Solved Where do I post my FRST.txt and addition.txt files?

PaulTomasi

TS Member
Is this the right place for posting my FRST.txt and addition.txt files and to ask for help to determine whether my PC is infected with malware?

Thank you.
 

Broni

Malware Annihilator
Welcome aboard


Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 

PaulTomasi

TS Member
Thank you for your reply and for guiding me as to where to post my FRST and addtion text files. Both files exceed 50,000 characters and therefore I have split them into FOUR parts which I submit here and in the following three replies.


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-06-2019
Ran by pault (administrator) on PC1 (04-06-2019 02:11:48)
Running from C:\Users\pault\Desktop
Loaded Profiles: pault (Available Profiles: pault & PAUL)
Platform: Windows 10 Pro Version 1803 17134.766 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\LMMS\lmms.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.1000_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\WPRUI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SnippingTool.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1905.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1905.4-0\NisSrv.exe
(Realtek Semiconductor Corp -> DTS) C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [Elgato Sound Capture] => C:\Program Files\Elgato\SoundCapture\SoundCapture.exe [1234944 2018-06-05] () [File not signed]
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8841472 2018-08-17] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1454336 2018-08-17] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.169\Installer\chrmstp.exe [2019-05-22] (Google LLC -> Google Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction ? <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D264FD8-A23E-4630-AECD-F479CB9EEB02} - System32\Tasks\Opera scheduled Autoupdate 1516126010 => C:\Program Files\Opera\launcher.exe [1465432 2019-04-21] (Opera Software AS -> Opera Software)
Task: {28904661-F7BF-4145-8841-48A1D9A7D824} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-01] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4643E492-39A9-4B92-BC87-18F7979402C1} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 => {429BC048-379E-45E0-80E4-EB1977941B5C} C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasklauncher.dll [29360 2018-04-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {57E41331-7D2B-488D-A2D8-04A791DA99EF} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [1004424 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {59A90C42-65CE-428D-A35E-E6B1C623B7F7} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [787336 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5D876D4F-C23A-4A31-ACD4-AB70303C507A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-11-15] (Google Inc -> Google Inc.)
Task: {5F6188B4-EF94-455A-9D79-BE044B3DBC0A} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [887688 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {62573B62-C559-4528-9136-AA80E1ABCD40} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 => {84F0FAE1-C27B-4F6F-807B-28CF6F96287D} C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasklauncher.dll [29360 2018-04-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {6752B441-A691-4C88-9B42-FB77C9CBBFA3} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [563080 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {682C687F-E286-4EF3-8D9C-AC11A26A517C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-01] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6E627B67-9E52-4979-BF53-C96339D1F4FB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-11-15] (Google Inc -> Google Inc.)
Task: {756F5F2F-79C2-4D0B-B7A9-4853C7F94506} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [160200 2018-12-10] (Brave Software, Inc. -> BraveSoftware Inc.) <==== ATTENTION
Task: {8013AA04-42A0-4A81-964C-D68760FACD86} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [787336 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {80BD098B-CBAD-418C-BC7D-0F1A588E4A4C} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [862 2019-04-30] () [File not signed] <==== ATTENTION
Task: {83795B87-BDC9-4F80-A96D-48ED113712D9} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical => {DE434264-8FE9-4C0B-A83B-89EBEEBFF78E} C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasklauncher.dll [29360 2018-04-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {88B398EA-A190-4C4C-8256-0F57D4AE6628} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [887688 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {96381E2B-28AE-4E50-9D2B-1588A08ED52C} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3560840 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9C4F4ACB-5122-40E1-9D7E-99555BC2F2C1} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical => {613FBA38-A3DF-4AB8-9674-5604984A299A} C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasklauncher.dll [29360 2018-04-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {A49239F1-32A4-4299-A066-75A053CE5060} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [855944 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A5E34D5D-B4AC-4B97-AC90-8486F17D1C6A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-01] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {ADBC1E82-DC13-4CDF-B386-5712F1A974F8} - System32\Tasks\Opera scheduled assistant Autoupdate 1547211850 => C:\Program Files\Opera\launcher.exe [1465432 2019-04-21] (Opera Software AS -> Opera Software)
Task: {ADFC2F3F-E036-45FA-8952-C694EEBEF0E4} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [160200 2018-12-10] (Brave Software, Inc. -> BraveSoftware Inc.) <==== ATTENTION
Task: {BE1E0229-DC3E-4F07-AA56-1AFB509567B5} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [887688 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C5C22686-8553-4DC8-A85F-031FDEA88924} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [887688 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D9898814-35AB-452B-BB1C-39D3F07AB2C9} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [855944 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F67B9F61-BA2A-4CEF-80A5-7A60D2EE17A7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-01] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{4054ff3a-1fc3-47cb-8aaf-75f3682d850b}: [DhcpNameServer] 194.168.4.100 194.168.8.100

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1882311373-1252287477-1295940213-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/
URLSearchHook: [S-1-5-21-1882311373-1252287477-1295940213-1001] ATTENTION => Default URLSearchHook is missing
IE Session Restore: HKU\S-1-5-21-1882311373-1252287477-1295940213-1001 -> is enabled.

FireFox:
========
FF DefaultProfile: 0kipkwvg.default
FF ProfilePath: C:\Users\pault\AppData\Roaming\Nvu\Profiles\jubpljtk.default [2018-04-14]
FF ProfilePath: C:\Users\pault\AppData\Roaming\Mozilla\SeaMonkey\Profiles\0kipkwvg.default [2018-12-04]
FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2018-07-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2018-07-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google Inc -> Google, Inc.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=3 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2018-12-10] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=9 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2018-12-10] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN -> VideoLAN)

Chrome:
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\pault\AppData\Local\Google\Chrome\User Data\Default [2019-06-04]
CHR Extension: (Slides) - C:\Users\pault\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-15]
CHR Extension: (h264ify) - C:\Users\pault\AppData\Local\Google\Chrome\User Data\Default\Extensions\aleakchihdccplidncghkekgioiakgal [2018-10-03]
CHR Extension: (Docs) - C:\Users\pault\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-15]
CHR Extension: (Google Drive) - C:\Users\pault\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-18]
CHR Extension: (YouTube) - C:\Users\pault\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-15]
CHR Extension: (User-Agent Switcher for Chrome) - C:\Users\pault\AppData\Local\Google\Chrome\User Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg [2018-11-10]
CHR Extension: (Chrome Connectivity Diagnostics) - C:\Users\pault\AppData\Local\Google\Chrome\User Data\Default\Extensions\eemlkeanncmjljgehlbplemhmdmalhdc [2019-05-31]
CHR Extension: (Sheets) - C:\Users\pault\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-15]
CHR Extension: (Stylish - Custom themes for any website) - C:\Users\pault\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2019-01-09]
CHR Extension: (Google Docs Offline) - C:\Users\pault\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-17]
CHR Extension: (Dossier) - C:\Users\pault\AppData\Local\Google\Chrome\User Data\Default\Extensions\hohaaljbjhjodnncjbeeilfdloeinfbh [2018-08-16]
CHR Extension: (F.B.(FluffBusting)Purity) - C:\Users\pault\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmkinhboiljjkhaknpaeaicmdjhagpep [2019-06-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\pault\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-14]
CHR Extension: (Stylebot) - C:\Users\pault\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiaejidbmkiecgbjeifoejpgmdaleoha [2018-12-04]
CHR Extension: (uBlock Plus Adblocker) - C:\Users\pault\AppData\Local\Google\Chrome\User Data\Default\Extensions\oofnbdifeelbaidfgpikinijekkjcicg [2017-11-29]
CHR Extension: (Gmail) - C:\Users\pault\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-08]
CHR Extension: (Chrome Media Router) - C:\Users\pault\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-03]
CHR Profile: C:\Users\pault\AppData\Local\Google\Chrome\User Data\System Profile [2018-12-14]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2018-08-17] (ASUSTeK Computer Inc. -> )
S2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2018-08-17] (ASUSTeK Computer Inc. -> ) [File not signed]
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8348064 2019-01-11] (BattlEye Innovations e.K. -> )
S4 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [160200 2018-12-10] (Brave Software, Inc. -> BraveSoftware Inc.)
S4 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [160200 2018-12-10] (Brave Software, Inc. -> BraveSoftware Inc.)
S4 cfbackd; C:\Program Files (x86)\CleverFiles\Disk Drill\cfbackd.w32.exe [211520 2015-09-25] (508 Software, LLC -> CleverFiles)
R2 DTSAudioService; C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [218768 2018-08-17] (Realtek Semiconductor Corp -> DTS)
S4 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [802432 2019-01-11] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S4 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21304 2017-09-28] (Microsoft Corporation -> Microsoft Corporation)
S4 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [787336 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation)
S4 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [787336 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation)
S4 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5074120 2019-03-14] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 SpiceworksAppServer; C:\Program Files\Spiceworks\Network Monitor\app\bin\\..\bin\SpiceworksAppServer.exe [103936 2014-03-25] (Apache Software Foundation) [File not signed]
S4 SpiceworksEventProcessor; C:\Program Files\Spiceworks\Network Monitor\riemann\SpiceworksEventProcessor.exe [103936 2014-05-19] (Apache Software Foundation) [File not signed]
S4 SpiceworksEventStore; C:\Program Files\Spiceworks\Network Monitor\eventstore\sweventstoresvc.exe [294912 2016-02-26] () [File not signed]
S4 SpiceworksMonitor; C:\Program Files\Spiceworks\Network Monitor\collector\MonitorService.exe [20480 2017-02-10] () [File not signed]
S4 SpiceworksRedis; C:\Program Files\Spiceworks\Network Monitor\redis\RedisService.exe [7680 2017-02-10] () [File not signed]
S4 spiceworkswsp; C:\Program Files\Spiceworks\Network Monitor\wsproxy\wsproxy.exe [60416 2015-07-27] (CloudBees, Inc.) [File not signed]
S2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
S4 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [187904 2017-09-28] (Microsoft Corporation) [File not signed]
S4 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [142432 2017-11-09] (Microsoft Corporation -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\NisSrv.exe [2433136 2019-06-01] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MsMpEng.exe [109896 2019-06-01] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe [495720 2018-07-04] (Wondershare Technology Co.,Ltd -> Wondershare)
S4 WsDrvInst; C:\Program Files (x86)\Wondershare\MobileTrans\DriverInstall.exe [118936 2018-12-26] (Wondershare Technology Co.,Ltd -> Wondershare)
S4 BraveElevationService; "C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\71.0.58.21\elevation_service.exe" [X]
S4 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
S4 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2018-08-17] (ASUSTeK Computer Inc. -> )
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2017-01-16] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S4 ElgatoVAD; C:\WINDOWS\system32\DRIVERS\ElgatoVAD.sys [39208 2017-07-11] (Elgato Systems LLC -> Elgato Systems GmbH)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2018-08-23] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R3 kmloop; C:\WINDOWS\System32\drivers\loop.sys [16896 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
S4 MZ0380.X64; C:\WINDOWS\system32\DRIVERS\eMZ0380.X64.SYS [3834456 2018-01-08] (Elgato Systems LLC -> )
R1 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [83776 2019-05-11] (Insecure.Com LLC -> Insecure.Com LLC.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_4aa19ae78d94d8a3\nvlddmkm.sys [20706184 2019-02-01] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2018-10-25] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [70024 2018-10-01] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [74576 2018-10-01] (NVIDIA Corporation -> NVIDIA Corporation)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> )
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-12] (Microsoft Windows -> Realtek )
S3 SliceDisk5; C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys [31824 2011-02-25] (OOO Sfera-Tehno -> Atola) [File not signed]
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2017-01-16] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 usbaudio2; C:\WINDOWS\system32\DRIVERS\usbaudio2.sys [229888 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
R3 USBPcap; C:\WINDOWS\system32\DRIVERS\USBPcap.sys [58160 2019-04-01] (Tomasz Moń -> USBPcap)
R3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [213080 2018-05-09] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [222864 2018-05-09] (Oracle Corporation -> Oracle Corporation)
S3 VBoxUSB; C:\WINDOWS\System32\Drivers\VBoxUSB.sys [144632 2017-11-22] (Oracle Corporation -> Oracle Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [47496 2019-06-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [337632 2019-06-01] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [53984 2019-06-01] (Microsoft Windows -> Microsoft Corporation)
U4 npcap_wifi; no ImagePath
 

