe] => (Allow) D:\new folder\client\bin\pc\quakechampions.exe
FirewallRules: [TCP Query User{87B3B37C-A98B-47BE-BDA3-967A216E7DDB}D:\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{4C9AD742-F6EE-40B9-ABD0-273B3103357C}D:\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [{0CFA381E-4997-44E9-B0E8-0AC4510C1B4B}] => (Block) D:\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [{D2456786-F59E-4AE2-98F8-41CEDF642533}] => (Block) D:\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe

==================== Restore Points =========================

02-12-2017 11:14:50 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/03/2017 04:27:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 30.11.2017.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 854

Start Time: 01d36c85f28ef63a

Termination Time: 4294967295

Application Path: C:\Users\Christopher\Desktop\FRST-OlderVersion\FRST64.exe

Report Id: d83fd7ae-f905-4757-9fee-c67bdbdc38c7

Faulting package full name:

Faulting package-relative application ID:

Error: (12/03/2017 04:26:50 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.98_none_cc930a042215c348.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.98_none_144040db3691ec4e.manifest.

Error: (12/03/2017 04:17:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: CHRISTOPHERPC)
Description: Package Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

Error: (12/03/2017 01:32:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 30.11.2017.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2d80

Start Time: 01d36c6d7bd7fc69

Termination Time: 4294967295

Application Path: C:\Users\Christopher\Desktop\FRST-OlderVersion\FRST64.exe

Report Id: 7d127ef8-9299-4351-9873-b943a7e4306a

Faulting package full name:

Faulting package-relative application ID:

Error: (12/03/2017 01:32:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 30.11.2017.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 324

Start Time: 01d36c6d6840e13b

Termination Time: 4294967295

Application Path: C:\Users\Christopher\Desktop\FRST64.exe

Report Id: e3c3b1db-3e83-4b2a-b5ac-ed6c6e18ef5e

Faulting package full name:

Faulting package-relative application ID:

Error: (12/03/2017 01:31:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 30.11.2017.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 3a0c

Start Time: 01d36c6d4403fa90

Termination Time: 4294967295

Application Path: C:\Users\Christopher\Desktop\FRST-OlderVersion\FRST64.exe

Report Id: 205a0074-5e17-4a8d-8bb9-38f060a0c666

Faulting package full name:

Faulting package-relative application ID:

Error: (12/03/2017 05:08:16 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.98_none_cc930a042215c348.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.98_none_144040db3691ec4e.manifest.

Error: (12/02/2017 05:07:43 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (12/02/2017 01:37:36 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.98_none_cc930a042215c348.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.98_none_144040db3691ec4e.manifest.

Error: (12/02/2017 01:19:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1203


System errors:
=============
Error: (12/03/2017 04:30:06 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer BULLDOGS-PT
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{80D7C140-8AC2-407B-A891-DC1EAC91FE58}.
The master browser is stopping or an election is being forced.

Error: (12/03/2017 04:27:22 PM) (Source: DCOM) (EventID: 10016) (User: CHRISTOPHERPC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user ChristopherPC\ChristopherAubert SID (S-1-5-21-3319825686-2643767977-2016650390-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/03/2017 04:26:19 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The SOLIDWORKS Electrical Collaborative Server service has reported an invalid current state 0.

Error: (12/03/2017 04:26:09 PM) (Source: DCOM) (EventID: 10010) (User: CHRISTOPHERPC)
Description: The server {A0BFCA86-10E0-11E4-AF47-6C626DCFBEE5} did not register with DCOM within the required timeout.

Error: (12/03/2017 04:26:09 PM) (Source: DCOM) (EventID: 10010) (User: CHRISTOPHERPC)
Description: The server {A0BFCA87-10E0-11E4-91F7-6C626DCFBEE5} did not register with DCOM within the required timeout.

Error: (12/02/2017 06:24:25 PM) (Source: DCOM) (EventID: 10016) (User: CHRISTOPHERPC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user ChristopherPC\ChristopherAubert SID (S-1-5-21-3319825686-2643767977-2016650390-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/02/2017 05:09:34 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {F3B4E234-7A68-4E43-B813-E4BA55A065F6} did not register with DCOM within the required timeout.

Error: (12/02/2017 01:21:39 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer BULLDOGS-PT
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{80D7C140-8AC2-407B-A891-DC1EAC91FE58}.
The master browser is stopping or an election is being forced.

Error: (12/02/2017 01:20:37 AM) (Source: DCOM) (EventID: 10016) (User: CHRISTOPHERPC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user ChristopherPC\ChristopherAubert SID (S-1-5-21-3319825686-2643767977-2016650390-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/02/2017 01:19:06 AM) (Source: DCOM) (EventID: 10010) (User: CHRISTOPHERPC)
Description: The server {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} did not register with DCOM within the required timeout.


CodeIntegrity:
===================================
Date: 2017-12-03 18:11:44.678
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2017-12-03 18:11:44.677
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2017-12-03 18:00:08.471
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2017-12-03 18:00:08.469
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2017-12-03 17:41:44.687
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2017-12-03 17:41:44.685
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2017-12-03 17:30:08.249
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2017-12-03 17:30:08.248
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2017-12-03 17:11:44.649
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2017-12-03 17:11:44.648
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4440 CPU @ 3.10GHz
Percentage of memory in use: 54%
Total physical RAM: 8135.17 MB
Available physical RAM: 3724.06 MB
Total Virtual: 15303.17 MB
Available Virtual: 9170.32 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:231.51 GB) (Free:90.58 GB) NTFS
Drive d: (WD 1TB Drive) (Fixed) (Total:930.39 GB) (Free:211.68 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 0271FAE3)
Partition 1: (Active) - (Size=438 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=231.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=512 MB) - (Type=27)
Partition 4: (Not Active) - (Size=455 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: A9D08188)
Partition 1: (Active) - (Size=689 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of Addition.txt ============================
 
redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 
I saved the Malwarebytes scan for last. It should be noted after the scans Malwarebytes still found the same files.
RogueKiller V12.11.26.0 (x64) [Nov 27 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.16299) 64 bits version
Started in : Normal mode
User : ChristopherAubert [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 12/05/2017 18:01:03 (Duration : 00:39:37)

¤¤¤ Processes : 1 ¤¤¤
[Suspicious.Path] NiceHash Miner 2.exe(1344) -- C:\Users\Christopher\AppData\Local\Programs\NiceHash Miner 2\NiceHash Miner 2.exe[7] -> Found

¤¤¤ Registry : 2 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 138.47.254.3 138.47.254.5 ([United States][United States]) -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{80d7c140-8ac2-407b-a891-dc1eac91fe58} | DhcpNameServer : 138.47.254.3 138.47.254.5 ([United States][United States]) -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 3 ¤¤¤
[PUP.uTorrentAds][File] C:\Users\Christopher\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe -> Deleted
[PUP.uTorrentAds][File] C:\Users\Christopher\AppData\Roaming\uTorrent\updates\3.5.0_44090\utorrentie.exe -> Deleted
[PUP.uTorrentAds][File] C:\Users\Christopher\AppData\Roaming\uTorrent\updates\3.5.0_44294\utorrentie.exe -> Deleted

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : homepage [https://www.youtube.com/feed/subscriptions] -> Not selected

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Samsung SSD 850 EVO 250GB +++++
--- User ---
[MBR] b8b2e11d8a7aedbd47855be56a581a31
[BSP] c8717948efe794802220b3c57adce33b : HP|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 438 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 899640 | Size: 237065 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 486410240 | Size: 512 MB
3 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 487460864 | Size: 455 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD10EZEX-00BN5A0 +++++
--- User ---
[MBR] 76dd0bccdb66494490b34c203ec7816f
[BSP] bad98cd14e38413afb22ead24d6a1f6a : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 689 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1413720 | Size: 952721 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1952600064 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK

ADWCLEANER

# AdwCleaner 7.0.5.0 - Logfile created on Wed Dec 06 00:50:46 2017
# Updated on 2017/29/11 by Malwarebytes
# Database: 12-04-2017.1
# Running on Windows 10 Pro (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

PUP.Optional.Legacy, SearchProvider found: Ask - websearch.ask.com

/!\ Please Reset the Chrome Synchronization before cleaning the Chrome Preferences: https://support.google.com/chrome/answer/3097271


*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [1193 B] - [2017/11/30 1:18:24]
C:/AdwCleaner/AdwCleaner[S0].txt - [1184 B] - [2017/11/30 1:17:54]


########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt ##########

MALWAREBYTES

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 12/5/17
Scan Time: 6:54 PM
Log File: 00d58958-da20-11e7-812e-0250f2362f00.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.236
Update Package Version: 1.0.3419
License: Premium

-System Information-
OS: Windows 10 (Build 16299.98)
CPU: x64
File System: NTFS
User: CHRISTOPHERPC\ChristopherAubert

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 385646
Threats Detected: 3
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 6 min, 30 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 3
PUP.Optional.Delta, C:\USERS\CHRISTOPHER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, [3397], [455070],1.0.3419
PUP.Optional.Delta, C:\USERS\CHRISTOPHER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, [3397], [455070],1.0.3419
PUP.Optional.ASK, C:\USERS\CHRISTOPHER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, [472], [454827],1.0.3419

Physical Sector: 0
(No malicious items detected)


(end)
 
Ah. Finally! The second method worked!
I scanned with Malwarebytes and it came up with nothing detected.
I turned Sync back on.
:D
 
Excellent!

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-11-2017
Ran by ChristopherAubert (administrator) on CHRISTOPHERPC (05-12-2017 20:06:17)
Running from C:\Users\Christopher\Desktop
Loaded Profiles: ChristopherAubert (Available Profiles: ChristopherAubert)
Platform: Windows 10 Pro Version 1709 16299.98 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\63.0.3239.32\remoting_host.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Electrical\server\EwServer.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Mentor Graphics Corporation) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe
() C:\Windows\runSW.exe
(Microsoft Corporation) C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Mentor Graphics Corporation) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\dispatcher.exe
(Realtek) C:\Windows\SwUSB.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\63.0.3239.32\remoting_host.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(REALiX) C:\Program Files (x86)\HWiNFO32\HWiNFO32.EXE
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
() C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
() C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Discord Inc.) C:\Users\Christopher\AppData\Local\Discord\app-0.0.298\Discord.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Discord Inc.) C:\Users\Christopher\AppData\Local\Discord\app-0.0.298\Discord.exe
(HP Inc.) C:\Program Files\HP\HP OfficeJet 4650 series\Bin\ScanToPCActivationApp.exe
(Spotify Ltd) C:\Users\Christopher\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\sldworks_fs.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Discord Inc.) C:\Users\Christopher\AppData\Local\Discord\app-0.0.298\Discord.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
() C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.10\Lightshot.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.5\bin\TrayPopupE\TrayTipAgentE.exe
() C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NiceHash) C:\Users\Christopher\AppData\Local\Programs\NiceHash Miner 2\NiceHash Miner 2.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(HP Inc.) C:\Program Files\HP\HP OfficeJet 4650 series\Bin\HPNetworkCommunicatorCom.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596664 2017-08-30] (Razer Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5885352 2017-06-29] (LogMeIn Inc.)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.5\bin\TrayPopupE\TrayTipAgentE.exe [256144 2017-09-13] ()
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3319825686-2643767977-2016650390-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3102496 2017-10-30] (Valve Corporation)
HKU\S-1-5-21-3319825686-2643767977-2016650390-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [40417680 2017-11-01] ()
HKU\S-1-5-21-3319825686-2643767977-2016650390-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4299968 2016-06-22] (Disc Soft Ltd)
HKU\S-1-5-21-3319825686-2643767977-2016650390-1001\...\Run: [Discord] => C:\Users\Christopher\AppData\Local\Discord\app-0.0.298\Discord.exe [57477112 2017-08-08] (Discord Inc.)
HKU\S-1-5-21-3319825686-2643767977-2016650390-1001\...\Run: [HP OfficeJet 4650 series (NET)] => C:\Program Files\HP\HP OfficeJet 4650 series\Bin\ScanToPCActivationApp.exe [3770504 2017-04-06] (HP Inc.)
HKU\S-1-5-21-3319825686-2643767977-2016650390-1001\...\Run: [Spotify Web Helper] => C:\Users\Christopher\AppData\Roaming\Spotify\SpotifyWebHelper.exe [777840 2017-09-08] (Spotify Ltd)
HKU\S-1-5-21-3319825686-2643767977-2016650390-1001\...\Run: [GoogleChromeAutoLaunch_D3EE6E7DA0645F6660E47697F62AE98F] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1556312 2017-11-10] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SOLIDWORKS 2016 Fast Start.lnk [2017-09-24]
ShortcutTarget: SOLIDWORKS 2016 Fast Start.lnk -> C:\Windows\Installer\{768F3B65-1695-47B7-9002-B11400CB111D}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SOLIDWORKS Background Downloader.lnk [2017-09-24]
ShortcutTarget: SOLIDWORKS Background Downloader.lnk -> C:\Program Files (x86)\Common Files\SOLIDWORKS Installation Manager\BackgroundDownloading\sldBgDwld.exe (Dassault Systèmes SolidWorks Corp.)
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 138.47.254.3 138.47.254.5
Tcpip\..\Interfaces\{032803e0-8e3d-4074-a603-13ce2fa6be1f}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{401984dc-3453-4b14-8465-91d94fd40f52}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{80d7c140-8ac2-407b-a891-dc1eac91fe58}: [DhcpNameServer] 138.47.254.3 138.47.254.5

Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2017-11-16] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-11-07] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-10-22] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-10-20] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-11-07] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-20] (Oracle Corporation)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxps://qtinstall.apple.com/qtactivex/qtplugin.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-02] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-12-02] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-02] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-12-02] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-02] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-12-02] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-02] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-12-02] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 6wg7kf84.default
FF ProfilePath: C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\6wg7kf84.default [2017-10-07]
FF Homepage: Mozilla\Firefox\Profiles\6wg7kf84.default -> msn.com
FF Extension: (Avira Browser Safety) - C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\6wg7kf84.default\Extensions\abs@avira.com [2017-06-07]
FF Extension: (Chrome Store Foxified) - C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\6wg7kf84.default\Extensions\Chrome-Store-Foxified@jetpack.xpi [2016-11-09] [Lagacy]
FF Extension: (Twitch Now) - C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\6wg7kf84.default\Extensions\jid1-jwVSihNsgAw5jA@jetpack.xpi [2016-10-30] [Lagacy]
FF Extension: (FrankerFaceZ) - C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\6wg7kf84.default\Extensions\jid1-snHdAu6px3p0jA@jetpack.xpi [2016-11-19] [Lagacy]
FF Extension: (Adblock Plus) - C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\6wg7kf84.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23] [Lagacy]
FF Plugin: 3ds.com/ComposerPlayerWebPlugin_x86_64 -> C:\Program Files\SOLIDW~1\SOLIDW~2\Bin\NPCOMP~1.DLL [2016-07-14] (Dassault Systemes)
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2017-11-15] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-10-22] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: 3ds.com/ComposerPlayerWebPlugin -> C:\Program Files\SOLIDW~1\SOLIDW~2\Bin\x86\NPCOMP~1.DLL [2016-07-14] (Dassault Systemes)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-10-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-10-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3319825686-2643767977-2016650390-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Christopher\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-08-30] (Citrix Online)
FF Plugin HKU\S-1-5-21-3319825686-2643767977-2016650390-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Christopher\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-18] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3319825686-2643767977-2016650390-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2017-11-15] ()

Chrome:
=======
CHR HomePage: Default -> hxxps://www.youtube.com/feed/subscriptions
CHR StartupUrls: Default -> "hxxp://msn.com/"
CHR Profile: C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default [2017-12-05]
CHR Extension: (Google Translate) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-11-30]
CHR Extension: (Slides) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-30]
CHR Extension: (BetterTTV) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2017-11-30]
CHR Extension: (Docs) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-30]
CHR Extension: (Google Drive) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-11-30]
CHR Extension: (Turn Off the Lights) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2017-11-30]
CHR Extension: (YouTube) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-30]
CHR Extension: (uBlock Origin) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-11-30]
CHR Extension: (Adobe Acrobat) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-11-30]
CHR Extension: (minerBlock) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\emikbbbebcdfohonlaifafnoanocnebl [2017-12-03]
CHR Extension: (FrankerFaceZ) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadndhdgpmmaapbmfcknlfgcflmmmieb [2017-11-30]
CHR Extension: (Sheets) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-30]
CHR Extension: (Google Docs Offline) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-11-30]
CHR Extension: (IE Tab) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2017-11-30]
CHR Extension: (Google Keep - notes and lists) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2017-11-30]
CHR Extension: (Shrug it off) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmmjglmfijkbblhcdbehpcngbakkgkfl [2017-11-30]
CHR Extension: (Google Play) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2017-11-30]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-11-30]
CHR Extension: (Google Play Books) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2017-11-30]
CHR Extension: (Tom's Hardware - My Threads) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\nddbmgcnelmmhlfibkmfnhnfeccaliip [2017-11-30]
CHR Extension: (Twitch Now) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmbdmpjmlijibeockamioakdpmhjnpk [2017-11-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-11-30]
CHR Extension: (Gmail) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-11-30]
CHR Extension: (Chrome Media Router) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-30]
CHR Profile: C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\System Profile [2017-12-05]
CHR HKLM\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3319825686-2643767977-2016650390-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

Opera:
=======
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-03] ()
R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2297104 2015-10-12] (Broadcom Corporation.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6988296 2017-12-01] ()
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\63.0.3239.32\remoting_host.exe [71512 2017-11-02] (Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8063664 2017-11-22] (Microsoft Corporation)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-06-22] (Disc Soft Ltd)
R2 ewserver; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Electrical\server\EwServer.exe [180272 2016-07-14] ()
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3418024 2017-06-29] (LogMeIn Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 MSSQL$TEW_SQLEXPRESS; C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe [372408 2017-07-06] (Microsoft Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-11-15] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-11-15] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-10-27] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [460736 2017-11-15] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2134848 2017-11-22] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3014472 2017-11-22] (Electronic Arts)
R2 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe [435328 2017-10-09] (Razer Inc.)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [916096 2017-10-16] (Razer Inc.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2017-07-19] ()
R2 RemoteSolverDispatcher; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe [240904 2016-07-14] (Mentor Graphics Corporation)
R2 RunSwUSB; C:\Windows\runSW.exe [44760 2014-12-12] ()
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-12-01] (Microsoft Corporation)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2017-09-24] (SolidWorks) [File not signed]
S4 SQLAgent$TEW_SQLEXPRESS; C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [613056 2017-07-06] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803952 2017-11-09] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-03] ()
S3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [227144 2015-10-12] (Broadcom Corporation.)
R3 CMUSBDAC; C:\WINDOWS\system32\DRIVERS\CMUSBDAC.sys [3778592 2015-11-25] (C-MEDIA)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-07-11] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-07-11] (Disc Soft Ltd)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [33448 2016-12-07] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [21496 2016-01-14] ()
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77432 2017-11-01] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2016-07-11] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2016-07-11] () [File not signed]
R3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2016-04-05] (LogMeIn Inc.)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-06-23] (REALiX(tm))
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193464 2017-11-11] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2017-12-05] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2017-12-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2017-12-05] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-12-05] (Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f936d37e592b25aa\nvlddmkm.sys [16936048 2017-10-28] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-11-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50624 2017-10-10] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-11-15] (NVIDIA Corporation)
S3 ptun0901; C:\WINDOWS\System32\drivers\ptun0901.sys [27136 2016-04-21] (The OpenVPN Project)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
S4 RsFx0310; C:\WINDOWS\System32\DRIVERS\RsFx0310.sys [249024 2015-04-20] (Microsoft Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [887552 2015-07-14] (Realtek )
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14024 2016-10-24] ()
R3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [51736 2016-06-23] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [45752 2017-07-19] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [139704 2017-07-18] (Razer, Inc.)
S3 rzvkeyboard; C:\WINDOWS\System32\drivers\rzvkeyboard.sys [43032 2016-04-08] (Razer Inc)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-12-05] ()
S3 VBAudioVACMME; C:\WINDOWS\system32\DRIVERS\vbaudio_cable64_win7.sys [41192 2014-09-02] (Windows (R) Win 7 DDK provider)
S3 VBAudioVMVAIOMME; C:\WINDOWS\system32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2017-04-16] (Windows (R) Win 7 DDK provider)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [206976 2017-07-27] (Oracle Corporation)
U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [41472 2017-12-01] (Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-07-11] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-05 20:06 - 2017-12-05 20:06 - 000031922 _____ C:\Users\Christopher\Desktop\FRST.txt
2017-12-03 22:39 - 2017-12-03 22:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-12-03 22:39 - 2017-12-03 22:39 - 000000000 ____D C:\Program Files\RogueKiller
2017-12-03 16:27 - 2017-12-03 16:27 - 000000000 ___HD C:\OneDriveTemp
2017-12-03 13:30 - 2017-12-03 16:27 - 002391552 _____ (Farbar) C:\Users\Christopher\Desktop\FRST64.exe
2017-12-02 23:17 - 2017-12-02 23:31 - 000000000 ____D C:\Users\Christopher\AppData\LocalLow\uTorrent
2017-12-02 18:25 - 2017-12-02 18:25 - 000000000 ____D C:\Users\Christopher\AppData\LocalLow\Creability
2017-12-02 01:38 - 2017-12-02 01:38 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2017-12-01 12:22 - 2017-12-01 10:34 - 000000000 ____D C:\Windows.old
2017-12-01 12:18 - 2017-12-01 12:22 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-12-01 12:17 - 2017-12-01 12:18 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2017-12-01 12:17 - 2017-12-01 12:17 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2017-12-01 12:17 - 2017-12-01 12:17 - 000000000 ____D C:\WINDOWS\containers
2017-12-01 12:16 - 2017-12-01 12:16 - 025247744 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 023659008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 021754368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 021352136 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 019339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 018915840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 017159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 017084416 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 013703168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 013655552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 012829696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 012687360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 011923456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 008590744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-12-01 12:16 - 2017-12-01 12:16 - 008099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 007831248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 007676296 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 007545344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 007386664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 006791472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 006483176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 006466560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 006092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 006036480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 006015200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 005906264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 004814848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 004772352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 004742144 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 004648528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 004487968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 004385280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 004249600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 003903272 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-12-01 12:16 - 2017-12-01 12:16 - 003679232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 003578368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 003484848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-12-01 12:16 - 2017-12-01 12:16 - 003478016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 003331520 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 003186688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 003163648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 003010720 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 002972672 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 002890240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 002864640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 002862080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 002783744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 002717392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 002633216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 002596352 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-12-01 12:16 - 2017-12-01 12:16 - 002573208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 002491112 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 002467840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 002465848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 002446744 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 002412168 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 002395032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 002393600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 002339296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 002269080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 002220952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 002106880 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 001990160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001970520 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001954048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001806336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001778584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001739264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001667584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001664000 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
 
