Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My Pc is infected with Malware/Virus


  • Please log in to reply

#1
Vince09

Vince09

    New Member

  • Member
  • Pip
  • 6 posts

Hi, Please can you help. My Pc has become infected with a virus of some sort. It has disabled my Anti virus software (Avast). It wont let windows update. Windows Defender does not pick up any problems during scans. I have followed instructions from this website to try and run several anti malware tools but all are shut down apart from one. Malwarebytes was shut down, Vipre was shut down. Super Anti spyware did install and run, it found over 1000 items but I guess not the one causing the proplem. I tried running all these in safe mode but the outcome was the same.  Links to web pages are now not working. My Son usually plays on Roblox but that now will not open. Nor will Steam open.

When I do try to update Windows, right at the end it is asking me to uninstall Glyph Client?

 

Please find the FRST text files below:

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-11-2017
Ran by VINCENT (administrator) on MCNULTYS_PC (28-11-2017 14:58:23)
Running from C:\Users\VINCENT\Desktop
Loaded Profiles: VINCENT (Available Profiles: VINCENT)
Platform: Windows 10 Home Version 1607 14393.1914 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTuneSrvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(Pokki) C:\Users\VINCENT\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8700.40675.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8700.40675.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVBg_SOUNDEDGE] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2016-05-19] (Realtek Semiconductor)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8496344 2016-05-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2016-05-19] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\windows\system32\igfxtray.exe [402904 2016-01-19] ()
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3957816 2014-02-07] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-02-07] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-02-07] (Hewlett-Packard)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-10-10] (AVAST Software)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-27] (Microsoft Corporation)
HKLM-x32\...\Run: [DT_HPO] => C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTuneStartup.exe [142160 2014-01-28] (Hewlett-Packard)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597016 2016-03-31] (Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-61005078-2373781621-4259978329-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421736 2017-03-28] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-61005078-2373781621-4259978329-1001\...\Run: [EPSON SX420W Series] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE [224768 2009-09-14] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-61005078-2373781621-4259978329-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3102496 2017-10-31] (Valve Corporation)
HKU\S-1-5-21-61005078-2373781621-4259978329-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe
HKU\S-1-5-21-61005078-2373781621-4259978329-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7964576 2017-10-17] (SUPERAntiSpyware)
HKU\S-1-5-21-61005078-2373781621-4259978329-1001\...\RunOnce: [Application Restart #6] => C:\Users\VINCENT\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [7874048 2015-10-30] (Pokki)
HKU\S-1-5-21-61005078-2373781621-4259978329-1001\...\MountPoints2: {422dfe50-a79e-11e4-8259-3010b3a7a938} - "H:\LaunchU3.exe" -a
HKU\S-1-5-21-61005078-2373781621-4259978329-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [806400 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421736 2017-03-28] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-07-16] (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{00619b17-d6fe-4115-9219-5be328fc7947}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK14/2
HKU\S-1-5-21-61005078-2373781621-4259978329-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/?gws_rd=ssl
HKU\S-1-5-21-61005078-2373781621-4259978329-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK14/2
SearchScopes: HKLM -> {4CAE03D6-B38E-47F5-A819-4F3D25FA0A95} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {4CAE03D6-B38E-47F5-A819-4F3D25FA0A95} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-61005078-2373781621-4259978329-1001 -> {4CAE03D6-B38E-47F5-A819-4F3D25FA0A95} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-61005078-2373781621-4259978329-1001 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.swellsearch.info/?l=1&q={searchTerms}&pid=1539&r=2015/03/08&hid=14359128447900105012&lg=EN&cc=GB&unqvl=84
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_92\bin\ssv.dll [2016-07-03] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_92\bin\jp2ssv.dll [2016-07-03] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-01-16] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-61005078-2373781621-4259978329-1001 -> hxxp://www.google.co.uk/
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.92.2 -> C:\Program Files\Java\jre1.8.0_92\bin\dtplugin\npDeployJava1.dll [2016-07-03] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.92.2 -> C:\Program Files\Java\jre1.8.0_92\bin\plugin2\npjp2.dll [2016-07-03] (Oracle Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2016-05-23] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-61005078-2373781621-4259978329-1001: @citrixonline.com/appdetectorplugin -> C:\Users\VINCENT\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-10-05] (Citrix Online)
FF Plugin HKU\S-1-5-21-61005078-2373781621-4259978329-1001: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\VINCENT\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-05-13] (RocketLife, LLP)
FF Plugin HKU\S-1-5-21-61005078-2373781621-4259978329-1001: pokki.com/PokkiDownloadHelper -> C:\Users\VINCENT\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll [No File]
FF Plugin HKU\S-1-5-21-61005078-2373781621-4259978329-1001: SkypePlugin -> C:\Users\VINCENT\AppData\Local\SkypePlugin\7.2.0.422\npGatewayNpapi.dll [2015-04-09] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-61005078-2373781621-4259978329-1001: SkypePlugin64 -> C:\Users\VINCENT\AppData\Local\SkypePlugin\7.2.0.422\npGatewayNpapi-x64.dll [2015-04-09] (Skype Technologies S.A.)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\VINCENT\AppData\Local\Google\Chrome\User Data\Default [2017-11-26]
CHR Extension: (Google Slides) - C:\Users\VINCENT\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-20]
CHR Extension: (Google Docs) - C:\Users\VINCENT\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-20]
CHR Extension: (Google Drive) - C:\Users\VINCENT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-20]
CHR Extension: (YouTube) - C:\Users\VINCENT\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-20]
CHR Extension: (Google Sheets) - C:\Users\VINCENT\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-20]
CHR Extension: (Google Docs Offline) - C:\Users\VINCENT\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-20]
CHR Extension: (Skype) - C:\Users\VINCENT\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-12-20]
CHR Extension: (Kaspersky Protection) - C:\Users\VINCENT\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpeeaghdjmhlakojjcgfdhgcejdaefmi [2016-12-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\VINCENT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-20]
CHR Extension: (Gmail) - C:\Users\VINCENT\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-20]
CHR Extension: (Chrome Media Router) - C:\Users\VINCENT\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-20]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7446024 2017-10-10] (AVAST Software s.r.o.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-10-10] (AVAST Software)
S2 AxiomAIRMini32AudioDevMon; C:\Program Files (x86)\M-Audio\Axiom AIR Mini 32\AudioDevMon.exe [192360 2012-12-13] (M-Audio)
R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2286848 2015-10-14] (Broadcom Corporation.)
R2 DTuneSrvc; C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTuneSrvc.exe [120328 2013-07-17] (Portrait Displays, Inc.)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [245544 2016-11-27] (EasyAntiCheat Ltd)
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-05-23] (WildTangent)
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1099280 2017-03-28] (Garmin Ltd. or its subsidiaries)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [323952 2017-09-27] (HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-22] (HP Inc.)
S2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373720 2016-01-19] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
S3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [223520 2015-07-10] (Intel Corporation)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [5660512 2016-08-16] (INCA Internet Co., Ltd.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-02-07] (Softex Inc.) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2124296 2017-04-16] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2185232 2017-04-16] (Electronic Arts)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2016-05-19] (Realtek Semiconductor)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-28] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103704 2017-10-09] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [321032 2017-10-10] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [198976 2017-10-10] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [343288 2017-10-10] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [57736 2017-10-10] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [47008 2017-10-10] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [147776 2017-10-10] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [110376 2017-10-10] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [84416 2017-10-10] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1029872 2017-10-26] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [587168 2017-10-10] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [201352 2017-10-10] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [363440 2017-10-10] (AVAST Software)
S3 AXIOMAIRMINI32; C:\WINDOWS\system32\DRIVERS\MAudioAxiomAIRMini32.sys [134504 2012-12-13] (M-Audio)
R3 bcbtums; C:\WINDOWS\system32\DRIVERS\bcbtums.sys [177432 2015-12-01] (Broadcom Corporation.)
R3 BCMWL63A; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [11244808 2015-09-03] (Broadcom Corp)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S3 gfiark; C:\WINDOWS\System32\drivers\gfiark.sys [40584 2015-08-27] (ThreatTrack Security)
S3 gfiutil; C:\WINDOWS\System32\drivers\gfiutil.sys [32400 2016-03-04] (ThreatTrack Security)
R3 i8042HDR; C:\WINDOWS\system32\DRIVERS\i8042HDR.sys [15920 2009-08-14] (Windows ® Codename Longhorn DDK provider)
R1 MpKsl1f58403d; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0AB3D75F-5A27-4E70-BA13-1977D48872E9}\MpKsl1f58403d.sys [58120 2017-11-27] (Microsoft Corporation)
R1 MpKslb79a38eb; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0AB3D75F-5A27-4E70-BA13-1977D48872E9}\MpKslb79a38eb.sys [58120 2017-11-28] (Microsoft Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 RDID1148; C:\WINDOWS\system32\Drivers\RDWM1148.SYS [242432 2015-07-23] (Roland Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [896768 2016-02-17] (Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [753368 2016-05-19] (Realsil Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-28 14:58 - 2017-11-28 15:00 - 000022220 _____ C:\Users\VINCENT\Desktop\FRST.txt
2017-11-28 14:56 - 2017-11-28 14:57 - 002391552 _____ (Farbar) C:\Users\VINCENT\Desktop\FRST64.exe
2017-11-28 13:21 - 2017-11-28 13:21 - 000365168 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-11-27 22:12 - 2017-11-18 04:23 - 000038744 _____ (Microsoft Corporation) C:\WINDOWS\system32\OOBEUpdater.exe
2017-11-27 22:12 - 2017-11-18 04:20 - 000219024 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2017-11-27 22:12 - 2017-11-18 04:19 - 007780184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-11-27 22:12 - 2017-11-18 04:18 - 002254688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-11-27 22:12 - 2017-11-18 04:16 - 000168800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2017-11-27 22:12 - 2017-11-18 04:14 - 002187616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-11-27 22:12 - 2017-11-18 04:14 - 000658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-11-27 22:12 - 2017-11-18 04:14 - 000402776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-11-27 22:12 - 2017-11-18 04:13 - 007213968 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-11-27 22:12 - 2017-11-18 04:13 - 001090904 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-11-27 22:12 - 2017-11-18 04:13 - 000947544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-11-27 22:12 - 2017-11-18 04:13 - 000811872 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-11-27 22:12 - 2017-11-18 04:13 - 000624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-11-27 22:12 - 2017-11-18 04:13 - 000573792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2017-11-27 22:12 - 2017-11-18 04:13 - 000430424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2017-11-27 22:12 - 2017-11-18 04:12 - 022220856 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-11-27 22:12 - 2017-11-18 04:12 - 008178816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-11-27 22:12 - 2017-11-18 04:11 - 000241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-11-27 22:12 - 2017-11-18 04:10 - 000453536 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2017-11-27 22:12 - 2017-11-18 04:08 - 000222048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ifsutil.dll
2017-11-27 22:12 - 2017-11-18 04:06 - 000983904 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-11-27 22:12 - 2017-11-18 04:03 - 000195936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ifsutil.dll
2017-11-27 22:12 - 2017-11-18 04:01 - 005722312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-11-27 22:12 - 2017-11-18 03:59 - 020967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-11-27 22:12 - 2017-11-18 03:59 - 006672128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-11-27 22:12 - 2017-11-18 03:50 - 022571008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-11-27 22:12 - 2017-11-18 03:50 - 005688320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-11-27 22:12 - 2017-11-18 03:46 - 007219200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-11-27 22:12 - 2017-11-18 03:43 - 007625728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-11-27 22:12 - 2017-11-18 03:43 - 000372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-11-27 22:12 - 2017-11-18 03:43 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\socialapis.dll
2017-11-27 22:12 - 2017-11-18 03:42 - 000248832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlancfg.dll
2017-11-27 22:12 - 2017-11-18 03:42 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2017-11-27 22:12 - 2017-11-18 03:42 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2017-11-27 22:12 - 2017-11-18 03:42 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertPKICmdlet.dll
2017-11-27 22:12 - 2017-11-18 03:41 - 000300544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2017-11-27 22:12 - 2017-11-18 03:40 - 018365952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-11-27 22:12 - 2017-11-18 03:40 - 000670208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll
2017-11-27 22:12 - 2017-11-18 03:40 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-11-27 22:12 - 2017-11-18 03:40 - 000368640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanui.dll
2017-11-27 22:12 - 2017-11-18 03:39 - 019415040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-11-27 22:12 - 2017-11-18 03:38 - 002750976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-11-27 22:12 - 2017-11-18 03:38 - 000969728 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-11-27 22:12 - 2017-11-18 03:38 - 000893440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-11-27 22:12 - 2017-11-18 03:38 - 000862208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-11-27 22:12 - 2017-11-18 03:38 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-11-27 22:12 - 2017-11-18 03:38 - 000442368 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-11-27 22:12 - 2017-11-18 03:38 - 000343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-11-27 22:12 - 2017-11-18 03:37 - 003291648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-11-27 22:12 - 2017-11-18 03:37 - 000926208 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2017-11-27 22:12 - 2017-11-18 03:37 - 000854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
2017-11-27 22:12 - 2017-11-18 03:37 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertPKICmdlet.dll
2017-11-27 22:12 - 2017-11-18 03:36 - 012349440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-11-27 22:12 - 2017-11-18 03:36 - 009129984 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-11-27 22:12 - 2017-11-18 03:36 - 000878080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2017-11-27 22:12 - 2017-11-18 03:35 - 023678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-11-27 22:12 - 2017-11-18 03:35 - 000954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2017-11-27 22:12 - 2017-11-18 03:35 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2017-11-27 22:12 - 2017-11-18 03:34 - 002002944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2017-11-27 22:12 - 2017-11-18 03:34 - 000859136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2017-11-27 22:12 - 2017-11-18 03:34 - 000579072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2017-11-27 22:12 - 2017-11-18 03:34 - 000238080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-11-27 22:12 - 2017-11-18 03:33 - 006066176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-11-27 22:12 - 2017-11-18 03:33 - 000754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-11-27 22:12 - 2017-11-18 03:33 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-11-27 22:12 - 2017-11-18 03:33 - 000296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlancfg.dll
2017-11-27 22:12 - 2017-11-18 03:33 - 000231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2017-11-27 22:12 - 2017-11-18 03:32 - 013441536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-11-27 22:12 - 2017-11-18 03:32 - 004749824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-11-27 22:12 - 2017-11-18 03:32 - 000410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanui.dll
2017-11-27 22:12 - 2017-11-18 03:32 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2017-11-27 22:12 - 2017-11-18 03:32 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\socialapis.dll
2017-11-27 22:12 - 2017-11-18 03:32 - 000268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2017-11-27 22:12 - 2017-11-18 03:32 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2017-11-27 22:12 - 2017-11-18 03:32 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-11-27 22:12 - 2017-11-18 03:31 - 008119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-11-27 22:12 - 2017-11-18 03:31 - 002997760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-11-27 22:12 - 2017-11-18 03:31 - 001147392 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2017-11-27 22:12 - 2017-11-18 03:31 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-11-27 22:12 - 2017-11-18 03:31 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.PointOfService.dll