PaulTomasi

TS Member
==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-04 02:11 - 2019-06-04 02:13 - 000030157 _____ C:\Users\pault\Desktop\FRST.txt
2019-06-04 02:09 - 2019-06-04 02:09 - 002433536 _____ (Farbar) C:\Users\pault\Desktop\FRST64.exe
2019-06-04 00:56 - 2019-06-04 00:56 - 000000000 ____D C:\Users\pault\Documents\WPR Files
2019-06-04 00:21 - 2019-06-04 00:21 - 000000000 ____D C:\Program Files (x86)\Windows Resource Kits
2019-06-03 15:45 - 2019-06-03 15:48 - 007576594 _____ C:\Users\pault\Documents\PC1 003.arn
2019-06-03 14:48 - 2019-06-03 14:51 - 008751054 _____ C:\Users\pault\Documents\PC1 002.arn
2019-05-31 15:04 - 2019-05-31 15:04 - 000000000 ____D C:\Users\pault\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2019-05-31 14:53 - 2019-05-31 14:53 - 000000937 _____ C:\Users\pault\AppData\Local\recently-used.xbel
2019-05-31 13:50 - 2019-05-31 13:50 - 000002571 _____ C:\Users\Public\Desktop\Network Monitor.lnk
2019-05-31 13:50 - 2019-05-31 13:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Network Monitor
2019-05-31 13:46 - 2019-05-31 13:46 - 000000000 ____D C:\Program Files\Spiceworks
2019-05-31 13:31 - 2019-05-31 13:31 - 000001827 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2019-05-31 13:31 - 2019-05-31 13:31 - 000001815 _____ C:\Users\Public\Desktop\Wireshark.lnk
2019-05-31 13:30 - 2019-05-31 13:30 - 000000000 ____D C:\Program Files\USBPcap
2019-05-31 13:29 - 2019-06-01 02:19 - 000002212 _____ C:\WINDOWS\System32\Tasks\npcapwatchdog
2019-05-31 13:29 - 2019-05-31 13:29 - 000000000 ____D C:\WINDOWS\SysWOW64\Npcap
2019-05-31 13:29 - 2019-05-31 13:29 - 000000000 ____D C:\WINDOWS\system32\Npcap
2019-05-31 13:29 - 2019-05-31 13:29 - 000000000 ____D C:\Program Files\Npcap
2019-05-31 13:25 - 2019-05-31 13:31 - 000000000 ____D C:\Program Files\Wireshark
2019-05-30 23:07 - 2019-06-04 01:52 - 000002292 _____ C:\Users\pault\.lmmsrc.xml
2019-05-30 23:05 - 2019-05-30 23:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LMMS 1.2.0-rc7
2019-05-30 23:04 - 2019-05-30 23:05 - 000000000 ____D C:\Program Files\LMMS
2019-05-25 23:42 - 2019-05-25 23:45 - 008688478 _____ C:\Users\pault\Documents\PC1 lets see how this goes.arn
2019-05-20 17:07 - 2019-05-17 13:10 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-05-20 17:07 - 2019-05-17 10:16 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-05-20 17:07 - 2019-05-17 09:12 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-05-20 17:07 - 2019-05-17 07:49 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-05-20 17:07 - 2019-05-17 07:43 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-05-20 17:07 - 2019-05-17 07:42 - 005625160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-05-20 17:07 - 2019-05-17 07:42 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-05-20 17:07 - 2019-05-17 07:41 - 001220112 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-05-20 17:07 - 2019-05-17 07:41 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-05-20 17:07 - 2019-05-17 07:41 - 000135184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-05-20 17:07 - 2019-05-17 07:39 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-05-20 17:07 - 2019-05-17 07:39 - 007519896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-05-20 17:07 - 2019-05-17 07:39 - 002768952 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-05-20 17:07 - 2019-05-17 07:39 - 001459120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-05-20 17:07 - 2019-05-17 07:39 - 001260272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-05-20 17:07 - 2019-05-17 07:39 - 001140992 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-05-20 17:07 - 2019-05-17 07:39 - 001098064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-05-20 17:07 - 2019-05-17 07:39 - 000983424 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-05-20 17:07 - 2019-05-17 07:22 - 006568016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-05-20 17:07 - 2019-05-17 07:22 - 002256560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-05-20 17:07 - 2019-05-17 07:21 - 001130784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-05-20 17:07 - 2019-05-17 07:07 - 003400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-05-20 17:07 - 2019-05-17 07:06 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2019-05-20 17:07 - 2019-05-17 07:06 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-05-20 17:07 - 2019-05-17 07:04 - 002175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-05-20 17:07 - 2019-05-17 07:04 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-05-20 17:07 - 2019-05-17 07:04 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-05-20 17:07 - 2019-05-17 07:03 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-05-20 17:07 - 2019-05-17 07:03 - 004937728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-05-20 17:07 - 2019-05-17 07:03 - 001560576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-05-20 17:07 - 2019-05-17 07:03 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-05-20 17:07 - 2019-05-17 07:01 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-05-20 17:07 - 2019-05-17 07:00 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2019-05-20 17:07 - 2019-05-17 07:00 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-05-20 17:07 - 2019-05-17 06:59 - 004516352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-05-20 17:07 - 2019-05-17 06:57 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-05-20 17:06 - 2019-05-17 05:44 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2019-05-14 20:53 - 2019-05-03 13:14 - 000790208 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-05-14 20:53 - 2019-05-03 13:14 - 000304144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys
2019-05-14 20:53 - 2019-05-03 13:13 - 001376472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2019-05-14 20:53 - 2019-05-03 13:13 - 000396088 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2019-05-14 20:53 - 2019-05-03 12:55 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-05-14 20:53 - 2019-05-03 12:54 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-05-14 20:53 - 2019-05-03 12:52 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2019-05-14 20:53 - 2019-05-03 12:51 - 003613696 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-05-14 20:53 - 2019-05-03 12:50 - 004054528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-05-14 20:53 - 2019-05-03 12:50 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-05-14 20:53 - 2019-05-03 12:49 - 001288704 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2019-05-14 20:53 - 2019-05-03 12:49 - 000488448 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2019-05-14 20:53 - 2019-05-03 12:49 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2019-05-14 20:53 - 2019-05-03 12:43 - 001027008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2019-05-14 20:53 - 2019-05-03 12:43 - 000662328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-05-14 20:53 - 2019-05-03 12:30 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-05-14 20:53 - 2019-05-03 12:30 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-05-14 20:53 - 2019-05-03 12:28 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-05-14 20:53 - 2019-05-03 12:28 - 000089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2019-05-14 20:53 - 2019-05-03 12:27 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2019-05-14 20:53 - 2019-05-03 12:26 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2019-05-14 20:53 - 2019-05-03 12:25 - 004055040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-05-14 20:53 - 2019-05-03 12:25 - 001471488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-05-14 20:53 - 2019-05-03 07:43 - 000177128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2019-05-14 20:53 - 2019-05-03 07:34 - 000159864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2019-05-14 20:53 - 2019-05-03 07:33 - 000709720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-05-14 20:53 - 2019-05-03 07:33 - 000063072 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptdll.dll
2019-05-14 20:53 - 2019-05-03 07:32 - 000793640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-05-14 20:53 - 2019-05-03 07:32 - 000776784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-05-14 20:53 - 2019-05-03 07:32 - 000493880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2019-05-14 20:53 - 2019-05-03 07:32 - 000438984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2019-05-14 20:53 - 2019-05-03 07:32 - 000209208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2019-05-14 20:53 - 2019-05-03 07:32 - 000170296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-05-14 20:53 - 2019-05-03 07:32 - 000164664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2019-05-14 20:53 - 2019-05-03 07:31 - 007436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-05-14 20:53 - 2019-05-03 07:31 - 002811192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-05-14 20:53 - 2019-05-03 07:31 - 000545808 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-05-14 20:53 - 2019-05-03 07:31 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-05-14 20:53 - 2019-05-03 07:31 - 000115728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-05-14 20:53 - 2019-05-03 07:20 - 000434704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2019-05-14 20:53 - 2019-05-03 07:20 - 000384976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2019-05-14 20:53 - 2019-05-03 07:20 - 000192016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2019-05-14 20:53 - 2019-05-03 07:20 - 000146920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2019-05-14 20:53 - 2019-05-03 07:19 - 006043712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-05-14 20:53 - 2019-05-03 07:19 - 000665224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-05-14 20:53 - 2019-05-03 07:19 - 000056288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptdll.dll
2019-05-14 20:53 - 2019-05-03 07:12 - 025855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-05-14 20:53 - 2019-05-03 07:10 - 022017024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-05-14 20:53 - 2019-05-03 07:05 - 022716416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-05-14 20:53 - 2019-05-03 07:02 - 019401216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-05-14 20:53 - 2019-05-03 07:02 - 004866048 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-05-14 20:53 - 2019-05-03 07:01 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-05-14 20:53 - 2019-05-03 07:00 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-05-14 20:53 - 2019-05-03 07:00 - 000120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-kernel-processor-power-events.dll
2019-05-14 20:53 - 2019-05-03 07:00 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2019-05-14 20:53 - 2019-05-03 06:59 - 007593472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-05-14 20:53 - 2019-05-03 06:59 - 005788672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-05-14 20:53 - 2019-05-03 06:59 - 003710976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-05-14 20:53 - 2019-05-03 06:59 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2019-05-14 20:53 - 2019-05-03 06:59 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2019-05-14 20:53 - 2019-05-03 06:59 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-05-14 20:53 - 2019-05-03 06:58 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-05-14 20:53 - 2019-05-03 06:58 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-05-14 20:53 - 2019-05-03 06:58 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2019-05-14 20:53 - 2019-05-03 06:58 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2019-05-14 20:53 - 2019-05-03 06:57 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-05-14 20:53 - 2019-05-03 06:57 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-05-14 20:53 - 2019-05-03 06:57 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-05-14 20:53 - 2019-05-03 06:57 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-05-14 20:53 - 2019-05-03 06:56 - 001803776 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-05-14 20:53 - 2019-05-03 06:56 - 000773632 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2019-05-14 20:53 - 2019-05-03 06:56 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-05-14 20:53 - 2019-05-03 06:55 - 003090432 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2019-05-14 20:53 - 2019-05-03 06:55 - 002166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-05-14 20:53 - 2019-05-03 06:55 - 000659968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2019-05-14 20:53 - 2019-05-03 06:54 - 001628672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-05-14 20:53 - 2019-05-03 06:54 - 001097728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2019-05-14 20:53 - 2019-05-03 06:54 - 000961024 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-05-14 20:53 - 2019-05-03 06:54 - 000845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2019-05-14 20:53 - 2019-05-03 06:54 - 000778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2019-05-14 20:53 - 2019-05-03 06:54 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-05-14 20:53 - 2019-05-03 06:54 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-05-14 20:53 - 2019-05-03 06:54 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll
2019-05-14 20:53 - 2019-05-03 06:54 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-05-14 20:53 - 2019-05-03 06:54 - 000535552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-05-14 20:53 - 2019-05-03 06:53 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys
2019-05-14 20:53 - 2019-05-03 06:53 - 000186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys
2019-05-14 20:53 - 2019-05-03 06:53 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys
2019-05-14 20:53 - 2019-05-03 06:53 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys
2019-05-14 20:53 - 2019-04-19 11:55 - 001634920 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-05-14 20:53 - 2019-04-19 11:54 - 000720200 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-05-14 20:53 - 2019-04-19 11:40 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-05-14 20:53 - 2019-04-19 11:39 - 012754944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-05-14 20:53 - 2019-04-19 11:38 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDSPnf.exe
2019-05-14 20:53 - 2019-04-19 11:38 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfproc.dll
2019-05-14 20:53 - 2019-04-19 11:36 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2019-05-14 20:53 - 2019-04-19 11:34 - 000522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2019-05-14 20:53 - 2019-04-19 10:44 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-05-14 20:53 - 2019-04-19 10:37 - 000607960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-05-14 20:53 - 2019-04-19 10:30 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfproc.dll
2019-05-14 20:53 - 2019-04-19 10:28 - 011940864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-05-14 20:53 - 2019-04-19 10:26 - 002405888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2019-05-14 20:53 - 2019-04-19 10:25 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2019-05-14 20:53 - 2019-04-19 06:07 - 000985400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2019-05-14 20:53 - 2019-04-19 06:06 - 002571632 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-05-14 20:53 - 2019-04-19 06:06 - 000798520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2019-05-14 20:53 - 2019-04-19 06:06 - 000713264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-05-14 20:53 - 2019-04-19 06:06 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-05-14 20:53 - 2019-04-19 06:06 - 000274232 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-05-14 20:53 - 2019-04-19 06:02 - 000831800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2019-05-14 20:53 - 2019-04-19 06:01 - 001982008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-05-14 20:53 - 2019-04-19 06:01 - 000581592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-05-14 20:53 - 2019-04-19 06:01 - 000576016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2019-05-14 20:53 - 2019-04-19 06:01 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-05-14 20:53 - 2019-04-19 05:43 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
2019-05-14 20:53 - 2019-04-19 05:42 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-05-14 20:53 - 2019-04-19 05:41 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2019-05-14 20:53 - 2019-04-19 05:41 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\EduPrintProv.exe
2019-05-14 20:53 - 2019-04-19 05:40 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2019-05-14 20:53 - 2019-04-19 05:40 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpnServiceDS.dll
2019-05-14 20:53 - 2019-04-19 05:40 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll
2019-05-14 20:53 - 2019-04-19 05:40 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2019-05-14 20:53 - 2019-04-19 05:40 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetDriverInstall.dll
2019-05-14 20:53 - 2019-04-19 05:39 - 000567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-05-14 20:53 - 2019-04-19 05:39 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SDDS.dll
2019-05-14 20:53 - 2019-04-19 05:39 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingASDS.dll
2019-05-14 20:53 - 2019-04-19 05:39 - 000361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2019-05-14 20:53 - 2019-04-19 05:39 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2019-05-14 20:53 - 2019-04-19 05:38 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-05-14 20:53 - 2019-04-19 05:38 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2019-05-14 20:53 - 2019-04-19 05:38 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-05-14 20:53 - 2019-04-19 05:38 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2019-05-14 20:53 - 2019-04-19 05:38 - 000300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2019-05-14 20:53 - 2019-04-19 05:38 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2019-05-14 20:53 - 2019-04-19 05:37 - 000953856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2019-05-14 20:53 - 2019-04-19 05:37 - 000445952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2019-05-14 20:53 - 2019-04-19 05:37 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2019-05-14 20:53 - 2019-04-19 05:37 - 000381952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2019-05-14 20:53 - 2019-04-19 05:37 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2019-05-14 20:53 - 2019-04-19 05:37 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2019-05-14 20:53 - 2019-04-19 05:37 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2019-05-14 20:53 - 2019-04-19 05:36 - 002909696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-05-14 20:53 - 2019-04-19 05:36 - 001300992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2019-05-14 20:53 - 2019-04-19 05:36 - 000827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2019-05-14 20:53 - 2019-04-19 05:36 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2019-05-14 20:53 - 2019-04-19 05:36 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2019-05-14 20:53 - 2019-04-19 05:36 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2019-05-14 20:53 - 2019-04-19 05:36 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2019-05-14 20:53 - 2019-04-19 05:35 - 001938944 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2019-05-14 20:53 - 2019-04-19 05:35 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2019-05-14 20:53 - 2019-04-19 05:35 - 001175552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2019-05-14 20:53 - 2019-04-19 05:35 - 001156608 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-05-14 20:53 - 2019-04-19 05:35 - 000784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2019-05-14 20:53 - 2019-04-19 05:35 - 000607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-05-14 20:53 - 2019-04-19 05:35 - 000535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2019-05-14 20:53 - 2019-04-19 05:35 - 000523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2019-05-14 20:53 - 2019-04-19 05:35 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapibase.dll
2019-05-14 20:53 - 2019-04-19 05:34 - 000935936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2019-05-14 20:53 - 2019-04-19 05:34 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-05-14 20:53 - 2019-04-19 05:34 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-05-14 20:53 - 2019-04-19 05:34 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-05-14 20:53 - 2019-04-19 05:34 - 000653312 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2019-05-14 20:53 - 2019-04-19 04:18 - 000806360 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-05-14 20:53 - 2019-04-19 04:18 - 000806360 _____ C:\WINDOWS\system32\locale.nls
2019-05-14 20:53 - 2019-04-09 02:48 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-05-14 20:53 - 2019-04-09 02:48 - 000376320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2019-05-14 20:53 - 2019-04-09 02:48 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-05-14 20:53 - 2019-04-09 02:48 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-05-14 20:53 - 2019-04-09 02:48 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2019-05-11 01:44 - 2019-05-11 01:44 - 000083776 _____ (Insecure.Com LLC.) C:\WINDOWS\system32\Drivers\npcap.sys

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-04 02:11 - 2018-07-26 09:42 - 000000000 ____D C:\FRST
2019-06-04 01:45 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-06-04 00:45 - 2018-06-20 04:01 - 000000000 ____D C:\Users\pault\AppData\Local\D3DSCache
2019-06-03 23:52 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\Registration
2019-06-03 20:30 - 2018-06-12 20:34 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-06-03 18:06 - 2019-04-06 05:25 - 000000000 ____D C:\Users\pault\Documents\PIP ka
2019-06-03 17:10 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-06-03 16:08 - 2018-04-11 22:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-06-03 14:55 - 2018-06-12 21:05 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-06-03 14:55 - 2017-11-15 00:32 - 000000000 ____D C:\ProgramData\NVIDIA
2019-06-03 14:54 - 2019-04-12 15:50 - 000000000 ____D C:\Users\pault\Documents\PIP Kelly-ann's PIP claims form
2019-06-03 14:32 - 2018-01-20 04:04 - 000000000 ____D C:\Users\pault\AppData\Roaming\audacity
2019-06-03 01:12 - 2018-11-23 17:45 - 000000000 ____D C:\Users\pault\lmms
2019-06-02 22:54 - 2017-11-15 21:57 - 000095597 _____ C:\Users\pault\Desktop\NOTES.TXT
2019-06-01 19:28 - 2018-01-20 05:40 - 000000000 ____D C:\Users\pault\Documents\Audacity
2019-06-01 02:45 - 2018-02-25 01:49 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-05-31 13:43 - 2017-12-04 00:45 - 000000000 ____D C:\ProgramData\Package Cache
2019-05-31 13:29 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF
2019-05-30 23:07 - 2018-06-12 20:43 - 000000000 ____D C:\Users\pault
2019-05-29 18:20 - 2017-11-19 22:09 - 000000000 ____D C:\Users\pault\AppData\Roaming\vlc
2019-05-25 23:29 - 2019-02-09 23:04 - 000003458 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-05-25 23:29 - 2019-02-09 23:04 - 000003256 _____ C:\WINDOWS\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-05-25 23:29 - 2019-02-09 23:04 - 000003212 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-05-25 23:29 - 2019-02-09 23:04 - 000003076 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-05-25 23:29 - 2019-02-09 23:04 - 000003076 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-05-25 23:29 - 2019-02-09 23:04 - 000003076 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-05-25 23:29 - 2019-02-09 23:04 - 000003044 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-05-25 23:29 - 2019-02-09 23:04 - 000003016 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-05-25 23:29 - 2019-02-09 23:04 - 000002974 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-05-25 23:29 - 2019-02-09 23:04 - 000002898 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-05-25 23:29 - 2019-02-09 23:04 - 000002804 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-05-25 23:29 - 2019-01-11 14:04 - 000003554 _____ C:\WINDOWS\System32\Tasks\Opera scheduled assistant Autoupdate 1547211850
2019-05-25 23:29 - 2018-10-03 06:22 - 000003342 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1516126010
2019-05-25 18:44 - 2018-12-10 11:03 - 000003424 _____ C:\WINDOWS\System32\Tasks\BraveSoftwareUpdateTaskMachineUA
2019-05-25 18:44 - 2018-12-10 11:03 - 000003200 _____ C:\WINDOWS\System32\Tasks\BraveSoftwareUpdateTaskMachineCore
2019-05-25 18:44 - 2018-11-11 01:54 - 000003406 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-05-25 18:44 - 2018-11-11 01:54 - 000003182 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-05-24 02:36 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-05-23 01:10 - 2018-12-10 11:04 - 000002418 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2019-05-23 01:10 - 2018-12-10 11:04 - 000002377 _____ C:\Users\Public\Desktop\Brave.lnk
2019-05-22 23:18 - 2017-11-15 00:40 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-05-22 23:18 - 2017-11-15 00:40 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-05-21 08:38 - 2018-02-07 00:13 - 000001014 _____ C:\Users\pault\Desktop\autoruns.exe - Shortcut.lnk
2019-05-21 02:25 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-05-21 02:25 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-05-17 03:01 - 2018-11-16 12:03 - 000000000 ____D C:\Program Files\rempl
2019-05-14 22:22 - 2018-06-12 20:56 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-05-14 22:16 - 2018-06-12 20:34 - 000407032 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-05-14 22:10 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2019-05-14 22:10 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-05-14 22:10 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2019-05-14 20:52 - 2017-11-15 09:34 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-05-14 20:48 - 2017-11-15 09:33 - 132445408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-05-12 21:13 - 2018-11-09 05:22 - 000000000 ____D C:\Users\pault\Documents\L&J Auto's Mechanics

==================== Files in the root of some directories =======

2018-03-11 05:29 - 2018-03-11 05:29 - 000000000 _____ () C:\Users\pault\31.bat
2018-08-23 02:41 - 2018-08-23 02:41 - 000195887 _____ () C:\Users\pault\DispDiag-20180823-024105-4760-16808.dat
2018-12-06 00:28 - 2018-12-06 00:42 - 000000223 _____ () C:\Users\pault\tst.bat
2018-05-19 10:35 - 2018-05-19 10:41 - 000000469 _____ () C:\Users\pault\yesterday.bat
2017-11-30 21:58 - 2017-11-30 21:58 - 000000351 _____ () C:\Program Files (x86)\BootAnalyzerInstaller.log
2018-08-17 18:50 - 2018-11-23 20:48 - 000000096 _____ () C:\Users\pault\AppData\Roaming\Camdata.ini
2018-08-17 18:50 - 2018-11-23 20:48 - 000000408 _____ () C:\Users\pault\AppData\Roaming\CamLayout.ini
2018-08-17 18:50 - 2018-11-23 20:48 - 000000408 _____ () C:\Users\pault\AppData\Roaming\CamShapes.ini
2018-08-05 19:50 - 2018-11-23 20:48 - 000004536 _____ () C:\Users\pault\AppData\Roaming\CamStudio.cfg
2018-08-05 10:00 - 2018-11-23 20:47 - 000000096 _____ () C:\Users\pault\AppData\Roaming\version2.xml
2018-03-21 04:06 - 2018-05-13 00:00 - 000003584 _____ () C:\Users\pault\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2019-05-31 14:53 - 2019-05-31 14:53 - 000000937 _____ () C:\Users\pault\AppData\Local\recently-used.xbel
2017-11-16 11:13 - 2017-11-16 11:13 - 000000017 _____ () C:\Users\pault\AppData\Local\resmon.resmoncfg