Frst.txt 2/3
2017-12-01 12:16 - 2017-12-01 12:16 - 001642520 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001636376 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001634288 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001628056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001615720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001585376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001570816 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-12-01 12:16 - 2017-12-01 12:16 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001554216 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001528904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001509888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001507736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001495040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001490840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001488792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001485824 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001474680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001463856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001454568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001432816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001426160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001425408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001420696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001413760 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-12-01 12:16 - 2017-12-01 12:16 - 001377080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001353728 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001323840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001322496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001307136 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001289216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001280000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001277848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 001261864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001259344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001230848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001208184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-12-01 12:16 - 2017-12-01 12:16 - 001200536 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-12-01 12:16 - 2017-12-01 12:16 - 001170008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001167360 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001148216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001145112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001124760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContentDeliveryManager.Utilities.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001090440 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-12-01 12:16 - 2017-12-01 12:16 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001053592 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-12-01 12:16 - 2017-12-01 12:16 - 001015008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001012120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Services.TargetedContent.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001005568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001003104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000975872 _____ C:\WINDOWS\system32\FaceProcessor.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2017-12-01 12:16 - 2017-12-01 12:16 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000924136 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-12-01 12:16 - 2017-12-01 12:16 - 000902416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000891800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-12-01 12:16 - 2017-12-01 12:16 - 000887296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000840440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Perception.Stub.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000831384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9on12.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000823808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000819096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-12-01 12:16 - 2017-12-01 12:16 - 000813976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000791960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-12-01 12:16 - 2017-12-01 12:16 - 000779440 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-12-01 12:16 - 2017-12-01 12:16 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 000769096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcrt.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000768512 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000754688 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 000746904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Services.TargetedContent.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000744856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000739696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 000720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000713624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 000710920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000705944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000703568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000703536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000677280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 000669592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000666112 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000661664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000660480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000654848 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000654048 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-12-01 12:16 - 2017-12-01 12:16 - 000645528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000630752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcrt.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000618496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000615768 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2017-12-01 12:16 - 2017-12-01 12:16 - 000614912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000612760 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000610712 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-12-01 12:16 - 2017-12-01 12:16 - 000599040 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000597160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000592280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000591872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000590944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000588288 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000566272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000559512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000557056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9on12.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000555416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-12-01 12:16 - 2017-12-01 12:16 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000540672 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000534528 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 000525208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2017-12-01 12:16 - 2017-12-01 12:16 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-12-01 12:16 - 2017-12-01 12:16 - 000516096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000506256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000495000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000479912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000478208 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000474112 _____ (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000471960 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000464408 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000442880 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000436120 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000428952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 000418712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000404888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000398744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 000394752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2017-12-01 12:16 - 2017-12-01 12:16 - 000373656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 000372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000362176 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioIso.exe
2017-12-01 12:16 - 2017-12-01 12:16 - 000361984 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatializerApo.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwaApi.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000354200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000353848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000353688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000351232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DictationManager.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicRuntimes.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-12-01 12:16 - 2017-12-01 12:16 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000319352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000293888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WwaApi.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExecModelClient.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SpatializerApo.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000269696 _____ C:\WINDOWS\system32\FaceProcessorCore.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-12-01 12:16 - 2017-12-01 12:16 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-12-01 12:16 - 2017-12-01 12:16 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 000242176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExecModelClient.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000230296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-12-01 12:16 - 2017-12-01 12:16 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000198888 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000187288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_ContentDeliveryManager.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SIUF.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000166808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 000160256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 000147864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000129432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 000126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptcatsvc.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 000123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000097792 _____ C:\WINDOWS\system32\runexehelper.exe
2017-12-01 12:16 - 2017-12-01 12:16 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceUpdateAgent.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000082840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acppage.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2017-12-01 12:16 - 2017-12-01 12:16 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\acppage.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000060824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\urscx01000.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadjcsp.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000048112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-12-01 12:16 - 2017-12-01 12:16 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdrleakdiag.exe
2017-12-01 12:16 - 2017-12-01 12:16 - 000045464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdrleakdiag.exe
2017-12-01 12:16 - 2017-12-01 12:16 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-12-01 12:16 - 2017-12-01 12:16 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcVSp1res.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcVSp1res.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-12-01 12:14 - 2017-12-01 12:14 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-12-01 12:14 - 2017-12-01 12:14 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-12-01 12:14 - 2017-12-01 12:14 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-12-01 12:14 - 2017-12-01 12:14 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-12-01 12:14 - 2017-12-01 12:14 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-12-01 12:14 - 2017-12-01 12:14 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-12-01 12:14 - 2017-12-01 12:14 - 000000000 ____D C:\Program Files\Reference Assemblies
2017-12-01 12:14 - 2017-12-01 12:14 - 000000000 ____D C:\Program Files\MSBuild
2017-12-01 12:14 - 2017-12-01 12:14 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-12-01 12:14 - 2017-12-01 12:14 - 000000000 ____D C:\Program Files (x86)\MSBuild
2017-12-01 10:46 - 2017-12-01 10:46 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2017-12-01 10:44 - 2017-12-01 10:44 - 000000020 ___SH C:\Users\Christopher\ntuser.ini
2017-12-01 10:44 - 2017-12-01 10:44 - 000000000 ___HD C:\Users\Christopher\MicrosoftEdgeBackups
2017-12-01 10:34 - 2017-12-01 10:34 - 000000000 ____D C:\ProgramData\USOShared
2017-12-01 10:33 - 2017-12-05 18:52 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-12-01 10:33 - 2017-12-01 10:46 - 000003398 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3319825686-2643767977-2016650390-1001
2017-12-01 10:33 - 2017-12-01 10:33 - 000003584 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-12-01 10:33 - 2017-12-01 10:33 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-12-01 10:33 - 2017-12-01 10:33 - 000003398 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-01 10:33 - 2017-12-01 10:33 - 000003344 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-12-01 10:33 - 2017-12-01 10:33 - 000003302 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1498797898
2017-12-01 10:33 - 2017-12-01 10:33 - 000003278 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-12-01 10:33 - 2017-12-01 10:33 - 000003176 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-01 10:33 - 2017-12-01 10:33 - 000003120 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-12-01 10:33 - 2017-12-01 10:33 - 000003076 _____ C:\WINDOWS\System32\Tasks\update-S-1-5-21-3319825686-2643767977-2016650390-1001
2017-12-01 10:33 - 2017-12-01 10:33 - 000002984 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-01 10:33 - 2017-12-01 10:33 - 000002956 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-01 10:33 - 2017-12-01 10:33 - 000002952 _____ C:\WINDOWS\System32\Tasks\Norton Product InstallerIdle
2017-12-01 10:33 - 2017-12-01 10:33 - 000002940 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3319825686-2643767977-2016650390-1001
2017-12-01 10:33 - 2017-12-01 10:33 - 000002914 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-01 10:33 - 2017-12-01 10:33 - 000002838 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-01 10:33 - 2017-12-01 10:33 - 000002820 _____ C:\WINDOWS\System32\Tasks\update-sys
2017-12-01 10:33 - 2017-12-01 10:33 - 000002786 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-01 10:33 - 2017-12-01 10:33 - 000002744 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-01 10:33 - 2017-12-01 10:33 - 000002590 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2017-12-01 10:33 - 2017-12-01 10:33 - 000002434 _____ C:\WINDOWS\System32\Tasks\MSIAfterburner
2017-12-01 10:33 - 2017-12-01 10:33 - 000002418 _____ C:\WINDOWS\System32\Tasks\RTSS
2017-12-01 10:33 - 2017-12-01 10:33 - 000002382 _____ C:\WINDOWS\System32\Tasks\HWiNFO
2017-12-01 10:33 - 2017-12-01 10:33 - 000002360 _____ C:\WINDOWS\System32\Tasks\CAM
2017-12-01 10:33 - 2017-12-01 10:33 - 000000000 ____D C:\WINDOWS\System32\Tasks\WPD
2017-12-01 10:32 - 2017-12-01 10:32 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2017-12-01 10:32 - 2017-12-01 10:32 - 000007623 _____ C:\WINDOWS\diagerr.xml
2017-12-01 10:30 - 2017-12-05 18:58 - 001084630 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-12-01 10:27 - 2017-12-01 10:27 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-12-01 10:26 - 2017-12-05 14:42 - 000000000 ____D C:\Users\Christopher\AppData\Local\Packages
2017-12-01 10:26 - 2017-12-01 10:44 - 000000000 ____D C:\Users\Christopher
2017-12-01 10:25 - 2017-12-01 10:25 - 000000000 ____H C:\ProgramData\DP45977C.lfl
2017-12-01 10:25 - 2017-09-29 07:41 - 002241024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-12-01 10:24 - 2017-12-05 18:28 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-12-01 10:24 - 2017-12-01 10:28 - 006173928 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-12-01 00:18 - 2017-12-01 10:44 - 000000000 ___DC C:\WINDOWS\Panther
2017-11-30 22:54 - 2017-12-05 20:06 - 000089401 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-11-30 22:52 - 2017-11-30 22:53 - 000001446 _____ C:\WINDOWS\EPMBatch.ept
2017-11-30 22:43 - 2017-11-30 22:43 - 000000028 _____ C:\WINDOWS\OutLog.txt
2017-11-30 22:08 - 2017-11-30 22:51 - 000000000 _____ C:\WINDOWS\BcdLog.txt
2017-11-30 21:37 - 2017-12-01 12:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 12.5
2017-11-30 21:37 - 2017-09-13 11:11 - 004027024 _____ C:\WINDOWS\system32\BootMan.exe
2017-11-30 21:37 - 2017-09-13 11:10 - 003037328 _____ C:\WINDOWS\SysWOW64\BootMan.exe
2017-11-30 21:37 - 2016-12-07 13:26 - 000033448 _____ C:\WINDOWS\system32\epmntdrv.sys
2017-11-30 21:37 - 2016-07-11 10:01 - 000101984 _____ C:\WINDOWS\system32\setupempdrvx64.exe
2017-11-30 21:37 - 2016-07-11 10:01 - 000088160 _____ C:\WINDOWS\SysWOW64\setupempdrv03.exe
2017-11-30 21:37 - 2016-07-11 10:01 - 000010848 _____ C:\WINDOWS\system32\EuGdiDrv.sys
2017-11-30 21:37 - 2016-07-11 10:01 - 000010208 _____ C:\WINDOWS\SysWOW64\EuGdiDrv.sys
2017-11-30 21:37 - 2016-07-08 15:28 - 000248832 _____ C:\WINDOWS\SysWOW64\epmntdrv.pdb
2017-11-30 21:37 - 2016-01-14 10:05 - 000021496 _____ C:\WINDOWS\SysWOW64\epmntdrv.sys
2017-11-30 21:37 - 2014-11-18 14:46 - 000021088 _____ C:\WINDOWS\SysWOW64\EuEpmGdi.dll
2017-11-30 21:37 - 2014-11-18 14:46 - 000017504 _____ C:\WINDOWS\system32\EuEpmGdi.dll
2017-11-30 20:46 - 2017-11-30 21:02 - 000056062 _____ C:\NTFSp.txt
2017-11-30 20:36 - 2017-11-15 19:41 - 000057792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-11-30 20:33 - 2017-12-03 16:27 - 000000000 ____D C:\Users\Christopher\Desktop\FRST-OlderVersion
2017-11-30 15:34 - 2017-12-05 20:06 - 000000000 ____D C:\FRST
2017-11-30 15:21 - 2017-12-01 10:27 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-11-30 15:19 - 2017-12-01 10:30 - 000002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-30 15:19 - 2017-12-01 10:30 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-11-29 19:16 - 2017-12-05 18:53 - 000000000 ____D C:\AdwCleaner
 
Frst.txt 3/3
2017-11-19 16:21 - 2017-11-19 16:21 - 000000222 _____ C:\Users\Christopher\Desktop\Just Cause 3.url
2017-11-14 12:45 - 2017-12-01 10:27 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z
2017-11-14 12:45 - 2017-11-14 12:45 - 000000000 ____D C:\Program Files (x86)\GPU-Z
2017-11-11 12:43 - 2017-12-05 18:54 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-11-11 12:43 - 2017-12-05 18:52 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-11-11 12:43 - 2017-12-05 18:52 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-11-11 12:43 - 2017-12-05 18:52 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-11-11 12:43 - 2017-12-01 12:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-11 12:43 - 2017-11-11 12:43 - 000193464 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2017-11-11 12:43 - 2017-11-11 12:43 - 000000000 ____D C:\ProgramData\MB3CoreBackup
2017-11-07 14:46 - 2017-11-07 14:46 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-11-07 14:46 - 2017-09-13 17:20 - 000798008 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-11-07 14:46 - 2017-09-13 17:20 - 000490296 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-11-07 14:46 - 2017-09-13 17:19 - 000927544 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-11-07 14:46 - 2017-09-13 17:19 - 000591160 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-11-07 14:44 - 2017-10-27 11:50 - 040237688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 036239480 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 035156928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 029270976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 023262280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 019037416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 013864048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 013254520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 011779328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 010882720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 004485048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 004201592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 003817584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 003614328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 001989056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438813.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 001673848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438813.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 001331200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 001321448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 001135464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 001099712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 001044848 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 001038680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 001031104 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 000981112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 000932288 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 000885680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 000794392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 000739448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 000634224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 000618928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 000615544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 000598464 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 000505976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-11-07 14:44 - 2017-10-27 11:50 - 000048442 _____ C:\WINDOWS\system32\nvinfo.pb
2017-11-07 14:44 - 2017-10-27 11:50 - 000000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-11-07 14:44 - 2017-10-27 11:50 - 000000669 _____ C:\WINDOWS\system32\nv-vk64.json