2017-11-27 22:12 - 2017-11-18 03:31 - 000859136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2017-11-27 22:12 - 2017-11-18 03:31 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-11-27 22:12 - 2017-11-18 03:31 - 000761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2017-11-27 22:12 - 2017-11-18 03:31 - 000711168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2017-11-27 22:12 - 2017-11-18 03:31 - 000675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2017-11-27 22:12 - 2017-11-18 03:31 - 000284160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-11-27 22:12 - 2017-11-18 03:30 - 002278912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-11-27 22:12 - 2017-11-18 03:30 - 001692160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-11-27 22:12 - 2017-11-18 03:30 - 001010688 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-11-27 22:12 - 2017-11-18 03:30 - 000751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2017-11-27 22:12 - 2017-11-18 03:30 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2017-11-27 22:12 - 2017-11-18 03:29 - 006664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-11-27 22:12 - 2017-11-18 03:29 - 002512384 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-11-27 22:12 - 2017-11-18 03:29 - 002321408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-11-27 22:12 - 2017-11-18 03:29 - 001485824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-11-27 22:12 - 2017-11-18 03:29 - 000913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2017-11-27 22:12 - 2017-11-18 03:28 - 001518080 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-11-27 22:12 - 2017-11-18 03:28 - 001512448 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2017-11-27 22:12 - 2017-11-18 03:28 - 001013760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2017-11-27 22:12 - 2017-11-18 03:28 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-11-27 22:12 - 2017-11-18 03:28 - 000924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2017-11-27 22:12 - 2017-11-18 03:28 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2017-11-27 22:12 - 2017-11-18 03:27 - 003616256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-11-27 22:12 - 2017-11-18 03:27 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2017-11-27 22:12 - 2017-11-18 03:26 - 002065408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2017-11-27 22:12 - 2017-11-07 02:59 - 000449050 _____ C:\WINDOWS\system32\ApnDatabase.xml
2017-11-27 22:12 - 2017-03-04 06:22 - 000822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-11-27 22:12 - 2017-03-04 06:13 - 006474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-11-27 22:12 - 2017-03-04 06:10 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-11-27 22:12 - 2016-08-02 08:13 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-11-26 17:34 - 2017-11-26 17:34 - 000000000 ____D C:\Users\VINCENT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-11-26 13:13 - 2017-11-26 13:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roblox
2017-11-26 13:13 - 2017-11-26 13:13 - 000000000 ____D C:\Program Files (x86)\Roblox
2017-11-26 11:30 - 2017-11-26 11:30 - 000000085 _____ C:\WINDOWS\wininit.ini
2017-11-25 22:09 - 2017-11-25 21:45 - 841467769 ____N C:\Users\VINCENT\Desktop\Sherlock.Holmes.A.Game.Of.Shadows.2011.720p.BrRip.x264.YIFY.mp4
2017-11-25 20:17 - 2017-11-26 11:24 - 000000538 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 374be41b-4387-48eb-a39e-90a86f48af4f.job
2017-11-25 20:17 - 2017-11-26 11:24 - 000000538 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 0fd020c8-16a7-436e-83e1-876308315550.job
2017-11-25 20:17 - 2017-11-25 20:17 - 000003774 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 0fd020c8-16a7-436e-83e1-876308315550
2017-11-25 20:17 - 2017-11-25 20:17 - 000003692 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 374be41b-4387-48eb-a39e-90a86f48af4f
2017-11-25 20:17 - 2017-11-25 20:17 - 000000000 ____D C:\Users\VINCENT\AppData\Roaming\SUPERAntiSpyware.com
2017-11-25 20:16 - 2017-11-27 12:21 - 000002037 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2017-11-25 20:16 - 2017-11-25 20:17 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2017-11-25 20:16 - 2017-11-25 20:16 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2017-11-25 20:16 - 2017-11-25 20:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-11-25 19:51 - 2017-11-25 19:51 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-11-25 14:23 - 2017-11-25 14:23 - 000000000 _____ C:\autoexec.bat
2017-11-25 14:18 - 2017-11-25 14:18 - 000000000 ___HD C:\$Windows.~WS
2017-11-19 13:31 - 2017-11-25 20:00 - 000001872 _____ C:\Users\VINCENT\Desktop\Rkill.txt
2017-11-16 18:17 - 2017-11-16 18:17 - 038601376 _____ (Microsoft Corporation) C:\Users\VINCENT\Downloads\Windows-KB890830-x64-V5.54.exe
2017-11-16 12:21 - 2017-11-01 22:44 - 000581048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-11-16 12:21 - 2017-11-01 22:44 - 000341976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-11-16 12:21 - 2017-11-01 22:44 - 000269152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-11-16 12:21 - 2017-11-01 22:44 - 000139096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-11-16 12:21 - 2017-11-01 22:44 - 000120416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-11-16 12:21 - 2017-11-01 22:27 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2017-11-16 12:21 - 2017-11-01 22:19 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-11-16 12:21 - 2017-11-01 22:17 - 002641920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-11-16 12:21 - 2017-11-01 22:17 - 000538112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPTpm12.dll
2017-11-16 12:21 - 2017-11-01 22:15 - 000399360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-11-16 12:21 - 2017-11-01 22:14 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-11-16 12:21 - 2017-11-01 22:14 - 000297472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-11-16 12:21 - 2017-11-01 22:13 - 001988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-11-16 12:21 - 2017-11-01 22:12 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-11-16 12:21 - 2017-11-01 22:12 - 000656896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-11-16 12:21 - 2017-11-01 19:44 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-11-16 12:21 - 2017-10-09 02:41 - 000082272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2017-11-16 12:21 - 2017-10-09 02:37 - 000500576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2017-11-16 12:21 - 2017-10-09 02:34 - 000965464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2017-11-16 12:21 - 2017-10-09 02:34 - 000082608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcd.dll
2017-11-16 12:21 - 2017-10-09 02:30 - 000381792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-11-16 12:21 - 2017-10-09 02:30 - 000169304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2017-11-16 12:21 - 2017-10-09 02:28 - 000482384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2017-11-16 12:21 - 2017-10-09 02:16 - 000178008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-11-16 12:21 - 2017-10-09 02:02 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll
2017-11-16 12:21 - 2017-10-09 02:00 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceCredential.dll
2017-11-16 12:21 - 2017-10-09 01:59 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-11-16 12:21 - 2017-10-09 01:58 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-11-16 12:21 - 2017-10-09 01:53 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2017-11-16 12:21 - 2017-10-09 01:44 - 004423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-11-16 12:21 - 2017-10-09 01:44 - 000711168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2017-11-16 12:20 - 2017-11-01 23:06 - 000223584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-11-16 12:20 - 2017-11-01 22:53 - 002032472 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-11-16 12:20 - 2017-11-01 22:53 - 001578848 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-11-16 12:20 - 2017-11-01 22:53 - 000678752 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-11-16 12:20 - 2017-11-01 22:53 - 000613720 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-11-16 12:20 - 2017-11-01 22:53 - 000612192 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-11-16 12:20 - 2017-11-01 22:53 - 000484184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-11-16 12:20 - 2017-11-01 22:53 - 000379232 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-11-16 12:20 - 2017-11-01 22:53 - 000259936 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-11-16 12:20 - 2017-11-01 22:53 - 000190296 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-11-16 12:20 - 2017-11-01 22:53 - 000136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-11-16 12:20 - 2017-11-01 22:53 - 000067928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2017-11-16 12:20 - 2017-11-01 22:53 - 000034648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-11-16 12:20 - 2017-11-01 22:46 - 000635456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-11-16 12:20 - 2017-11-01 22:46 - 000484184 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2017-11-16 12:20 - 2017-11-01 22:43 - 000687968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-11-16 12:20 - 2017-11-01 22:43 - 000647520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-11-16 12:20 - 2017-11-01 22:43 - 000385856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-11-16 12:20 - 2017-11-01 22:43 - 000299360 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-11-16 12:20 - 2017-11-01 22:43 - 000144728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-11-16 12:20 - 2017-11-01 22:43 - 000124072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-11-16 12:20 - 2017-11-01 22:42 - 000089552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2017-11-16 12:20 - 2017-11-01 22:40 - 000455512 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-11-16 12:20 - 2017-11-01 22:33 - 000485520 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2017-11-16 12:20 - 2017-11-01 22:26 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-11-16 12:20 - 2017-11-01 22:21 - 012205056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-11-16 12:20 - 2017-11-01 22:16 - 000635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2017-11-16 12:20 - 2017-11-01 22:15 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-11-16 12:20 - 2017-11-01 22:14 - 003662848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-11-16 12:20 - 2017-11-01 22:12 - 002028032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-11-16 12:20 - 2017-11-01 22:12 - 000693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-11-16 12:20 - 2017-11-01 22:12 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2017-11-16 12:20 - 2017-11-01 22:12 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-11-16 12:20 - 2017-11-01 22:12 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2017-11-16 12:20 - 2017-11-01 22:12 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-11-16 12:20 - 2017-11-01 22:11 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-11-16 12:20 - 2017-11-01 22:11 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-11-16 12:20 - 2017-11-01 22:11 - 000099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-11-16 12:20 - 2017-11-01 22:09 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2017-11-16 12:20 - 2017-11-01 22:08 - 013107712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-11-16 12:20 - 2017-11-01 22:05 - 000626176 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPTpm12.dll
2017-11-16 12:20 - 2017-11-01 22:05 - 000389120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-11-16 12:20 - 2017-11-01 22:05 - 000297984 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-11-16 12:20 - 2017-11-01 22:05 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-11-16 12:20 - 2017-11-01 22:05 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-11-16 12:20 - 2017-11-01 22:04 - 003401216 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-11-16 12:20 - 2017-11-01 22:04 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-11-16 12:20 - 2017-11-01 22:04 - 000453632 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-11-16 12:20 - 2017-11-01 22:04 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-11-16 12:20 - 2017-11-01 22:04 - 000253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2017-11-16 12:20 - 2017-11-01 22:04 - 000171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-11-16 12:20 - 2017-11-01 22:04 - 000159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-11-16 12:20 - 2017-11-01 22:03 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-11-16 12:20 - 2017-11-01 22:03 - 000551424 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-11-16 12:20 - 2017-11-01 22:03 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-11-16 12:20 - 2017-11-01 22:01 - 002538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-11-16 12:20 - 2017-11-01 22:01 - 001984512 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-11-16 12:20 - 2017-11-01 22:00 - 004742144 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-11-16 12:20 - 2017-11-01 22:00 - 002097664 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-11-16 12:20 - 2017-11-01 22:00 - 000903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-11-16 12:20 - 2017-11-01 22:00 - 000799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-11-16 12:20 - 2017-11-01 22:00 - 000760320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-11-16 12:20 - 2017-11-01 22:00 - 000589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-11-16 12:20 - 2017-11-01 21:58 - 001285120 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-11-16 12:20 - 2017-10-09 02:40 - 001117016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2017-11-16 12:20 - 2017-10-09 02:37 - 000199000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2017-11-16 12:20 - 2017-10-09 02:37 - 000097120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll
2017-11-16 12:20 - 2017-10-09 02:35 - 001181528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-11-16 12:20 - 2017-10-09 02:33 - 000652344 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2017-11-16 12:20 - 2017-10-09 02:30 - 000509784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-11-16 12:20 - 2017-10-09 02:27 - 000206176 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-11-16 12:20 - 2017-10-09 02:26 - 002529120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-11-16 12:20 - 2017-10-09 02:26 - 001102680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-11-16 12:20 - 2017-10-09 02:25 - 000392024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2017-11-16 12:20 - 2017-10-09 02:24 - 000304232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-11-16 12:20 - 2017-10-09 02:22 - 001600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-11-16 12:20 - 2017-10-09 02:02 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mgmtapi.dll
2017-11-16 12:20 - 2017-10-09 02:00 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mgmtapi.dll
2017-11-16 12:20 - 2017-10-09 01:58 - 000173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-11-16 12:20 - 2017-10-09 01:57 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-11-16 12:20 - 2017-10-09 01:57 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCredential.dll
2017-11-16 12:20 - 2017-10-09 01:55 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-11-16 12:20 - 2017-10-09 01:55 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\system32\regsvc.dll
2017-11-16 12:20 - 2017-10-09 01:55 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2017-11-16 12:20 - 2017-10-09 01:54 - 000132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2017-11-16 12:20 - 2017-10-09 01:53 - 001478656 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-11-16 12:20 - 2017-10-09 01:52 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-11-16 12:20 - 2017-10-09 01:52 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll
2017-11-16 12:20 - 2017-10-09 01:51 - 000582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2017-11-16 12:20 - 2017-10-09 01:51 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2017-11-16 12:20 - 2017-10-09 01:51 - 000069120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spbcd.dll
2017-11-16 12:20 - 2017-10-09 01:50 - 001373184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-11-16 12:20 - 2017-10-09 01:50 - 000069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
2017-11-16 12:20 - 2017-10-09 01:48 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-11-16 12:20 - 2017-10-09 01:44 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-11-16 12:20 - 2017-10-09 01:44 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-11-16 12:20 - 2017-10-09 01:44 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2017-11-16 12:20 - 2017-10-09 01:43 - 001231360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-11-16 12:20 - 2017-10-09 01:41 - 001817088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-11-16 12:20 - 2017-10-09 00:29 - 000788624 _____ C:\WINDOWS\SysWOW64\locale.nls
2017-11-16 12:20 - 2017-10-09 00:29 - 000788624 _____ C:\WINDOWS\system32\locale.nls
2017-11-16 12:20 - 2017-03-04 06:29 - 000289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-11-16 12:20 - 2017-03-04 06:07 - 000909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2017-11-08 17:32 - 2017-11-08 17:35 - 000066150 _____ C:\Users\VINCENT\Downloads\Addition.txt
2017-11-08 17:29 - 2017-11-28 14:58 - 000000000 ____D C:\FRST
2017-11-08 17:29 - 2017-11-08 17:35 - 000076268 _____ C:\Users\VINCENT\Downloads\FRST.txt
2017-11-08 17:28 - 2017-11-08 17:29 - 002403328 _____ (Farbar) C:\Users\VINCENT\Downloads\FRST64.exe
2017-11-05 14:26 - 2017-11-05 14:26 - 000000000 _____ C:\WINDOWS\SysWOW64\SBRC.dat
2017-11-05 14:26 - 2016-03-04 12:26 - 000032400 _____ (ThreatTrack Security) C:\WINDOWS\system32\Drivers\gfiutil.sys
2017-11-05 14:26 - 2015-08-27 07:31 - 000040584 _____ (ThreatTrack Security) C:\WINDOWS\system32\Drivers\gfiark.sys
2017-11-04 14:08 - 2017-11-04 14:08 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\VINCENT\Downloads\uSeRiNiT (1).exe
2017-11-04 14:03 - 2017-11-25 19:43 - 000000000 ____D C:\VIPRERESCUE
2017-11-04 13:58 - 2017-11-04 14:03 - 328708096 _____ C:\Users\VINCENT\Downloads\VIPRERescue.exe
2017-11-04 13:56 - 2017-11-04 13:56 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\VINCENT\Downloads\eXplorer.exe
2017-11-04 13:55 - 2017-11-04 13:55 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\VINCENT\Downloads\rkildfsl (2).exe
2017-11-04 13:52 - 2017-11-04 13:52 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\VINCENT\Downloads\uSeRiNiT.exe
2017-11-04 13:52 - 2017-11-04 13:52 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\VINCENT\Downloads\rkill (1).exe
2017-11-04 13:51 - 2017-11-04 13:51 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\VINCENT\Downloads\rkill.scr
2017-11-04 13:51 - 2017-11-04 13:51 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\VINCENT\Downloads\rkill.exe
2017-11-04 13:35 - 2017-11-04 13:35 - 000000000 ___HD C:\$SysReset
2017-11-04 12:38 - 2017-11-04 12:38 - 003449304 _____ (AVG Technologies CZ, s.r.o.) C:\Users\VINCENT\Downloads\AVG_Protection_Free_1606.exe
2017-11-04 12:38 - 2017-11-04 12:38 - 000000000 ____D C:\Users\VINCENT\AppData\Local\AvgSetupLog
2017-11-04 12:38 - 2017-11-04 12:38 - 000000000 ____D C:\Users\VINCENT\AppData\Local\Avg
2017-11-04 12:38 - 2017-11-04 12:38 - 000000000 ____D C:\ProgramData\Avg
2017-11-04 12:35 - 2017-11-04 12:36 - 006334880 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2017-11-04 10:43 - 2017-11-04 10:43 - 000820792 _____ (Roblox Corporation) C:\Users\VINCENT\Downloads\RobloxPlayerLauncher (4).exe
2017-11-03 16:34 - 2017-11-03 16:35 - 078346672 _____ (Malwarebytes ) C:\Users\VINCENT\Downloads\mb3-setup-consumer-3.3.1.2183.exe