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================
 

PaulTomasi

TS Member
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-06-2019
Ran by pault (04-06-2019 02:13:39)
Running from C:\Users\pault\Desktop
Windows 10 Pro Version 1803 17134.766 (X64) (2018-06-12 20:07:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1882311373-1252287477-1295940213-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1882311373-1252287477-1295940213-503 - Limited - Disabled)
Guest (S-1-5-21-1882311373-1252287477-1295940213-501 - Limited - Disabled)
PAUL (S-1-5-21-1882311373-1252287477-1295940213-1003 - Administrator - Enabled) => C:\Users\PAUL
pault (S-1-5-21-1882311373-1252287477-1295940213-1001 - Administrator - Enabled) => C:\Users\pault
WDAGUtilityAccount (S-1-5-21-1882311373-1252287477-1295940213-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.01 (x64) (HKLM\...\7-Zip) (Version: 18.01 - Igor Pavlov)
Active@ Partition Manager 6 (HKLM\...\{FE2483C5-A90C-401D-967F-023A9C3CAAAF}_is1) (Version: 6 - LSoft Technologies Inc)
Application Verifier x64 External Package (HKLM\...\{D9908CED-5ABB-FEE9-FC84-743F4D38637C}) (Version: 10.1.16299.15 - Microsoft) Hidden
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.35.1 - Asmedia Technology)
Assessments on Client (HKLM-x32\...\{DF68FA09-D4E8-A1F4-2235-CFF4F5DFB8D0}) (Version: 10.1.17134.1 - Microsoft) Hidden
Audacity 2.2.1 (HKLM-x32\...\Audacity_is1) (Version: 2.2.1 - Audacity Team)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 74.0.64.77 - The Brave Authors)
CamStudio 2.7.4 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.4 - CamStudio Open Source)
CCleaner (HKLM\...\CCleaner) (Version: 5.39 - Piriform)
CDex - Digital Audio CD Extractor and Converter (HKLM-x32\...\CDex) (Version: 1.97.0.2018 - CDex.mu)
cdrtfe 1.5.8 (HKLM-x32\...\cdrtools Frontend_is1) (Version: - Oliver Valencia)
ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{D1844DC3-B378-47CC-AB40-7FC16C79A2CD}) (Version: 4.7.02558 - Microsoft Corporation) Hidden
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
DiagnosticsHub_CollectionService (HKLM\...\{A5DD0731-C724-4037-B35B-B80782AACE00}) (Version: 15.0.27128 - Microsoft Corporation) Hidden
Disk Drill 2.0.0.337 (HKLM-x32\...\{574ABB3C-0E3A-4AFE-A04F-299654C76A9C}) (Version: 2.0.337 - CleverFiles)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 418.81 - NVIDIA Corporation) Hidden
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS)
Elgato Game Capture HD (HKLM\...\{0C76F0F5-4A3E-4A2D-9882-7C6C485FBD8E}) (Version: 3.70.13.3013 - Elgato Systems GmbH)
Entity Framework 6.1.3 Tools for Visual Studio 15 (HKLM-x32\...\{F8C0447E-D45C-4E52-94E8-C6340AAC9DB8}) (Version: 6.1.60104.0 - Microsoft Corporation) Hidden
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
EPSON ET-2550 Series Printer Uninstall (HKLM\...\EPSON ET-2550 Series) (Version: - SEIKO EPSON Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Evince 2.32.0.145 (HKLM-x32\...\{AA38CC00-F12C-495E-AF00-7EE413D3BFB2}) (Version: 2.32.0.145 - (Custom build))
Find and Mount 2.32 (HKLM\...\Find and Mount_is1) (Version: 2.32 - A-FF Data Recovery)
FrostWire 6.6.1 (HKLM-x32\...\FrostWire 6) (Version: 6.6.1.249 - FrostWire LLC)
Game Capture HD60 Pro v1.1.0.178 (HKLM-x32\...\Software_Elgato_Game Capture HD60 Pro) (Version: 1.1.0.178 - Elgato Systems)
GIMP 2.10.0 (HKLM\...\GIMP-2_is1) (Version: 2.10.0 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 74.0.3729.169 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden
HandBrake 1.1.1 (HKLM-x32\...\HandBrake) (Version: 1.1.1 - )
icecap_collection_neutral (HKLM-x32\...\{9149432D-3BEE-4869-B6F5-7A5CF843A612}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM\...\{D0C9796E-CB35-4440-885D-9630A0153D1E}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{B96B62E4-2EE4-45EC-8082-246FFC1B12E3}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{262EE643-72FF-406D-9776-C6B65443DA5B}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
IntelliTraceProfilerProxy (HKLM-x32\...\{0A2EDF2C-9A71-43D7-964A-696BB7CEAC65}) (Version: 15.0.25.0 - Microsoft Corporation) Hidden
Java 8 Update 151 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
jetAudio Basic (HKLM-x32\...\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}) (Version: 8.1.0 - COWON)
Kits Configuration Installer (HKLM-x32\...\{C690B2D9-0AA8-8CDA-965D-FED648C3EF9C}) (Version: 10.1.17134.1 - Microsoft) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LibreOffice 6.1.0.3 (HKLM-x32\...\{4D5D4345-00D4-4AC5-A548-0ED7491A3EA9}) (Version: 6.1.0.3 - The Document Foundation)
LMMS 1.2.0-rc7 (HKLM-x32\...\LMMS) (Version: 1.2.0-rc7 - LMMS Developers)
MatSpoon CloseTheDoor 0.2.1 (HKLM-x32\...\MatSpoon - CloseTheDoor) (Version: 0.2.1 - MatSpoon)
Microsoft .NET Core SDK - 2.1.2 (x64) (HKLM-x32\...\{9651d4f8-e761-4b9b-ac03-6c2685f1f225}) (Version: 2.1.2 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2017 CTP2.1 (HKLM\...\{9BAD8F82-A221-42CE-AFF0-7CAB825790C9}) (Version: 14.0.600.250 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2017 CTP2.1 (HKLM-x32\...\{F0DD1AA8-44D7-4ACE-AF65-7378EA5D884C}) (Version: 14.0.600.250 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - ENU (HKLM-x32\...\Microsoft Visual Basic 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27029 (HKLM-x32\...\{64ff2cb0-807c-4ee9-87ef-ec1b2ede0daf}) (Version: 14.16.27029.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.18.1080.1029 - Microsoft Corporation)
MiniTool Partition Wizard Free 10.3 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Software Limited)
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSI Development Tools (HKLM-x32\...\{973CACA2-E018-065B-0580-F2784802E299}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
MXAx64 (HKLM-x32\...\{549BD674-4FA7-039F-D1BD-32212108260F}) (Version: 10.1.17134.1 - Microsoft) Hidden
Network Monitor (HKLM-x32\...\{2d016cf0-69b5-47a2-a5a2-dabad25f9747}) (Version: 1.4.268 - Spiceworks)
Network Monitor 1.4.00268 (HKLM\...\{51AC3A57-8A93-4584-B673-F421DE5DC813}) (Version: 1.4.00268 - Spiceworks) Hidden
nomacs - Image Lounge (HKLM\...\{8AE50AF6-C3C4-4AC4-A4A6-A54994A62998}) (Version: 3.8.0 - TU Wien)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.1 - Notepad++ Team)
Npcap 0.995 (HKLM-x32\...\NpcapInst) (Version: 0.995 - Nmap Project)
NTLite v1.5.0.5855 (HKLM\...\NTLite_is1) (Version: 1.5.0.5855 - Nlitesoft)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.12 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller Driver 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 418.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 418.81 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.16.0.140 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.16.0.140 - NVIDIA Corporation)
NVIDIA Graphics Driver 418.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 418.81 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.13 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.18.0907 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.18.0907 - NVIDIA Corporation)
Nvu 1.0 (HKLM-x32\...\Nvu_is1) (Version: 1.0 - Linspire Inc.)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 21.1.2 - OBS Project)
OpenShot Video Editor version 2.4.1 (HKLM\...\{4BB0DCDC-BC24-49EC-8937-72956C33A470}_is1) (Version: 2.4.1 - OpenShot Studios, LLC)
Opera Stable 58.0.3135.132 (HKLM-x32\...\Opera 58.0.3135.132) (Version: 58.0.3135.132 - Opera Software)
Oracle VM VirtualBox 5.2.12 (HKLM\...\{128AD467-F107-4FED-A283-F355E74DE103}) (Version: 5.2.12 - Oracle Corporation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
PotPlayer-64 bit (HKLM\...\PotPlayer64) (Version: 1.7.8557 - Kakao Corp.)
Puran Duplicate File Finder 2.0 (HKLM\...\Puran Duplicate File Finder_is1) (Version: - Puran Software)
Python 3.6.4 (32-bit) (HKU\S-1-5-21-1882311373-1252287477-1295940213-1001\...\{9218130b-5ad0-4cf7-82be-6993cfd6cb84}) (Version: 3.6.4150.0 - Python Software Foundation)
Python 3.6.4 Add to Path (32-bit) (HKLM-x32\...\{B7F6071F-CC88-469C-9AC6-BEBA83594819}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Core Interpreter (32-bit) (HKLM-x32\...\{D188614B-E656-4EF1-9F5A-23559EBE8F5A}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Development Libraries (32-bit) (HKLM-x32\...\{C3797E33-967D-4687-8F1A-9DE771A00125}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Documentation (32-bit) (HKLM-x32\...\{E09874D3-E898-4AB6-B043-EE24DF786088}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Executables (32-bit) (HKLM-x32\...\{47A75DB9-F3F5-4697-9261-DBA5162DBB9E}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 pip Bootstrap (32-bit) (HKLM-x32\...\{54142B43-2FA5-4BBA-BF03-27C10EB50C1E}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Standard Library (32-bit) (HKLM-x32\...\{2832768E-9BCA-4421-950C-7186B3BDFC45}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Tcl/Tk Support (32-bit) (HKLM-x32\...\{20888FA1-8127-42E3-969F-9BF93245AC83}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Test Suite (32-bit) (HKLM-x32\...\{D14FB2FA-51B2-415C-93BF-5053102235EE}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Utility Scripts (32-bit) (HKLM-x32\...\{D0730E44-E519-4F39-B926-E2FC0449D67C}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.7.0 (32-bit) (HKU\S-1-5-21-1882311373-1252287477-1295940213-1001\...\{ece37911-ffeb-4f29-95d6-abcf555d7364}) (Version: 3.7.150.0 - Python Software Foundation)
Python 3.7.0 Core Interpreter (32-bit) (HKLM-x32\...\{13BB06D9-FD38-47E5-946E-C2606C554030}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 Development Libraries (32-bit) (HKLM-x32\...\{B424BE74-3C96-4974-8754-9D6442286112}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 Documentation (32-bit) (HKLM-x32\...\{ABEE159E-FE5B-4E58-BDD7-1DED2F10AAEB}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 Executables (32-bit) (HKLM-x32\...\{4642A126-F999-4407-801B-C1C89BDA58C5}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 pip Bootstrap (32-bit) (HKLM-x32\...\{69CFC76B-3434-4919-8885-BA7960725137}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 Standard Library (32-bit) (HKLM-x32\...\{09160A5D-8B99-4A89-9E9D-8A6D8E9C7EC1}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 Tcl/Tk Support (32-bit) (HKLM-x32\...\{8A09EA6B-C86C-4ECA-8742-C4C1BCA96845}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 Test Suite (32-bit) (HKLM-x32\...\{717DB3B4-C457-447B-A8A6-6921A4D917EF}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 Utility Scripts (32-bit) (HKLM-x32\...\{FC756D1E-1252-406E-8414-E11FAF97F3C7}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{D6BDDB48-938A-4384-A7BE-2B4E4931B111}) (Version: 3.7.6386.0 - Python Software Foundation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7848 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
RogueKiller version 12.13.5.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.13.5.0 - Adlice Software)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
SD Card Formatter (HKLM-x32\...\{A61131DC-B92D-4AD8-A925-E2D6D5FE217C}) (Version: 5.0.1 - SD Association)
SDK ARM Additions (HKLM-x32\...\{7922BB77-0B59-840A-AC80-D560A34D75C5}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
SDK ARM Redistributables (HKLM-x32\...\{C87DF65C-A672-7E08-A083-E7D48FE8DB70}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
SeaMonkey 2.49.2 (x86 en-GB) (HKLM-x32\...\SeaMonkey 2.49.2 (x86 en-GB)) (Version: 2.49.2 - Mozilla)
Toolkit Documentation (HKLM-x32\...\{563689A6-D95B-EA6D-665F-97959643E0DB}) (Version: 10.1.17134.1 - Microsoft) Hidden
TypeScript SDK (HKLM-x32\...\{B08D05BC-7897-4616-B34C-95B58D07650C}) (Version: 2.5.4.0 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{A5FA2886-1925-133F-0D41-B9A8ECEA0A2D}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{B739B4C5-EEEC-8E70-0276-38C4779AF398}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{A9D6F52C-694E-3E41-7AB8-5BEB644742A5}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{E053089E-7953-3219-814F-F485FC151C54}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{B9424F08-0617-C4F6-A798-5A9250C1A738}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{D261CEA1-AB8D-9CFA-4407-BCEFC78661AC}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Universal Media Server (HKLM-x32\...\Universal Media Server) (Version: 7.1.0 - Universal Media Server)
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C3ACFCEA-240F-4DCC-A0C3-DD55FEE6C3C2}) (Version: 2.58.0.0 - Microsoft Corporation)
USBPcap 1.3.0.0 (HKLM\...\USBPcap) (Version: 1.3.0.0 - Tomasz Mon)
vcpp_crt.redist.clickonce (HKLM-x32\...\{0074562E-F896-4994-9086-79F8BC8DE02C}) (Version: 14.12.25830 - Microsoft Corporation) Hidden
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
Visual Studio Community 2017 (HKLM\...\d4595a0d) (Version: 15.5.27130.2010 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
VS Immersive Activate Helper (HKLM-x32\...\{8A2BDA07-3417-46C1-9058-CB32BC63E30E}) (Version: 16.0.76.0 - Microsoft Corporation) Hidden
VS JIT Debugger (HKLM\...\{F8F52853-A1A7-42C7-A082-5A6D5853BB0B}) (Version: 16.0.76.0 - Microsoft Corporation) Hidden
VS Script Debugging Common (HKLM\...\{0EE5749D-2DC0-460F-AB1C-06B3EDB42426}) (Version: 16.0.76.0 - Microsoft Corporation) Hidden
vs_BlendMsi (HKLM-x32\...\{18640789-304F-40B5-884B-130B4A97D83B}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsi (HKLM-x32\...\{A68D7884-F036-4A0D-AE1A-410E0311E135}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsires (HKLM-x32\...\{91DDDFB5-1782-48C2-BA2A-8F4D9DE39D27}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_clickoncesigntoolmsi (HKLM-x32\...\{6A1ECF65-2CBF-4B33-9D4A-D1C0A0E5FE45}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{595F5D63-8773-4182-A1E0-EC9ECF4B6EA4}) (Version: 15.0.27102 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{40040E64-50EB-4FCF-B209-DA0B20821759}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{BFFA2FFB-1095-4ADD-A352-368806D2412B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{9414C260-D479-49EB-B0BF-01C1F5076EA0}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{A57BD1C0-42AD-42F8-AFEB-FAC7E6ABB005}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{70F69B4F-7950-4841-8139-5D0C7EDD2FE6}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx64 (HKLM\...\{B11D79C6-332C-47B6-B58C-2F88A4911C7C}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx86 (HKLM-x32\...\{2497054A-0269-4F45-98AE-F469F89CC45F}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{231C8ADB-BF59-458E-A909-CFA825F46388}) (Version: 15.0.27102 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{9CDD69A2-765A-4970-AB6B-595A740C614F}) (Version: 15.0.27019 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{6DFE6F8D-B61D-4348-AB70-4ABF1210DFD5}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{5779B6DD-604A-41CE-BC3D-9D4BDDA22AD2}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{1AC6CC3D-7724-4D84-9270-798A2191AB1C}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
WinAppDeploy (HKLM-x32\...\{9690D51C-4435-1C20-7819-66CCAB0F03F9}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinDirStat 1.1.2 (HKU\S-1-5-21-1882311373-1252287477-1295940213-1001\...\WinDirStat) (Version: - )
Windows Assessment and Deployment Kit - Windows 10 (HKLM-x32\...\{d794748d-72e9-45d7-9ab7-83d6c4c80f7f}) (Version: 10.1.17134.1 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Resource Kit Tools - SubInAcl.exe (HKLM-x32\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)
Windows SDK AddOn (HKLM-x32\...\{350F0ECD-0783-4529-8797-98F0AD33EAC0}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.16299.15 (HKLM-x32\...\{6195c203-b53c-4bb7-983a-6070a902e704}) (Version: 10.1.16299.15 - Microsoft Corporation)
WinHex (HKLM-x32\...\WinHex) (Version: - )
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{385A1387-A488-9E90-3635-086129610034}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{D7DD3171-DA58-52A1-95B2-4769640855AF}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{7336279F-8F8F-5530-A543-3BE963846C0A}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{E414A474-0A87-4F66-C409-A4D9857CFD34}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense Mobile - en-us (HKLM-x32\...\{CE760B86-975B-F514-5673-0ED4332B801B}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{5E67F8BE-D8D2-257F-CE19-419A2D5125C7}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{A2AA063E-AF50-A1F5-8925-A06EB1556644}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{7D4C7F4A-02A9-E434-6451-C8787DF28C1F}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{BC467065-9374-5345-DA3F-FCF073304A25}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Wireshark 3.0.2 64-bit (HKLM-x32\...\Wireshark) (Version: 3.0.2 - The Wireshark developer community, hxxps://www.wireshark.org)
Wondershare MobileTrans ( Version 8.0.0 ) (HKLM-x32\...\{18CDCEAA-A9E4-4A4C-AC0E-C15E87C30EA5}_is1) (Version: 8.0.0 - Wondershare)
WPT Redistributables (HKLM-x32\...\{EEB65046-3AB2-821A-12BD-F0C0490D46D2}) (Version: 10.1.17134.1 - Microsoft) Hidden
WPTx64 (HKLM-x32\...\{C7B318E4-43EF-AA14-637F-6C6EDF59917D}) (Version: 10.1.17134.1 - Microsoft) Hidden
YoutubeMovieMaker (HKLM\...\{543D2D61-3E3D-4CAD-A39A-B40D7E0911DB}) (Version: 17.07 - Youtube Movie Maker)

Packages:
=========
Dropbox -> C:\Program Files\WindowsApps\C27EB4BA.DROPBOX_9.4.2.1000_x64__xbfy0k16fey96 [2018-09-09] (Dropbox Inc.)
Facebook -> C:\Program Files\WindowsApps\Facebook.Facebook_140.1268.45465.0_x86__8xx8rvfyw5nnt [2017-12-12] (Facebook Inc)
FeedLab -> C:\Program Files\WindowsApps\ClevLab.FeedLab_3.1.4.0_x64__qdcg6xvbhrn16 [2018-05-12] (ClevLab)
Microsoft Phone -> C:\Program Files\WindowsApps\Microsoft.CommsPhone_3.43.20002.1000_x64__8wekyb3d8bbwe [2018-09-09] (Microsoft Corporation)
Microsoft Phone Companion -> C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1802.311.0_x64__8wekyb3d8bbwe [2018-06-12] (Microsoft Corporation)
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.6.14.0_x64__8wekyb3d8bbwe [2018-08-29] (Microsoft Studios)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.77.317.0_x64__mcm4njqhnhss8 [2018-09-01] (Netflix, Inc.)
PicSketch -> C:\Program Files\WindowsApps\26208thumbmunkey.PicSketch_1.5.0.0_neutral__s0xj9m39zq8hc [2017-11-15] (thumbmunkeys)
Podcasts (beta) -> C:\Program Files\WindowsApps\15798DavidCatuhe.Cast_7.7.2.0_x64__x8akzp4bebrnj [2017-11-15] (David Catuhe)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-09] (Twitter Inc.)
Word Mobile -> C:\Program Files\WindowsApps\Microsoft.Office.Word_16001.10730.20050.0_x64__8wekyb3d8bbwe [2018-09-09] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov) [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\pault\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 6\FrostWire 6.6.1-SafeMode.lnk -> C:\Program Files (x86)\FrostWire 6\frostwire.bat ()

ShortcutWithArgument: C:\Users\pault\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Connectivity Diagnostics.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google Inc.) -> --profile-directory=Default --app-id=eemlkeanncmjljgehlbplemhmdmalhdc
 