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-05 20:02 - 2015-08-12 18:19 - 000000000 ___RD C:\Users\Christopher\Google Drive
2017-12-05 18:54 - 2016-04-21 17:21 - 000000000 ____D C:\Users\Christopher\AppData\Local\LogMeIn Hamachi
2017-12-05 18:52 - 2017-09-29 02:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2017-12-05 18:52 - 2017-05-23 15:59 - 000000000 ____D C:\ProgramData\NVIDIA
2017-12-05 18:52 - 2015-08-18 20:09 - 000000000 ____D C:\Users\Christopher\AppData\Local\Adobe
2017-12-05 18:52 - 2015-06-20 21:58 - 000000000 ____D C:\Program Files (x86)\Steam
2017-12-05 18:52 - 2015-06-20 21:46 - 000000000 __RDL C:\Users\Christopher\OneDrive
2017-12-05 18:01 - 2017-07-11 15:39 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-12-05 01:38 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-12-04 17:04 - 2015-11-30 21:53 - 000000000 ____D C:\Program Files (x86)\Origin
2017-12-04 12:26 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\rescache
2017-12-03 22:48 - 2017-07-11 15:38 - 000000000 ____D C:\ProgramData\RogueKiller
2017-12-03 13:33 - 2015-07-01 17:23 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\vlc
2017-12-03 05:09 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2017-12-03 05:08 - 2017-09-29 07:46 - 000000000 ___HD C:\Program Files\WindowsApps
2017-12-02 23:31 - 2015-12-11 19:30 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\uTorrent
2017-12-02 17:08 - 2017-09-29 07:44 - 000000000 ____D C:\WINDOWS\INF
2017-12-02 11:15 - 2017-09-29 07:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-12-02 04:21 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\appcompat
2017-12-02 01:38 - 2017-09-29 07:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-12-02 01:38 - 2017-09-29 07:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-12-02 01:37 - 2015-10-19 17:57 - 000000000 ____D C:\Program Files\Microsoft Office
2017-12-01 17:56 - 2015-08-18 20:10 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-12-01 12:24 - 2017-09-29 07:46 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-12-01 12:22 - 2017-09-29 07:49 - 000000000 ____D C:\WINDOWS\Setup
2017-12-01 12:22 - 2017-09-29 07:46 - 000000000 __RHD C:\Users\Public\Libraries
2017-12-01 12:22 - 2017-09-29 07:46 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-12-01 12:22 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-12-01 12:22 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-12-01 12:22 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\spool
2017-12-01 12:22 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-12-01 12:22 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-12-01 12:22 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-12-01 12:22 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2017-12-01 12:22 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-12-01 12:22 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\InputMethod
2017-12-01 12:22 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\Help
2017-12-01 12:22 - 2017-09-26 23:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-12-01 12:22 - 2017-09-24 17:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SOLIDWORKS Tools 2016
2017-12-01 12:22 - 2017-09-24 17:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SOLIDWORKS 2016
2017-12-01 12:22 - 2017-09-24 17:29 - 000000000 ____D C:\WINDOWS\SysWOW64\1033
2017-12-01 12:22 - 2017-09-24 17:29 - 000000000 ____D C:\WINDOWS\system32\1033
2017-12-01 12:22 - 2017-09-24 17:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2014
2017-12-01 12:22 - 2017-09-24 17:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SOLIDWORKS Installation Manager
2017-12-01 12:22 - 2017-09-21 21:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2017-12-01 12:22 - 2017-09-11 19:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2017-12-01 12:22 - 2017-08-04 14:16 - 000000000 ____D C:\WINDOWS\SysWOW64\Adobe
2017-12-01 12:22 - 2017-08-03 15:20 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-12-01 12:22 - 2017-07-17 12:26 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2017-12-01 12:22 - 2017-07-10 12:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2017-12-01 12:22 - 2017-07-01 20:11 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.3
2017-12-01 12:22 - 2017-06-29 07:44 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2017-12-01 12:22 - 2017-06-23 17:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO32
2017-12-01 12:22 - 2017-05-23 15:59 - 000000000 ____D C:\Program Files\Intel
2017-12-01 12:22 - 2017-05-23 15:59 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-12-01 12:22 - 2017-05-07 12:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
2017-12-01 12:22 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-12-01 12:22 - 2017-03-08 07:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-12-01 12:22 - 2017-01-24 22:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Twitch Leecher
2017-12-01 12:22 - 2016-09-08 16:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-12-01 12:22 - 2016-09-05 11:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed
2017-12-01 12:22 - 2016-08-20 14:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2017-12-01 12:22 - 2016-08-06 09:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-12-01 12:22 - 2016-07-11 08:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2017-12-01 12:22 - 2016-05-04 19:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch
2017-12-01 12:22 - 2016-04-08 17:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4K Download
2017-12-01 12:22 - 2016-01-02 04:57 - 000000000 ____D C:\Program Files (x86)\Razer
2017-12-01 12:22 - 2015-11-30 21:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2017-12-01 12:22 - 2015-11-07 11:44 - 000000000 ____D C:\WINDOWS\SysWOW64\xlive
2017-12-01 12:22 - 2015-09-02 16:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2017-12-01 12:22 - 2015-08-01 09:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Todo Backup Free 8.5
2017-12-01 12:22 - 2015-07-06 16:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2017-12-01 12:22 - 2015-06-21 21:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2017-12-01 12:22 - 2015-06-20 21:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-12-01 12:22 - 2015-06-20 21:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2017-12-01 12:22 - 2015-06-20 21:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-12-01 12:22 - 2013-08-22 09:36 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-12-01 12:22 - 2013-08-22 09:36 - 000000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2017-12-01 12:22 - 2013-08-22 09:36 - 000000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2017-12-01 12:19 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2017-12-01 12:19 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2017-12-01 12:19 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2017-12-01 12:19 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\SysWOW64\en-GB
2017-12-01 12:19 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2017-12-01 12:19 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2017-12-01 12:19 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\et-EE
2017-12-01 12:19 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\en-GB
2017-12-01 12:19 - 2017-09-24 17:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2017-12-01 12:19 - 2017-09-24 17:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2005
2017-12-01 12:19 - 2017-09-24 17:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
2017-12-01 12:19 - 2017-08-24 13:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2017-12-01 12:19 - 2017-08-04 18:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewBlue
2017-12-01 12:19 - 2017-08-01 22:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2017-12-01 12:19 - 2017-06-29 04:55 - 000000000 ____D C:\Program Files\ASUS
2017-12-01 12:19 - 2017-05-23 20:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ableton
2017-12-01 12:19 - 2017-05-23 15:59 - 000000000 ____D C:\Program Files\Realtek
2017-12-01 12:19 - 2016-06-24 13:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
2017-12-01 12:19 - 2015-11-14 16:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elgato
2017-12-01 12:19 - 2015-07-24 18:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2017-12-01 12:19 - 2015-06-21 13:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2017-12-01 12:17 - 2017-09-29 08:42 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\te-IN
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\ta-IN
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\si-LK
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\or-IN
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\km-KH
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\is-IS
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\id-ID
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\be-BY
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\as-IN
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\am-ET
2017-12-01 12:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2017-12-01 12:17 - 2017-09-29 07:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-12-01 12:17 - 2017-09-29 07:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-12-01 12:17 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\TextInput
2017-12-01 12:17 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2017-12-01 12:17 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-12-01 12:17 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2017-12-01 12:17 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-12-01 12:17 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-12-01 12:17 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-12-01 12:17 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\Provisioning
2017-12-01 12:17 - 2017-09-29 07:46 - 000000000 ____D C:\Program Files\Windows Defender
2017-12-01 12:17 - 2017-09-29 07:46 - 000000000 ____D C:\PerfLogs
2017-12-01 12:17 - 2017-09-29 02:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2017-12-01 10:46 - 2015-07-30 18:06 - 000002385 _____ C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-12-01 10:44 - 2017-10-25 17:31 - 000000000 ___RD C:\Users\Christopher\3D Objects
2017-12-01 10:44 - 2015-07-30 18:02 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-12-01 10:44 - 2015-07-30 18:02 - 000000000 ____D C:\Users\Christopher\AppData\Local\TileDataLayer
2017-12-01 10:34 - 2017-09-29 07:46 - 000000000 ____D C:\ProgramData\USOPrivate
2017-12-01 10:34 - 2017-05-07 09:15 - 000000410 __RSH C:\ProgramData\ntuser.pol
2017-12-01 10:32 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\Registration
2017-12-01 10:32 - 2015-07-30 17:55 - 000022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-12-01 10:30 - 2015-06-21 14:07 - 000904310 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2017-12-01 10:27 - 2017-09-29 07:46 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-12-01 10:27 - 2017-08-16 17:40 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SnakeBite
2017-12-01 10:27 - 2017-07-22 16:45 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WiiU_USB_Helper
2017-12-01 10:27 - 2017-06-23 17:50 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server
2017-12-01 10:27 - 2017-06-23 17:23 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2017-12-01 10:27 - 2017-05-07 12:03 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2017-12-01 10:27 - 2017-05-07 12:02 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2017-12-01 10:27 - 2016-12-14 19:44 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Balabolka
2017-12-01 10:27 - 2016-10-22 11:57 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WBFS Manager
2017-12-01 10:27 - 2016-06-27 19:42 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
2017-12-01 10:27 - 2015-09-20 14:28 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BlueJ
2017-12-01 10:27 - 2015-06-20 21:58 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-12-01 10:26 - 2016-05-23 13:36 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2017-12-01 10:26 - 2015-12-31 22:38 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-12-01 10:26 - 2015-06-24 11:44 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2017-12-01 10:25 - 2017-09-29 02:45 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2017-12-01 10:25 - 2017-06-29 04:55 - 000000000 ____D C:\WINDOWS\system32\DAX2
2017-12-01 10:25 - 2017-05-23 15:59 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-12-01 10:25 - 2017-05-23 15:59 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-12-01 10:25 - 2015-08-07 14:16 - 000000000 ____D C:\Temp
2017-12-01 00:21 - 2015-11-25 12:54 - 000000000 ____D C:\Users\Christopher\AppData\Local\CrashDumps
2017-11-30 22:54 - 2017-05-23 15:59 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-11-30 21:37 - 2015-08-01 09:29 - 000000000 ____D C:\Program Files (x86)\EaseUS
2017-11-30 20:36 - 2017-05-23 15:59 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-11-30 15:19 - 2015-06-20 21:48 - 000000000 ____D C:\Users\Christopher\AppData\Local\Google
2017-11-30 15:19 - 2015-06-20 21:48 - 000000000 ____D C:\Program Files (x86)\Google
2017-11-29 19:20 - 2016-05-03 17:57 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2017-11-29 00:56 - 2017-10-14 18:35 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\nhm2
2017-11-25 21:16 - 2016-09-05 11:14 - 000000000 ____D C:\Program Files\WhoCrashed
2017-11-25 21:16 - 2016-05-23 13:36 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\discord
2017-11-24 11:58 - 2017-06-29 22:44 - 000001078 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2017-11-24 11:58 - 2017-06-29 22:44 - 000000000 ____D C:\Program Files\Opera
2017-11-20 22:31 - 2015-07-06 16:24 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\.minecraft
2017-11-20 11:22 - 2017-06-23 17:23 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner
2017-11-20 01:14 - 2015-06-24 11:44 - 000000000 ____D C:\Users\Christopher\AppData\Local\Ubisoft Game Launcher
2017-11-19 21:36 - 2016-10-09 07:34 - 000000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2017-11-19 14:55 - 2017-02-14 20:15 - 000001040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-11-18 20:04 - 2015-06-24 11:54 - 000281688 _____ C:\WINDOWS\SysWOW64\PnkBstrB.xtr
2017-11-18 16:27 - 2015-06-22 18:04 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-11-18 16:21 - 2017-10-10 14:52 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-11-18 16:21 - 2015-06-22 18:04 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-11-17 00:02 - 2015-06-24 11:44 - 000281688 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2017-11-15 19:41 - 2017-06-29 07:12 - 000186304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2017-11-15 19:41 - 2017-06-29 07:12 - 000152512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2017-11-15 19:41 - 2016-09-08 16:09 - 002404800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2017-11-15 19:41 - 2016-09-08 16:09 - 002070976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2017-11-15 19:41 - 2016-09-08 16:09 - 001309120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll
2017-11-15 18:53 - 2017-01-07 11:00 - 000001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2017-11-12 16:34 - 2017-02-24 19:24 - 000780328 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2017-11-11 19:19 - 2015-06-20 22:13 - 000000000 ____D C:\Users\Christopher\AppData\Local\NVIDIA
2017-11-11 19:17 - 2015-07-06 16:23 - 000000000 ____D C:\Program Files (x86)\Minecraft
2017-11-11 12:43 - 2017-10-07 22:03 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-07 18:34 - 2017-08-04 14:11 - 000000000 ____D C:\Users\Christopher\AppData\Local\IE Tab
2017-11-07 15:12 - 2017-09-15 15:14 - 000000000 ____D C:\Users\Christopher\AppData\Local\Arduino15

==================== Files in the root of some directories =======

2017-10-18 12:17 - 2017-10-18 12:17 - 000007605 _____ () C:\Users\Christopher\AppData\Local\Resmon.ResmonCfg
2017-09-11 19:41 - 2017-09-11 19:41 - 000000003 _____ () C:\Users\Christopher\AppData\Local\updater.log
2017-09-11 19:41 - 2017-09-11 19:41 - 000000425 _____ () C:\Users\Christopher\AppData\Local\UserProducts.xml

Some files in TEMP:
====================
2017-12-01 21:52 - 2017-12-04 21:50 - 000000000 _____ () C:\Users\Christopher\AppData\Local\Temp\00e481b5e22dbe1f649fcddd505d3eb7.dll
2017-12-01 21:52 - 2017-12-04 21:50 - 000000017 _____ () C:\Users\Christopher\AppData\Local\Temp\424b07c3213a8af58f56a73cb248247b.dll
2017-12-03 22:39 - 2017-12-01 12:16 - 001954048 _____ (Microsoft Corporation) C:\Users\Christopher\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-12-01 10:24