2017-10-31 18:31 - 2017-10-31 18:31 - 007161304 _____ (AVAST Software) C:\Users\VINCENT\Downloads\avast_free_antivirus_setup_online_e1j.exe
2017-10-29 17:30 - 2017-10-29 17:30 - 000820792 _____ (Roblox Corporation) C:\Users\VINCENT\Downloads\RobloxPlayerLauncher (3).exe
2017-10-29 15:32 - 2017-10-29 15:27 - 636712874 ____N C:\Users\VINCENT\Desktop\The.Simpsons.S29E04.Treehouse.of.Horror.XXVIII.1080p.AMZN.WEB-DL.DD+5.1.H.264-SiGMA.mkv
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-28 12:32 - 2016-09-24 10:02 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-11-28 08:31 - 2016-07-16 11:47 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-28 08:25 - 2015-01-28 15:44 - 000000000 ____D C:\Users\VINCENT\Documents\Youcam
2017-11-28 08:22 - 2015-03-14 13:47 - 000000000 ____D C:\Users\VINCENT\AppData\Local\SweetLabs App Platform
2017-11-28 08:21 - 2015-01-28 07:26 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-11-28 06:36 - 2016-07-16 11:47 - 000000000 ____D C:\WINDOWS\rescache
2017-11-27 23:18 - 2016-09-24 10:10 - 001745166 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-27 23:16 - 2017-09-29 17:34 - 000000000 ____D C:\Program Files\rempl
2017-11-27 23:14 - 2016-07-16 11:45 - 000000000 ____D C:\WINDOWS\INF
2017-11-27 23:11 - 2016-09-24 11:05 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-27 23:11 - 2016-09-24 10:02 - 000358312 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-11-27 23:10 - 2016-07-16 06:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2017-11-27 23:09 - 2017-06-16 22:45 - 000000000 ___SD C:\WINDOWS\UpdateAssistantV2
2017-11-27 23:09 - 2016-07-16 11:47 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-11-27 23:09 - 2016-07-16 11:47 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-11-27 23:01 - 2016-09-24 10:05 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-11-27 23:01 - 2015-03-08 19:23 - 000000000 __SHD C:\Users\VINCENT\IntelGraphicsProfiles
2017-11-27 22:22 - 2016-07-16 11:36 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-11-27 15:33 - 2017-10-10 20:55 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-11-27 15:32 - 2015-01-31 02:30 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-11-27 12:20 - 2017-04-28 16:08 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-11-26 13:15 - 2015-06-16 15:13 - 000000000 ____D C:\Program Files (x86)\Steam
2017-11-26 13:14 - 2016-07-16 11:47 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-26 13:14 - 2015-01-28 15:42 - 000000000 ____D C:\Users\VINCENT\AppData\Local\Packages
2017-11-26 12:38 - 2016-09-24 11:01 - 000000000 ___DC C:\WINDOWS\Panther
2017-11-26 12:20 - 2017-07-11 17:52 - 000000000 ___HD C:\$WINDOWS.~BT
2017-11-25 15:14 - 2016-09-24 10:11 - 000000000 ____D C:\Users\VINCENT
2017-11-24 15:26 - 2016-07-16 11:47 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-11-23 17:43 - 2015-09-13 16:44 - 000000000 ____D C:\Users\VINCENT\AppData\Roaming\Skype
2017-11-21 10:40 - 2015-07-20 18:14 - 000545440 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-11-17 17:31 - 2017-05-21 18:12 - 000000000 ____D C:\Program Files\HP
2017-11-17 17:31 - 2016-09-24 10:06 - 000000000 ____D C:\ProgramData\HP
2017-11-16 17:54 - 2016-07-16 11:47 - 000231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2017-11-16 17:54 - 2016-07-16 11:47 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2017-11-16 17:54 - 2016-07-16 11:47 - 000000000 ___RD C:\Program Files\Windows Defender
2017-11-16 17:54 - 2016-07-16 11:47 - 000000000 ____D C:\WINDOWS\SysWOW64\en-GB
2017-11-16 17:54 - 2016-07-16 11:47 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-11-16 17:54 - 2016-07-16 11:47 - 000000000 ____D C:\WINDOWS\system32\en-GB
2017-11-16 17:54 - 2016-07-16 11:47 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-11-16 17:54 - 2016-07-16 11:47 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2017-11-16 12:45 - 2015-01-31 02:30 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-11-08 20:01 - 2016-10-06 17:22 - 000000000 ____D C:\Program Files (x86)\Glyph
2017-11-05 14:35 - 2016-05-23 18:37 - 000000251 _____ C:\Users\VINCENT\AppData\LocalLow\rbxcsettings.rbx
2017-11-05 00:47 - 2017-07-11 20:14 - 000835568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-11-05 00:47 - 2017-07-11 20:14 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-04 13:21 - 2015-03-08 18:34 - 000000000 ____D C:\Users\VINCENT\AppData\Local\ElevatedDiagnostics
2017-11-04 11:05 - 2016-07-16 11:47 - 000000000 ____D C:\WINDOWS\registration
2017-10-29 18:06 - 2015-03-07 13:40 - 000000000 ____D C:\Users\VINCENT\AppData\Roaming\.minecraft
2017-10-29 17:32 - 2015-03-07 13:39 - 000000000 ____D C:\Program Files (x86)\Minecraft
2017-10-29 10:23 - 2016-07-01 20:23 - 000000000 ____D C:\Users\VINCENT\Desktop\games
==================== Files in the root of some directories =======
2016-12-12 18:50 - 2016-11-23 13:37 - 000000570 _____ () C:\Users\VINCENT\AppData\Local\TroubleshooterConfig.json
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-11-26 13:53
==================== End of FRST.txt ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-11-2017
Ran by VINCENT (28-11-2017 15:01:01)
Running from C:\Users\VINCENT\Desktop
Windows 10 Home Version 1607 14393.1914 (X64) (2016-09-24 11:25:50)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-61005078-2373781621-4259978329-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-61005078-2373781621-4259978329-503 - Limited - Disabled)
Guest (S-1-5-21-61005078-2373781621-4259978329-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-61005078-2373781621-4259978329-1003 - Limited - Enabled)
VINCENT (S-1-5-21-61005078-2373781621-4259978329-1001 - Administrator - Enabled) => C:\Users\VINCENT
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Ableton Live 9 Lite (HKLM\...\{9130C3A8-3BEA-4A24-88F9-50EFB036F999}) (Version: 9.0.0.0 - Ableton)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 27.0.0.124 - Adobe Systems Incorporated)
Ample Bass P Lite II version 2.3.1 (HKLM-x32\...\{26ACA0DD-7C66-40D7-B992-CC27CA024F2A}_is1) (Version: 2.3.1 - Ample Sound Technology Co., Ltd.)
ANT Drivers Installer x64 (HKLM\...\{7664AF65-7B0D-4171-9F0F-50455278B428}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.13 - Michael Tippach)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.7.2314 - AVAST Software)
Bejeweled 3 (HKLM-x32\...\WTA-4503b4b6-0fae-4892-9453-df2ee9c29aea) (Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BOSS TONE STUDIO for GT (HKLM-x32\...\{29D27D34-9609-11D9-098D-4A868943B6F1}) (Version: 1.1.3 - Roland Corporation) Hidden
BOSS TONE STUDIO for GT (HKLM-x32\...\BOSS-TONE-STUDIO-for-GT) (Version: 1.1.3 - Roland Corporation)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version:  - Broadcom Corporation)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version:  - Broadcom Corporation)
Broadcom Bluetooth Drivers (HKLM\...\{0A1B4690-E176-4533-8058-939480AEE1D0}) (Version: 12.0.1.850 - Broadcom Corporation)
Build-a-lot (HKLM-x32\...\WTA-6e6aeb59-7920-4e07-beae-d658009663a8) (Version: 2.2.0.98 - WildTangent) Hidden
Building the Great Wall of China Collector's Edition (HKLM-x32\...\WTA-4e8eb2a5-1c2f-42b2-a795-e854c1a45b21) (Version: 3.0.2.48 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Crazy Chicken Soccer (HKLM-x32\...\WTA-f1e8e51e-1739-4158-aa96-6888839e778d) (Version: 2.2.0.110 - WildTangent) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.)
CyberLink MediaEspresso 6.7 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.7.1.4928 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.5.5724 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.6.3702 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.6.4422 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4.4230 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.3.3907 - CyberLink Corp.)
DigiTech RP1000 Drivers (HKLM\...\{BFC66125-5A67-45A6-8B3A-7DDFA3910D30}) (Version: 2.1.1 - DigiTech) Hidden
DigiTech RP1000 Drivers (HKLM-x32\...\DigiTech RP1000 Drivers) (Version: 2.1.1 - DigiTech)
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
DiscountSmasher (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}) (Version:  - DiscountSmasher) <==== ATTENTION
Elevated Installer (HKLM-x32\...\{1052502B-4C91-43F9-B160-AE39ED57C9F0}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: 6.9.2.1179 - Steinberg Media Technologies GmbH)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
EPSON SX420W Series Printer Uninstall (HKLM\...\EPSON SX420W Series) (Version:  - SEIKO EPSON Corporation)
Evernote v. 5.1.1 (HKLM-x32\...\{19ABCFE2-7EED-11E3-B98A-00163E98E7D6}) (Version: 5.1.1.2334 - Evernote Corp.)
Farm Frenzy (HKLM-x32\...\WTA-2bf9a606-6d85-43af-bf63-67a21cae596c) (Version: 2.2.0.98 - WildTangent) Hidden
Garmin Express (HKLM-x32\...\{BCC7CA85-E57F-452D-BB44-15A1CE018BD0}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{bd8bd200-9a60-4969-b267-6b565f36e3da}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express Tray (HKLM-x32\...\{DA9C865D-6762-4931-8588-0B13B7A0796B}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-90ca4f56-9c88-454b-af27-16cedbc08293) (Version: 2.2.0.110 - WildTangent) Hidden
GT-001 Driver (HKLM\...\RolandRDID0148) (Version:  - Roland Corporation)
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Host App Service (HKU\S-1-5-21-61005078-2373781621-4259978329-1001\...\SweetLabs_AP) (Version: 0.269.7.802 - Pokki)
HP Documentation (HKLM-x32\...\{8126E380-F9C6-4317-9CEE-9BBDDAB676E5}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
HP ENVY 5640 series Basic Device Software (HKLM\...\{BA8749DB-3A36-4CA3-B84C-6007C6E4F84F}) (Version: 40.11.1107.1739 - HP Inc.)
HP ENVY 5640 series Help (HKLM-x32\...\{B04B1DB6-0AA9-4790-95CE-5A45C8F647FD}) (Version: 34.0.0 - Hewlett Packard)
HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
HP My Display (HKLM-x32\...\{448286F7-9BCC-4254-A6DC-CB40DC852F55}) (Version: 2.08.20.0 - Portrait Displays, Inc.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7493.4758 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.06 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.5.37.19 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.8.37.11 - Hewlett-Packard Company)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Ignite (HKLM-x32\...\{9A731246-E02E-44DC-940D-0F8110C1789D}) (Version: 1.3.1 - AIR Music Technology)
Ignite (HKLM-x32\...\{9C3723A2-E8F3-4F55-8655-8176E50E2D19}) (Version: 1.3.1 - AIR Music Technology) Hidden
Inst5675 (HKLM\...\{2DE6247C-7077-451B-8BA7-FFD1A2ABBB47}) (Version: 8.01.06 - Softex Inc.) Hidden
Inst5676 (HKLM\...\{878F6913-7421-4713-97F7-0A736EE2A188}) (Version: 8.01.06 - Softex Inc.) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4360 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.)
Java 8 Update 92 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418092F0}) (Version: 8.0.920.14 - Oracle Corporation)
Jewel Match 3 (HKLM-x32\...\WTA-a0a59cb7-f1c5-4a82-8a37-f684743e7446) (Version: 2.2.0.98 - WildTangent) Hidden
M-Audio Axiom AIR Mini 32 1.0.1 (x64) (HKLM\...\{613163E3-0FC3-4CA3-8835-05D2D6C03523}) (Version: 1.0.1 - M-Audio)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-61005078-2373781621-4259978329-1001\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.12.1.43352 - Electronic Arts, Inc.)
PACE License Support Win64 (HKLM\...\{72ad9d51-0903-4fe7-af5d-33b3185fa6e9}) (Version: 2.4.2.0737 - PACE Anti-Piracy, Inc.) Hidden
PACE License Support Win64 (HKLM-x32\...\InstallShield_{72ad9d51-0903-4fe7-af5d-33b3185fa6e9}) (Version: 2.4.2.0737 - PACE Anti-Piracy, Inc.)
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-503e1451-a92d-4fac-be9a-0429304c5dc8) (Version: 3.0.2.51 - WildTangent) Hidden
Pokémon Trading Card Game Online (HKLM-x32\...\{095E9DEE-7EBA-4197-8A50-54FF77BFCBAC}) (Version: 2.41.0 - The Pokémon Company International)
Pokki Download Helper (HKU\S-1-5-21-61005078-2373781621-4259978329-1001\...\PokkiDownloadHelper) (Version: 1.3.1.282 - Pokki)
Polar Bowler (HKLM-x32\...\WTA-21f0b7a4-7c33-4811-bb46-03bf391547c8) (Version: 2.2.0.97 - WildTangent) Hidden
Product Improvement Study for HP ENVY 5640 series (HKLM\...\{2FA76FDB-0A84-4AFD-B5AE-7785C2510AF6}) (Version: 40.11.1107.1739 - HP Inc.)
Ranch Rush 2 - Premium Edition (HKLM-x32\...\WTA-c14e0424-bb2c-4381-9ceb-1b05f25652f5) (Version: 2.2.0.98 - WildTangent) Hidden
Rapture3D 2.4.11 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10143.21278 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.23.1126.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7548 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.7316 - CyberLink Corp.) Hidden
Roblox Player for VINCENT (HKU\S-1-5-21-61005078-2373781621-4259978329-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - Roblox Corporation)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype Web Plugin (HKLM-x32\...\{E5A9C069-5D0C-4EA2-A07E-973014B99F0C}) (Version: 7.2.0.422 - Skype Technologies S.A.)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.)
Start Menu (HKU\S-1-5-21-61005078-2373781621-4259978329-1001\...\SweetLabs_Start_Menu) (Version: 0.269.7.802 - Pokki)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Steinberg Cubase LE 5 (HKLM-x32\...\{50C78780-1A54-4A5C-B3A7-FF828C62C5C2}) (Version: 5.1.2 - Steinberg Media Technologies GmbH)
Steinberg HALionOne (HKLM-x32\...\{E70E7159-93B1-470D-9FBD-D8E9EF34B538}) (Version: 1.1.0.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Essential Set (HKLM-x32\...\{C04D5974-F528-4347-A494-EAF56124CC1A}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1250 - SUPERAntiSpyware.com)
Trinklit Supreme (HKLM-x32\...\WTA-a1abbbe5-becb-4ef4-b5b8-e2dcffe9b0db) (Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (HKLM-x32\...\WTA-6bb2105f-d916-4538-8d09-9c55835fdd5e) (Version: 3.0.2.32 - WildTangent) Hidden
Virtual Families (HKLM-x32\...\WTA-97af6557-28de-426e-9bac-fdd4dbda3596) (Version: 2.2.0.98 - WildTangent) Hidden
Wedding Dash (HKLM-x32\...\WTA-bedbeb75-b58e-403a-b57c-15ddc334f04f) (Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.11.2 - WildTangent) Hidden
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
X-Edit (HKLM-x32\...\{47107F5F-FDEC-4A01-896C-E76245743F1A}) (Version: 2.7.1.1 - DigiTech) Hidden
X-Edit (HKLM-x32\...\X-Edit) (Version: 2.7.1.1 - DigiTech)
Youda Jewel Shop (HKLM-x32\...\WTA-4c62c20e-7496-4446-929d-01cbc7e1c82c) (Version: 3.0.2.51 - WildTangent) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-61005078-2373781621-4259978329-1001_Classes\CLSID\{20BEBD18-11D0-4470-AAE1-F34B9E8D9761}\InprocServer32 -> C:\Users\VINCENT\AppData\Local\SkypePlugin\7.2.0.422\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-61005078-2373781621-4259978329-1001_Classes\CLSID\{B5322578-1624-4C26-BB8C-E366FFB9314F}\localserver32 -> C:\Users\VINCENT\AppData\Local\SkypePlugin\7.2.0.422\GatewayVersion-x64.exe (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-10] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-10] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-10] (AVAST Software)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2014-01-08] (Cyberlink)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2014-01-08] (Cyberlink)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-10] (AVAST Software)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-01-19] (Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\WINDOWS\system32\igfxOSP.dll [2016-01-19] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-10] (AVAST Software)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {03CEF316-AE3B-443E-8F7F-454AEEC447EB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {0502FD51-CB24-45EE-ACEF-D4ED790E37BA} - System32\Tasks\{82CEF556-8A21-47C3-A43D-9087AD770202} => "c:\program files\internet explorer\iexplore.exe" hxxps://ui.skype.com/ui/0/7.39.0.102/en/abandoninstall?page=tsProgressBar
Task: {08716796-08F3-4781-83F4-17BE63C154FC} - System32\Tasks\{4E18870E-53C2-4053-BCAA-B057E5196A3B} => "c:\program files\internet explorer\iexplore.exe" hxxps://ui.skype.com/ui/0/7.39.0.102/en/abandoninstall?page=tsProgressBar
Task: {0CA272F0-2B91-45C2-986D-5F2794B1526A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {0CEDE914-13E4-4702-8AFA-F35B54361EF8} - System32\Tasks\{C82AECA2-F2E3-44F7-87B1-4F03A8626F15} => "c:\program files\internet explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/7.25.0.106/en/abandoninstall?page=tsProgressBar
Task: {10072AC6-F8FB-4057-85E6-C7621244CC7A} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-17] ()
Task: {1086C7CC-553A-46DA-AED2-4822E71CC813} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\VINCENT\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {120635B1-02EB-472E-8B94-D6D61381E92B} - System32\Tasks\{23974633-A98A-4FE8-A104-D3426937EB02} => "c:\program files\internet explorer\iexplore.exe" hxxps://ui.skype.com/ui/0/7.33.0.105/en/abandoninstall?page=tsInstall
Task: {141A23B7-FC16-4F61-AABC-533506C81EDE} - System32\Tasks\HPCustParticipation HP ENVY 5640 series => C:\Program Files\HP\HP ENVY 5640 series\Bin\HPCustPartic.exe [2017-02-08] (HP Inc.)
Task: {1D9F3845-7676-4783-9ED6-20FD5D3A0E58} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {26956F50-14D4-4B55-B7B6-773644BE366E} - System32\Tasks\SUPERAntiSpyware Scheduled Task 374be41b-4387-48eb-a39e-90a86f48af4f => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {27F64E4E-1E6D-4242-81FA-2E570693810E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-10-09] (Microsoft Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {41B397CE-12EC-4263-AEEC-8EE2DF6383CE} - System32\Tasks\{674919B6-9508-456B-8555-1C6DB3D30FBA} => "c:\program files\internet explorer\iexplore.exe" hxxps://ui.skype.com/ui/0/7.39.0.102/en/abandoninstall?page=tsProgressBar
Task: {44A4D6B3-BC65-46C6-8906-A6F79BEDACDC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-11-27] (Microsoft Corporation)
Task: {47226A48-C885-40F5-BB8A-819E5967EED6} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {4872E1E9-C28A-4C37-9B29-2E21A85045FC} - System32\Tasks\{3CE9FAE0-70CF-44AB-8CD8-D594981EFEB3} => "c:\program files\internet explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/7.26.0.101/en/abandoninstall?page=tsProgressBar
Task: {500CB796-7AF6-47AC-A2A3-6488C99A35E5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {591EB34F-11D9-4736-AF2B-94101C4D4160} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {5C399377-8772-4031-9454-B51F5289BE92} - System32\Tasks\YCMServiceAgent => c:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-03-07] (CyberLink Corp.)
Task: {662F9F4D-A30C-42EA-9763-1157C20EC5DC} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {6687ACB6-48A5-4428-A6C3-2430A9AEA766} - System32\Tasks\{14594933-48B2-4983-90E0-3687BBFB9061} => "c:\program files\internet explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/7.25.0.106/en/abandoninstall?page=tsProgressBar
Task: {67ACE5C8-5FE3-477F-AB0B-3272452CD807} - System32\Tasks\{8A567FF2-B876-47C9-BF89-7251C126B1C6} => "c:\windows\system32\launchwinapp.exe" hxxp://ui.skype.com/ui/0/7.24.0.104/en/abandoninstall?page=tsProgressBar
Task: {6941CEC9-9C95-4722-A5D2-326D6C3F7911} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-11-08] (HP Inc.)
Task: {6C89A731-F626-43C9-88E7-58AE66A303CD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {6D825A09-C460-4882-9615-733562AAF34E} - System32\Tasks\{4F87D9D9-E038-40D0-B202-7D4792EF8169} => C:\WINDOWS\system32\pcalua.exe -a C:\ProgramData\{C5EE6DA0-A057-4009-BADC-FB7523A5715F}\X-Edit.exe -c REMOVE=TRUE MODIFY=FALSE
Task: {737A1B92-B543-4830-AA59-F7EC62D2F4B8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {76DC2823-BDD6-48CB-A5E0-A1A8972EA9C4} - System32\Tasks\Microsoft\Windows\rempl\shell => C:\Program Files\rempl\remsh.exe