PaulTomasi

TS Member
==================== Loaded Modules (Whitelisted) ==============

2014-12-01 22:00 - 2014-12-01 22:00 - 002243584 _____ () [File not signed] C:\Program Files\LMMS\libfftw3f-3.dll
2015-01-10 23:53 - 2015-01-10 23:53 - 000870418 _____ () [File not signed] C:\Program Files\LMMS\libFLAC-8.dll
2015-02-11 23:27 - 2015-02-11 23:27 - 002748917 _____ () [File not signed] C:\Program Files\LMMS\libfltk.dll
2014-12-03 18:41 - 2014-12-03 18:41 - 002052044 _____ () [File not signed] C:\Program Files\LMMS\libfluidsynth.dll
2014-12-03 23:38 - 2014-12-03 23:38 - 000820624 _____ () [File not signed] C:\Program Files\LMMS\libgig-6.dll
2014-12-01 21:44 - 2014-12-01 21:44 - 001445716 _____ () [File not signed] C:\Program Files\LMMS\libjpeg-9.dll
2017-06-06 17:14 - 2017-06-06 17:14 - 000585838 _____ () [File not signed] C:\Program Files\LMMS\libmp3lame-0.dll
2014-12-01 21:59 - 2014-12-01 21:59 - 000168400 _____ () [File not signed] C:\Program Files\LMMS\libogg-0.dll
2015-04-12 23:01 - 2015-04-12 23:01 - 001195715 _____ () [File not signed] C:\Program Files\LMMS\libpng16-16.dll
2014-12-01 21:56 - 2014-12-01 21:56 - 001662491 _____ () [File not signed] C:\Program Files\LMMS\libsamplerate-0.dll
2014-12-03 23:23 - 2014-12-03 23:23 - 002880023 _____ () [File not signed] C:\Program Files\LMMS\libsndfile-1.dll
2015-04-12 22:58 - 2015-04-12 22:58 - 000386024 _____ () [File not signed] C:\Program Files\LMMS\libvorbis-0.dll
2015-04-12 22:58 - 2015-04-12 22:58 - 000796790 _____ () [File not signed] C:\Program Files\LMMS\libvorbisenc-2.dll
2015-04-12 22:58 - 2015-04-12 22:58 - 000154185 _____ () [File not signed] C:\Program Files\LMMS\libvorbisfile-3.dll
2018-09-25 08:59 - 2018-09-25 08:59 - 003876352 _____ () [File not signed] C:\Program Files\LMMS\lmms.exe
2018-09-25 08:59 - 2018-09-25 08:59 - 000207872 _____ () [File not signed] C:\Program Files\LMMS\plugins\amplifier.dll
2018-09-25 08:59 - 2018-09-25 08:59 - 000518144 _____ () [File not signed] C:\Program Files\LMMS\plugins\audiofileprocessor.dll
2018-09-25 09:00 - 2018-09-25 09:00 - 000200704 _____ () [File not signed] C:\Program Files\LMMS\plugins\bassbooster.dll
2018-09-25 09:00 - 2018-09-25 09:00 - 000217088 _____ () [File not signed] C:\Program Files\LMMS\plugins\bitcrush.dll
2018-09-25 08:59 - 2018-09-25 08:59 - 000329728 _____ () [File not signed] C:\Program Files\LMMS\plugins\bitinvader.dll
2018-09-25 09:00 - 2018-09-25 09:00 - 000224256 _____ () [File not signed] C:\Program Files\LMMS\plugins\crossovereq.dll
2018-09-25 09:00 - 2018-09-25 09:00 - 000222208 _____ () [File not signed] C:\Program Files\LMMS\plugins\delay.dll
2018-09-25 09:00 - 2018-09-25 09:00 - 000243712 _____ () [File not signed] C:\Program Files\LMMS\plugins\dualfilter.dll
2018-09-25 09:00 - 2018-09-25 09:00 - 000233984 _____ () [File not signed] C:\Program Files\LMMS\plugins\dynamicsprocessor.dll
2018-09-25 09:01 - 2018-09-25 09:01 - 000356352 _____ () [File not signed] C:\Program Files\LMMS\plugins\eq.dll
2018-09-25 09:00 - 2018-09-25 09:00 - 000208384 _____ () [File not signed] C:\Program Files\LMMS\plugins\flanger.dll
2018-09-25 09:02 - 2018-09-25 09:02 - 000754176 _____ () [File not signed] C:\Program Files\LMMS\plugins\gigplayer.dll
2018-09-25 09:00 - 2018-09-25 09:00 - 000674816 _____ () [File not signed] C:\Program Files\LMMS\plugins\hydrogenimport.dll
2018-09-25 08:59 - 2018-09-25 08:59 - 000334848 _____ () [File not signed] C:\Program Files\LMMS\plugins\kicker.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000018944 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\alias_1407.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000035840 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\allpass_1895.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000020992 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\am_pitchshift_1433.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000023552 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\amp_1181.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000023552 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\analogue_osc_1416.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000025088 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\bandpass_a_iir_1893.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000026624 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\bandpass_iir_1892.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000022016 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\bode_shifter_1431.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000022528 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\bode_shifter_cv_1432.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000033792 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\butterworth_1902.dll
2018-09-25 08:54 - 2018-09-25 08:54 - 003223552 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\calf.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 001174016 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\caps.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000020992 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\chebstortion_1430.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000297472 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\cmt.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000018944 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\comb_1190.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000035328 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\comb_1887.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000018944 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\comb_splitter_1411.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000017920 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\const_1909.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000018944 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\crossover_dist_1404.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000017920 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\dc_remove_1207.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000022016 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\decay_1886.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000023040 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\decimator_1202.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000019456 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\declip_1195.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000029696 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\delay_1898.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000030208 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\delayorama_1402.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000026624 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\diode_1185.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000021504 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\divider_1186.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000033792 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\dj_eq_1901.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000019456 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\dj_flanger_1438.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000028672 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\dyson_compress_1403.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000023040 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\fad_delay_1192.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000026112 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\fast_lookahead_limiter_1913.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000020992 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\flanger_1191.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000022016 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\fm_osc_1415.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000019968 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\foldover_1213.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000020480 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\foverdrive_1196.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000017920 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\freq_tracker_1418.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000026624 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\gate_1410.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000020480 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\giant_flange_1437.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000026624 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\gong_1424.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000024064 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\gong_beater_1439.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000063488 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\gsm_1215.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000033280 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\gverb_1216.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000025088 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\hard_limiter_1413.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000021504 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\harmonic_gen_1220.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000048640 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\hermes_filter_1200.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000025600 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\highpass_iir_1890.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000017920 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\hilbert_1440.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000323072 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\imp_1199.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000017920 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\impulse_1885.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000018944 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\inv_1429.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000025088 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\karaoke_1409.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000015360 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\ladspa-util.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000018944 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\latency_1914.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000028160 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\lcr_delay_1436.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000025600 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\lowpass_iir_1891.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000023040 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\ls_filter_1908.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000020480 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\matrix_ms_st_1421.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000018944 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\matrix_spatialiser_1422.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000020992 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\matrix_st_ms_1420.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000036864 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\mbeq_1197.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000018944 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\mod_delay_1419.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000027648 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\multivoice_chorus_1201.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000028160 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\notch_iir_1894.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000028672 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\phasers_1217.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000024064 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\pitch_scale_1193.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000024576 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\pitch_scale_1194.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000028160 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\plate_1423.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000020992 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\pointer_cast_1910.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000018432 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\rate_shifter_1417.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000022016 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\retro_flange_1208.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000027136 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\revdelay_1605.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000025600 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\ringmod_1188.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000023040 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\satan_maximiser_1408.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000027648 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\sc1_1425.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000027648 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\sc2_1426.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000028160 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\sc3_1427.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000029696 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\sc4_1882.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000029696 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\sc4m_1916.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000029696 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\se4_1883.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000023040 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\shaper_1187.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000035840 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\sifter_1210.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000024064 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\sin_cos_1881.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000024576 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\single_para_1203.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000019456 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\sinus_wavewrapper_1198.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000018432 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\smooth_decimate_1414.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000019456 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\split_1406.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000018944 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\step_muxer_1212.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000018944 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\surround_encoder_1401.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000025088 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\svf_1214.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000024064 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\tap_autopan.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000027648 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\tap_chorusflanger.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000026112 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\tap_deesser.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000028672 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\tap_doubler.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000030720 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\tap_dynamics_m.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000035328 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\tap_dynamics_st.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000025600 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\tap_echo.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000036864 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\tap_eq.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000038912 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\tap_eqbw.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000024064 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\tap_limiter.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000024576 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\tap_pinknoise.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000027136 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\tap_pitch.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000025600 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\tap_reflector.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000049664 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\tap_reverb.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000030208 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\tap_rotspeak.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000026112 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\tap_sigmoid.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000023552 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\tap_tremolo.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000020992 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\tap_tubewarmth.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000025088 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\tap_vibrato.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000025600 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\tape_delay_1211.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000019456 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\transient_1206.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000031232 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\triple_para_1204.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000019968 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\valve_1209.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000019456 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\valve_rect_1405.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000041984 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\vocoder_1337.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000029696 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\vynil_1905.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000020480 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\wave_terrain_1412.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000023552 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\xfade_1915.dll
2018-09-25 08:53 - 2018-09-25 08:53 - 000017408 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspa\zm1_1428.dll
2018-09-25 09:01 - 2018-09-25 09:01 - 000217600 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspabrowser.dll
2018-09-25 09:01 - 2018-09-25 09:01 - 000246272 _____ () [File not signed] C:\Program Files\LMMS\plugins\ladspaeffect.dll
2018-09-25 09:01 - 2018-09-25 09:01 - 000333312 _____ () [File not signed] C:\Program Files\LMMS\plugins\lb302.dll
2018-09-25 08:55 - 2018-09-25 08:55 - 001132032 _____ () [File not signed] C:\Program Files\LMMS\plugins\libZynAddSubFxCore.dll
2018-09-25 09:02 - 2018-09-25 09:02 - 000906752 _____ () [File not signed] C:\Program Files\LMMS\plugins\malletsstk.dll
2018-09-25 09:01 - 2018-09-25 09:01 - 000542720 _____ () [File not signed] C:\Program Files\LMMS\plugins\midiexport.dll
2018-09-25 09:01 - 2018-09-25 09:01 - 000768512 _____ () [File not signed] C:\Program Files\LMMS\plugins\midiimport.dll
2018-09-25 09:01 - 2018-09-25 09:01 - 000468992 _____ () [File not signed] C:\Program Files\LMMS\plugins\monstro.dll
2018-09-25 09:01 - 2018-09-25 09:01 - 000217088 _____ () [File not signed] C:\Program Files\LMMS\plugins\multitapecho.dll
2018-09-25 09:01 - 2018-09-25 09:01 - 000354304 _____ () [File not signed] C:\Program Files\LMMS\plugins\nes.dll
2018-09-25 09:01 - 2018-09-25 09:01 - 000415744 _____ () [File not signed] C:\Program Files\LMMS\plugins\OPL2.dll
2018-09-25 09:01 - 2018-09-25 09:01 - 000285696 _____ () [File not signed] C:\Program Files\LMMS\plugins\organic.dll
2018-09-25 09:01 - 2018-09-25 09:01 - 000331264 _____ () [File not signed] C:\Program Files\LMMS\plugins\papu.dll
2018-09-25 09:02 - 2018-09-25 09:02 - 000278016 _____ () [File not signed] C:\Program Files\LMMS\plugins\patman.dll
2018-09-25 09:02 - 2018-09-25 09:02 - 000219136 _____ () [File not signed] C:\Program Files\LMMS\plugins\peakcontrollereffect.dll
2018-09-25 09:02 - 2018-09-25 09:02 - 000210944 _____ () [File not signed] C:\Program Files\LMMS\plugins\reverbsc.dll
2018-09-25 09:02 - 2018-09-25 09:02 - 000352768 _____ () [File not signed] C:\Program Files\LMMS\plugins\sf2player.dll
2018-09-25 09:02 - 2018-09-25 09:02 - 000359936 _____ () [File not signed] C:\Program Files\LMMS\plugins\sfxr.dll
2018-09-25 09:02 - 2018-09-25 09:02 - 000542208 _____ () [File not signed] C:\Program Files\LMMS\plugins\sid.dll
2018-09-25 09:02 - 2018-09-25 09:02 - 000208896 _____ () [File not signed] C:\Program Files\LMMS\plugins\spectrumanalyzer.dll
2018-09-25 09:02 - 2018-09-25 09:02 - 000197120 _____ () [File not signed] C:\Program Files\LMMS\plugins\stereoenhancer.dll
2018-09-25 09:02 - 2018-09-25 09:02 - 000204288 _____ () [File not signed] C:\Program Files\LMMS\plugins\stereomatrix.dll
2018-09-25 08:59 - 2018-09-25 08:59 - 000267264 _____ () [File not signed] C:\Program Files\LMMS\plugins\tripleoscillator.dll
2018-09-25 09:03 - 2018-09-25 09:03 - 000311808 _____ () [File not signed] C:\Program Files\LMMS\plugins\vestige.dll
2018-09-25 09:03 - 2018-09-25 09:03 - 000295936 _____ () [File not signed] C:\Program Files\LMMS\plugins\vibedstrings.dll
2018-09-25 09:03 - 2018-09-25 09:03 - 000555520 _____ () [File not signed] C:\Program Files\LMMS\plugins\vstbase.dll
2018-09-25 09:03 - 2018-09-25 09:03 - 000272384 _____ () [File not signed] C:\Program Files\LMMS\plugins\vsteffect.dll
2018-09-25 09:03 - 2018-09-25 09:03 - 000394240 _____ () [File not signed] C:\Program Files\LMMS\plugins\watsyn.dll
2018-09-25 09:03 - 2018-09-25 09:03 - 000216064 _____ () [File not signed] C:\Program Files\LMMS\plugins\waveshaper.dll
2018-09-25 09:03 - 2018-09-25 09:03 - 000638976 _____ () [File not signed] C:\Program Files\LMMS\plugins\zynaddsubfx.dll
2014-12-01 21:56 - 2014-12-01 21:56 - 001899867 _____ () [File not signed] C:\Program Files\LMMS\SDL.dll
2014-12-01 21:17 - 2014-12-01 21:17 - 000108544 _____ () [File not signed] C:\Program Files\LMMS\zlib1.dll
2015-04-13 00:06 - 2015-04-13 00:06 - 000827392 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files\LMMS\platforms\qwindows.dll
2015-04-13 00:06 - 2015-04-13 00:06 - 005308928 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files\LMMS\Qt5Core.dll
2015-04-13 00:06 - 2015-04-13 00:06 - 004743168 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files\LMMS\Qt5Gui.dll
2015-04-13 00:06 - 2015-04-13 00:06 - 005996032 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files\LMMS\Qt5Widgets.dll
2015-04-13 00:06 - 2015-04-13 00:06 - 000370176 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files\LMMS\Qt5Xml.dll
2017-12-05 21:03 - 2018-01-28 16:00 - 000075776 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2015-04-28 07:45 - 2015-04-28 07:45 - 000309889 _____ (MingW-W64 Project. All rights reserved.) [File not signed] C:\Program Files\LMMS\libwinpthread-1.dll
2014-12-01 22:24 - 2014-12-01 22:24 - 004145180 _____ (The GLib developer community) [File not signed] C:\Program Files\LMMS\libglib-2.0-0.dll
2014-12-01 22:24 - 2014-12-01 22:24 - 000169266 _____ (The GLib developer community) [File not signed] C:\Program Files\LMMS\libgthread-2.0-0.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [476]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 08:24 - 2018-10-14 18:00 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\dotnet\;C:\Program Files (x86)\Windows Live\Shared;C:\WINDOWS\System32\OpenSSH\;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common
HKU\S-1-5-21-1882311373-1252287477-1295940213-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 194.168.4.100 - 194.168.8.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: AMD_RAIDXpert => 2
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "Elgato Sound Capture"
HKLM\...\StartupApproved\Run32: => "Opera Browser Assistant"
HKU\S-1-5-21-1882311373-1252287477-1295940213-1001\...\StartupApproved\Run: => "OneDriveSetup"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [Microsoft-Windows-Unified-Telemetry-Client] => (Block) C:\WINDOWS\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [CoreNet-DHCP-In] => (Block) %SystemRoot%\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [CoreNet-DHCPV6-In] => (Block) %SystemRoot%\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [CDPSvc-In-UDP] => (Block) %SystemRoot%\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [CDPSvc-In-TCP] => (Block) %SystemRoot%\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [CDPSvc-WFD-In-TCP] => (Block) %SystemRoot%\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [PlayTo-In-UDP-NoScope] => (Block) %SystemRoot%\system32\mdeserver.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [PlayTo-In-UDP-LocalSubnetScope] => (Block) %SystemRoot%\system32\mdeserver.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [PlayTo-In-UDP-PlayToScope] => (Block) %SystemRoot%\system32\mdeserver.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [PlayTo-In-RTSP-NoScope] => (Block) %SystemRoot%\system32\mdeserver.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [PlayTo-In-RTSP-LocalSubnetScope] => (Block) %SystemRoot%\system32\mdeserver.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [PlayTo-In-RTSP-PlayToScope] => (Block) %SystemRoot%\system32\mdeserver.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [PlayTo-SSDP-Discovery-PlayToScope] => (Block) %SystemRoot%\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [PlayTo-QWave-In-UDP-PlayToScope] => (Block) %SystemRoot%\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [PlayTo-QWave-In-TCP-PlayToScope] => (Block) %SystemRoot%\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [AllJoyn-Router-In-TCP] => (Block) %SystemRoot%\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [AllJoyn-Router-In-UDP] => (Block) %SystemRoot%\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [MCX-SSDPSrv-In-UDP] => (Block) %SystemRoot%\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [MCX-In-TCP] => (Block) %SystemRoot%\ehome\ehshell.exe No File
FirewallRules: [MCX-QWave-In-UDP] => (Block) %SystemRoot%\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [MCX-QWave-In-TCP] => (Block) %SystemRoot%\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [MCX-TERMSRV-In-TCP] => (Block) %SystemRoot%\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [MCX-In-UDP] => (Block) %SystemRoot%\ehome\ehshell.exe No File
FirewallRules: [Microsoft-Windows-PeerDist-WSD-In] => (Block) %systemroot%\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{239C123A-CB22-495D-A52B-63CF2EEFBDC3}] => (Allow) LPort=1900
FirewallRules: [{10306BEE-5F5A-4E97-BF4D-1F741DA73396}] => (Allow) LPort=2869
FirewallRules: [{72F27191-8F09-4C44-BD9D-11934027C211}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{32E4F5C5-239A-4840-90F1-0A0D397B99BA}C:\program files\java\jre1.8.0_151\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_151\bin\javaw.exe
FirewallRules: [UDP Query User{870819C2-87CE-4D3F-AFEC-8863766E2457}C:\program files\java\jre1.8.0_151\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_151\bin\javaw.exe
FirewallRules: [TCP Query User{890A273F-B2EE-4E7E-9535-D4601EC8A573}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe No File
FirewallRules: [UDP Query User{17F6B1E2-62FD-4DC3-8E1B-40026CDCC595}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe No File
FirewallRules: [TCP Query User{C7D31D39-9CFB-4D09-B4F4-9D87D60E4A02}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe No File
FirewallRules: [UDP Query User{EE810FFF-251F-4CAF-9B51-68C48C90CE71}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe No File
FirewallRules: [{4A031517-A0D1-4E62-AF00-AFD9217CD1C3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{32601C09-5D7C-4F37-8D9B-1D5C142A80BD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{46CB616B-4AA5-4FBD-8035-11FBC83A5EC4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{2C0C0BAC-9F1C-465F-B712-D5A7F9C68562}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{67DE6FC5-6CE5-4210-BB7E-C6AC9BBD0746}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{65E55C02-A0CF-4068-9367-E8768F4956AF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{671C1D6F-8316-497C-A492-26EF7721601F}] => (Allow) C:\Program Files\Opera\58.0.3135.127\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{E1C7278F-C491-4D16-B61F-9028E7390182}] => (Allow) C:\Program Files\Opera\58.0.3135.132\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{CEF89C81-AFFC-4E2E-9088-8327CC43F4B4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{F6B1590C-FF9D-4A56-82A0-DDB68AA0B7CF}] => (Allow) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{4944074A-9501-432C-9B24-E25D0F19C87E}] => (Allow) LPort=8080
FirewallRules: [{6BAEE927-CD18-44AA-8125-C4D379BFDD7E}] => (Allow) LPort=8443
FirewallRules: [{D8E15DA8-5A92-46F9-BCF4-1D7F4277EBEA}] => (Allow) LPort=8086
FirewallRules: [{957B0129-AEF1-4F54-8313-329B8DD26B7E}] => (Allow) LPort=5558

==================== Restore Points =========================

20-05-2019 17:06:10 Windows Update
04-06-2019 00:20:27 Installed Windows Resource Kit Tools - SubInAcl.exe

==================== Faulty Device Manager Devices =============

Name: Elgato Sound Capture
Description: Elgato Sound Capture
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Elgato
Service: ElgatoVAD
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/04/2019 02:15:33 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2119-05-11T01:15:33Z. Error Code: 0x80041315.

Error: (06/04/2019 02:15:03 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2119-05-11T01:15:03Z. Error Code: 0x80041315.

Error: (06/04/2019 02:14:33 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2119-05-11T01:14:33Z. Error Code: 0x80041315.

Error: (06/04/2019 02:14:03 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2119-05-11T01:14:03Z. Error Code: 0x80041315.

Error: (06/04/2019 02:13:33 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2119-05-11T01:13:33Z. Error Code: 0x80041315.

Error: (06/04/2019 02:13:03 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2119-05-11T01:13:03Z. Error Code: 0x80041315.

Error: (06/04/2019 02:12:33 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2119-05-11T01:12:33Z. Error Code: 0x80041315.

Error: (06/04/2019 02:12:03 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2119-05-11T01:12:03Z. Error Code: 0x80041315.


System errors:
=============
Error: (06/03/2019 04:21:44 PM) (Source: DCOM) (EventID: 10016) (User: PC1)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user PC1\pault SID (S-1-5-21-1882311373-1252287477-1295940213-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/03/2019 04:12:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscDataProtection
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/03/2019 04:10:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The asComSvc service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (06/03/2019 04:10:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the asComSvc service to connect.

Error: (06/03/2019 04:10:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AsSysCtrlService service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (06/03/2019 04:10:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the AsSysCtrlService service to connect.

Error: (06/03/2019 04:10:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ss_conn_service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (06/03/2019 04:10:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the ss_conn_service service to connect.