==================== End of FRST.txt ============================
 
Addition.txt 1/3
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-11-2017
Ran by ChristopherAubert (05-12-2017 20:06:47)
Running from C:\Users\Christopher\Desktop
Windows 10 Pro Version 1709 16299.98 (X64) (2017-12-01 16:34:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3319825686-2643767977-2016650390-500 - Administrator - Disabled)
ChristopherAubert (S-1-5-21-3319825686-2643767977-2016650390-1001 - Administrator - Enabled) => C:\Users\Christopher
DefaultAccount (S-1-5-21-3319825686-2643767977-2016650390-503 - Limited - Disabled)
Guest (S-1-5-21-3319825686-2643767977-2016650390-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3319825686-2643767977-2016650390-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3319825686-2643767977-2016650390-1001\...\uTorrent) (Version: 3.5.0.44294 - BitTorrent Inc.)
4K Video Downloader 4.2 (HKLM-x32\...\4K Video Downloader_is1) (Version: 4.2.0.2175 - Open Media LLC)
4K YouTube to MP3 3.0 (HKLM-x32\...\4K YouTube to MP3_is1) (Version: 3.0.1.1636 - Open Media LLC)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.1.2 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.2.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.9.199 - Adobe Systems, Inc.)
Arduino (HKLM-x32\...\Arduino) (Version: 1.8.4 - Arduino LLC)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
Backup and Sync from Google (HKLM-x32\...\{604582EB-8259-4ED6-9B1B-6F2494D4B640}) (Version: 3.37.7411.4599 - Google, Inc.)
Balabolka (HKLM-x32\...\Balabolka) (Version: 2.11.0.616 - Ilya Morozov)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
Blackboard Collaborate Launcher (HKLM-x32\...\{C4F79F84-C509-48B0-81B8-3C2FA2182406}) (Version: 1.6.0.0 - Blackboard)
BlueJ (HKLM-x32\...\{7D66971C-652B-4065-A6B1-B3EE313C254B}) (Version: 3.1.5 - BlueJ Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Chrome Remote Desktop Host (HKLM-x32\...\{D61C8E6E-A4F3-4CD8-8568-51CEB5660C89}) (Version: 63.0.3239.32 - Google Inc.)
CPUID HWMonitor 1.32 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.32 - )
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0192 - Disc Soft Ltd)
Discord (HKU\S-1-5-21-3319825686-2643767977-2016650390-1001\...\Discord) (Version: 0.0.298 - Discord Inc.)
EaseUS Partition Master 12.5 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
Elgato Game Capture HD (HKLM-x32\...\{FAC1D41C-C800-467B-8C8D-97FBF6F5BBF1}) (Version: 2.20.9.1066 - Elgato Systems GmbH)
Epic Games Launcher (HKLM-x32\...\{F7118EF5-320C-4340-99F4-25F970B428A3}) (Version: 1.1.125.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version: - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line)
Fraps (HKLM-x32\...\Fraps) (Version: - )
Game Capture HD60 Pro v1.1.0.149 (HKLM-x32\...\Software_Elgato_Game Capture HD60 Pro) (Version: 1.1.0.149 - Elgato Systems)
Game Capture HD60 v2.1.1.3 (HKLM-x32\...\Software_Elgato_Game Capture HD60) (Version: 2.1.1.3 - Elgato Systems)
GDR 4237 for SQL Server 2014 (KB4019091) (64-bit) (HKLM\...\KB4019091) (Version: 12.1.4237.0 - Microsoft Corporation)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - )
HP OfficeJet 4650 series Basic Device Software (HKLM\...\{F68DF314-BD12-4549-941C-521CB8D16DDE}) (Version: 40.11.1122.1796 - HP Inc.)
HWiNFO32 Version 5.52 (HKLM-x32\...\HWiNFO32_is1) (Version: 5.52 - Martin Malík - REALiX)
Intel(R) Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel(R) Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Lernout & Hauspie TruVoice American English TTS Engine (HKLM-x32\...\tv_enua) (Version: - )
Lightshot-5.4.0.10 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.10 - Skillbrains)
Live 8.2.2 (HKLM-x32\...\Live 8.2.2) (Version: - )
LogMeIn Hamachi (HKLM-x32\...\{BE82D2D7-6CA2-43B3-8C22-CCF6405806E7}) (Version: 2.2.0.579 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.579 - LogMeIn, Inc.)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{BE00C353-3529-4C31-AED2-AE3598D2CD2B}) (Version: 12.1.4237.0 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.8625.2139 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3319825686-2643767977-2016650390-1001\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{C79A7EAB-9D6F-4072-8A6D-F8F54957CD93}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2014) (Version: - Microsoft Corporation)
Microsoft SQL Server 2014 Setup (English) (HKLM\...\{EDB86AFA-B3AA-45F6-BEEB-DA14A47FC1FB}) (Version: 12.1.4237.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{FF7DDA05-6EA7-4C01-B44A-3E57F8B9B97B}) (Version: 12.1.4100.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2014 (HKLM\...\{366CD715-2FF4-40B4-A8B4-A05E5D21A945}) (Version: 12.1.4100.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 54.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 54.0.1 (x64 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0.1 - Mozilla)
MSI Afterburner 4.4.0 (HKLM-x32\...\Afterburner) (Version: 4.4.0 - MSI Co., LTD)
NewBlue 3D Explosions for Windows (HKLM-x32\...\NewBlue 3D Explosions for Windows) (Version: 3.0 - NewBlue)
NewBlue 3D Transformations for Windows (HKLM-x32\...\NewBlue 3D Transformations for Windows) (Version: 3.0 - NewBlue)
NewBlue Art Blends for Windows (HKLM-x32\...\NewBlue Art Blends for Windows) (Version: 3.0 - NewBlue)
NewBlue Art Effects for Windows (HKLM-x32\...\NewBlue Art Effects for Windows) (Version: 3.0 - NewBlue)
NewBlue ColorFast for Windows (HKLM-x32\...\NewBlue ColorFast for Windows) (Version: 3.0 - NewBlue)
NewBlue Film Effects for Windows (HKLM-x32\...\NewBlue Film Effects for Windows) (Version: 3.0 - NewBlue)
NewBlue Light Blends for Windows (HKLM-x32\...\NewBlue Light Blends for Windows) (Version: 3.0 - NewBlue)
NewBlue Light Effects for Windows (HKLM-x32\...\NewBlue Light Effects for Windows) (Version: 3.0 - NewBlue)
NewBlue Motion Blends for Windows (HKLM-x32\...\NewBlue Motion Blends for Windows) (Version: 2.4 - NewBlue)
NewBlue Motion Effects for Windows (HKLM-x32\...\NewBlue Motion Effects for Windows) (Version: 3.0 - NewBlue)
NewBlue Paint Blends for Windows (HKLM-x32\...\NewBlue Paint Blends for Windows) (Version: 3.0 - NewBlue)
NewBlue Paint Effects for Windows (HKLM-x32\...\NewBlue Paint Effects for Windows) (Version: 3.0 - NewBlue)
NewBlue Video Essentials for Windows (HKLM-x32\...\NewBlue Video Essentials for Windows) (Version: 3.0 - NewBlue)
NewBlue Video Essentials II for Windows (HKLM-x32\...\NewBlue Video Essentials II for Windows) (Version: 3.0 - NewBlue)
NewBlue Video Essentials III for Windows (HKLM-x32\...\NewBlue Video Essentials III for Windows) (Version: 3.0 - NewBlue)
NewBlue Video Essentials IV for Windows (HKLM-x32\...\NewBlue Video Essentials IV for Windows) (Version: 3.0 - NewBlue)
NewBlue Video Essentials V for Windows (HKLM-x32\...\NewBlue Video Essentials V for Windows) (Version: 3.0 - NewBlue)
NewBlue Video Essentials VI for Windows (HKLM-x32\...\NewBlue Video Essentials VI for Windows) (Version: 3.0 - NewBlue)
NewBlue Video Essentials VII for Windows (HKLM-x32\...\NewBlue Video Essentials VII for Windows) (Version: 3.0 - NewBlue)
NextUp-ScanSoft Daniel British Voice (HKLM-x32\...\{BE916006-E144-44CF-B467-F733D0F86200}) (Version: 4.0.0 - NextUp.com)
NiceHash Miner 2 0.1.3 (only current user) (HKU\S-1-5-21-3319825686-2643767977-2016650390-1001\...\08059810-bc78-5c10-942c-2092eebb5ec8) (Version: 0.1.3 - NiceHash)
NVIDIA GeForce Experience 3.11.0.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.11.0.73 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 20.0.1 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.8326.2076 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Opera Stable 49.0.2725.47 (HKLM-x32\...\Opera 49.0.2725.47) (Version: 49.0.2725.47 - Opera Software)
Oracle VM VirtualBox 5.1.26 (HKLM\...\{11A88BD5-F059-4743-81D9-1432AC9C3D4E}) (Version: 5.1.26 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.8.11002 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
Overwatch Test (HKLM-x32\...\Overwatch Test) (Version: - Blizzard Entertainment)
paint.net (HKLM\...\{02D89175-E08F-401B-BA30-8B7512B57724}) (Version: 4.0.17 - dotPDN LLC)
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 2.7.5 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.21.00.830 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.2.703.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{B63CCD1C-A133-4DF8-8306-DA0387231152}) (Version: 1.00.0269 - REALTEK Semiconductor Corp.)
RivaTuner Statistics Server 7.0.0 Beta 19 (HKLM-x32\...\RTSS) (Version: 7.0.0 Beta 19 - Unwinder)
RogueKiller version 12.11.26.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.26.0 - Adlice Software)
Service Pack 1 for SQL Server 2014 (KB3058865) (64-bit) (HKLM\...\KB3058865) (Version: 12.1.4100.1 - Microsoft Corporation)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.)
SOLIDWORKS 2016 x64 Edition SP04 (HKLM\...\{768F3B65-1695-47B7-9002-B11400CB111D}) (Version: 24.140.86 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS 2016 x64 Edition SP04 (HKLM-x32\...\SolidWorks Installation Manager 20160-40400-1100-100) (Version: 24.4.0.86 - SolidWorks Corporation)
SOLIDWORKS Composer Player 2016 SP04 x64 Edition (HKLM\...\{8537E059-C18B-4DE6-AED6-CD9B90240C35}) (Version: 24.40.86 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS eDrawings 2016 x64 Edition SP04 (HKLM\...\{B3DDA3FF-C213-42EA-808B-274C1E88EABD}) (Version: 16.4.0053 - Dassault Systèmes SolidWorks Corp) Hidden
SOLIDWORKS Electrical 2016 SP04 x64 Edition (HKLM\...\{064914EF-A0D8-447D-8E5C-E888CA8FD467}) (Version: 24.40.86 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS Flow Simulation 2016 SP04 x64 Edition (HKLM\...\{0B7C2320-1D2F-42F1-9941-C88C6B7AB0D5}) (Version: 24.40.87 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS Plastics 2016 SP04 x64 Edition (HKLM\...\{DF6A3557-CE70-4357-81CF-E33CCB5E750D}) (Version: 24.40.86 - Dassault Systemes SolidWorks Corp) Hidden
Spotify (HKU\S-1-5-21-3319825686-2643767977-2016650390-1001\...\Spotify) (Version: 1.0.62.508.g2c497f24 - Spotify AB)
SQL Server 2014 Common Files (HKLM\...\{BD1CD96B-FE4B-4EAE-83D4-6EF55AB5779C}) (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (HKLM\...\{F7012F84-80F5-4C25-852E-B1BA03276FE6}) (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{17531BCD-C627-46A2-9F1E-7CC920E0E94A}) (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{5082A9F3-AEE5-4639-9BA7-C19661BA7331}) (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM\...\{ACC530B8-B6B4-40D6-B59B-152468CF47D0}) (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM\...\{D1B847A9-B06B-4264-9EF0-78E6E1571E65}) (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2014 (HKLM-x32\...\{3204DE95-97D2-4261-A286-98A262E171D4}) (Version: 12.1.4100.1 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (HKLM\...\{6476DB81-F263-4C04-8574-AAD31136C304}) (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab Detection (HKLM-x32\...\{541E382C-8DBF-44C5-BB7A-00E01526184E}) (Version: 6.1.6.0 - Husdawg, LLC)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.88438 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
Trials Fusion (HKLM-x32\...\Uplay Install 297) (Version: - Ubisoft)
Twitch Leecher 1.3.5 (HKLM\...\{C7081120-8F65-46B6-85A4-3200AB1B5AAA}) (Version: 1.3.5.0 - Fake Smile Revolution) Hidden
Twitch Leecher 1.3.5 (HKLM-x32\...\{dbdcd040-9099-4490-80a2-0a617c83df14}) (Version: 1.3.5.0 - Fake Smile Revolution)
Unity Web Player (HKU\S-1-5-21-3319825686-2643767977-2016650390-1001\...\UnityWebPlayer) (Version: 5.1.3f1 - Unity Technologies ApS)
Unlocker (HKLM\...\{5993C960-4E90-4A00-A2F3-D0C4020A6992}) (Version: 1.9.2 - ajua Custom Installers)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
Vegas Pro 13.0 (64-bit) (HKLM\...\{D0360940-CCC6-11E3-B9C6-F04DA23A5C58}) (Version: 13.0.310 - Sony)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
WBFS Manager 3.0 (HKLM-x32\...\WBFS Manager 3.0) (Version: 3.0 - AlexDP)
WhoCrashed 5.52 (HKLM\...\WhoCrashed_is1) (Version: - Resplendence Software Projects Sp.)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WPTx64 (HKLM-x32\...\{0B2C58EB-67A2-225B-60B2-D1990E55DD33}) (Version: 8.100.26866 - Microsoft)
Zoo Tycoon: Complete Collection (HKLM-x32\...\Zoo Tycoon 1.0) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3319825686-2643767977-2016650390-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Christopher\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-01] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-01] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-01] (Google)
ContextMenuHandlers1: [Balabolka] -> {6CB83A5A-AA68-4895-9F54-175E789AE149} => C:\Program Files (x86)\Balabolka\BFileExt.dll [2013-02-28] (Ilya Morozov)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-01] (Google)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-01] (Google)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {018DDBE5-D919-4488-B41D-05A4B6D47D36} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {146E9603-DC8F-4E37-9E1A-52563B54F8B7} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-11-15] (NVIDIA Corporation)
Task: {1729B123-DE6D-4835-9CB3-403640369924} - System32\Tasks\update-S-1-5-21-3319825686-2643767977-2016650390-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {1E0B3DCB-D58E-4772-8B7D-333400D3FCD2} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NOUACCHECK
Task: {2478B127-7F78-413A-B0B1-60F5EFD02EBE} - System32\Tasks\Opera scheduled Autoupdate 1498797898 => C:\Program Files\Opera\launcher.exe [2017-11-23] (Opera Software)
Task: {2C021CE2-9C47-4373-8222-00E96DA1BF8B} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-26] ()
Task: {32FA0967-A524-4952-A9C8-52E08E780C5B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {3401E304-5AD4-4C43-B04A-B2B142387883} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-11-15] (NVIDIA Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3A24B074-058C-45D2-A2D5-745B09BE0F90} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-15] (Adobe Systems Incorporated)
Task: {495A9FA3-E3D0-4099-B625-CB4334A7363C} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_187_pepper.exe [2017-11-15] (Adobe Systems Incorporated)
Task: {4C9EB26E-F7D4-4559-9E9C-B2218C0441C4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-11-22] (Microsoft Corporation)
Task: {4E291B42-58AC-4793-B5EA-B07FAE1A1D99} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-11-15] (NVIDIA Corporation)
Task: {4EAFCE38-4438-4CB9-A28B-678EE408FFF0} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-11-15] (NVIDIA Corporation)
Task: {5796CC6E-F940-449A-9710-5B9422045688} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-12-02] (Microsoft Corporation)
Task: {5D6C7344-D9B9-46B9-B818-1E40D7397AE6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-20] (Google Inc.)
Task: {5FF7702E-1C2F-4BD5-BC84-9106B1A948E5} - System32\Tasks\HWiNFO => C:\Program Files (x86)\HWiNFO32\HWiNFO32.EXE [2017-05-23] (REALiX)
Task: {66955745-9E14-483C-B746-DF23BE5B70C4} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-11-15] (NVIDIA Corporation)
Task: {6B567D2A-7B20-4D85-A580-7C3ADF58213F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-12-02] (Microsoft Corporation)
Task: {6F8B5632-20BD-4A59-9B7D-DC5A30242A9C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-12-02] (Microsoft Corporation)
Task: {796BE913-D989-4A68-8A39-978447A124A6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-11-22] (Microsoft Corporation)
Task: {7B352C5D-D240-4CAE-A425-A85C3AE96334} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2017-10-31] ()
Task: {89F941D5-3685-4BDB-A169-0A6C79C2249A} - System32\Tasks\RTSS => C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe [2017-04-08] ()
Task: {8C332A71-9306-4ACC-8C69-A1F7CA8DF00C} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-26] ()
Task: {92C65BCC-3DA0-4800-A912-D7DDBEB0CA2A} - System32\Tasks\Norton Product InstallerIdle => C:\WINDOWS\SysWOW64\Adobe\Shockwave 12\SymInstallStub.exe
Task: {A5221AB8-4AAF-4B6C-B258-9C357380C604} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-11-15] (NVIDIA Corporation)
Task: {BD61B490-330B-43A7-AFF9-8D15094F83DE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-20] (Google Inc.)
Task: {D599F332-3E79-403F-8F80-37BC8C3ABAF5} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-11-15] (NVIDIA Corporation)
Task: {DBD48C8D-396C-472B-877B-DF39B7302637} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-11-15] (NVIDIA Corporation)
Task: {E201DDEC-9FED-4027-99E7-086C257F70B4} - System32\Tasks\CAM => C:\Program Files (x86)\NZXT\CAM\CAM_V3.exe
Task: {EAF7B160-6AF5-44DC-9796-266BCC6151A1} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-11-18] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
Task: C:\WINDOWS\Tasks\Norton Product InstallerIdle.job => C:\WINDOWS\SysWOW64\Adobe\Shockwave 12\SymInstallStub.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-3319825686-2643767977-2016650390-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - notes and lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki

==================== Loaded Modules (Whitelisted) ==============

2017-09-29 07:41 - 2017-09-29 07:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-06-29 04:55 - 2013-07-03 19:32 - 000936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2016-07-14 18:46 - 2016-07-14 18:46 - 000180272 _____ () C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Electrical\server\EwServer.exe
2017-10-07 22:03 - 2017-11-01 08:55 - 002299344 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-10-07 22:03 - 2017-11-01 08:54 - 002358736 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-07-19 16:09 - 2017-07-19 16:09 - 000189264 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2016-09-08 16:09 - 2017-11-15 19:41 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-11-14 18:12 - 2014-12-12 17:24 - 000044760 _____ () C:\Windows\runSW.exe
2017-02-14 09:40 - 2017-04-08 08:40 - 000428232 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks64.dll
2017-04-08 08:35 - 2017-04-08 08:35 - 000241152 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
2017-12-01 12:16 - 2017-12-01 12:16 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-01 12:16 - 2017-12-01 12:16 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-11-30 09:07 - 2017-11-30 09:08 - 000087040 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-11-30 09:07 - 2017-11-30 09:08 - 000202752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-11-30 09:07 - 2017-11-30 09:08 - 025600000 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-11-30 09:07 - 2017-11-30 09:08 - 002546176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\skypert.dll
2017-11-30 09:07 - 2017-11-30 09:08 - 000672256 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2017-04-08 08:35 - 2017-04-08 08:35 - 000027136 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe
2017-04-08 08:35 - 2017-04-08 08:35 - 000088576 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
2017-11-01 04:49 - 2017-11-01 04:49 - 040417680 _____ () C:\Program Files (x86)\Google\Drive\googledrivesync.exe
2016-07-15 00:45 - 2016-07-15 00:45 - 000267672 _____ () C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\sldBodyDiffu.dll
2017-11-30 21:37 - 2017-09-13 11:12 - 000256144 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.5\bin\TrayPopupE\TrayTipAgentE.exe
2017-11-30 15:19 - 2017-11-10 03:57 - 004135768 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libglesv2.dll
2017-11-30 15:19 - 2017-11-10 03:57 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libegl.dll
2017-10-14 18:35 - 2017-10-17 15:10 - 001960448 ____N () C:\Users\Christopher\AppData\Local\Programs\NiceHash Miner 2\ffmpeg.dll
2017-12-05 19:50 - 2017-12-05 19:50 - 000157696 _____ () \\?\C:\Users\Christopher\AppData\Local\Temp\411E.tmp.node
2017-12-05 19:50 - 2017-12-05 19:50 - 000167936 _____ () \\?\C:\Users\Christopher\AppData\Local\Temp\413E.tmp.node
2017-12-05 19:50 - 2017-12-05 19:50 - 000146432 _____ () \\?\C:\Users\Christopher\AppData\Local\Temp\415E.tmp.node
2017-12-05 19:50 - 2017-12-05 19:50 - 000282112 _____ () \\?\C:\Users\Christopher\AppData\Local\Temp\4B04.tmp.node
2017-12-05 19:50 - 2017-12-05 19:50 - 000371712 _____ () \\?\C:\Users\Christopher\AppData\Local\Temp\4B35.tmp.node
2017-06-29 04:55 - 2017-12-05 18:52 - 000035984 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2017-06-29 04:55 - 2013-07-03 19:32 - 000104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2017-02-14 09:40 - 2017-04-08 08:40 - 000400072 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks.dll
2016-09-08 16:09 - 2017-11-15 19:41 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-04-08 08:34 - 2017-04-08 08:34 - 000055808 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTFC.dll
2017-04-08 08:35 - 2017-04-08 08:35 - 000353792 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTUI.dll
2017-04-08 08:35 - 2017-04-08 08:35 - 000071680 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTMUI.dll
2016-09-08 16:09 - 2017-11-15 19:40 - 066906560 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2017-09-26 21:34 - 2017-11-07 15:32 - 008930992 _____ () C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2015-06-20 22:16 - 2017-09-09 13:25 - 000688416 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-06-20 22:16 - 2017-10-30 21:22 - 002546976 _____ () C:\Program Files (x86)\Steam\video.dll
2015-06-20 22:16 - 2016-08-31 19:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-06-20 22:16 - 2016-01-27 01:49 - 000332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-06-20 22:16 - 2016-01-27 01:49 - 000491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-06-20 22:16 - 2016-01-27 01:49 - 002549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-06-20 22:16 - 2016-01-27 01:49 - 000485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-06-20 22:16 - 2016-01-27 01:49 - 000442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-06-20 22:16 - 2016-08-31 19:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-06-20 22:16 - 2016-08-31 19:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-06-20 22:16 - 2017-10-30 21:22 - 000901408 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-09 16:45 - 2016-07-04 16:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-12-12 22:27 - 2017-08-16 16:28 - 073130272 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-06-09 10:12 - 2017-09-06 20:04 - 000678400 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2015-06-20 22:16 - 2015-09-24 17:52 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2017-12-05 18:52 - 2017-12-05 18:52 - 000088064 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI129282\_ctypes.pyd
2017-12-05 18:52 - 2017-12-05 18:52 - 000918528 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI129282\_hashlib.pyd
2017-12-05 18:52 - 2017-12-05 18:52 - 000098816 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI129282\win32api.pyd
 