Task: {7779CFE3-D760-4ED2-935B-AE32196EE047} - System32\Tasks\{D1A29812-B29D-481C-A803-24E79FBE7896} => C:\windows\system32\pcalua.exe -a C:\Users\VINCENT\Downloads\forge-1.8-11.14.1.1334-installer-win.exe -d C:\Users\VINCENT\Downloads
Task: {788D7E88-5703-489B-9C6E-170755384563} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {8424B7D2-4424-410D-B787-9F58BC5FA778} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant printer driver installation => C:\WINDOWS\TEMP\EN5640__Full_WebPack_1107.exe <==== ATTENTION
Task: {8C41F415-3EC9-4093-9D0F-A507B9EA63AE} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {8F6146BB-0BC4-4578-9916-473174A3E53D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {96C83B6D-6884-4663-9A25-F5FD01BC3BA5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-10-09] (Microsoft Corporation)
Task: {A1226773-4D8C-4591-BB13-BE70DA02D1DE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-10-09] (Microsoft Corporation)
Task: {A7F0E571-C0EC-4689-B104-167A76EEAE1D} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-03-28] ()
Task: {AC14622D-A4BC-47AE-B2C6-6604FFC32F39} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-10-09] (Microsoft Corporation)
Task: {AC1B6C96-A259-469F-A12F-D733240DF229} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {B095FDC6-6A03-4F77-89BA-4DE40E4016D7} - System32\Tasks\{350094FC-FACE-41D5-8B91-9F7CC3722C74} => "c:\program files\internet explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/7.25.0.106/en/abandoninstall?page=tsProgressBar
Task: {B1A07583-AFA1-4422-A8E8-AD501DE0980D} - System32\Tasks\Microsoft\Windows\rempl\shell-unlock => C:\Program Files\rempl\remsh.exe
Task: {C8EBF192-538B-42DF-8FC7-EE98349578DC} - System32\Tasks\SUPERAntiSpyware Scheduled Task 0fd020c8-16a7-436e-83e1-876308315550 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {CF65F259-0859-45C3-A43C-7088F2F4BB2B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {D51F380B-9743-43B3-ABC9-1A394B2A11E4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {D9536904-CAAE-4F3D-8EC8-C5AA5C235730} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {DE1D7AC2-B698-4FD5-B5A5-71A7C6910F71} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-11-28] (AVAST Software)
Task: {E5017CB2-0DAA-479B-A38F-9049E44CD9ED} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {F1167672-9E61-40F5-9388-938550865447} - System32\Tasks\{F12A1056-6948-4136-A393-AD26B927ABD1} => "c:\program files\internet explorer\iexplore.exe" hxxps://ui.skype.com/ui/0/7.32.0.104/en/abandoninstall?page=tsMain
Task: {F2C4084D-7F33-4490-9ACC-01827C845CDE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {F92665F2-6429-4AA3-A7D9-97FE46731B94} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-10-11] (HP Inc.)
Task: {FEC74190-3987-41E5-B587-8A3706B0F752} - System32\Tasks\SweetLabs App Platform => C:\Users\VINCENT\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe [2015-10-30] (Pokki)
Task: {FF6E27E8-385F-461F-B2A7-B181C4745347} - System32\Tasks\{8BDE11AF-3E6D-4F29-B4ED-5521F55D08EA} => "c:\program files\internet explorer\iexplore.exe" hxxps://ui.skype.com/ui/0/7.32.0.104/en/abandoninstall?page=tsProgressBar
Task: {FF97C99D-38A1-42E0-A5EA-790DE94B9D31} - System32\Tasks\HPCeeScheduleForVINCENT => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForVINCENT.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 0fd020c8-16a7-436e-83e1-876308315550.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 374be41b-4387-48eb-a39e-90a86f48af4f.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============
2016-07-16 11:42 - 2016-07-16 11:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-09-13 15:57 - 2017-09-07 06:01 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2014-02-07 10:24 - 2014-02-07 10:24 - 002108928 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-02-07 10:21 - 2014-02-07 10:21 - 000035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-02-07 10:21 - 2014-02-07 10:21 - 000055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-02-07 10:21 - 2014-02-07 10:21 - 000021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-02-07 10:40 - 2014-02-07 10:40 - 000368528 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-02-07 10:40 - 2014-02-07 10:40 - 000714128 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2015-05-15 15:26 - 2015-05-15 15:26 - 000085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 15:26 - 2015-05-15 15:26 - 001346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-07 10:28 - 2014-02-07 10:28 - 000065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2016-09-24 10:56 - 2016-09-24 10:56 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-15 17:40 - 2017-03-04 06:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-15 17:41 - 2017-03-04 06:12 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-15 17:41 - 2017-03-04 06:05 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-15 17:41 - 2017-03-04 06:05 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-11-27 22:12 - 2017-11-18 03:28 - 001033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-11-27 22:12 - 2017-11-18 03:28 - 002424832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-11-27 22:12 - 2017-11-18 03:31 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-11-15 13:21 - 2017-11-15 13:22 - 000087552 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-11-15 13:21 - 2017-11-15 13:22 - 000206336 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-11-15 13:21 - 2017-11-15 13:22 - 025461760 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-11-08 01:08 - 2017-11-08 01:08 - 002552832 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\skypert.dll
2017-11-15 13:21 - 2017-11-15 13:22 - 000685056 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2016-07-16 11:42 - 2016-07-16 11:42 - 000361984 _____ () C:\WINDOWS\SYSTEM32\HrtfApo.dll
2017-11-03 16:42 - 2017-11-03 16:42 - 001919680 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8700.40675.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2017-11-03 16:42 - 2017-11-03 16:42 - 001226416 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8700.40675.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Word.dll
2006-10-26 12:56 - 2006-10-26 12:56 - 000757008 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData:514A75302A0E5A4C [217]
AlternateDataStreams: C:\Users\All Users:514A75302A0E5A4C [217]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 13:25 - 2013-08-22 13:25 - 000000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-61005078-2373781621-4259978329-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "AvastUI.exe"
HKU\S-1-5-21-61005078-2373781621-4259978329-1001\...\StartupApproved\Run: => "GarminExpressTrayApp"
HKU\S-1-5-21-61005078-2373781621-4259978329-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-61005078-2373781621-4259978329-1001\...\StartupApproved\Run: => "Steam"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{83A1F4D5-4AD7-4DC5-B131-700B193F8ADA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\YoutubersLife\YoutubersLife.exe
FirewallRules: [{6EA883D9-3783-431F-BADF-EF8CB3090A1B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\YoutubersLife\YoutubersLife.exe
FirewallRules: [{8F253446-8481-4C46-AAA8-BCB11444D98A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\There's Poop In My Soup\PoopInMySoup.exe
FirewallRules: [{D93D7B02-AD6D-4450-B997-8570E8475CE7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\There's Poop In My Soup\PoopInMySoup.exe
FirewallRules: [{963E433A-1246-4C5E-98BF-8A436DA970D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TurboDismount\TurboDismount.exe
FirewallRules: [{4A46A9F9-DA58-4D55-BF64-2D3DB6CF1606}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TurboDismount\TurboDismount.exe
FirewallRules: [{981D4D2E-A3F1-4345-8761-9184462D2E7A}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [{7A913E68-8084-4AED-9AF8-E2094601A1B1}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [{308C19AF-8ED2-48F9-B98F-27F2F6DD6DB5}] => (Allow) C:\Users\VINCENT\AppData\Local\Temp\7zS714F\HPDiagnosticCoreUI.exe
FirewallRules: [{6C2B952F-8CF1-4E4D-B6FD-532F1D13140E}] => (Allow) C:\Users\VINCENT\AppData\Local\Temp\7zS714F\HPDiagnosticCoreUI.exe
FirewallRules: [{02A6940D-2113-456F-BCEF-AC55DB48ED9F}] => (Allow) C:\Users\VINCENT\AppData\Local\Temp\7zS70FA\HPDiagnosticCoreUI.exe
FirewallRules: [{E9913014-1404-4EA2-ACDD-DF2791D1EE13}] => (Allow) C:\Users\VINCENT\AppData\Local\Temp\7zS70FA\HPDiagnosticCoreUI.exe
FirewallRules: [{87607621-A183-4F50-AA95-131108B98B74}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{3912B2AD-A424-465D-8DAB-C417A055486A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Octodad Dadliest Catch\OctodadDadliestCatch.exe
FirewallRules: [{8E31C835-DDA4-44D4-BB17-B05247ECEA97}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Octodad Dadliest Catch\OctodadDadliestCatch.exe
FirewallRules: [{EBAF6C0D-C2CB-4355-863F-EE17BBD41CF8}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{6D1ADC78-75B4-44B6-B5D5-1B4D2FAE45A9}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{A633BAEA-AE1E-4C28-92AD-007AE71DA774}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CA486716-4697-4ADA-A626-5B7C435348A6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{80793AE5-39FE-4EF1-BC76-4C2A498DFA3A}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{F9AC422A-3D4D-42B5-8AB9-6EDF0D900A44}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{EE05BBD3-06D3-4601-A6A2-30C3B5734B3C}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [TCP Query User{DFE49AE8-22FE-4444-BC59-B925FA655315}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [UDP Query User{FC99D5D7-EC0F-4D4D-B660-4FE4DB57A18A}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{911B8683-F755-4D04-905C-019D552F082E}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{C4B419DE-50B4-4B50-ABAD-FAD1945DAFF3}C:\users\vincent\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\vincent\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{BE35506D-9769-4073-AC7E-76B24BA35F4F}C:\users\vincent\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\vincent\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{C8A4D20A-93D5-44CC-8D6A-C0481836C583}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{516975ED-B100-49A0-852E-6E045737E221}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{FBA4668B-91C2-4762-9573-8E71B05F5A17}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{44087DE7-8C25-4533-A261-312D47411A44}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{78DC77D8-028E-4EE3-825B-1B01B6FA1606}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{85DE178C-96D6-43F2-B654-5B17EE37E776}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{E7CE4BE2-9071-47E1-A90D-7B884664ECA6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{1CA65B3C-247C-414A-B244-7033FB7DC54C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{C50026BC-E891-45E9-812E-E9E8063FEDD9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{2A7E8BA1-CFB0-4029-8211-95922DA8439E}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{92405311-DDE2-47AF-9048-84580F772646}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{030D828A-C459-4A77-973F-9FA0312D24AA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3BFF507B-CEAE-4493-B215-6E45713A00AB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CC66EB30-6AFC-49EC-BB0F-6D0C6BA2E4FE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{23E31A2A-3C8E-4794-ACD6-78116D3F6180}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [TCP Query User{1249A627-DCDE-4543-B744-9BFF914FC8FE}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{8CFEF3CA-C04B-4316-BF86-83EC81A88DEF}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{2A42DDDD-E512-4C2E-BC6E-F7AB8B60B570}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{0F0721F3-A66E-4F78-AF99-1972A23E0E01}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{A98A03F2-0230-4AC2-8BBD-4407CD91BD86}] => (Allow) C:\Users\VINCENT\AppData\Local\Temp\7zS6B2F\HPDiagnosticCoreUI.exe
FirewallRules: [{5AB0EBB8-CCA7-401C-AE75-93CF8112E67A}] => (Allow) C:\Users\VINCENT\AppData\Local\Temp\7zS6B2F\HPDiagnosticCoreUI.exe
FirewallRules: [{9847452F-9E40-47E1-A0C6-6219406A57F8}] => (Allow) C:\Users\VINCENT\AppData\Local\Temp\7zS4768\HPDiagnosticCoreUI.exe
FirewallRules: [{22E727CC-CBE9-4803-ABC0-955BBB088018}] => (Allow) C:\Users\VINCENT\AppData\Local\Temp\7zS4768\HPDiagnosticCoreUI.exe
FirewallRules: [{34AB8337-2FD4-4026-BFDA-FD7626C8DE88}] => (Allow) C:\Users\VINCENT\AppData\Local\Temp\7zS47AA\HPDiagnosticCoreUI.exe
FirewallRules: [{05E44358-7A24-4813-98C4-A0CC9AC18812}] => (Allow) C:\Users\VINCENT\AppData\Local\Temp\7zS47AA\HPDiagnosticCoreUI.exe
FirewallRules: [{AD4B06A7-D52A-46CD-AEB8-9F9584D818A4}] => (Allow) C:\Users\VINCENT\AppData\Local\Temp\7zS573E\HPDiagnosticCoreUI.exe
FirewallRules: [{091B97E5-395C-4A63-95EC-E3A3E21D310E}] => (Allow) C:\Users\VINCENT\AppData\Local\Temp\7zS573E\HPDiagnosticCoreUI.exe
FirewallRules: [{675ED59F-0CB9-4CFE-AC3B-1C305A4E7731}] => (Allow) C:\Users\VINCENT\AppData\Local\Temp\7zS17AF\HPDiagnosticCoreUI.exe
FirewallRules: [{C5A5886C-8271-4359-B06A-F8DA9FEE21D1}] => (Allow) C:\Users\VINCENT\AppData\Local\Temp\7zS17AF\HPDiagnosticCoreUI.exe
FirewallRules: [{E5332E16-636E-4BB2-9654-D58086B15735}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{AF6F891B-A19D-419D-985D-009169FAC5F8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{436AFCF4-8DF4-4BF4-9D46-82A48A78F423}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Digimon Masters Online - Steam\DMLauncher.exe
FirewallRules: [{45487AB5-98AE-4BEA-806F-D932BA004BB8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Digimon Masters Online - Steam\DMLauncher.exe
FirewallRules: [{A11548FC-B577-451B-BB61-B452317845C6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{B3192EB1-4D38-4B86-989A-4B461E3F5A19}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{A22138BE-2915-40F2-A18A-781471B2463B}] => (Allow) C:\Users\VINCENT\AppData\Local\Temp\7zS377A\HPDiagnosticCoreUI.exe
FirewallRules: [{E822206F-D2E8-402D-8F2A-DAC17513874A}] => (Allow) C:\Users\VINCENT\AppData\Local\Temp\7zS377A\HPDiagnosticCoreUI.exe
FirewallRules: [{DF2ABF49-805D-4682-A3A3-8BA0FD57D8A2}] => (Allow) C:\Users\VINCENT\AppData\Local\Temp\7zS37D6\HPDiagnosticCoreUI.exe
FirewallRules: [{52A1234C-D5D1-474E-8440-CF9385F3EA82}] => (Allow) C:\Users\VINCENT\AppData\Local\Temp\7zS37D6\HPDiagnosticCoreUI.exe
FirewallRules: [{8B4C1147-8EDB-464B-AACD-CC93EEA2BE94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DiRT Showdown\showdown.exe
FirewallRules: [{6D64C5C3-9A32-4612-8C14-09B81D28EEEB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DiRT Showdown\showdown.exe
FirewallRules: [{EB01A0AA-195A-4ADB-8482-34F3CDD1B379}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\A Story About My Uncle\Binaries\Win32\ASAMU-Win32-Shipping.exe
FirewallRules: [{984FD65F-9DE1-4DB8-8890-4A7AE88D7D33}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\A Story About My Uncle\Binaries\Win32\ASAMU-Win32-Shipping.exe
FirewallRules: [{E9F86F6B-C59C-4682-8459-9ED53CF3D012}] => (Allow) C:\Program Files\HP\HP ENVY 5640 series\Bin\DeviceSetup.exe
FirewallRules: [{CA492791-1BC5-4BF2-9E2B-8BA41F987F4F}] => (Allow) LPort=5357
FirewallRules: [{DCDC1670-31F9-45C3-9C49-5910ED495801}] => (Allow) C:\Program Files\HP\HP ENVY 5640 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{1A2FB5E7-B71B-4D0B-B907-6BB31C3F39BD}] => (Allow) C:\Users\VINCENT\AppData\Local\Temp\7zS0067\HPDiagnosticCoreUI.exe
FirewallRules: [{42E5567B-E8A0-4007-829E-1A7A92D9E8EB}] => (Allow) C:\Users\VINCENT\AppData\Local\Temp\7zS0067\HPDiagnosticCoreUI.exe
FirewallRules: [{15ABDFE4-A67D-4116-9DC8-E38B221A5837}] => (Allow) C:\Users\VINCENT\AppData\Local\Temp\7zS00D0\HPDiagnosticCoreUI.exe
FirewallRules: [{EB6F02C2-1B81-4BC7-83CD-E56DAD7001CD}] => (Allow) C:\Users\VINCENT\AppData\Local\Temp\7zS00D0\HPDiagnosticCoreUI.exe
FirewallRules: [{75C77B19-A585-4D32-B422-152296F6BCA2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Escapists\TheEscapists.exe
FirewallRules: [{7C652DFC-0549-4EF0-8A48-A6E670A1FA68}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Escapists\TheEscapists.exe
FirewallRules: [{BD83345D-DBC7-4A2A-A865-B7E5CD682137}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{1264CC8C-EE7C-416D-97D9-E223D9DC718D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
==================== Restore Points =========================
20-11-2017 12:12:56 Windows Update
23-11-2017 12:40:27 Windows Update
26-11-2017 13:20:47 Windows Update
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (11/28/2017 08:24:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SettingSyncHost.exe, version: 10.0.14393.1198, time stamp: 0x590280cf
Faulting module name: BrowserSettingSync.dll, version: 10.0.14393.953, time stamp: 0x58ba5eb4
Exception code: 0xc0000005
Fault offset: 0x000000000000f1a1
Faulting process ID: 0x1054
Faulting application start time: 0x01d3682256a5c683
Faulting application path: C:\WINDOWS\system32\SettingSyncHost.exe
Faulting module path: C:\WINDOWS\system32\BrowserSettingSync.dll
Report ID: 48138202-514d-465d-ab79-f269f5aa0479
Faulting package full name:
Faulting package-relative application ID:
Error: (11/28/2017 08:22:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RuntimeBroker.exe, version: 10.0.14393.0, time stamp: 0x57899b96
Faulting module name: ntdll.dll, version: 10.0.14393.1715, time stamp: 0x59b0d03e
Exception code: 0xc0000005
Fault offset: 0x00000000000495fc
Faulting process ID: 0xe28
Faulting application start time: 0x01d3682204d02f88
Faulting application path: C:\Windows\System32\RuntimeBroker.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report ID: 86b1604f-27ae-4d77-b069-0b8d6cc37de0
Faulting package full name:
Faulting package-relative application ID:
Error: (11/28/2017 08:22:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RuntimeBroker.exe, version: 10.0.14393.0, time stamp: 0x57899b96
Faulting module name: ntdll.dll, version: 10.0.14393.1715, time stamp: 0x59b0d03e
Exception code: 0xc0000005
Fault offset: 0x00000000000495fc
Faulting process ID: 0xe0c
Faulting application start time: 0x01d36821eb480a5b
Faulting application path: C:\Windows\System32\RuntimeBroker.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report ID: 352835d1-c10d-4baf-b8bc-f751f140c40d
Faulting package full name:
Faulting package-relative application ID:
Error: (11/27/2017 11:16:21 PM) (Source: MsiInstaller) (EventID: 11722) (User: NT AUTHORITY)
Description: Product: Update for Windows 10 for x64-based Systems (KB4023057) -- Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor.  Action CreateScheduledTaskShell, location: C:\Program Files\rempl\, command: C:\WINDOWS\SysWOW64\schtasks.exe -create -tn Microsoft\Windows\rempl\shell -xml rempl.xml -F
Error: (11/27/2017 10:15:20 PM) (Source: MsiInstaller) (EventID: 11722) (User: NT AUTHORITY)
Description: Product: Update for Windows 10 for x64-based Systems (KB4023057) -- Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor.  Action CreateScheduledTaskShell, location: C:\Program Files\rempl\, command: C:\WINDOWS\SysWOW64\schtasks.exe -create -tn Microsoft\Windows\rempl\shell -xml rempl.xml -F
Error: (11/27/2017 03:41:41 PM) (Source: PerfNet) (EventID: 2002) (User: )
Description: Unable to open the Redirector service performance object. The first four bytes (DWORD) of the Data section contains the status code.
Error: (11/27/2017 03:41:41 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
Error: (11/27/2017 03:35:59 PM) (Source: PerfNet) (EventID: 2002) (User: )
Description: Unable to open the Redirector service performance object. The first four bytes (DWORD) of the Data section contains the status code.
Error: (11/27/2017 03:35:59 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
Error: (11/27/2017 03:35:59 PM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