Windows Defender:
===================================
Date: 2019-05-21 08:30:27.087
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {42DC4AFA-FE8C-4BDE-98AF-B654AA6F1EE9}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-06-03 16:22:46.057
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.293.2801.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16000.6
Error code: 0x80070422
Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

==================== Memory info ===========================

BIOS: American Megatrends Inc. 1604 10/16/2012
Motherboard: ASUSTeK COMPUTER INC. M5A97 PRO
Processor: AMD Phenom(tm) II X6 1055T Processor
Percentage of memory in use: 37%
Total physical RAM: 16281.44 MB
Available physical RAM: 10225.89 MB
Total Virtual: 17305.44 MB
Available Virtual: 9790.64 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:231.56 GB) (Free:12.34 GB) NTFS
Drive e: (RAID1) (Fixed) (Total:2793.84 GB) (Free:334.27 GB) NTFS

\\?\Volume{58764c19-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
\\?\Volume{58764c19-0000-0000-0000-70033a000000}\ () (Fixed) (Total:0.83 GB) (Free:0.45 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Protective MBR) (Size: 2794 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 58764C19)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=231.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=850 MB) - (Type=27)

==================== End of Addition.txt ============================
 

Broni

Malware Annihilator
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 

PaulTomasi

TS Member
Thank you for your assistance.

Here is the results from RogueKiller

RogueKiller Anti-Malware V13.2.1.0 (x64) [May 22 2019] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.17134) 64 bits
Started in : Normal mode
User : pault [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20190605_131506, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2019/06/06 12:02:35 (Duration : 00:33:44)
Switches : -refid 3 (1)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
 

PaulTomasi

TS Member
Thank you for your assistance.

Here is the results from MalwareBytes

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 06/06/2019
Scan Time: 13:01
Log File: ca38d34a-8852-11e9-8698-14dae9daa6f3.json

-Software Information-
Version: 3.7.1.2839
Components Version: 1.0.586
Update Package Version: 1.0.10922
Licence: Trial

-System Information-
OS: Windows 10 (Build 17134.766)
CPU: x64
File System: NTFS
User: PC1\pault

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 356673
Threats Detected: 9
Threats Quarantined: 0
Time Elapsed: 6 min, 38 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 8
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\APPID\REI_AxControl.DLL, No Action By User, [350], [327193],1.0.10922
PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\REI_AxControl.DLL, No Action By User, [350], [327193],1.0.10922
PUP.Optional.Reimage, HKU\S-1-5-21-1882311373-1252287477-1295940213-1001\SOFTWARE\LOCAL APPWIZARD-GENERATED APPLICATIONS\Reimage - Windows Problem Relief., No Action By User, [350], [327203],1.0.10922
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\REI_AxControl.DLL, No Action By User, [350], [327193],1.0.10922
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, No Action By User, [350], [332494],1.0.10922
PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, No Action By User, [350], [332494],1.0.10922
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, No Action By User, [350], [332494],1.0.10922
PUP.Optional.Reimage, HKU\S-1-5-21-1882311373-1252287477-1295940213-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{10ECCE17-29B5-4880-A8F5-EAD298611484}, No Action By User, [350], [327205],1.0.10922

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
PUP.Optional.FusionCore, C:\USERS\PAULT\DOWNLOADS\DONOTSPY10-3.0-SETUP.EXE, No Action By User, [7589], [450895],1.0.10922

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
 

PaulTomasi

TS Member
Broni, thank you for your reply.

Malwarebytes is running a second time (it was NOT intentional). I immediately noticed it found some threats (odd because I thought the first scan was clean, I think) so I let it continue... It's been running nearly 12 hours now! I'm really frustrated!

What should I do?
 

PaulTomasi

TS Member
Thank you for your assistance.

Here is the results from AdwCleaner

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-05-27.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 06-07-2019
# Duration: 00:00:04
# OS: Windows 10 Pro
# Cleaned: 8
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Users\pault\Favorites\Tweaks

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKLM\Software\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Deleted HKLM\Software\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Deleted HKLM\Software\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}

***** [ Chromium (and derivatives) ] *****

Deleted User-Agent Switcher for Chrome

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1932 octets] - [07/06/2019 09:39:27]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

PaulTomasi

TS Member
Malwarebytes had stopped by the time I received your reply. It ran for 14.5 hours. If it's any help, I'm posting it's log file here.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 06/06/2019
Scan Time: 13:47
Log File: 3a073490-8859-11e9-afbd-14dae9daa6f3.json

-Software Information-
Version: 3.7.1.2839
Components Version: 1.0.586
Update Package Version: 1.0.10924
Licence: Trial

-System Information-
OS: Windows 10 (Build 17134.766)
CPU: x64
File System: NTFS
User: PC1\pault

-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 661315
Threats Detected: 4
Threats Quarantined: 4
Time Elapsed: 14 hr, 25 min, 43 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 4
Generic.Malware/Suspicious, C:\USERS\PAULT\DOWNLOADS\TORRENT CLIENTS\FROSTWIRE-6.6.1.WINDOWS.FUSION.EXE, Quarantined, [0], [392686],1.0.10924
PUP.Optional.InstallCore.Generic, C:\USERS\PAULT\DOWNLOADS\RESOURCE HACKER 5.1.6\RESOURCE_HACKER_5.1.6_0421345689.EXE, Quarantined, [561], [512559],1.0.10924
PUP.Optional.InstallCore, C:\USERS\PAULT\DOWNLOADS\CAMSTUDIO\CAMSTUDIO.EXE, Quarantined, [441], [471534],1.0.10924
Generic.Malware/Suspicious, C:\USERS\PAULT\DOWNLOADS\CD BURNER\SETUPIMGBURN_2.5.8.0.EXE, Quarantined, [0], [392686],1.0.10924

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
 

Broni

Malware Annihilator
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 

PaulTomasi

TS Member
After running FRST, I could not locate it's reports. I thought it dumped these onto the hard drive automatically. Am I wrong? If not, then where will I find them? Or do I have to explicitly instruct FRST to save those report files?
 

Broni

Malware Annihilator
They are always in the same location where FRST.exe fie is.
When you ran FRST for the first time they were on your Desktop.
 

PaulTomasi

TS Member
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-06-2019
Ran by pault (administrator) on PC1 (07-06-2019 18:02:07)
Running from C:\Users\pault\Desktop
Loaded Profiles: pault (Available Profiles: pault & PAUL)
Platform: Windows 10 Pro Version 1803 17134.766 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.1000_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1905.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1905.4-0\NisSrv.exe
(Realtek Semiconductor Corp -> DTS) C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(The Document Foundation -> The Document Foundation) C:\Program Files (x86)\LibreOffice\program\soffice.bin
(The Document Foundation -> The Document Foundation) C:\Program Files (x86)\LibreOffice\program\soffice.exe
(The Document Foundation -> The Document Foundation) C:\Program Files (x86)\LibreOffice\program\swriter.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [Elgato Sound Capture] => C:\Program Files\Elgato\SoundCapture\SoundCapture.exe [1234944 2018-06-05] () [File not signed]
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8841472 2018-08-17] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1454336 2018-08-17] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.169\Installer\chrmstp.exe [2019-05-22] (Google LLC -> Google Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction ? <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D264FD8-A23E-4630-AECD-F479CB9EEB02} - System32\Tasks\Opera scheduled Autoupdate 1516126010 => C:\Program Files\Opera\launcher.exe [1465432 2019-04-21] (Opera Software AS -> Opera Software)
Task: {28904661-F7BF-4145-8841-48A1D9A7D824} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-01] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {42142900-C54F-4032-BA78-3539B99F427E} - System32\Tasks\RogueKiller Anti-Malware => C:\Program Files\RogueKiller\RogueKiller64.exe [33971256 2019-05-22] (Adlice -> )
Task: {57E41331-7D2B-488D-A2D8-04A791DA99EF} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [1004424 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {59A90C42-65CE-428D-A35E-E6B1C623B7F7} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [787336 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5D876D4F-C23A-4A31-ACD4-AB70303C507A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-11-15] (Google Inc -> Google Inc.)
Task: {5F6188B4-EF94-455A-9D79-BE044B3DBC0A} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [887688 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6752B441-A691-4C88-9B42-FB77C9CBBFA3} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [563080 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {682C687F-E286-4EF3-8D9C-AC11A26A517C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-01] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6E627B67-9E52-4979-BF53-C96339D1F4FB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-11-15] (Google Inc -> Google Inc.)
Task: {756F5F2F-79C2-4D0B-B7A9-4853C7F94506} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [160200 2018-12-10] (Brave Software, Inc. -> BraveSoftware Inc.) <==== ATTENTION
Task: {8013AA04-42A0-4A81-964C-D68760FACD86} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [787336 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {80BD098B-CBAD-418C-BC7D-0F1A588E4A4C} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [862 2019-04-30] () [File not signed] <==== ATTENTION
Task: {88B398EA-A190-4C4C-8256-0F57D4AE6628} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [887688 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {96381E2B-28AE-4E50-9D2B-1588A08ED52C} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3560840 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A49239F1-32A4-4299-A066-75A053CE5060} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [855944 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A5E34D5D-B4AC-4B97-AC90-8486F17D1C6A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-01] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {ADBC1E82-DC13-4CDF-B386-5712F1A974F8} - System32\Tasks\Opera scheduled assistant Autoupdate 1547211850 => C:\Program Files\Opera\launcher.exe [1465432 2019-04-21] (Opera Software AS -> Opera Software)
Task: {ADFC2F3F-E036-45FA-8952-C694EEBEF0E4} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [160200 2018-12-10] (Brave Software, Inc. -> BraveSoftware Inc.) <==== ATTENTION
Task: {BE1E0229-DC3E-4F07-AA56-1AFB509567B5} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [887688 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C5C22686-8553-4DC8-A85F-031FDEA88924} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [887688 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D9898814-35AB-452B-BB1C-39D3F07AB2C9} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [855944 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F67B9F61-BA2A-4CEF-80A5-7A60D2EE17A7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-01] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{4054ff3a-1fc3-47cb-8aaf-75f3682d850b}: [DhcpNameServer] 194.168.4.100 194.168.8.100

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1882311373-1252287477-1295940213-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/
URLSearchHook: [S-1-5-21-1882311373-1252287477-1295940213-1001] ATTENTION => Default URLSearchHook is missing
IE Session Restore: HKU\S-1-5-21-1882311373-1252287477-1295940213-1001 -> is enabled.

FireFox:
========
FF DefaultProfile: 0kipkwvg.default
FF ProfilePath: C:\Users\pault\AppData\Roaming\Nvu\Profiles\jubpljtk.default [2018-04-14]
FF ProfilePath: C:\Users\pault\AppData\Roaming\Mozilla\SeaMonkey\Profiles\0kipkwvg.default [2018-12-04]
FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2018-07-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2018-07-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google Inc -> Google, Inc.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=3 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2018-12-10] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=9 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2018-12-10] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN -> VideoLAN)

Chrome:
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\pault\AppData\Local\Google\Chrome\User Data\Default [2019-06-07]
CHR Extension: (Slides) - C:\Users\pault\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-15]
CHR Extension: (h264ify) - C:\Users\pault\AppData\Local\Google\Chrome\User Data\Default\Extensions\aleakchihdccplidncghkekgioiakgal [2018-10-03]
CHR Extension: (Docs) - C:\Users\pault\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-15]
CHR Extension: (Google Drive) - C:\Users\pault\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-18]
CHR Extension: (YouTube) - C:\Users\pault\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-15]
CHR Extension: (Chrome Connectivity Diagnostics) - C:\Users\pault\AppData\Local\Google\Chrome\User Data\Default\Extensions\eemlkeanncmjljgehlbplemhmdmalhdc [2019-05-31]
CHR Extension: (Sheets) - C:\Users\pault\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-15]
CHR Extension: (Stylish - Custom themes for any website) - C:\Users\pault\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2019-01-09]
CHR Extension: (Google Docs Offline) - C:\Users\pault\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-17]
CHR Extension: (Dossier) - C:\Users\pault\AppData\Local\Google\Chrome\User Data\Default\Extensions\hohaaljbjhjodnncjbeeilfdloeinfbh [2018-08-16]
CHR Extension: (F.B.(FluffBusting)Purity) - C:\Users\pault\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmkinhboiljjkhaknpaeaicmdjhagpep [2019-06-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\pault\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-14]
CHR Extension: (Stylebot) - C:\Users\pault\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiaejidbmkiecgbjeifoejpgmdaleoha [2018-12-04]
CHR Extension: (uBlock Plus Adblocker) - C:\Users\pault\AppData\Local\Google\Chrome\User Data\Default\Extensions\oofnbdifeelbaidfgpikinijekkjcicg [2017-11-29]
CHR Extension: (Gmail) - C:\Users\pault\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-08]
CHR Extension: (Chrome Media Router) - C:\Users\pault\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-03]
CHR Profile: C:\Users\pault\AppData\Local\Google\Chrome\User Data\System Profile [2018-12-14]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2018-08-17] (ASUSTeK Computer Inc. -> )
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2018-08-17] (ASUSTeK Computer Inc. -> ) [File not signed]
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8348064 2019-01-11] (BattlEye Innovations e.K. -> )
S4 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [160200 2018-12-10] (Brave Software, Inc. -> BraveSoftware Inc.)
S4 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [160200 2018-12-10] (Brave Software, Inc. -> BraveSoftware Inc.)
S4 cfbackd; C:\Program Files (x86)\CleverFiles\Disk Drill\cfbackd.w32.exe [211520 2015-09-25] (508 Software, LLC -> CleverFiles)
R2 DTSAudioService; C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [218768 2018-08-17] (Realtek Semiconductor Corp -> DTS)
S4 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [802432 2019-01-11] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S4 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21304 2017-09-28] (Microsoft Corporation -> Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S4 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [787336 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation)
S4 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [787336 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation)
S4 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5074120 2019-03-14] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 SpiceworksAppServer; C:\Program Files\Spiceworks\Network Monitor\app\bin\\..\bin\SpiceworksAppServer.exe [103936 2014-03-25] (Apache Software Foundation) [File not signed]
S4 SpiceworksEventProcessor; C:\Program Files\Spiceworks\Network Monitor\riemann\SpiceworksEventProcessor.exe [103936 2014-05-19] (Apache Software Foundation) [File not signed]
S4 SpiceworksEventStore; C:\Program Files\Spiceworks\Network Monitor\eventstore\sweventstoresvc.exe [294912 2016-02-26] () [File not signed]
S4 SpiceworksMonitor; C:\Program Files\Spiceworks\Network Monitor\collector\MonitorService.exe [20480 2017-02-10] () [File not signed]
S4 SpiceworksRedis; C:\Program Files\Spiceworks\Network Monitor\redis\RedisService.exe [7680 2017-02-10] () [File not signed]
S4 spiceworkswsp; C:\Program Files\Spiceworks\Network Monitor\wsproxy\wsproxy.exe [60416 2015-07-27] (CloudBees, Inc.) [File not signed]
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
S4 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [187904 2017-09-28] (Microsoft Corporation) [File not signed]
S4 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [142432 2017-11-09] (Microsoft Corporation -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\NisSrv.exe [2433136 2019-06-01] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MsMpEng.exe [109896 2019-06-01] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe [495720 2018-07-04] (Wondershare Technology Co.,Ltd -> Wondershare)
S4 WsDrvInst; C:\Program Files (x86)\Wondershare\MobileTrans\DriverInstall.exe [118936 2018-12-26] (Wondershare Technology Co.,Ltd -> Wondershare)
S4 BraveElevationService; "C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\71.0.58.21\elevation_service.exe" [X]
S4 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
S4 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2018-08-17] (ASUSTeK Computer Inc. -> )
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2017-01-16] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S4 ElgatoVAD; C:\WINDOWS\system32\DRIVERS\ElgatoVAD.sys [39208 2017-07-11] (Elgato Systems LLC -> Elgato Systems GmbH)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2018-08-23] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R3 kmloop; C:\WINDOWS\System32\drivers\loop.sys [16896 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-06-06] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [127136 2019-06-07] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73912 2019-06-07] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-06-07] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [117344 2019-06-07] (Malwarebytes Corporation -> Malwarebytes)
S4 MZ0380.X64; C:\WINDOWS\system32\DRIVERS\eMZ0380.X64.SYS [3834456 2018-01-08] (Elgato Systems LLC -> )
R1 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [83776 2019-05-11] (Insecure.Com LLC -> Insecure.Com LLC.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_4aa19ae78d94d8a3\nvlddmkm.sys [20706184 2019-02-01] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2018-10-25] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [70024 2018-10-01] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [74576 2018-10-01] (NVIDIA Corporation -> NVIDIA Corporation)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> )
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-12] (Microsoft Windows -> Realtek )
S3 SliceDisk5; C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys [31824 2011-02-25] (OOO Sfera-Tehno -> Atola) [File not signed]
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2017-01-16] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 usbaudio2; C:\WINDOWS\system32\DRIVERS\usbaudio2.sys [229888 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
R3 USBPcap; C:\WINDOWS\system32\DRIVERS\USBPcap.sys [58160 2019-04-01] (Tomasz Moń -> USBPcap)
R3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [213080 2018-05-09] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [222864 2018-05-09] (Oracle Corporation -> Oracle Corporation)
S3 VBoxUSB; C:\WINDOWS\System32\Drivers\VBoxUSB.sys [144632 2017-11-22] (Oracle Corporation -> Oracle Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [47496 2019-06-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [337632 2019-06-01] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [53984 2019-06-01] (Microsoft Windows -> Microsoft Corporation)
U4 npcap_wifi; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