Addition.txt 2/3
2017-12-05 18:52 - 2017-12-05 18:52 - 000110080 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI129282\pywintypes27.dll
2017-12-05 18:52 - 2017-12-05 18:52 - 000364544 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI129282\pythoncom27.dll
2017-12-05 18:52 - 2017-12-05 18:52 - 000686080 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI129282\unicodedata.pyd
2017-12-05 18:52 - 2017-12-05 18:52 - 000320512 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI129282\win32com.shell.shell.pyd
2017-12-05 18:52 - 2017-12-05 18:52 - 001177088 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI129282\wx._core_.pyd
2017-12-05 18:52 - 2017-12-05 18:52 - 000806912 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI129282\wx._gdi_.pyd
2017-12-05 18:52 - 2017-12-05 18:52 - 000816640 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI129282\wx._windows_.pyd
2017-12-05 18:52 - 2017-12-05 18:52 - 001067520 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI129282\wx._controls_.pyd
2017-12-05 18:52 - 2017-12-05 18:52 - 000733696 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI129282\wx._misc_.pyd
2017-12-05 18:52 - 2017-12-05 18:52 - 000736256 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI129282\pysqlite2._sqlite.pyd
2017-12-05 18:52 - 2017-12-05 18:52 - 000119808 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI129282\win32file.pyd
2017-12-05 18:52 - 2017-12-05 18:52 - 000108544 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI129282\win32security.pyd
2017-12-05 18:52 - 2017-12-05 18:52 - 000007168 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI129282\hashobjs_ext.pyd
2017-12-05 18:52 - 2017-12-05 18:52 - 000017920 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI129282\thumbnails_ext.pyd
2017-12-05 18:52 - 2017-12-05 18:52 - 000082432 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI129282\usb_ext.pyd
2017-12-05 18:52 - 2017-12-05 18:52 - 000013824 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI129282\common.time34.pyd
2017-12-05 18:52 - 2017-12-05 18:52 - 000018432 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI129282\win32event.pyd
2017-12-05 18:52 - 2017-12-05 18:52 - 000027648 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI129282\windows.conditional.pyd
2017-12-05 18:52 - 2017-12-05 18:52 - 000017408 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI129282\windows.winwrap.pyd
2017-12-05 18:52 - 2017-12-05 18:52 - 000089088 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI129282\windows.volumes.pyd
2017-12-05 18:52 - 2017-12-05 18:52 - 000167936 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI129282\win32gui.pyd
2017-12-05 18:52 - 2017-12-05 18:52 - 000046080 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI129282\_socket.pyd
2017-12-05 18:52 - 2017-12-05 18:52 - 001309696 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI129282\_ssl.pyd
2017-12-05 18:52 - 2017-12-05 18:52 - 000129536 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI129282\_elementtree.pyd
2017-12-05 18:52 - 2017-12-05 18:52 - 000127488 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI129282\pyexpat.pyd
2017-12-05 18:52 - 2017-12-05 18:52 - 000038912 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI129282\win32inet.pyd
2017-12-05 18:52 - 2017-12-05 18:52 - 000077824 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI129282\wx._html2.pyd
2017-12-05 18:52 - 2017-12-05 18:52 - 000036864 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI129282\_psutil_windows.pyd
2017-12-05 18:52 - 2017-12-05 18:52 - 000524248 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI129282\windows._lib_cacheinvalidation.pyd
2017-12-05 18:52 - 2017-12-05 18:52 - 000011264 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI129282\win32crypt.pyd
2017-12-05 18:52 - 2017-12-05 18:52 - 000218624 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI129282\PIL._imaging.pyd
2017-12-05 18:52 - 2017-12-05 18:52 - 000027648 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI129282\_multiprocessing.pyd
2017-12-05 18:52 - 2017-12-05 18:52 - 000020480 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI129282\_yappi.pyd
2017-12-05 18:52 - 2017-12-05 18:52 - 000035840 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI129282\win32process.pyd
2017-12-05 18:52 - 2017-12-05 18:52 - 000024064 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI129282\win32pipe.pyd
2017-12-05 18:52 - 2017-12-05 18:52 - 000010240 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI129282\select.pyd
2017-12-05 18:52 - 2017-12-05 18:52 - 000025600 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI129282\win32pdh.pyd
2017-12-05 18:52 - 2017-12-05 18:52 - 000059392 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI129282\windows.device_monitor.pyd
2017-12-05 18:52 - 2017-12-05 18:52 - 000017408 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI129282\win32profile.pyd
2017-12-05 18:52 - 2017-12-05 18:52 - 000022528 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI129282\win32ts.pyd
2017-08-08 17:22 - 2017-08-08 14:13 - 001893880 _____ () C:\Users\Christopher\AppData\Local\Discord\app-0.0.298\ffmpeg.dll
2017-08-09 10:07 - 2017-08-09 10:07 - 001577976 _____ () \\?\C:\Users\Christopher\AppData\Roaming\discord\0.0.298\modules\discord_toaster\discord_toaster.node
2017-09-29 07:41 - 2017-09-29 07:41 - 001949184 _____ () C:\Windows\System32\speech_onecore\engines\tts\MSTTSEngine_OneCore.dll
2017-09-29 07:41 - 2017-09-29 07:41 - 000774656 _____ () C:\Windows\System32\speech_onecore\engines\tts\MSTTSLoc_OneCore.DLL
2017-08-08 17:22 - 2017-08-08 14:13 - 001938424 _____ () C:\Users\Christopher\AppData\Local\Discord\app-0.0.298\libglesv2.dll
2017-08-08 17:22 - 2017-08-08 14:13 - 000095736 _____ () C:\Users\Christopher\AppData\Local\Discord\app-0.0.298\libegl.dll
2017-05-22 04:13 - 2017-05-22 04:13 - 000143824 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2015-12-25 13:11 - 2014-09-11 18:09 - 001498112 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2015-12-25 13:11 - 2014-05-19 17:19 - 000137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2017-08-09 10:07 - 2017-10-06 09:24 - 009722360 _____ () \\?\C:\Users\Christopher\AppData\Roaming\discord\0.0.298\modules\discord_voice\discord_voice.node
2017-08-09 10:07 - 2017-11-23 06:17 - 001494520 _____ () \\?\C:\Users\Christopher\AppData\Roaming\discord\0.0.298\modules\discord_utils\discord_utils.node
2017-12-05 18:53 - 2017-12-05 18:53 - 000148992 _____ () \\?\C:\Users\Christopher\AppData\Local\Temp\5F6.tmp.node
2017-08-09 10:07 - 2017-08-09 10:07 - 002658296 _____ () \\?\C:\Users\Christopher\AppData\Roaming\discord\0.0.298\modules\discord_rpc\discord_rpc.node
2017-11-21 20:07 - 2017-11-21 20:07 - 001505272 _____ () \\?\C:\Users\Christopher\AppData\Roaming\discord\0.0.298\modules\discord_game_utils\discord_game_utils.node
2017-08-09 10:07 - 2017-11-28 10:17 - 002739192 _____ () \\?\C:\Users\Christopher\AppData\Roaming\discord\0.0.298\modules\discord_contact_import\discord_contact_import.node
2017-11-30 21:37 - 2014-02-13 15:27 - 000222792 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.5\bin\TrayPopupE\traynet.dll
2017-11-30 21:37 - 2014-02-13 15:27 - 000275528 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.5\bin\TrayPopupE\libcurl.dll
2017-11-30 21:37 - 2014-02-13 15:27 - 000113166 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.5\bin\TrayPopupE\zlib1.dll
2017-11-30 21:37 - 2014-02-13 15:27 - 000249928 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.5\bin\TrayPopupE\uexper.dll
2017-12-05 18:53 - 2017-12-05 18:53 - 000088064 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI151242\_ctypes.pyd
2017-12-05 18:53 - 2017-12-05 18:53 - 000918528 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI151242\_hashlib.pyd
2017-12-05 18:53 - 2017-12-05 18:53 - 000098816 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI151242\win32api.pyd
2017-12-05 18:53 - 2017-12-05 18:53 - 000110080 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI151242\pywintypes27.dll
2017-12-05 18:53 - 2017-12-05 18:53 - 000364544 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI151242\pythoncom27.dll
2017-12-05 18:53 - 2017-12-05 18:53 - 000686080 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI151242\unicodedata.pyd
2017-12-05 18:53 - 2017-12-05 18:53 - 000320512 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI151242\win32com.shell.shell.pyd
2017-12-05 18:53 - 2017-12-05 18:53 - 001177088 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI151242\wx._core_.pyd
2017-12-05 18:53 - 2017-12-05 18:53 - 000806912 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI151242\wx._gdi_.pyd
2017-12-05 18:53 - 2017-12-05 18:53 - 000816640 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI151242\wx._windows_.pyd
2017-12-05 18:53 - 2017-12-05 18:53 - 001067520 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI151242\wx._controls_.pyd
2017-12-05 18:53 - 2017-12-05 18:53 - 000733696 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI151242\wx._misc_.pyd
2017-12-05 18:53 - 2017-12-05 18:53 - 000736256 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI151242\pysqlite2._sqlite.pyd
2017-12-05 18:53 - 2017-12-05 18:53 - 000119808 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI151242\win32file.pyd
2017-12-05 18:53 - 2017-12-05 18:53 - 000108544 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI151242\win32security.pyd
2017-12-05 18:53 - 2017-12-05 18:53 - 000007168 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI151242\hashobjs_ext.pyd
2017-12-05 18:53 - 2017-12-05 18:53 - 000017920 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI151242\thumbnails_ext.pyd
2017-12-05 18:53 - 2017-12-05 18:53 - 000082432 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI151242\usb_ext.pyd
2017-12-05 18:53 - 2017-12-05 18:53 - 000013824 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI151242\common.time34.pyd
2017-12-05 18:53 - 2017-12-05 18:53 - 000018432 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI151242\win32event.pyd
2017-12-05 18:53 - 2017-12-05 18:53 - 000027648 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI151242\windows.conditional.pyd
2017-12-05 18:53 - 2017-12-05 18:53 - 000017408 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI151242\windows.winwrap.pyd
2017-12-05 18:53 - 2017-12-05 18:53 - 000089088 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI151242\windows.volumes.pyd
2017-12-05 18:53 - 2017-12-05 18:53 - 000167936 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI151242\win32gui.pyd
2017-12-05 18:53 - 2017-12-05 18:53 - 000046080 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI151242\_socket.pyd
2017-12-05 18:53 - 2017-12-05 18:53 - 001309696 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI151242\_ssl.pyd
2017-12-05 18:53 - 2017-12-05 18:53 - 000129536 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI151242\_elementtree.pyd
2017-12-05 18:53 - 2017-12-05 18:53 - 000127488 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI151242\pyexpat.pyd
2017-12-05 18:53 - 2017-12-05 18:53 - 000038912 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI151242\win32inet.pyd
2017-12-05 18:53 - 2017-12-05 18:53 - 000077824 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI151242\wx._html2.pyd
2017-12-05 18:53 - 2017-12-05 18:53 - 000036864 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI151242\_psutil_windows.pyd
2017-12-05 18:53 - 2017-12-05 18:53 - 000524248 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI151242\windows._lib_cacheinvalidation.pyd
2017-12-05 18:53 - 2017-12-05 18:53 - 000011264 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI151242\win32crypt.pyd
2017-12-05 18:53 - 2017-12-05 18:53 - 000218624 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI151242\PIL._imaging.pyd
2017-12-05 18:53 - 2017-12-05 18:53 - 000027648 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI151242\_multiprocessing.pyd
2017-12-05 18:53 - 2017-12-05 18:53 - 000020480 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI151242\_yappi.pyd
2017-12-05 18:53 - 2017-12-05 18:53 - 000035840 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI151242\win32process.pyd
2017-12-05 18:53 - 2017-12-05 18:53 - 000024064 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI151242\win32pipe.pyd
2017-12-05 18:53 - 2017-12-05 18:53 - 000010240 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI151242\select.pyd
2017-12-05 18:53 - 2017-12-05 18:53 - 000025600 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI151242\win32pdh.pyd
2017-12-05 18:53 - 2017-12-05 18:53 - 000059392 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI151242\windows.device_monitor.pyd
2017-12-05 18:53 - 2017-12-05 18:53 - 000017408 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI151242\win32profile.pyd
2017-12-05 18:53 - 2017-12-05 18:53 - 000022528 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI151242\win32ts.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3319825686-2643767977-2016650390-1001\...\sharepoint.com -> hxxps://sshc.sharepoint.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:25 - 2017-07-11 19:36 - 000000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3319825686-2643767977-2016650390-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Christopher\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\855990.png
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{65C3F726-66A1-4F73-97D9-D550D57A27CE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{7107AE17-D6C8-44D4-9331-4C501BFCA2A3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{1A5A854D-ABA9-4391-87E1-06C5D1AB0B8B}] => (Allow) D:\SteamLibrary\steamapps\common\Just Cause 3\JustCause3.exe