System errors:
=============
Error: (11/28/2017 08:42:32 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/28/2017 08:22:29 AM) (Source: DCOM) (EventID: 10016) (User: MCNULTYS_PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user MCNULTYS_PC\VINCENT SID (S-1-5-21-61005078-2373781621-4259978329-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c SID (S-1-15-2-2246530975-808720366-1776470054-230329187-4153223113-3550430174-4193313734). This security permission can be modified using the Component Services administrative tool.
Error: (11/28/2017 08:21:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/28/2017 08:21:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/28/2017 06:21:43 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® HD Graphics Control Panel Service service terminated unexpectedly. It has done this 1 time(s).
Error: (11/27/2017 11:41:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® Security Assist service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (11/27/2017 11:41:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel® Security Assist service to connect.
Error: (11/27/2017 11:16:26 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 10 Version 1607 for x64-based Systems (KB4023057).
Error: (11/27/2017 11:16:21 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.
Error: (11/27/2017 11:13:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Management and Security Application Local Management Service service terminated unexpectedly. It has done this 1 time(s).

CodeIntegrity:
===================================
  Date: 2017-11-28 06:27:35.203
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-11-26 13:54:44.502
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-11-17 05:21:11.781
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-11-08 17:45:22.563
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-11-04 14:18:37.609
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-11-01 13:39:52.273
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-10-31 15:45:14.444
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-10-30 13:46:11.933
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-10-29 14:02:41.031
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-10-28 17:37:01.592
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================
Processor: Intel® Core™ i5-4590T CPU @ 2.00GHz
Percentage of memory in use: 38%
Total physical RAM: 8114.73 MB
Available physical RAM: 4966.89 MB
Total Virtual: 29503.59 MB
Available Virtual: 25894.44 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:916.76 GB) (Free:245.25 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery Image) (Fixed) (Total:12.83 GB) (Free:1.61 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: B885745F)
Partition: GPT.
==================== End of Addition.txt ============================