PaulTomasi

TS Member
==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-07 18:01 - 2019-06-07 18:01 - 000000000 ____D C:\Users\pault\Desktop\FRST-OlderVersion
2019-06-07 16:55 - 2019-06-07 17:43 - 000001526 _____ C:\additionfile.txt
2019-06-07 09:50 - 2019-06-07 09:50 - 000127136 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-06-07 09:50 - 2019-06-07 09:50 - 000117344 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-06-07 09:50 - 2019-06-07 09:50 - 000073912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-06-07 09:49 - 2019-06-07 09:49 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-06-07 09:43 - 2019-06-07 09:43 - 000001932 _____ C:\Users\pault\Desktop\AdwCleaner[S00].txt
2019-06-07 09:42 - 2019-06-07 09:42 - 000001742 _____ C:\Users\pault\Desktop\MB3.txt
2019-06-07 09:37 - 2019-06-07 09:46 - 000000000 ____D C:\AdwCleaner
2019-06-07 06:16 - 2019-06-07 06:16 - 000001742 _____ C:\Users\pault\Desktop\MB summary.txt
2019-06-07 01:24 - 2019-06-07 01:37 - 063857948 _____ C:\allfiles.txt
2019-06-06 13:15 - 2019-06-06 13:15 - 007025360 _____ (Malwarebytes) C:\Users\pault\Desktop\AdwCleaner.exe
2019-06-06 13:12 - 2019-06-06 13:12 - 000002445 _____ C:\Users\pault\Desktop\MB2.txt
2019-06-06 13:09 - 2019-06-06 13:09 - 000002499 _____ C:\Users\pault\Desktop\MB.txt
2019-06-06 13:00 - 2019-06-06 13:00 - 000000000 ____D C:\Users\pault\AppData\Local\mbam
2019-06-06 12:59 - 2019-06-06 12:59 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-06-06 12:59 - 2019-06-06 12:59 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-06-06 12:59 - 2019-06-06 12:59 - 000000000 ____D C:\Users\pault\AppData\Local\mbamtray
2019-06-06 12:59 - 2019-02-01 12:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-06-06 12:58 - 2019-06-06 12:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-06-06 12:58 - 2019-06-06 12:58 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-06-06 12:58 - 2019-06-06 12:58 - 000000000 ____D C:\Program Files\Malwarebytes
2019-06-06 12:58 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-06-06 12:57 - 2019-06-06 12:57 - 063666840 _____ (Malwarebytes ) C:\Users\pault\Desktop\mb3-setup-consumer-3.7.1.2839-1.0.586-1.0.10908.exe
2019-06-06 12:39 - 2019-06-06 12:39 - 000002108 _____ C:\Users\pault\Desktop\RK.txt
2019-06-06 11:59 - 2019-06-06 11:59 - 000003128 _____ C:\WINDOWS\System32\Tasks\RogueKiller Anti-Malware
2019-06-05 15:45 - 2019-02-13 06:47 - 001909560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2019-06-05 12:59 - 2019-06-05 12:59 - 029930816 _____ (Adlice Software ) C:\Users\pault\Desktop\RogueKiller_setup_ref3.exe
2019-06-04 13:38 - 2019-06-04 13:38 - 000011585 _____ C:\Users\pault\Desktop\ASCII CHARACTERS.odt
2019-06-04 02:13 - 2019-06-04 02:16 - 000069044 _____ C:\Users\pault\Desktop\Addition.txt
2019-06-04 02:11 - 2019-06-07 18:03 - 000030793 _____ C:\Users\pault\Desktop\FRST.txt
2019-06-04 02:09 - 2019-06-07 18:01 - 002417664 _____ (Farbar) C:\Users\pault\Desktop\FRST64.exe
2019-06-04 00:56 - 2019-06-04 00:56 - 000000000 ____D C:\Users\pault\Documents\WPR Files
2019-06-04 00:21 - 2019-06-04 00:21 - 000000000 ____D C:\Program Files (x86)\Windows Resource Kits
2019-06-03 15:45 - 2019-06-03 15:48 - 007576594 _____ C:\Users\pault\Documents\PC1 003.arn
2019-06-03 14:48 - 2019-06-03 14:51 - 008751054 _____ C:\Users\pault\Documents\PC1 002.arn
2019-05-31 15:04 - 2019-05-31 15:04 - 000000000 ____D C:\Users\pault\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2019-05-31 14:53 - 2019-05-31 14:53 - 000000937 _____ C:\Users\pault\AppData\Local\recently-used.xbel
2019-05-31 13:50 - 2019-05-31 13:50 - 000002571 _____ C:\Users\Public\Desktop\Network Monitor.lnk
2019-05-31 13:50 - 2019-05-31 13:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Network Monitor
2019-05-31 13:46 - 2019-05-31 13:46 - 000000000 ____D C:\Program Files\Spiceworks
2019-05-31 13:31 - 2019-05-31 13:31 - 000001827 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2019-05-31 13:31 - 2019-05-31 13:31 - 000001815 _____ C:\Users\Public\Desktop\Wireshark.lnk
2019-05-31 13:30 - 2019-05-31 13:30 - 000000000 ____D C:\Program Files\USBPcap
2019-05-31 13:29 - 2019-06-01 02:19 - 000002212 _____ C:\WINDOWS\System32\Tasks\npcapwatchdog
2019-05-31 13:29 - 2019-05-31 13:29 - 000000000 ____D C:\WINDOWS\SysWOW64\Npcap
2019-05-31 13:29 - 2019-05-31 13:29 - 000000000 ____D C:\WINDOWS\system32\Npcap
2019-05-31 13:29 - 2019-05-31 13:29 - 000000000 ____D C:\Program Files\Npcap
2019-05-31 13:25 - 2019-05-31 13:31 - 000000000 ____D C:\Program Files\Wireshark
2019-05-30 23:07 - 2019-06-04 16:34 - 000002292 _____ C:\Users\pault\.lmmsrc.xml
2019-05-30 23:05 - 2019-05-30 23:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LMMS 1.2.0-rc7
2019-05-30 23:04 - 2019-05-30 23:05 - 000000000 ____D C:\Program Files\LMMS
2019-05-25 23:42 - 2019-05-25 23:45 - 008688478 _____ C:\Users\pault\Documents\PC1 lets see how this goes.arn
2019-05-20 17:07 - 2019-05-17 13:10 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-05-20 17:07 - 2019-05-17 10:16 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-05-20 17:07 - 2019-05-17 09:12 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-05-20 17:07 - 2019-05-17 07:49 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-05-20 17:07 - 2019-05-17 07:43 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-05-20 17:07 - 2019-05-17 07:42 - 005625160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-05-20 17:07 - 2019-05-17 07:42 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-05-20 17:07 - 2019-05-17 07:41 - 001220112 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-05-20 17:07 - 2019-05-17 07:41 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-05-20 17:07 - 2019-05-17 07:41 - 000135184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-05-20 17:07 - 2019-05-17 07:39 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-05-20 17:07 - 2019-05-17 07:39 - 007519896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-05-20 17:07 - 2019-05-17 07:39 - 002768952 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-05-20 17:07 - 2019-05-17 07:39 - 001459120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-05-20 17:07 - 2019-05-17 07:39 - 001260272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-05-20 17:07 - 2019-05-17 07:39 - 001140992 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-05-20 17:07 - 2019-05-17 07:39 - 001098064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-05-20 17:07 - 2019-05-17 07:39 - 000983424 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-05-20 17:07 - 2019-05-17 07:22 - 006568016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-05-20 17:07 - 2019-05-17 07:22 - 002256560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-05-20 17:07 - 2019-05-17 07:21 - 001130784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-05-20 17:07 - 2019-05-17 07:07 - 003400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-05-20 17:07 - 2019-05-17 07:06 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2019-05-20 17:07 - 2019-05-17 07:06 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-05-20 17:07 - 2019-05-17 07:04 - 002175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-05-20 17:07 - 2019-05-17 07:04 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-05-20 17:07 - 2019-05-17 07:04 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-05-20 17:07 - 2019-05-17 07:03 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-05-20 17:07 - 2019-05-17 07:03 - 004937728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-05-20 17:07 - 2019-05-17 07:03 - 001560576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-05-20 17:07 - 2019-05-17 07:03 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-05-20 17:07 - 2019-05-17 07:01 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-05-20 17:07 - 2019-05-17 07:00 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2019-05-20 17:07 - 2019-05-17 07:00 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-05-20 17:07 - 2019-05-17 06:59 - 004516352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-05-20 17:07 - 2019-05-17 06:57 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-05-20 17:06 - 2019-05-17 05:44 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2019-05-14 20:53 - 2019-05-03 13:14 - 000790208 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-05-14 20:53 - 2019-05-03 13:14 - 000304144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys
2019-05-14 20:53 - 2019-05-03 13:13 - 001376472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2019-05-14 20:53 - 2019-05-03 13:13 - 000396088 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2019-05-14 20:53 - 2019-05-03 12:55 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-05-14 20:53 - 2019-05-03 12:54 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-05-14 20:53 - 2019-05-03 12:52 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2019-05-14 20:53 - 2019-05-03 12:51 - 003613696 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-05-14 20:53 - 2019-05-03 12:50 - 004054528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-05-14 20:53 - 2019-05-03 12:50 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-05-14 20:53 - 2019-05-03 12:49 - 001288704 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2019-05-14 20:53 - 2019-05-03 12:49 - 000488448 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2019-05-14 20:53 - 2019-05-03 12:49 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2019-05-14 20:53 - 2019-05-03 12:43 - 001027008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2019-05-14 20:53 - 2019-05-03 12:43 - 000662328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-05-14 20:53 - 2019-05-03 12:30 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-05-14 20:53 - 2019-05-03 12:30 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-05-14 20:53 - 2019-05-03 12:28 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-05-14 20:53 - 2019-05-03 12:28 - 000089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2019-05-14 20:53 - 2019-05-03 12:27 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2019-05-14 20:53 - 2019-05-03 12:26 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2019-05-14 20:53 - 2019-05-03 12:25 - 004055040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-05-14 20:53 - 2019-05-03 12:25 - 001471488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-05-14 20:53 - 2019-05-03 07:43 - 000177128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2019-05-14 20:53 - 2019-05-03 07:34 - 000159864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2019-05-14 20:53 - 2019-05-03 07:33 - 000709720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-05-14 20:53 - 2019-05-03 07:33 - 000063072 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptdll.dll
2019-05-14 20:53 - 2019-05-03 07:32 - 000793640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-05-14 20:53 - 2019-05-03 07:32 - 000776784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-05-14 20:53 - 2019-05-03 07:32 - 000493880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2019-05-14 20:53 - 2019-05-03 07:32 - 000438984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2019-05-14 20:53 - 2019-05-03 07:32 - 000209208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2019-05-14 20:53 - 2019-05-03 07:32 - 000170296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-05-14 20:53 - 2019-05-03 07:32 - 000164664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2019-05-14 20:53 - 2019-05-03 07:31 - 007436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-05-14 20:53 - 2019-05-03 07:31 - 002811192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-05-14 20:53 - 2019-05-03 07:31 - 000545808 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-05-14 20:53 - 2019-05-03 07:31 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-05-14 20:53 - 2019-05-03 07:31 - 000115728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-05-14 20:53 - 2019-05-03 07:20 - 000434704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2019-05-14 20:53 - 2019-05-03 07:20 - 000384976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2019-05-14 20:53 - 2019-05-03 07:20 - 000192016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2019-05-14 20:53 - 2019-05-03 07:20 - 000146920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2019-05-14 20:53 - 2019-05-03 07:19 - 006043712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-05-14 20:53 - 2019-05-03 07:19 - 000665224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-05-14 20:53 - 2019-05-03 07:19 - 000056288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptdll.dll
2019-05-14 20:53 - 2019-05-03 07:12 - 025855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-05-14 20:53 - 2019-05-03 07:10 - 022017024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-05-14 20:53 - 2019-05-03 07:05 - 022716416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-05-14 20:53 - 2019-05-03 07:02 - 019401216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-05-14 20:53 - 2019-05-03 07:02 - 004866048 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-05-14 20:53 - 2019-05-03 07:01 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-05-14 20:53 - 2019-05-03 07:00 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-05-14 20:53 - 2019-05-03 07:00 - 000120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-kernel-processor-power-events.dll
2019-05-14 20:53 - 2019-05-03 07:00 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2019-05-14 20:53 - 2019-05-03 06:59 - 007593472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-05-14 20:53 - 2019-05-03 06:59 - 005788672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-05-14 20:53 - 2019-05-03 06:59 - 003710976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-05-14 20:53 - 2019-05-03 06:59 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2019-05-14 20:53 - 2019-05-03 06:59 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2019-05-14 20:53 - 2019-05-03 06:59 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-05-14 20:53 - 2019-05-03 06:58 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-05-14 20:53 - 2019-05-03 06:58 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-05-14 20:53 - 2019-05-03 06:58 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2019-05-14 20:53 - 2019-05-03 06:58 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2019-05-14 20:53 - 2019-05-03 06:57 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-05-14 20:53 - 2019-05-03 06:57 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-05-14 20:53 - 2019-05-03 06:57 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-05-14 20:53 - 2019-05-03 06:57 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-05-14 20:53 - 2019-05-03 06:56 - 001803776 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-05-14 20:53 - 2019-05-03 06:56 - 000773632 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2019-05-14 20:53 - 2019-05-03 06:56 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-05-14 20:53 - 2019-05-03 06:55 - 003090432 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2019-05-14 20:53 - 2019-05-03 06:55 - 002166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-05-14 20:53 - 2019-05-03 06:55 - 000659968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2019-05-14 20:53 - 2019-05-03 06:54 - 001628672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-05-14 20:53 - 2019-05-03 06:54 - 001097728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2019-05-14 20:53 - 2019-05-03 06:54 - 000961024 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-05-14 20:53 - 2019-05-03 06:54 - 000845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2019-05-14 20:53 - 2019-05-03 06:54 - 000778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2019-05-14 20:53 - 2019-05-03 06:54 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-05-14 20:53 - 2019-05-03 06:54 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-05-14 20:53 - 2019-05-03 06:54 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll
2019-05-14 20:53 - 2019-05-03 06:54 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-05-14 20:53 - 2019-05-03 06:54 - 000535552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-05-14 20:53 - 2019-05-03 06:53 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys
2019-05-14 20:53 - 2019-05-03 06:53 - 000186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys
2019-05-14 20:53 - 2019-05-03 06:53 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys
2019-05-14 20:53 - 2019-05-03 06:53 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys
2019-05-14 20:53 - 2019-04-19 11:55 - 001634920 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-05-14 20:53 - 2019-04-19 11:54 - 000720200 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-05-14 20:53 - 2019-04-19 11:40 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-05-14 20:53 - 2019-04-19 11:39 - 012754944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-05-14 20:53 - 2019-04-19 11:38 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDSPnf.exe
2019-05-14 20:53 - 2019-04-19 11:38 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfproc.dll
2019-05-14 20:53 - 2019-04-19 11:36 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2019-05-14 20:53 - 2019-04-19 11:34 - 000522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2019-05-14 20:53 - 2019-04-19 10:44 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-05-14 20:53 - 2019-04-19 10:37 - 000607960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-05-14 20:53 - 2019-04-19 10:30 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfproc.dll
2019-05-14 20:53 - 2019-04-19 10:28 - 011940864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-05-14 20:53 - 2019-04-19 10:26 - 002405888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2019-05-14 20:53 - 2019-04-19 10:25 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2019-05-14 20:53 - 2019-04-19 06:07 - 000985400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2019-05-14 20:53 - 2019-04-19 06:06 - 002571632 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-05-14 20:53 - 2019-04-19 06:06 - 000798520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2019-05-14 20:53 - 2019-04-19 06:06 - 000713264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-05-14 20:53 - 2019-04-19 06:06 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-05-14 20:53 - 2019-04-19 06:06 - 000274232 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-05-14 20:53 - 2019-04-19 06:02 - 000831800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2019-05-14 20:53 - 2019-04-19 06:01 - 001982008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-05-14 20:53 - 2019-04-19 06:01 - 000581592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-05-14 20:53 - 2019-04-19 06:01 - 000576016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2019-05-14 20:53 - 2019-04-19 06:01 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-05-14 20:53 - 2019-04-19 05:43 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
2019-05-14 20:53 - 2019-04-19 05:42 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-05-14 20:53 - 2019-04-19 05:41 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2019-05-14 20:53 - 2019-04-19 05:41 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\EduPrintProv.exe
2019-05-14 20:53 - 2019-04-19 05:40 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2019-05-14 20:53 - 2019-04-19 05:40 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpnServiceDS.dll
2019-05-14 20:53 - 2019-04-19 05:40 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll
2019-05-14 20:53 - 2019-04-19 05:40 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2019-05-14 20:53 - 2019-04-19 05:40 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetDriverInstall.dll
2019-05-14 20:53 - 2019-04-19 05:39 - 000567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-05-14 20:53 - 2019-04-19 05:39 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SDDS.dll
2019-05-14 20:53 - 2019-04-19 05:39 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingASDS.dll
2019-05-14 20:53 - 2019-04-19 05:39 - 000361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2019-05-14 20:53 - 2019-04-19 05:39 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2019-05-14 20:53 - 2019-04-19 05:38 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-05-14 20:53 - 2019-04-19 05:38 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2019-05-14 20:53 - 2019-04-19 05:38 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-05-14 20:53 - 2019-04-19 05:38 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2019-05-14 20:53 - 2019-04-19 05:38 - 000300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2019-05-14 20:53 - 2019-04-19 05:38 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2019-05-14 20:53 - 2019-04-19 05:37 - 000953856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2019-05-14 20:53 - 2019-04-19 05:37 - 000445952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2019-05-14 20:53 - 2019-04-19 05:37 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2019-05-14 20:53 - 2019-04-19 05:37 - 000381952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2019-05-14 20:53 - 2019-04-19 05:37 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2019-05-14 20:53 - 2019-04-19 05:37 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2019-05-14 20:53 - 2019-04-19 05:37 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2019-05-14 20:53 - 2019-04-19 05:36 - 002909696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-05-14 20:53 - 2019-04-19 05:36 - 001300992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2019-05-14 20:53 - 2019-04-19 05:36 - 000827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2019-05-14 20:53 - 2019-04-19 05:36 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2019-05-14 20:53 - 2019-04-19 05:36 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2019-05-14 20:53 - 2019-04-19 05:36 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2019-05-14 20:53 - 2019-04-19 05:36 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2019-05-14 20:53 - 2019-04-19 05:35 - 001938944 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2019-05-14 20:53 - 2019-04-19 05:35 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2019-05-14 20:53 - 2019-04-19 05:35 - 001175552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2019-05-14 20:53 - 2019-04-19 05:35 - 001156608 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-05-14 20:53 - 2019-04-19 05:35 - 000784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2019-05-14 20:53 - 2019-04-19 05:35 - 000607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-05-14 20:53 - 2019-04-19 05:35 - 000535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2019-05-14 20:53 - 2019-04-19 05:35 - 000523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2019-05-14 20:53 - 2019-04-19 05:35 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapibase.dll
2019-05-14 20:53 - 2019-04-19 05:34 - 000935936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2019-05-14 20:53 - 2019-04-19 05:34 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-05-14 20:53 - 2019-04-19 05:34 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-05-14 20:53 - 2019-04-19 05:34 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-05-14 20:53 - 2019-04-19 05:34 - 000653312 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2019-05-14 20:53 - 2019-04-19 04:18 - 000806360 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-05-14 20:53 - 2019-04-19 04:18 - 000806360 _____ C:\WINDOWS\system32\locale.nls
2019-05-14 20:53 - 2019-04-09 02:48 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-05-14 20:53 - 2019-04-09 02:48 - 000376320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2019-05-14 20:53 - 2019-04-09 02:48 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-05-14 20:53 - 2019-04-09 02:48 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-05-14 20:53 - 2019-04-09 02:48 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2019-05-11 01:44 - 2019-05-11 01:44 - 000083776 _____ (Insecure.Com LLC.) C:\WINDOWS\system32\Drivers\npcap.sys