FirewallRules: [{B1ED445D-4E82-41B4-8FDC-760C26DC7C5E}] => (Allow) D:\SteamLibrary\steamapps\common\Just Cause 3\JustCause3.exe
FirewallRules: [{656C326B-92E7-4A2D-875C-D97FE81158ED}] => (Allow) C:\Program Files\Opera\49.0.2725.47\opera.exe
FirewallRules: [{25F5188C-2B24-4E10-A5F5-CC87F7BD229C}] => (Allow) D:\SteamLibrary\steamapps\common\Just Cause 3\JustCause3.exe
FirewallRules: [{7C7EEBEF-68EB-4728-A76A-C7F744289D2C}] => (Allow) D:\SteamLibrary\steamapps\common\Just Cause 3\JustCause3.exe
FirewallRules: [{3B0043D4-CD88-4891-B3F0-A38F3F836770}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{947713E6-930C-4264-A860-57161C6300BA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{BF3B9927-C87C-40C3-AEF6-D6ED6CDFAB15}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{1FFC4DDA-8D11-4BEB-9A86-649FD4698756}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{8212EA14-DF66-4E9C-99B5-523528B2E1B2}] => (Allow) C:\Program Files\Opera\49.0.2725.39\opera.exe
FirewallRules: [{A98863D3-921F-494E-82E4-162691846851}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{F5094095-972D-4B44-A892-594307BF2A4E}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{B05753E1-0F29-4FDC-B3F7-CDCBD3B2FF52}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{0FB06817-6DE1-4CBD-9D66-8533A42BA7C6}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{1E04033B-5429-420C-A1D1-E51AC14E0E40}] => (Allow) D:\SteamLibrary\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{840E6D03-EB87-4CF3-897B-D4C3A4CC5FD6}] => (Allow) D:\SteamLibrary\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{0BD16809-D67D-44C9-9ED5-F4F245A96C55}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\63.0.3239.32\remoting_host.exe
FirewallRules: [UDP Query User{070A6FF3-E525-4D9D-9C45-408E14AE92F1}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [TCP Query User{0C7EEDB0-F118-4536-A322-6BDA1DD5C145}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{CBEA7B18-5DEB-487A-A3A4-3C678CFD3D6A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{54DC31F0-3091-4E7B-AE45-2938CC55B6C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [UDP Query User{756B9E50-E300-4F12-B929-91D282E2B905}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{4DD13556-3F63-4592-B419-C6EDBDA2D06D}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{24E8C9DE-D95B-4BC9-86E6-A4B0F566F241}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{7AC4E1F6-A3FE-4241-BE3B-ADA386A68C57}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [{F42F4B56-7956-4329-BAC8-4157922623F2}] => (Allow) D:\SteamLibrary\steamapps\common\Call of Duty WWII Beta\s2_mp64_ship.exe
FirewallRules: [{201E0A15-9E19-4CFF-B3C6-CE72643B1E2D}] => (Allow) D:\SteamLibrary\steamapps\common\Call of Duty WWII Beta\s2_mp64_ship.exe
FirewallRules: [{BEC7CCAA-2912-49AA-846B-3546E146F074}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{70B7FD2C-687C-4989-89F4-78FC05C6E302}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{13563B36-F90A-4813-85E3-49ABD1805E06}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{3AA5BAE2-A8CD-4D60-BE51-8E3E2F004D91}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{C58DEDC4-5168-475D-B8D3-083C003F1EC9}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [UDP Query User{5978A80C-6518-4C03-ADB8-7007FCA4C0AA}D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [TCP Query User{3A49AADE-6D94-40FF-825A-3C00B019E2B1}D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{49348C3F-7A93-46A9-A73D-86593DB28A12}] => (Allow) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{EA875A48-E70E-41AD-B21C-CA34496DC79B}] => (Allow) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{4797D850-287D-408F-ABA4-5C3835AAD84E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8486C070-2C40-4732-BBAC-4939DCEC94EC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{70663716-7FF4-41F8-8B64-8DAF2BFA30C7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A1BB85DF-F96B-490C-B6F8-00EC41667BFB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FC842014-1468-40F5-B97D-080CB061B046}] => (Allow) D:\SteamLibrary\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{2A396F7F-ACE4-4A52-9521-2E1EC255F30F}] => (Allow) D:\SteamLibrary\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [UDP Query User{F438D318-0AC0-4501-8E56-391125907AC6}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [TCP Query User{BE5645D7-A6C6-4C20-9FB7-21FA345DC149}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [{F37B914E-DE1B-4252-BA38-9AAD0431CE8B}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{386B4D06-9908-41D4-AF46-B6B1CBF985EF}] => (Allow) LPort=5357
FirewallRules: [{4A51C17C-1969-485A-A744-C78CAC84AE99}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\Bin\DeviceSetup.exe
FirewallRules: [{3BF275B7-86F7-4FC9-B1E3-1A560603D974}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\SendAFax.exe
FirewallRules: [{42182F2E-6BA2-4C51-9550-4941201186BE}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\DigitalWizards.exe
FirewallRules: [{7C924615-20F2-4567-9AAA-E510CD7448B9}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\FaxApplications.exe
FirewallRules: [{1723205F-D989-4539-B526-AB3FB3689CA7}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\FaxPrinterUtility.exe
FirewallRules: [{A3C303AF-48A9-44AE-95EB-36624FADD28E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{59E4C014-F45C-464C-BDF8-2E4983119F20}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E793ACA8-26F1-449F-93C8-DAE173631286}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C54638BE-C96D-4AFC-B70A-78AED7BA243D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{68329295-3737-4878-A01B-5A4EC4FA9446}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{3E09A4B8-AADC-4E03-BE1E-2B5BEB2AA76C}] => (Allow) D:\SteamLibrary\steamapps\common\No Time To Explain Remastered\NoTimeToExplain.exe
FirewallRules: [{5AC959A9-8A02-4601-9657-00B8D146A531}] => (Allow) D:\SteamLibrary\steamapps\common\No Time To Explain Remastered\NoTimeToExplain.exe
FirewallRules: [UDP Query User{8B969B84-B085-4CDA-9327-1400082397AF}D:\documents\saviine1.1b\server\saviine_server.exe] => (Allow) D:\documents\saviine1.1b\server\saviine_server.exe
FirewallRules: [TCP Query User{C67F79D1-7532-4670-BC95-6332C472F923}D:\documents\saviine1.1b\server\saviine_server.exe] => (Allow) D:\documents\saviine1.1b\server\saviine_server.exe
FirewallRules: [UDP Query User{7A5268F8-F934-4F1D-8E8A-3D45EB4007A1}D:\documents\wii u usb helper\wiiu_usb_helper.exe] => (Allow) D:\documents\wii u usb helper\wiiu_usb_helper.exe
FirewallRules: [TCP Query User{B152E498-5261-409E-8EAA-3010F40BB529}D:\documents\wii u usb helper\wiiu_usb_helper.exe] => (Allow) D:\documents\wii u usb helper\wiiu_usb_helper.exe
FirewallRules: [{4FB92047-EB0B-42C8-9413-C7956FB69501}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2AE0F34F-7E3A-4E79-A143-B7D7901B8641}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{5BDD6B08-8B6F-47EB-A250-9E4233171E6D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{64B72BDE-B793-4606-B831-B357D6E44D7F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{10794BCE-D039-44F7-BA92-3BF7FF0DB7E9}] => (Allow) C:\Program Files\Sony\Vegas Pro 13.0\vegas130.exe
FirewallRules: [{6E03E3E6-E374-4681-8CB5-94C812882754}] => (Allow) C:\Program Files\Sony\Vegas Pro 13.0\vegas130.exe
FirewallRules: [UDP Query User{C782221B-07F3-4A59-B935-64B89977F090}C:\helper\wiiu_usb_helper.exe] => (Allow) C:\helper\wiiu_usb_helper.exe
FirewallRules: [TCP Query User{17C80747-FA3A-434D-B8F1-82B53643B92C}C:\helper\wiiu_usb_helper.exe] => (Allow) C:\helper\wiiu_usb_helper.exe
FirewallRules: [{26711FC5-BEDD-4FD0-B353-D8917EE932BC}] => (Allow) D:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{B7623041-B773-47F4-B455-D1618CA14CE5}] => (Allow) D:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{72F66C74-D893-4CEB-94C4-0B875DCE87B0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{778A0481-53AB-4450-8846-1B58B2B40709}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{2DF042B3-56DC-401B-A8A6-40528B0FB930}C:\users\christopher\desktop\saviine1.1b\server\saviine_server.exe] => (Allow) C:\users\christopher\desktop\saviine1.1b\server\saviine_server.exe
FirewallRules: [TCP Query User{0822C701-66D0-45BD-B729-F4F1051ABDAD}C:\users\christopher\desktop\saviine1.1b\server\saviine_server.exe] => (Allow) C:\users\christopher\desktop\saviine1.1b\server\saviine_server.exe
FirewallRules: [{FD0656E8-F212-45CD-BF9A-671F7F7EFDF4}] => (Allow) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
FirewallRules: [{95CD88DB-4B65-4E11-A6EC-2249E62973D7}] => (Allow) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
FirewallRules: [{7BDB19E0-1DBE-4E38-8FAD-6978FD5DD8D9}] => (Allow) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
FirewallRules: [{CF6552FB-09FA-4E35-BADE-E6394881F6FF}] => (Allow) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
FirewallRules: [UDP Query User{7622717D-8EF6-4B64-9261-646F0AF48C63}C:\users\christopher\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\christopher\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{FC2FCA9F-A828-43B5-B08F-B7E43381481E}C:\users\christopher\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\christopher\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{5B1E16D5-95AA-47BA-B3EB-8C68B7B1C345}C:\users\christopher\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\christopher\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{192DF325-576F-43C6-AEA3-49236CFE2A83}C:\users\christopher\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\christopher\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [{D5A81C4A-86F6-4FFE-8E13-F0D06D53BBF1}] => (Allow) D:\SteamLibrary\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{C1AC8B3F-DCFA-4ACF-B5F3-05C5790203F2}] => (Allow) D:\SteamLibrary\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{D0BFD3D3-403B-4DD7-B91F-69E2094CEE02}] => (Allow) D:\SteamLibrary\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{F1AAB3B7-711A-4DF1-AEEA-B6DE2F1F1FCA}] => (Allow) D:\SteamLibrary\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{1E1DE3D8-E75B-465B-9337-E35E8AC0F711}] => (Allow) D:\SteamLibrary\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{AF69112A-CA65-4260-B8A5-9C7389275607}] => (Allow) D:\SteamLibrary\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{5BFB1072-AFF9-447A-AA40-1A65954A5BCD}] => (Allow) D:\SteamLibrary\steamapps\common\Portal Stories Mel\portal2.exe
FirewallRules: [{F6C0A671-B8B0-4158-9D72-A5A71CFBCF23}] => (Allow) D:\SteamLibrary\steamapps\common\Portal Stories Mel\portal2.exe
FirewallRules: [{055AEC9F-869A-4879-A65F-BA4A7D6EC804}] => (Allow) D:\SteamLibrary\steamapps\common\BioShock Remastered\Build\Final\Bioshock.exe
FirewallRules: [{C64E8EA6-236B-4865-BD50-FEE9FDF9F8DD}] => (Allow) D:\SteamLibrary\steamapps\common\BioShock Remastered\Build\Final\Bioshock.exe
FirewallRules: [{C21AD1FE-971A-4D8C-8B46-53E40BD7726C}] => (Allow) D:\SteamLibrary\steamapps\common\American Truck Simulator Demo\bin\win_x64\amtrucks.exe
FirewallRules: [{C6C1A113-6701-4F2E-BB55-431361BBDA9B}] => (Allow) D:\SteamLibrary\steamapps\common\American Truck Simulator Demo\bin\win_x64\amtrucks.exe
FirewallRules: [UDP Query User{351ECA6D-48B0-4F20-B9EA-CF9D67DDDA20}C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [TCP Query User{2B27379D-B8C8-4682-8F36-9D057FACE607}C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [{8887F747-E9D1-4EBE-AD83-AE42D8AC00B8}] => (Block) D:\star citizen\cloud imperium games\starcitizen\public\bin64\starcitizen.exe
FirewallRules: [{62520C17-A31C-4CB7-84AD-BDC129410715}] => (Block) D:\star citizen\cloud imperium games\starcitizen\public\bin64\starcitizen.exe
FirewallRules: [UDP Query User{2F632AA3-C834-4505-B3C3-BCAAFA1DDE4C}D:\star citizen\cloud imperium games\starcitizen\public\bin64\starcitizen.exe] => (Allow) D:\star citizen\cloud imperium games\starcitizen\public\bin64\starcitizen.exe
FirewallRules: [TCP Query User{571E57FA-BC89-4B1F-8F4C-82CFF76A69F4}D:\star citizen\cloud imperium games\starcitizen\public\bin64\starcitizen.exe] => (Allow) D:\star citizen\cloud imperium games\starcitizen\public\bin64\starcitizen.exe
FirewallRules: [{C71139DA-CABA-4ADE-9A67-658CD70BC4CD}] => (Block) D:\star citizen\cloud imperium games\patcher\cigpatcher.exe
FirewallRules: [{9E1B782E-7EA3-44E4-9B27-6A7EBDF1F788}] => (Block) D:\star citizen\cloud imperium games\patcher\cigpatcher.exe
FirewallRules: [UDP Query User{9E8323B7-8051-4591-A3FE-D0296738D786}D:\star citizen\cloud imperium games\patcher\cigpatcher.exe] => (Allow) D:\star citizen\cloud imperium games\patcher\cigpatcher.exe
FirewallRules: [TCP Query User{CC155594-3923-47F4-9B78-BCF2EFF4A6F5}D:\star citizen\cloud imperium games\patcher\cigpatcher.exe] => (Allow) D:\star citizen\cloud imperium games\patcher\cigpatcher.exe
FirewallRules: [{A93FB243-88D9-44AA-ADFE-8DB2E15D8DE9}] => (Block) C:\program files\cloud imperium games\patcher\cigpatcher.exe
FirewallRules: [{3A36CE03-3F3F-4DA8-B12F-8F6C997C0336}] => (Block) C:\program files\cloud imperium games\patcher\cigpatcher.exe
FirewallRules: [UDP Query User{C3EB61ED-61DA-4832-9433-8F1DCE44A959}C:\program files\cloud imperium games\patcher\cigpatcher.exe] => (Allow) C:\program files\cloud imperium games\patcher\cigpatcher.exe
FirewallRules: [TCP Query User{85A915BA-3B8B-433C-87F4-038A31764A32}C:\program files\cloud imperium games\patcher\cigpatcher.exe] => (Allow) C:\program files\cloud imperium games\patcher\cigpatcher.exe
FirewallRules: [{5C8310E4-B4B8-48B7-80FA-2436258B46AE}] => (Block) D:\overwatch test\overwatch.exe
FirewallRules: [{95C5992B-52DE-4B02-B5C8-29A2C24A4D36}] => (Block) D:\overwatch test\overwatch.exe
 
You must log in or register to reply here.

Similar threads

A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni

Latest posts

Back