 

 

 

 

 


  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)


If you have ANY TRION GAME, installed via STEAM it can add Glyph Client.

The Glyph Client i have see cause a problem with installing Windows 10 Creators up date.


You have Glyph installed here:
2017-11-08 20:01 - 2016-10-06 17:22 - 000000000 ____D C:\Program Files (x86)\Glyph

That cpould be the up date issue.

Next

Uninstall this program if found
DiscountSmasher


Next try running adwCleaner, no go, skip to the next instruction

Download AdwCleaner from here. Save the file to the desktop.
NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.
Close all open windows and browsers.
  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:
iO5EZayK.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this
adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt
Next

A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

start
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597016 2016-03-31] (Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
Winlogon\Notify\igfxcui: igfxdev.dll [X]
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
SearchScopes: HKLM -> {4CAE03D6-B38E-47F5-A819-4F3D25FA0A95} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {4CAE03D6-B38E-47F5-A819-4F3D25FA0A95} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-61005078-2373781621-4259978329-1001 -> {4CAE03D6-B38E-47F5-A819-4F3D25FA0A95} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-61005078-2373781621-4259978329-1001 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.swellsearch.info/?l=1&q={searchTerms}&pid=1539&r=2015/03/08&hid=14359128447900105012&lg=EN&cc=GB&unqvl=84
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_92\bin\ssv.dll [2016-07-03] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_92\bin\jp2ssv.dll [2016-07-03] (Oracle Corporation)
FF Plugin HKU\S-1-5-21-61005078-2373781621-4259978329-1001: pokki.com/PokkiDownloadHelper -> C:\Users\VINCENT\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll [No File]
Task: {0CA272F0-2B91-45C2-986D-5F2794B1526A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {1D9F3845-7676-4783-9ED6-20FD5D3A0E58} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {47226A48-C885-40F5-BB8A-819E5967EED6} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {500CB796-7AF6-47AC-A2A3-6488C99A35E5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {662F9F4D-A30C-42EA-9763-1157C20EC5DC} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {737A1B92-B543-4830-AA59-F7EC62D2F4B8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {788D7E88-5703-489B-9C6E-170755384563} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {8C41F415-3EC9-4093-9D0F-A507B9EA63AE} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {AC1B6C96-A259-469F-A12F-D733240DF229} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {D9536904-CAAE-4F3D-8EC8-C5AA5C235730} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E5017CB2-0DAA-479B-A38F-9049E44CD9ED} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData:514A75302A0E5A4C [217]
AlternateDataStreams: C:\Users\All Users:514A75302A0E5A4C [217]
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp:
  • Click Format and ensure Wordwrap is unchecked.
  • Save as Fixlist.txt to your Desktop (Must be in this location)
  • Run FRST/FRST64 and press the Fix button just once and wait.
  • If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
  • The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
  • Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.




  • 0

#3
Vince09

Vince09

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi. Thank you so much for replying. I'm at work currently so will get on the case later today. I have just a couple of questions. How can I uninstall the glyph? Also the discount smasher prog is in the programs uninstall list but will not uninstall . Do you have any ideas? Thank you. Vince.
  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
Hello,

How can I uninstall the glyph

I put it in the fix, lets see what happens.

Don't worry about discount smasher for now. See if adwCleaner will run, if not go ahead an run the fix and we will take from there.

I get home late from work sometimes so bare with me...

Thanks
Joe :)
  • 0

#5
Vince09

Vince09

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Hi Joe,

 

I have complete all of above instructions. Please find the logs below. I'll await you reply. Many Thanks, Vince.