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-07 18:02 - 2018-07-26 09:42 - 000000000 ____D C:\FRST
2019-06-07 17:46 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-06-07 17:17 - 2018-06-12 20:34 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-06-07 13:04 - 2019-04-12 15:50 - 000000000 ____D C:\Users\pault\Documents\PIP Kelly-ann's PIP claims form
2019-06-07 09:48 - 2018-06-12 21:05 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-06-07 09:46 - 2018-04-11 22:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-06-07 06:12 - 2018-06-12 20:43 - 000000000 ____D C:\Users\pault
2019-06-07 05:50 - 2018-08-15 21:06 - 000000000 ____D C:\Users\pault\Downloads\Resource Hacker 5.1.6
2019-06-07 05:50 - 2018-08-05 09:57 - 000000000 ____D C:\Users\pault\Downloads\camstudio
2019-06-07 05:47 - 2018-01-19 22:03 - 000000000 ____D C:\Users\pault\Downloads\CD Burner
2019-06-07 05:47 - 2018-01-03 18:42 - 000000000 ____D C:\Users\pault\Downloads\torrent clients
2019-06-06 15:32 - 2019-04-06 05:25 - 000000000 ____D C:\Users\pault\Documents\PIP ka
2019-06-06 12:59 - 2018-04-12 00:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-06-06 12:02 - 2018-08-03 00:50 - 000000000 ____D C:\ProgramData\RogueKiller
2019-06-06 11:58 - 2018-08-03 00:50 - 000000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2019-06-06 11:58 - 2018-08-03 00:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2019-06-06 11:58 - 2018-08-03 00:50 - 000000000 ____D C:\Program Files\RogueKiller
2019-06-06 02:25 - 2018-01-20 04:04 - 000000000 ____D C:\Users\pault\AppData\Roaming\audacity
2019-06-05 21:00 - 2019-01-26 21:59 - 000001056 _____ C:\Users\pault\Desktop\DVD Shrink 3.2.lnk
2019-06-05 21:00 - 2018-08-27 05:31 - 000002002 _____ C:\Users\pault\Desktop\vbexpress.exe - Shortcut.lnk
2019-06-05 21:00 - 2018-07-21 19:36 - 000001266 _____ C:\Users\pault\Desktop\Puran Duplicate File Finder.lnk
2019-06-05 21:00 - 2018-07-17 23:10 - 000001050 _____ C:\Users\pault\Desktop\HandBrake Video Transcoder.lnk
2019-06-05 21:00 - 2018-04-27 11:29 - 000001052 _____ C:\Users\pault\Desktop\cdrtools Frontend.lnk
2019-06-05 21:00 - 2018-04-14 12:53 - 000000954 _____ C:\Users\pault\Desktop\Nvu.lnk
2019-06-05 21:00 - 2018-03-18 09:45 - 000001203 _____ C:\Users\pault\Desktop\PotPlayer 64 bit.lnk
2019-06-05 21:00 - 2018-02-26 04:27 - 000001104 _____ C:\Users\pault\Desktop\WinDirStat.lnk
2019-06-05 21:00 - 2018-02-07 03:09 - 000001895 _____ C:\Users\pault\Desktop\JPEGView.exe - Shortcut.lnk
2019-06-05 21:00 - 2018-02-03 02:05 - 000001278 _____ C:\Users\pault\Desktop\cmd.exe - Shortcut.lnk
2019-06-05 21:00 - 2018-02-01 23:43 - 000001950 _____ C:\Users\pault\Desktop\Defraggler.lnk
2019-06-05 21:00 - 2018-01-29 20:05 - 000001333 _____ C:\Users\pault\Desktop\eventvwr.exe - Shortcut.lnk
2019-06-05 21:00 - 2018-01-29 20:05 - 000000954 _____ C:\Users\pault\Desktop\eventvwr.msc - Shortcut.lnk
2019-06-05 21:00 - 2018-01-04 07:05 - 000001284 _____ C:\Users\pault\Desktop\FrostWire 6.lnk
2019-06-05 21:00 - 2017-12-26 02:34 - 000001010 _____ C:\Users\pault\Desktop\NTLite.lnk
2019-06-05 21:00 - 2017-12-12 23:10 - 000001979 _____ C:\Users\pault\Desktop\wpa.exe - Shortcut.lnk
2019-06-05 21:00 - 2017-11-22 03:35 - 000001140 _____ C:\Users\pault\Desktop\ViewPlayCap.lnk
2019-06-05 15:45 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-06-04 16:19 - 2018-06-12 20:56 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-06-04 16:19 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF
2019-06-04 00:45 - 2018-06-20 04:01 - 000000000 ____D C:\Users\pault\AppData\Local\D3DSCache
2019-06-03 23:52 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\Registration
2019-06-03 14:55 - 2017-11-15 00:32 - 000000000 ____D C:\ProgramData\NVIDIA
2019-06-03 01:12 - 2018-11-23 17:45 - 000000000 ____D C:\Users\pault\lmms
2019-06-02 22:54 - 2017-11-15 21:57 - 000095597 _____ C:\Users\pault\Desktop\NOTES.TXT
2019-06-01 19:28 - 2018-01-20 05:40 - 000000000 ____D C:\Users\pault\Documents\Audacity
2019-06-01 02:45 - 2018-02-25 01:49 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-05-31 13:43 - 2017-12-04 00:45 - 000000000 ____D C:\ProgramData\Package Cache
2019-05-29 18:20 - 2017-11-19 22:09 - 000000000 ____D C:\Users\pault\AppData\Roaming\vlc
2019-05-25 23:29 - 2019-02-09 23:04 - 000003458 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-05-25 23:29 - 2019-02-09 23:04 - 000003256 _____ C:\WINDOWS\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-05-25 23:29 - 2019-02-09 23:04 - 000003212 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-05-25 23:29 - 2019-02-09 23:04 - 000003076 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-05-25 23:29 - 2019-02-09 23:04 - 000003076 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-05-25 23:29 - 2019-02-09 23:04 - 000003076 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-05-25 23:29 - 2019-02-09 23:04 - 000003044 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-05-25 23:29 - 2019-02-09 23:04 - 000003016 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-05-25 23:29 - 2019-02-09 23:04 - 000002974 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-05-25 23:29 - 2019-02-09 23:04 - 000002898 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-05-25 23:29 - 2019-02-09 23:04 - 000002804 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-05-25 23:29 - 2019-01-11 14:04 - 000003554 _____ C:\WINDOWS\System32\Tasks\Opera scheduled assistant Autoupdate 1547211850
2019-05-25 23:29 - 2018-10-03 06:22 - 000003342 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1516126010
2019-05-25 18:44 - 2018-12-10 11:03 - 000003424 _____ C:\WINDOWS\System32\Tasks\BraveSoftwareUpdateTaskMachineUA
2019-05-25 18:44 - 2018-12-10 11:03 - 000003200 _____ C:\WINDOWS\System32\Tasks\BraveSoftwareUpdateTaskMachineCore
2019-05-25 18:44 - 2018-11-11 01:54 - 000003406 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-05-25 18:44 - 2018-11-11 01:54 - 000003182 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-05-24 02:36 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-05-23 01:10 - 2018-12-10 11:04 - 000002418 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2019-05-23 01:10 - 2018-12-10 11:04 - 000002377 _____ C:\Users\Public\Desktop\Brave.lnk
2019-05-22 23:18 - 2017-11-15 00:40 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-05-22 23:18 - 2017-11-15 00:40 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-05-21 08:38 - 2018-02-07 00:13 - 000001014 _____ C:\Users\pault\Desktop\autoruns.exe - Shortcut.lnk
2019-05-21 02:25 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-05-21 02:25 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-05-17 03:01 - 2018-11-16 12:03 - 000000000 ____D C:\Program Files\rempl
2019-05-14 22:16 - 2018-06-12 20:34 - 000407032 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-05-14 22:10 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2019-05-14 22:10 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-05-14 22:10 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2019-05-14 20:52 - 2017-11-15 09:34 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-05-14 20:48 - 2017-11-15 09:33 - 132445408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-05-12 21:13 - 2018-11-09 05:22 - 000000000 ____D C:\Users\pault\Documents\L&J Auto's Mechanics

==================== Files in the root of some directories =======

2018-03-11 05:29 - 2018-03-11 05:29 - 000000000 _____ () C:\Users\pault\31.bat
2018-08-23 02:41 - 2018-08-23 02:41 - 000195887 _____ () C:\Users\pault\DispDiag-20180823-024105-4760-16808.dat
2018-12-06 00:28 - 2018-12-06 00:42 - 000000223 _____ () C:\Users\pault\tst.bat
2018-05-19 10:35 - 2018-05-19 10:41 - 000000469 _____ () C:\Users\pault\yesterday.bat
2017-11-30 21:58 - 2017-11-30 21:58 - 000000351 _____ () C:\Program Files (x86)\BootAnalyzerInstaller.log
2018-08-17 18:50 - 2018-11-23 20:48 - 000000096 _____ () C:\Users\pault\AppData\Roaming\Camdata.ini
2018-08-17 18:50 - 2018-11-23 20:48 - 000000408 _____ () C:\Users\pault\AppData\Roaming\CamLayout.ini
2018-08-17 18:50 - 2018-11-23 20:48 - 000000408 _____ () C:\Users\pault\AppData\Roaming\CamShapes.ini
2018-08-05 19:50 - 2018-11-23 20:48 - 000004536 _____ () C:\Users\pault\AppData\Roaming\CamStudio.cfg
2018-08-05 10:00 - 2018-11-23 20:47 - 000000096 _____ () C:\Users\pault\AppData\Roaming\version2.xml
2018-03-21 04:06 - 2018-05-13 00:00 - 000003584 _____ () C:\Users\pault\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2019-05-31 14:53 - 2019-05-31 14:53 - 000000937 _____ () C:\Users\pault\AppData\Local\recently-used.xbel
2017-11-16 11:13 - 2017-11-16 11:13 - 000000017 _____ () C:\Users\pault\AppData\Local\resmon.resmoncfg

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================
 

PaulTomasi

TS Member
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-06-2019
Ran by pault (07-06-2019 18:04:47)
Running from C:\Users\pault\Desktop
Windows 10 Pro Version 1803 17134.766 (X64) (2018-06-12 20:07:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1882311373-1252287477-1295940213-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1882311373-1252287477-1295940213-503 - Limited - Disabled)
Guest (S-1-5-21-1882311373-1252287477-1295940213-501 - Limited - Disabled)
PAUL (S-1-5-21-1882311373-1252287477-1295940213-1003 - Administrator - Enabled) => C:\Users\PAUL
pault (S-1-5-21-1882311373-1252287477-1295940213-1001 - Administrator - Enabled) => C:\Users\pault
WDAGUtilityAccount (S-1-5-21-1882311373-1252287477-1295940213-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.01 (x64) (HKLM\...\7-Zip) (Version: 18.01 - Igor Pavlov)
Active@ Partition Manager 6 (HKLM\...\{FE2483C5-A90C-401D-967F-023A9C3CAAAF}_is1) (Version: 6 - LSoft Technologies Inc)
Application Verifier x64 External Package (HKLM\...\{D9908CED-5ABB-FEE9-FC84-743F4D38637C}) (Version: 10.1.16299.15 - Microsoft) Hidden
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.35.1 - Asmedia Technology)
Assessments on Client (HKLM-x32\...\{DF68FA09-D4E8-A1F4-2235-CFF4F5DFB8D0}) (Version: 10.1.17134.1 - Microsoft) Hidden
Audacity 2.2.1 (HKLM-x32\...\Audacity_is1) (Version: 2.2.1 - Audacity Team)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 74.0.64.77 - The Brave Authors)
CamStudio 2.7.4 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.4 - CamStudio Open Source)
CCleaner (HKLM\...\CCleaner) (Version: 5.39 - Piriform)
CDex - Digital Audio CD Extractor and Converter (HKLM-x32\...\CDex) (Version: 1.97.0.2018 - CDex.mu)
cdrtfe 1.5.8 (HKLM-x32\...\cdrtools Frontend_is1) (Version: - Oliver Valencia)
ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{D1844DC3-B378-47CC-AB40-7FC16C79A2CD}) (Version: 4.7.02558 - Microsoft Corporation) Hidden
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
DiagnosticsHub_CollectionService (HKLM\...\{A5DD0731-C724-4037-B35B-B80782AACE00}) (Version: 15.0.27128 - Microsoft Corporation) Hidden
Disk Drill 2.0.0.337 (HKLM-x32\...\{574ABB3C-0E3A-4AFE-A04F-299654C76A9C}) (Version: 2.0.337 - CleverFiles)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 418.81 - NVIDIA Corporation) Hidden
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS)
Elgato Game Capture HD (HKLM\...\{0C76F0F5-4A3E-4A2D-9882-7C6C485FBD8E}) (Version: 3.70.13.3013 - Elgato Systems GmbH)
Entity Framework 6.1.3 Tools for Visual Studio 15 (HKLM-x32\...\{F8C0447E-D45C-4E52-94E8-C6340AAC9DB8}) (Version: 6.1.60104.0 - Microsoft Corporation) Hidden
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
EPSON ET-2550 Series Printer Uninstall (HKLM\...\EPSON ET-2550 Series) (Version: - SEIKO EPSON Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Evince 2.32.0.145 (HKLM-x32\...\{AA38CC00-F12C-495E-AF00-7EE413D3BFB2}) (Version: 2.32.0.145 - (Custom build))
Find and Mount 2.32 (HKLM\...\Find and Mount_is1) (Version: 2.32 - A-FF Data Recovery)
FrostWire 6.6.1 (HKLM-x32\...\FrostWire 6) (Version: 6.6.1.249 - FrostWire LLC)
Game Capture HD60 Pro v1.1.0.178 (HKLM-x32\...\Software_Elgato_Game Capture HD60 Pro) (Version: 1.1.0.178 - Elgato Systems)
GIMP 2.10.0 (HKLM\...\GIMP-2_is1) (Version: 2.10.0 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 74.0.3729.169 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden
HandBrake 1.1.1 (HKLM-x32\...\HandBrake) (Version: 1.1.1 - )
icecap_collection_neutral (HKLM-x32\...\{9149432D-3BEE-4869-B6F5-7A5CF843A612}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM\...\{D0C9796E-CB35-4440-885D-9630A0153D1E}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{B96B62E4-2EE4-45EC-8082-246FFC1B12E3}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{262EE643-72FF-406D-9776-C6B65443DA5B}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
IntelliTraceProfilerProxy (HKLM-x32\...\{0A2EDF2C-9A71-43D7-964A-696BB7CEAC65}) (Version: 15.0.25.0 - Microsoft Corporation) Hidden
Java 8 Update 151 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
jetAudio Basic (HKLM-x32\...\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}) (Version: 8.1.0 - COWON)
Kits Configuration Installer (HKLM-x32\...\{C690B2D9-0AA8-8CDA-965D-FED648C3EF9C}) (Version: 10.1.17134.1 - Microsoft) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LibreOffice 6.1.0.3 (HKLM-x32\...\{4D5D4345-00D4-4AC5-A548-0ED7491A3EA9}) (Version: 6.1.0.3 - The Document Foundation)
LMMS 1.2.0-rc7 (HKLM-x32\...\LMMS) (Version: 1.2.0-rc7 - LMMS Developers)
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
MatSpoon CloseTheDoor 0.2.1 (HKLM-x32\...\MatSpoon - CloseTheDoor) (Version: 0.2.1 - MatSpoon)
Microsoft .NET Core SDK - 2.1.2 (x64) (HKLM-x32\...\{9651d4f8-e761-4b9b-ac03-6c2685f1f225}) (Version: 2.1.2 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2017 CTP2.1 (HKLM\...\{9BAD8F82-A221-42CE-AFF0-7CAB825790C9}) (Version: 14.0.600.250 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2017 CTP2.1 (HKLM-x32\...\{F0DD1AA8-44D7-4ACE-AF65-7378EA5D884C}) (Version: 14.0.600.250 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - ENU (HKLM-x32\...\Microsoft Visual Basic 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27029 (HKLM-x32\...\{64ff2cb0-807c-4ee9-87ef-ec1b2ede0daf}) (Version: 14.16.27029.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.18.1080.1029 - Microsoft Corporation)
MiniTool Partition Wizard Free 10.3 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Software Limited)
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSI Development Tools (HKLM-x32\...\{973CACA2-E018-065B-0580-F2784802E299}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
MXAx64 (HKLM-x32\...\{549BD674-4FA7-039F-D1BD-32212108260F}) (Version: 10.1.17134.1 - Microsoft) Hidden
Network Monitor (HKLM-x32\...\{2d016cf0-69b5-47a2-a5a2-dabad25f9747}) (Version: 1.4.268 - Spiceworks)
Network Monitor 1.4.00268 (HKLM\...\{51AC3A57-8A93-4584-B673-F421DE5DC813}) (Version: 1.4.00268 - Spiceworks) Hidden
nomacs - Image Lounge (HKLM\...\{8AE50AF6-C3C4-4AC4-A4A6-A54994A62998}) (Version: 3.8.0 - TU Wien)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.1 - Notepad++ Team)
Npcap 0.995 (HKLM-x32\...\NpcapInst) (Version: 0.995 - Nmap Project)
NTLite v1.5.0.5855 (HKLM\...\NTLite_is1) (Version: 1.5.0.5855 - Nlitesoft)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.12 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller Driver 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 418.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 418.81 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.16.0.140 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.16.0.140 - NVIDIA Corporation)
NVIDIA Graphics Driver 418.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 418.81 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.13 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.18.0907 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.18.0907 - NVIDIA Corporation)
Nvu 1.0 (HKLM-x32\...\Nvu_is1) (Version: 1.0 - Linspire Inc.)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 21.1.2 - OBS Project)
OpenShot Video Editor version 2.4.1 (HKLM\...\{4BB0DCDC-BC24-49EC-8937-72956C33A470}_is1) (Version: 2.4.1 - OpenShot Studios, LLC)
Opera Stable 58.0.3135.132 (HKLM-x32\...\Opera 58.0.3135.132) (Version: 58.0.3135.132 - Opera Software)
Oracle VM VirtualBox 5.2.12 (HKLM\...\{128AD467-F107-4FED-A283-F355E74DE103}) (Version: 5.2.12 - Oracle Corporation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
PotPlayer-64 bit (HKLM\...\PotPlayer64) (Version: 1.7.8557 - Kakao Corp.)
Puran Duplicate File Finder 2.0 (HKLM\...\Puran Duplicate File Finder_is1) (Version: - Puran Software)
Python 3.6.4 (32-bit) (HKU\S-1-5-21-1882311373-1252287477-1295940213-1001\...\{9218130b-5ad0-4cf7-82be-6993cfd6cb84}) (Version: 3.6.4150.0 - Python Software Foundation)
Python 3.6.4 Add to Path (32-bit) (HKLM-x32\...\{B7F6071F-CC88-469C-9AC6-BEBA83594819}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Core Interpreter (32-bit) (HKLM-x32\...\{D188614B-E656-4EF1-9F5A-23559EBE8F5A}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Development Libraries (32-bit) (HKLM-x32\...\{C3797E33-967D-4687-8F1A-9DE771A00125}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Documentation (32-bit) (HKLM-x32\...\{E09874D3-E898-4AB6-B043-EE24DF786088}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Executables (32-bit) (HKLM-x32\...\{47A75DB9-F3F5-4697-9261-DBA5162DBB9E}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 pip Bootstrap (32-bit) (HKLM-x32\...\{54142B43-2FA5-4BBA-BF03-27C10EB50C1E}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Standard Library (32-bit) (HKLM-x32\...\{2832768E-9BCA-4421-950C-7186B3BDFC45}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Tcl/Tk Support (32-bit) (HKLM-x32\...\{20888FA1-8127-42E3-969F-9BF93245AC83}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Test Suite (32-bit) (HKLM-x32\...\{D14FB2FA-51B2-415C-93BF-5053102235EE}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Utility Scripts (32-bit) (HKLM-x32\...\{D0730E44-E519-4F39-B926-E2FC0449D67C}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.7.0 (32-bit) (HKU\S-1-5-21-1882311373-1252287477-1295940213-1001\...\{ece37911-ffeb-4f29-95d6-abcf555d7364}) (Version: 3.7.150.0 - Python Software Foundation)
Python 3.7.0 Core Interpreter (32-bit) (HKLM-x32\...\{13BB06D9-FD38-47E5-946E-C2606C554030}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 Development Libraries (32-bit) (HKLM-x32\...\{B424BE74-3C96-4974-8754-9D6442286112}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 Documentation (32-bit) (HKLM-x32\...\{ABEE159E-FE5B-4E58-BDD7-1DED2F10AAEB}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 Executables (32-bit) (HKLM-x32\...\{4642A126-F999-4407-801B-C1C89BDA58C5}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 pip Bootstrap (32-bit) (HKLM-x32\...\{69CFC76B-3434-4919-8885-BA7960725137}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 Standard Library (32-bit) (HKLM-x32\...\{09160A5D-8B99-4A89-9E9D-8A6D8E9C7EC1}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 Tcl/Tk Support (32-bit) (HKLM-x32\...\{8A09EA6B-C86C-4ECA-8742-C4C1BCA96845}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 Test Suite (32-bit) (HKLM-x32\...\{717DB3B4-C457-447B-A8A6-6921A4D917EF}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 Utility Scripts (32-bit) (HKLM-x32\...\{FC756D1E-1252-406E-8414-E11FAF97F3C7}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{D6BDDB48-938A-4384-A7BE-2B4E4931B111}) (Version: 3.7.6386.0 - Python Software Foundation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7848 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
RogueKiller version 13.2.1.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 13.2.1.0 - Adlice Software)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
SD Card Formatter (HKLM-x32\...\{A61131DC-B92D-4AD8-A925-E2D6D5FE217C}) (Version: 5.0.1 - SD Association)
SDK ARM Additions (HKLM-x32\...\{7922BB77-0B59-840A-AC80-D560A34D75C5}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
SDK ARM Redistributables (HKLM-x32\...\{C87DF65C-A672-7E08-A083-E7D48FE8DB70}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
SeaMonkey 2.49.2 (x86 en-GB) (HKLM-x32\...\SeaMonkey 2.49.2 (x86 en-GB)) (Version: 2.49.2 - Mozilla)
Toolkit Documentation (HKLM-x32\...\{563689A6-D95B-EA6D-665F-97959643E0DB}) (Version: 10.1.17134.1 - Microsoft) Hidden
TypeScript SDK (HKLM-x32\...\{B08D05BC-7897-4616-B34C-95B58D07650C}) (Version: 2.5.4.0 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{A5FA2886-1925-133F-0D41-B9A8ECEA0A2D}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{B739B4C5-EEEC-8E70-0276-38C4779AF398}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{A9D6F52C-694E-3E41-7AB8-5BEB644742A5}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{E053089E-7953-3219-814F-F485FC151C54}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{B9424F08-0617-C4F6-A798-5A9250C1A738}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{D261CEA1-AB8D-9CFA-4407-BCEFC78661AC}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Universal Media Server (HKLM-x32\...\Universal Media Server) (Version: 7.1.0 - Universal Media Server)
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C3ACFCEA-240F-4DCC-A0C3-DD55FEE6C3C2}) (Version: 2.58.0.0 - Microsoft Corporation)
USBPcap 1.3.0.0 (HKLM\...\USBPcap) (Version: 1.3.0.0 - Tomasz Mon)
vcpp_crt.redist.clickonce (HKLM-x32\...\{0074562E-F896-4994-9086-79F8BC8DE02C}) (Version: 14.12.25830 - Microsoft Corporation) Hidden
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
Visual Studio Community 2017 (HKLM\...\d4595a0d) (Version: 15.5.27130.2010 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
VS Immersive Activate Helper (HKLM-x32\...\{8A2BDA07-3417-46C1-9058-CB32BC63E30E}) (Version: 16.0.76.0 - Microsoft Corporation) Hidden
VS JIT Debugger (HKLM\...\{F8F52853-A1A7-42C7-A082-5A6D5853BB0B}) (Version: 16.0.76.0 - Microsoft Corporation) Hidden
VS Script Debugging Common (HKLM\...\{0EE5749D-2DC0-460F-AB1C-06B3EDB42426}) (Version: 16.0.76.0 - Microsoft Corporation) Hidden
vs_BlendMsi (HKLM-x32\...\{18640789-304F-40B5-884B-130B4A97D83B}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsi (HKLM-x32\...\{A68D7884-F036-4A0D-AE1A-410E0311E135}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsires (HKLM-x32\...\{91DDDFB5-1782-48C2-BA2A-8F4D9DE39D27}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_clickoncesigntoolmsi (HKLM-x32\...\{6A1ECF65-2CBF-4B33-9D4A-D1C0A0E5FE45}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{595F5D63-8773-4182-A1E0-EC9ECF4B6EA4}) (Version: 15.0.27102 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{40040E64-50EB-4FCF-B209-DA0B20821759}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{BFFA2FFB-1095-4ADD-A352-368806D2412B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{9414C260-D479-49EB-B0BF-01C1F5076EA0}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{A57BD1C0-42AD-42F8-AFEB-FAC7E6ABB005}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{70F69B4F-7950-4841-8139-5D0C7EDD2FE6}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx64 (HKLM\...\{B11D79C6-332C-47B6-B58C-2F88A4911C7C}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx86 (HKLM-x32\...\{2497054A-0269-4F45-98AE-F469F89CC45F}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{231C8ADB-BF59-458E-A909-CFA825F46388}) (Version: 15.0.27102 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{9CDD69A2-765A-4970-AB6B-595A740C614F}) (Version: 15.0.27019 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{6DFE6F8D-B61D-4348-AB70-4ABF1210DFD5}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{5779B6DD-604A-41CE-BC3D-9D4BDDA22AD2}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{1AC6CC3D-7724-4D84-9270-798A2191AB1C}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
WinAppDeploy (HKLM-x32\...\{9690D51C-4435-1C20-7819-66CCAB0F03F9}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinDirStat 1.1.2 (HKU\S-1-5-21-1882311373-1252287477-1295940213-1001\...\WinDirStat) (Version: - )
Windows Assessment and Deployment Kit - Windows 10 (HKLM-x32\...\{d794748d-72e9-45d7-9ab7-83d6c4c80f7f}) (Version: 10.1.17134.1 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Resource Kit Tools - SubInAcl.exe (HKLM-x32\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)
Windows SDK AddOn (HKLM-x32\...\{350F0ECD-0783-4529-8797-98F0AD33EAC0}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.16299.15 (HKLM-x32\...\{6195c203-b53c-4bb7-983a-6070a902e704}) (Version: 10.1.16299.15 - Microsoft Corporation)
WinHex (HKLM-x32\...\WinHex) (Version: - )
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{385A1387-A488-9E90-3635-086129610034}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{D7DD3171-DA58-52A1-95B2-4769640855AF}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{7336279F-8F8F-5530-A543-3BE963846C0A}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{E414A474-0A87-4F66-C409-A4D9857CFD34}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense Mobile - en-us (HKLM-x32\...\{CE760B86-975B-F514-5673-0ED4332B801B}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{5E67F8BE-D8D2-257F-CE19-419A2D5125C7}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{A2AA063E-AF50-A1F5-8925-A06EB1556644}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{7D4C7F4A-02A9-E434-6451-C8787DF28C1F}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{BC467065-9374-5345-DA3F-FCF073304A25}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Wireshark 3.0.2 64-bit (HKLM-x32\...\Wireshark) (Version: 3.0.2 - The Wireshark developer community, hxxps://www.wireshark.org)
Wondershare MobileTrans ( Version 8.0.0 ) (HKLM-x32\...\{18CDCEAA-A9E4-4A4C-AC0E-C15E87C30EA5}_is1) (Version: 8.0.0 - Wondershare)
WPT Redistributables (HKLM-x32\...\{EEB65046-3AB2-821A-12BD-F0C0490D46D2}) (Version: 10.1.17134.1 - Microsoft) Hidden
WPTx64 (HKLM-x32\...\{C7B318E4-43EF-AA14-637F-6C6EDF59917D}) (Version: 10.1.17134.1 - Microsoft) Hidden
YoutubeMovieMaker (HKLM\...\{543D2D61-3E3D-4CAD-A39A-B40D7E0911DB}) (Version: 17.07 - Youtube Movie Maker)

Packages:
=========
Dropbox -> C:\Program Files\WindowsApps\C27EB4BA.DROPBOX_9.4.2.1000_x64__xbfy0k16fey96 [2018-09-09] (Dropbox Inc.)
Facebook -> C:\Program Files\WindowsApps\Facebook.Facebook_140.1268.45465.0_x86__8xx8rvfyw5nnt [2017-12-12] (Facebook Inc)
FeedLab -> C:\Program Files\WindowsApps\ClevLab.FeedLab_3.1.4.0_x64__qdcg6xvbhrn16 [2018-05-12] (ClevLab) [MS Ad]
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.10730.20084.1000_x64__8wekyb3d8bbwe [2018-09-09] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1807.9.0_x64__8wekyb3d8bbwe [2018-08-05] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1807.9.0_x86__8wekyb3d8bbwe [2018-08-05] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.25.11802.0_x64__8wekyb3d8bbwe [2018-07-07] (Microsoft Corporation) [MS Ad]
Microsoft People -> C:\Program Files\WindowsApps\Microsoft.People_10.1807.2131.1000_x64__8wekyb3d8bbwe [2018-09-09] (Microsoft Corporation) [MS Ad]
Microsoft Phone -> C:\Program Files\WindowsApps\Microsoft.CommsPhone_3.43.20002.1000_x64__8wekyb3d8bbwe [2018-09-09] (Microsoft Corporation)
Microsoft Phone Companion -> C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1802.311.0_x64__8wekyb3d8bbwe [2018-06-12] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.2.8172.0_x86__8wekyb3d8bbwe [2018-08-24] (Microsoft Studios) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.6.14.0_x64__8wekyb3d8bbwe [2018-08-29] (Microsoft Studios)
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.26.12334.0_x64__8wekyb3d8bbwe [2018-08-23] (Microsoft Corporation) [MS Ad]
MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.25.11802.0_x64__8wekyb3d8bbwe [2018-07-05] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.26.12153.0_x64__8wekyb3d8bbwe [2018-08-15] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.77.317.0_x64__mcm4njqhnhss8 [2018-09-01] (Netflix, Inc.)
PicSketch -> C:\Program Files\WindowsApps\26208thumbmunkey.PicSketch_1.5.0.0_neutral__s0xj9m39zq8hc [2017-11-15] (thumbmunkeys)
Podcasts (beta) -> C:\Program Files\WindowsApps\15798DavidCatuhe.Cast_7.7.2.0_x64__x8akzp4bebrnj [2017-11-15] (David Catuhe)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-09] (Twitter Inc.)
Word Mobile -> C:\Program Files\WindowsApps\Microsoft.Office.Word_16001.10730.20050.0_x64__8wekyb3d8bbwe [2018-09-09] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\pault\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 6\FrostWire 6.6.1-SafeMode.lnk -> C:\Program Files (x86)\FrostWire 6\frostwire.bat ()

ShortcutWithArgument: C:\Users\pault\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Connectivity Diagnostics.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google Inc.) -> --profile-directory=Default --app-id=eemlkeanncmjljgehlbplemhmdmalhdc

==================== Loaded Modules (Whitelisted) ==============

2018-08-17 18:37 - 2018-08-17 18:35 - 000104448 _____ () [File not signed] C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll
2018-08-17 18:37 - 2019-06-07 09:49 - 000033280 _____ () [File not signed] C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
2018-08-17 18:37 - 2018-08-17 18:35 - 001360016 _____ (ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
2017-12-05 21:03 - 2018-01-28 16:00 - 000075776 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2018-08-03 09:16 - 2018-08-03 09:16 - 000054784 _____ (Python Software Foundation) [File not signed] C:\Program Files (x86)\LibreOffice\program\python-core-3.5.5\lib\_socket.pyd
2018-08-03 09:16 - 2018-08-03 09:16 - 000016384 _____ (Python Software Foundation) [File not signed] C:\Program Files (x86)\LibreOffice\program\python-core-3.5.5\lib\select.pyd
2018-08-03 09:33 - 2018-08-03 09:33 - 000314880 _____ (The Document Foundation) [File not signed] C:\Program Files (x86)\LibreOffice\program\pyuno.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [476]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 08:24 - 2018-10-14 18:00 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\dotnet\;C:\Program Files (x86)\Windows Live\Shared;C:\WINDOWS\System32\OpenSSH\;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common
HKU\S-1-5-21-1882311373-1252287477-1295940213-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 194.168.4.100 - 194.168.8.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: AMD_RAIDXpert => 2
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "Elgato Sound Capture"
HKLM\...\StartupApproved\Run32: => "Opera Browser Assistant"
HKU\S-1-5-21-1882311373-1252287477-1295940213-1001\...\StartupApproved\Run: => "OneDriveSetup"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [Microsoft-Windows-Unified-Telemetry-Client] => (Block) C:\WINDOWS\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [CoreNet-DHCP-In] => (Block) %SystemRoot%\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [CoreNet-DHCPV6-In] => (Block) %SystemRoot%\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [CDPSvc-In-UDP] => (Block) %SystemRoot%\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [CDPSvc-In-TCP] => (Block) %SystemRoot%\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [CDPSvc-WFD-In-TCP] => (Block) %SystemRoot%\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [PlayTo-In-UDP-NoScope] => (Block) %SystemRoot%\system32\mdeserver.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [PlayTo-In-UDP-LocalSubnetScope] => (Block) %SystemRoot%\system32\mdeserver.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [PlayTo-In-UDP-PlayToScope] => (Block) %SystemRoot%\system32\mdeserver.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [PlayTo-In-RTSP-NoScope] => (Block) %SystemRoot%\system32\mdeserver.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [PlayTo-In-RTSP-LocalSubnetScope] => (Block) %SystemRoot%\system32\mdeserver.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [PlayTo-In-RTSP-PlayToScope] => (Block) %SystemRoot%\system32\mdeserver.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [PlayTo-SSDP-Discovery-PlayToScope] => (Block) %SystemRoot%\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [PlayTo-QWave-In-UDP-PlayToScope] => (Block) %SystemRoot%\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [PlayTo-QWave-In-TCP-PlayToScope] => (Block) %SystemRoot%\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [AllJoyn-Router-In-TCP] => (Block) %SystemRoot%\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [AllJoyn-Router-In-UDP] => (Block) %SystemRoot%\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [MCX-SSDPSrv-In-UDP] => (Block) %SystemRoot%\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [MCX-In-TCP] => (Block) %SystemRoot%\ehome\ehshell.exe No File
FirewallRules: [MCX-QWave-In-UDP] => (Block) %SystemRoot%\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [MCX-QWave-In-TCP] => (Block) %SystemRoot%\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [MCX-TERMSRV-In-TCP] => (Block) %SystemRoot%\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [MCX-In-UDP] => (Block) %SystemRoot%\ehome\ehshell.exe No File
FirewallRules: [Microsoft-Windows-PeerDist-WSD-In] => (Block) %systemroot%\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{239C123A-CB22-495D-A52B-63CF2EEFBDC3}] => (Allow) LPort=1900
FirewallRules: [{10306BEE-5F5A-4E97-BF4D-1F741DA73396}] => (Allow) LPort=2869
FirewallRules: [{72F27191-8F09-4C44-BD9D-11934027C211}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{32E4F5C5-239A-4840-90F1-0A0D397B99BA}C:\program files\java\jre1.8.0_151\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_151\bin\javaw.exe
FirewallRules: [UDP Query User{870819C2-87CE-4D3F-AFEC-8863766E2457}C:\program files\java\jre1.8.0_151\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_151\bin\javaw.exe
FirewallRules: [TCP Query User{890A273F-B2EE-4E7E-9535-D4601EC8A573}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe No File
FirewallRules: [UDP Query User{17F6B1E2-62FD-4DC3-8E1B-40026CDCC595}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe No File
FirewallRules: [TCP Query User{C7D31D39-9CFB-4D09-B4F4-9D87D60E4A02}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe No File
FirewallRules: [UDP Query User{EE810FFF-251F-4CAF-9B51-68C48C90CE71}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe No File
FirewallRules: [{4A031517-A0D1-4E62-AF00-AFD9217CD1C3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{32601C09-5D7C-4F37-8D9B-1D5C142A80BD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{46CB616B-4AA5-4FBD-8035-11FBC83A5EC4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{2C0C0BAC-9F1C-465F-B712-D5A7F9C68562}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{67DE6FC5-6CE5-4210-BB7E-C6AC9BBD0746}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{65E55C02-A0CF-4068-9367-E8768F4956AF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{671C1D6F-8316-497C-A492-26EF7721601F}] => (Allow) C:\Program Files\Opera\58.0.3135.127\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{E1C7278F-C491-4D16-B61F-9028E7390182}] => (Allow) C:\Program Files\Opera\58.0.3135.132\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{CEF89C81-AFFC-4E2E-9088-8327CC43F4B4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{F6B1590C-FF9D-4A56-82A0-DDB68AA0B7CF}] => (Allow) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{4944074A-9501-432C-9B24-E25D0F19C87E}] => (Allow) LPort=8080
FirewallRules: [{6BAEE927-CD18-44AA-8125-C4D379BFDD7E}] => (Allow) LPort=8443
FirewallRules: [{D8E15DA8-5A92-46F9-BCF4-1D7F4277EBEA}] => (Allow) LPort=8086
FirewallRules: [{957B0129-AEF1-4F54-8313-329B8DD26B7E}] => (Allow) LPort=5558

==================== Restore Points =========================

20-05-2019 17:06:10 Windows Update
04-06-2019 00:20:27 Installed Windows Resource Kit Tools - SubInAcl.exe

==================== Faulty Device Manager Devices =============

Name: Elgato Sound Capture
Description: Elgato Sound Capture
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Elgato
Service: ElgatoVAD
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/07/2019 07:28:22 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (06/07/2019 07:28:19 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (06/06/2019 02:44:08 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (06/06/2019 02:44:05 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (06/04/2019 01:45:36 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2119-05-11T12:45:36Z. Error Code: 0x80041315.

Error: (06/04/2019 01:45:06 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2119-05-11T12:45:06Z. Error Code: 0x80041315.

Error: (06/04/2019 01:44:36 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2119-05-11T12:44:36Z. Error Code: 0x80041315.

Error: (06/04/2019 01:44:06 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2119-05-11T12:44:06Z. Error Code: 0x80041315.


System errors:
=============
Error: (06/07/2019 04:05:24 PM) (Source: Application Popup) (EventID: 86) (User: )
Description: dg_ssudbusfailed IRP_MN_QUERY_ID-BusQueryDeviceID

Error: (06/07/2019 04:05:24 PM) (Source: Application Popup) (EventID: 86) (User: )
Description: dg_ssudbusfailed IRP_MN_QUERY_ID-BusQueryDeviceID

Error: (06/07/2019 10:29:43 AM) (Source: DCOM) (EventID: 10016) (User: PC1)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user PC1\pault SID (S-1-5-21-1882311373-1252287477-1295940213-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/07/2019 09:51:42 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscDataProtection
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/07/2019 09:47:26 AM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: The driver detected an internal driver error on \Device\VBoxNetLwf.

Error: (06/07/2019 09:46:12 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Remediation Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (06/07/2019 09:46:12 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ASUS Com Service service terminated unexpectedly. It has done this 1 time(s).

Error: (06/07/2019 09:46:12 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SAMSUNG Mobile Connectivity Service service terminated unexpectedly. It has done this 1 time(s).


Windows Defender:
===================================
Date: 2019-06-04 14:16:24.242
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {BEFBDC90-A1B0-4A27-88B2-05119340732A}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-06-04 14:02:54.897
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.293.2801.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16000.6
Error code: 0x80070422
Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Date: 2019-06-03 16:22:46.057
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.293.2801.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16000.6
Error code: 0x80070422
Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

==================== Memory info ===========================

BIOS: American Megatrends Inc. 1604 10/16/2012
Motherboard: ASUSTeK COMPUTER INC. M5A97 PRO
Processor: AMD Phenom(tm) II X6 1055T Processor
Percentage of memory in use: 39%
Total physical RAM: 16281.44 MB
Available physical RAM: 9906.42 MB
Total Virtual: 17305.44 MB
Available Virtual: 9486.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:231.56 GB) (Free:11.18 GB) NTFS
Drive e: (RAID1) (Fixed) (Total:2793.84 GB) (Free:334.19 GB) NTFS

\\?\Volume{58764c19-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
\\?\Volume{58764c19-0000-0000-0000-70033a000000}\ () (Fixed) (Total:0.83 GB) (Free:0.45 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Protective MBR) (Size: 2794 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 58764C19)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=231.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=850 MB) - (Type=27)

==================== End of Addition.txt ============================
 

Broni

Malware Annihilator
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

PaulTomasi

TS Member
I noticed three batch files listed in the fixlist (31.bat, tst.bat and yesterday.bat). I've removed these lines from the fixlist because those batch files were created by myself (I'm a batch file programmer) and they are works-in-progress which I dumped in the root folder because I am lazy.