 

 

# AdwCleaner 7.0.4.0 - Logfile created on Thu Nov 30 18:20:43 2017
# Updated on 2017/27/10 by Malwarebytes
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support
***** [ Services ] *****
No malicious services deleted.
***** [ Folders ] *****
Deleted: C:\ProgramData\epicscale
Deleted: C:\Users\All Users\epicscale
Deleted: C:\Users\VINCENT\AppData\Local\SweetLabs App Platform
Deleted: C:\Users\Public\Pokki
Deleted: C:\Users\VINCENT\AppData\Roaming\OpenCandy
Deleted: C:\Program Files (x86)\DiscountSmasher

***** [ Files ] *****
Deleted: C:\Users\VINCENT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Menu.lnk
Deleted: C:\Users\VINCENT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk

***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
Deleted: SweetLabs App Platform

***** [ Registry ] *****
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d16fk4ms6rqz1v.cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d22j4fzzszoii2.cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pricepeep.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\static.pricepeep00.pricepeep.net
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\ak.staticimgfarm.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\azlyrics.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d10lpsik1i8c69.cloudfront.net
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d16fk4ms6rqz1v.cloudfront.net
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d1af033869koo7.cloudfront.net
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d22j4fzzszoii2.cloudfront.net
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d30ke5tqu2tkyx.cloudfront.net
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d386fcgv8lq3dy.cloudfront.net
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\findit.shieldsgazette.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\findit.sunderlandecho.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\hp.myway.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\janiceeggleston.co.uk
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\searchnow.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\staticimgfarm.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\uk.searchnow.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\unicef.org.uk
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.azlyrics.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.janiceeggleston.co.uk
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.unicef.org.uk
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.yourtango.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\yourtango.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\ak.staticimgfarm.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\azlyrics.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d10lpsik1i8c69.cloudfront.net
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d16fk4ms6rqz1v.cloudfront.net
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d1af033869koo7.cloudfront.net
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d22j4fzzszoii2.cloudfront.net
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d30ke5tqu2tkyx.cloudfront.net
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d386fcgv8lq3dy.cloudfront.net
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\findit.shieldsgazette.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\findit.sunderlandecho.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\hp.myway.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\janiceeggleston.co.uk
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\searchnow.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\staticimgfarm.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\uk.searchnow.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\unicef.org.uk
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.azlyrics.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.janiceeggleston.co.uk
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.unicef.org.uk
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.yourtango.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\yourtango.com
Deleted: [Key] - HKU\S-1-5-21-61005078-2373781621-4259978329-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
Deleted: [Key] - HKU\S-1-5-21-61005078-2373781621-4259978329-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}
Deleted: [Key] - HKU\S-1-5-21-61005078-2373781621-4259978329-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\PokkiDownloadHelper
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\PokkiDownloadHelper
Deleted: [Key] - HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Deleted: [Key] - HKU\S-1-5-21-61005078-2373781621-4259978329-1001\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Deleted: [Key] - HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4EB3FC20-7158-4DD5-A08E-707541E9341C}
Deleted: [Key] - HKCU\Software\Classes\TypeLib\{39B1EC90-428D-4033-9E32-ED28D02FF588}
Deleted: [Key] - HKU\S-1-5-21-61005078-2373781621-4259978329-1001\Software\Classes\TypeLib\{39B1EC90-428D-4033-9E32-ED28D02FF588}
Deleted: [Key] - HKCU\Software\Classes\CLSID\{22848257-6A2D-4D2A-8D56-C886D25B8B58}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{22848257-6A2D-4D2A-8D56-C886D25B8B58}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{22848257-6A2D-4D2A-8D56-C886D25B8B58}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{B08006D8-1D22-458E-9370-F459542E5AF2}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{B7298E57-3046-4F2A-B8C6-78CC8A60020C}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{CB747D69-2EE7-40C0-BE35-BA6ED3EEA8A3}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{DB559C6A-03B9-4961-9BC3-80D769710C2D}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Deleted: [Value] - HKU\S-1-5-21-61005078-2373781621-4259978329-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Pokki
Deleted: [Key] - HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Deleted: [Key] - HKCU\Software\Classes\Directory\shell\pokki
Deleted: [Key] - HKCU\Software\Classes\Drive\shell\pokki
Deleted: [Key] - HKCU\Software\Classes\lnkfile\shell\pokki
Deleted: [Key] - HKCU\Software\Classes\MIME\Database\Content Type\application\x-pokkidownloadhelper
Deleted: [Key] - HKCU\Software\Classes\AppID\npPokkiDownloadHelper.dll
Deleted: [Key] - HKCU\Software\MozillaPlugins\pokki.com\PokkiDownloadHelper
Deleted: [Key] - HKU\S-1-5-21-61005078-2373781621-4259978329-1001\Software\SweetLabs App Platform
Deleted: [Key] - HKCU\Software\SweetLabs App Platform
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\SpyHunter4.exe
Deleted: [Key] - HKU\S-1-5-21-61005078-2373781621-4259978329-1001\Software\EpicScale
Deleted: [Key] - HKCU\Software\EpicScale
Deleted: [Key] - HKCU\Software\Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}
Deleted: [Key] - HKU\S-1-5-21-61005078-2373781621-4259978329-1001\Software\Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}

***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries deleted.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries deleted.
*************************
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
 
*************************
C:/AdwCleaner/AdwCleaner[S0].txt - [16121 B] - [2017/11/30 18:16:22]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-11-2017
Ran by VINCENT (30-11-2017 18:29:59) Run:1
Running from C:\Users\VINCENT\Desktop
Loaded Profiles: VINCENT (Available Profiles: VINCENT)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597016 2016-03-31] (Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
Winlogon\Notify\igfxcui: igfxdev.dll [X]
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
SearchScopes: HKLM -> {4CAE03D6-B38E-47F5-A819-4F3D25FA0A95} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {4CAE03D6-B38E-47F5-A819-4F3D25FA0A95} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-61005078-2373781621-4259978329-1001 -> {4CAE03D6-B38E-47F5-A819-4F3D25FA0A95} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-61005078-2373781621-4259978329-1001 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.swellsearch.info/?l=1&q={searchTerms}&pid=1539&r=2015/03/08&hid=14359128447900105012&lg=EN&cc=GB&unqvl=84
BHO: Java� Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_92\bin\ssv.dll [2016-07-03] (Oracle Corporation)
BHO: Java� Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_92\bin\jp2ssv.dll [2016-07-03] (Oracle Corporation)
FF Plugin HKU\S-1-5-21-61005078-2373781621-4259978329-1001: pokki.com/PokkiDownloadHelper -> C:\Users\VINCENT\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll [No File]
Task: {0CA272F0-2B91-45C2-986D-5F2794B1526A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {1D9F3845-7676-4783-9ED6-20FD5D3A0E58} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {47226A48-C885-40F5-BB8A-819E5967EED6} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {500CB796-7AF6-47AC-A2A3-6488C99A35E5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {662F9F4D-A30C-42EA-9763-1157C20EC5DC} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {737A1B92-B543-4830-AA59-F7EC62D2F4B8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {788D7E88-5703-489B-9C6E-170755384563} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {8C41F415-3EC9-4093-9D0F-A507B9EA63AE} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {AC1B6C96-A259-469F-A12F-D733240DF229} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {D9536904-CAAE-4F3D-8EC8-C5AA5C235730} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E5017CB2-0DAA-479B-A38F-9049E44CD9ED} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData:514A75302A0E5A4C [217]
AlternateDataStreams: C:\Users\All Users:514A75302A0E5A4C [217]
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp:
*****************
Processes closed successfully.
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui => key removed successfully
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Google => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4CAE03D6-B38E-47F5-A819-4F3D25FA0A95} => key removed successfully
HKLM\Software\Classes\CLSID\{4CAE03D6-B38E-47F5-A819-4F3D25FA0A95} => key not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{4CAE03D6-B38E-47F5-A819-4F3D25FA0A95} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{4CAE03D6-B38E-47F5-A819-4F3D25FA0A95} => key not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE} => key not found
HKU\S-1-5-21-61005078-2373781621-4259978329-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4CAE03D6-B38E-47F5-A819-4F3D25FA0A95} => key removed successfully
HKLM\Software\Classes\CLSID\{4CAE03D6-B38E-47F5-A819-4F3D25FA0A95} => key not found
HKU\S-1-5-21-61005078-2373781621-4259978329-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE} => key removed successfully
HKLM\Software\Classes\CLSID\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE} => key not found
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key removed successfully
HKLM\Software\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key removed successfully
HKLM\Software\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key removed successfully
HKU\S-1-5-21-61005078-2373781621-4259978329-1001\Software\MozillaPlugins\pokki.com/PokkiDownloadHelper => key not found
C:\Users\VINCENT\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0CA272F0-2B91-45C2-986D-5F2794B1526A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0CA272F0-2B91-45C2-986D-5F2794B1526A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1D9F3845-7676-4783-9ED6-20FD5D3A0E58} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D9F3845-7676-4783-9ED6-20FD5D3A0E58} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{47226A48-C885-40F5-BB8A-819E5967EED6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47226A48-C885-40F5-BB8A-819E5967EED6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{500CB796-7AF6-47AC-A2A3-6488C99A35E5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{500CB796-7AF6-47AC-A2A3-6488C99A35E5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{662F9F4D-A30C-42EA-9763-1157C20EC5DC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{662F9F4D-A30C-42EA-9763-1157C20EC5DC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{737A1B92-B543-4830-AA59-F7EC62D2F4B8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{737A1B92-B543-4830-AA59-F7EC62D2F4B8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{788D7E88-5703-489B-9C6E-170755384563} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{788D7E88-5703-489B-9C6E-170755384563} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8C41F415-3EC9-4093-9D0F-A507B9EA63AE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C41F415-3EC9-4093-9D0F-A507B9EA63AE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC1B6C96-A259-469F-A12F-D733240DF229} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC1B6C96-A259-469F-A12F-D733240DF229} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D9536904-CAAE-4F3D-8EC8-C5AA5C235730} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D9536904-CAAE-4F3D-8EC8-C5AA5C235730} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E5017CB2-0DAA-479B-A38F-9049E44CD9ED} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5017CB2-0DAA-479B-A38F-9049E44CD9ED} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
C:\ProgramData => ":514A75302A0E5A4C" ADS could not remove.
C:\Users\All Users => ":514A75302A0E5A4C" ADS could not remove.
========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
0 out of 0 jobs canceled.
========= End of CMD: =========

========= netsh winsock reset catalog =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========

========= RemoveProxy: =========
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-61005078-2373781621-4259978329-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-61005078-2373781621-4259978329-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
BITS transfer queue => 1653059 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 87884294 B
Java, Flash, Steam htmlcache => 475637224 B
Windows/system/drivers => 89202127 B
Edge => 247140693 B
Chrome => 16800593 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 5816 B
VINCENT => 132357673 B
RecycleBin => 75207514719 B
EmptyTemp: => 71 GB temporary data Removed.
================================

The system needed a reboot.
==== End of Fixlog 18:40:38 ====

  • 0

#6
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
Hello,

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

  • 0

#7
Vince09

Vince09

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Hi Again,

Thanks for continuing this for me. Please find text files below:

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-11-2017
Ran by VINCENT (administrator) on MCNULTYS_PC (01-12-2017 15:59:03)
Running from C:\Users\VINCENT\Desktop
Loaded Profiles: VINCENT (Available Profiles: VINCENT)
Platform: Windows 10 Home Version 1607 14393.1914 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTuneSrvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\wimserv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8700.40675.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8700.40675.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVBg_SOUNDEDGE] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2016-05-19] (Realtek Semiconductor)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8496344 2016-05-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2016-05-19] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\windows\system32\igfxtray.exe [402904 2016-01-19] ()
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3957816 2014-02-07] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-02-07] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-02-07] (Hewlett-Packard)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-11-28] (AVAST Software)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-27] (Microsoft Corporation)
HKLM-x32\...\Run: [DT_HPO] => C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTuneStartup.exe [142160 2014-01-28] (Hewlett-Packard)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKU\S-1-5-21-61005078-2373781621-4259978329-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421736 2017-03-28] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-61005078-2373781621-4259978329-1001\...\Run: [EPSON SX420W Series] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE [224768 2009-09-14] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-61005078-2373781621-4259978329-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3102496 2017-10-31] (Valve Corporation)
HKU\S-1-5-21-61005078-2373781621-4259978329-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe
HKU\S-1-5-21-61005078-2373781621-4259978329-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7964576 2017-10-17] (SUPERAntiSpyware)
HKU\S-1-5-21-61005078-2373781621-4259978329-1001\...\RunOnce: [Application Restart #6] => C:\Users\VINCENT\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-reso (the data entry has 609 more characters).
HKU\S-1-5-21-61005078-2373781621-4259978329-1001\...\MountPoints2: {422dfe50-a79e-11e4-8259-3010b3a7a938} - "H:\LaunchU3.exe" -a
HKU\S-1-5-21-61005078-2373781621-4259978329-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [806400 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421736 2017-03-28] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-07-16] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{00619b17-d6fe-4115-9219-5be328fc7947}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK14/2
HKU\S-1-5-21-61005078-2373781621-4259978329-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/?gws_rd=ssl
HKU\S-1-5-21-61005078-2373781621-4259978329-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK14/2
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-01-16] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-61005078-2373781621-4259978329-1001 -> hxxp://www.google.co.uk/
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.92.2 -> C:\Program Files\Java\jre1.8.0_92\bin\dtplugin\npDeployJava1.dll [2016-07-03] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.92.2 -> C:\Program Files\Java\jre1.8.0_92\bin\plugin2\npjp2.dll [2016-07-03] (Oracle Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2016-05-23] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-61005078-2373781621-4259978329-1001: @citrixonline.com/appdetectorplugin -> C:\Users\VINCENT\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-10-05] (Citrix Online)
FF Plugin HKU\S-1-5-21-61005078-2373781621-4259978329-1001: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\VINCENT\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-05-13] (RocketLife, LLP)
FF Plugin HKU\S-1-5-21-61005078-2373781621-4259978329-1001: SkypePlugin -> C:\Users\VINCENT\AppData\Local\SkypePlugin\7.2.0.422\npGatewayNpapi.dll [2015-04-09] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-61005078-2373781621-4259978329-1001: SkypePlugin64 -> C:\Users\VINCENT\AppData\Local\SkypePlugin\7.2.0.422\npGatewayNpapi-x64.dll [2015-04-09] (Skype Technologies S.A.)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\VINCENT\AppData\Local\Google\Chrome\User Data\Default [2017-11-30]
CHR Extension: (Google Slides) - C:\Users\VINCENT\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-20]
CHR Extension: (Google Docs) - C:\Users\VINCENT\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-20]
CHR Extension: (Google Drive) - C:\Users\VINCENT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-20]
CHR Extension: (YouTube) - C:\Users\VINCENT\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-20]
CHR Extension: (Google Sheets) - C:\Users\VINCENT\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-20]
CHR Extension: (Google Docs Offline) - C:\Users\VINCENT\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-20]
CHR Extension: (Skype) - C:\Users\VINCENT\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-12-20]
CHR Extension: (Kaspersky Protection) - C:\Users\VINCENT\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpeeaghdjmhlakojjcgfdhgcejdaefmi [2016-12-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\VINCENT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-20]
CHR Extension: (Gmail) - C:\Users\VINCENT\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-20]
CHR Extension: (Chrome Media Router) - C:\Users\VINCENT\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-20]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7549928 2017-11-28] (AVAST Software)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-11-28] (AVAST Software)
S2 AxiomAIRMini32AudioDevMon; C:\Program Files (x86)\M-Audio\Axiom AIR Mini 32\AudioDevMon.exe [192360 2012-12-13] (M-Audio)
R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2286848 2015-10-14] (Broadcom Corporation.)
R2 DTuneSrvc; C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTuneSrvc.exe [120328 2013-07-17] (Portrait Displays, Inc.)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [245544 2016-11-27] (EasyAntiCheat Ltd)
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-05-23] (WildTangent)
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1099280 2017-03-28] (Garmin Ltd. or its subsidiaries)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [323952 2017-09-27] (HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-22] (HP Inc.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373720 2016-01-19] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
S3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [223520 2015-07-10] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [5660512 2016-08-16] (INCA Internet Co., Ltd.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-02-07] (Softex Inc.) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2124296 2017-04-16] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2185232 2017-04-16] (Electronic Arts)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2016-05-19] (Realtek Semiconductor)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-28] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103704 2017-10-09] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [321032 2017-10-10] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [198976 2017-10-10] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [343288 2017-10-10] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [57736 2017-10-10] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [47008 2017-10-10] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [147776 2017-10-10] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [110376 2017-10-10] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [84416 2017-10-10] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1029872 2017-10-26] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [587168 2017-10-10] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [201352 2017-10-10] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [363440 2017-10-10] (AVAST Software)
S3 AXIOMAIRMINI32; C:\WINDOWS\system32\DRIVERS\MAudioAxiomAIRMini32.sys [134504 2012-12-13] (M-Audio)
R3 bcbtums; C:\WINDOWS\system32\DRIVERS\bcbtums.sys [177432 2015-12-01] (Broadcom Corporation.)
R3 BCMWL63A; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [11244808 2015-09-03] (Broadcom Corp)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S3 gfiark; C:\WINDOWS\System32\drivers\gfiark.sys [40584 2015-08-27] (ThreatTrack Security)
S3 gfiutil; C:\WINDOWS\System32\drivers\gfiutil.sys [32400 2016-03-04] (ThreatTrack Security)
R3 i8042HDR; C:\WINDOWS\system32\DRIVERS\i8042HDR.sys [15920 2009-08-14] (Windows ® Codename Longhorn DDK provider)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2017-11-30] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 RDID1148; C:\WINDOWS\system32\Drivers\RDWM1148.SYS [242432 2015-07-23] (Roland Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [896768 2016-02-17] (Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [753368 2016-05-19] (Realsil Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-12-01 15:52 - 2017-12-01 15:53 - 000060231 _____ C:\Users\VINCENT\Desktop\Addition.txt
2017-12-01 15:49 - 2017-12-01 15:59 - 000020192 _____ C:\Users\VINCENT\Desktop\FRST.txt
2017-12-01 15:47 - 2017-12-01 15:48 - 000000000 ____D C:\Users\VINCENT\Desktop\archive
2017-11-30 19:12 - 2017-11-30 19:12 - 000000000 ____D C:\Windows.old
2017-11-30 18:43 - 2017-11-30 20:28 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-11-30 18:29 - 2017-12-01 15:48 - 000000000 ____D C:\Users\VINCENT\Desktop\FRST-OlderVersion
2017-11-30 18:13 - 2017-11-30 18:20 - 000000000 ____D C:\AdwCleaner
2017-11-30 18:13 - 2017-11-30 18:13 - 008261584 _____ (Malwarebytes) C:\Users\VINCENT\Desktop\adwcleaner_7.0.4.0.exe
2017-11-29 17:24 - 2017-11-29 17:24 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-29 17:24 - 2017-11-29 17:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-29 17:24 - 2017-11-29 17:24 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-11-29 17:24 - 2017-11-29 17:24 - 000000000 ____D C:\Program Files\Malwarebytes
2017-11-29 17:24 - 2017-11-01 08:54 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-11-29 17:23 - 2017-11-29 17:24 - 078346672 _____ (Malwarebytes ) C:\Users\VINCENT\Downloads\mb3-setup-consumer-3.3.1.2183 (1).exe
2017-11-28 14:56 - 2017-12-01 15:48 - 002391552 _____ (Farbar) C:\Users\VINCENT\Desktop\FRST64.exe
2017-11-28 13:21 - 2017-11-28 13:21 - 000365168 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-11-27 22:12 - 2017-11-18 04:23 - 000038744 _____ (Microsoft Corporation) C:\WINDOWS\system32\OOBEUpdater.exe
2017-11-27 22:12 - 2017-11-18 04:20 - 000219024 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2017-11-27 22:12 - 2017-11-18 04:19 - 007780184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-11-27 22:12 - 2017-11-18 04:18 - 002254688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-11-27 22:12 - 2017-11-18 04:16 - 000168800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2017-11-27 22:12 - 2017-11-18 04:14 - 002187616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-11-27 22:12 - 2017-11-18 04:14 - 000658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-11-27 22:12 - 2017-11-18 04:14 - 000402776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-11-27 22:12 - 2017-11-18 04:13 - 007213968 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-11-27 22:12 - 2017-11-18 04:13 - 001090904 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-11-27 22:12 - 2017-11-18 04:13 - 000947544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-11-27 22:12 - 2017-11-18 04:13 - 000811872 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-11-27 22:12 - 2017-11-18 04:13 - 000624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-11-27 22:12 - 2017-11-18 04:13 - 000573792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2017-11-27 22:12 - 2017-11-18 04:13 - 000430424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2017-11-27 22:12 - 2017-11-18 04:12 - 022220856 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-11-27 22:12 - 2017-11-18 04:12 - 008178816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-11-27 22:12 - 2017-11-18 04:11 - 000241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-11-27 22:12 - 2017-11-18 04:10 - 000453536 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2017-11-27 22:12 - 2017-11-18 04:08 - 000222048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ifsutil.dll
2017-11-27 22:12 - 2017-11-18 04:06 - 000983904 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-11-27 22:12 - 2017-11-18 04:03 - 000195936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ifsutil.dll
2017-11-27 22:12 - 2017-11-18 04:01 - 005722312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-11-27 22:12 - 2017-11-18 03:59 - 020967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-11-27 22:12 - 2017-11-18 03:59 - 006672128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-11-27 22:12 - 2017-11-18 03:50 - 022571008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-11-27 22:12 - 2017-11-18 03:50 - 005688320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-11-27 22:12 - 2017-11-18 03:46 - 007219200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-11-27 22:12 - 2017-11-18 03:43 - 007625728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-11-27 22:12 - 2017-11-18 03:43 - 000372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-11-27 22:12 - 2017-11-18 03:43 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\socialapis.dll
2017-11-27 22:12 - 2017-11-18 03:42 - 000248832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlancfg.dll
2017-11-27 22:12 - 2017-11-18 03:42 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2017-11-27 22:12 - 2017-11-18 03:42 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2017-11-27 22:12 - 2017-11-18 03:42 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertPKICmdlet.dll
2017-11-27 22:12 - 2017-11-18 03:41 - 000300544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2017-11-27 22:12 - 2017-11-18 03:40 - 018365952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-11-27 22:12 - 2017-11-18 03:40 - 000670208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll
2017-11-27 22:12 - 2017-11-18 03:40 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-11-27 22:12 - 2017-11-18 03:40 - 000368640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanui.dll
2017-11-27 22:12 - 2017-11-18 03:39 - 019415040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-11-27 22:12 - 2017-11-18 03:38 - 002750976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-11-27 22:12 - 2017-11-18 03:38 - 000969728 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-11-27 22:12 - 2017-11-18 03:38 - 000893440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-11-27 22:12 - 2017-11-18 03:38 - 000862208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-11-27 22:12 - 2017-11-18 03:38 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-11-27 22:12 - 2017-11-18 03:38 - 000442368 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-11-27 22:12 - 2017-11-18 03:38 - 000343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-11-27 22:12 - 2017-11-18 03:37 - 003291648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-11-27 22:12 - 2017-11-18 03:37 - 000926208 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2017-11-27 22:12 - 2017-11-18 03:37 - 000854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
2017-11-27 22:12 - 2017-11-18 03:37 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertPKICmdlet.dll
2017-11-27 22:12 - 2017-11-18 03:36 - 012349440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-11-27 22:12 - 2017-11-18 03:36 - 009129984 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-11-27 22:12 - 2017-11-18 03:36 - 000878080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2017-11-27 22:12 - 2017-11-18 03:35 - 023678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-11-27 22:12 - 2017-11-18 03:35 - 000954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2017-11-27 22:12 - 2017-11-18 03:35 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2017-11-27 22:12 - 2017-11-18 03:34 - 002002944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2017-11-27 22:12 - 2017-11-18 03:34 - 000859136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2017-11-27 22:12 - 2017-11-18 03:34 - 000579072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2017-11-27 22:12 - 2017-11-18 03:34 - 000238080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-11-27 22:12 - 2017-11-18 03:33 - 006066176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-11-27 22:12 - 2017-11-18 03:33 - 000754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-11-27 22:12 - 2017-11-18 03:33 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-11-27 22:12 - 2017-11-18 03:33 - 000296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlancfg.dll
2017-11-27 22:12 - 2017-11-18 03:33 - 000231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2017-11-27 22:12 - 2017-11-18 03:32 - 013441536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-11-27 22:12 - 2017-11-18 03:32 - 004749824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-11-27 22:12 - 2017-11-18 03:32 - 000410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanui.dll
2017-11-27 22:12 - 2017-11-18 03:32 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2017-11-27 22:12 - 2017-11-18 03:32 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\socialapis.dll
2017-11-27 22:12 - 2017-11-18 03:32 - 000268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2017-11-27 22:12 - 2017-11-18 03:32 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2017-11-27 22:12 - 2017-11-18 03:32 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-11-27 22:12 - 2017-11-18 03:31 - 008119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-11-27 22:12 - 2017-11-18 03:31 - 002997760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-11-27 22:12 - 2017-11-18 03:31 - 001147392 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2017-11-27 22:12 - 2017-11-18 03:31 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-11-27 22:12 - 2017-11-18 03:31 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.PointOfService.dll
2017-11-27 22:12 - 2017-11-18 03:31 - 000859136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2017-11-27 22:12 - 2017-11-18 03:31 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-11-27 22:12 - 2017-11-18 03:31 - 000761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2017-11-27 22:12 - 2017-11-18 03:31 - 000711168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2017-11-27 22:12 - 2017-11-18 03:31 - 000675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2017-11-27 22:12 - 2017-11-18 03:31 - 000284160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-11-27 22:12 - 2017-11-18 03:30 - 002278912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-11-27 22:12 - 2017-11-18 03:30 - 001692160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-11-27 22:12 - 2017-11-18 03:30 - 001010688 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-11-27 22:12 - 2017-11-18 03:30 - 000751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2017-11-27 22:12 - 2017-11-18 03:30 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2017-11-27 22:12 - 2017-11-18 03:29 - 006664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-11-27 22:12 - 2017-11-18 03:29 - 002512384 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-11-27 22:12 - 2017-11-18 03:29 - 002321408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-11-27 22:12 - 2017-11-18 03:29 - 001485824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-11-27 22:12 - 2017-11-18 03:29 - 000913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2017-11-27 22:12 - 2017-11-18 03:28 - 001518080 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-11-27 22:12 - 2017-11-18 03:28 - 001512448 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2017-11-27 22:12 - 2017-11-18 03:28 - 001013760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2017-11-27 22:12 - 2017-11-18 03:28 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-11-27 22:12 - 2017-11-18 03:28 - 000924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2017-11-27 22:12 - 2017-11-18 03:28 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2017-11-27 22:12 - 2017-11-18 03:27 - 003616256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-11-27 22:12 - 2017-11-18 03:27 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2017-11-27 22:12 - 2017-11-18 03:26 - 002065408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2017-11-27 22:12 - 2017-11-07 02:59 - 000449050 _____ C:\WINDOWS\system32\ApnDatabase.xml
2017-11-27 22:12 - 2017-03-04 06:22 - 000822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-11-27 22:12 - 2017-03-04 06:13 - 006474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-11-27 22:12 - 2017-03-04 06:10 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-11-27 22:12 - 2016-08-02 08:13 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-11-26 17:34 - 2017-11-26 17:34 - 000000000 ____D C:\Users\VINCENT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-11-26 13:13 - 2017-11-26 13:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roblox
2017-11-26 13:13 - 2017-11-26 13:13 - 000000000 ____D C:\Program Files (x86)\Roblox
2017-11-26 11:30 - 2017-11-26 11:30 - 000000085 _____ C:\WINDOWS\wininit.ini
2017-11-25 20:17 - 2017-11-26 11:24 - 000000538 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 374be41b-4387-48eb-a39e-90a86f48af4f.job
2017-11-25 20:17 - 2017-11-26 11:24 - 000000538 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 0fd020c8-16a7-436e-83e1-876308315550.job
2017-11-25 20:17 - 2017-11-25 20:17 - 000003774 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 0fd020c8-16a7-436e-83e1-876308315550
2017-11-25 20:17 - 2017-11-25 20:17 - 000003692 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 374be41b-4387-48eb-a39e-90a86f48af4f
2017-11-25 20:17 - 2017-11-25 20:17 - 000000000 ____D C:\Users\VINCENT\AppData\Roaming\SUPERAntiSpyware.com
2017-11-25 20:16 - 2017-11-27 12:21 - 000002037 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2017-11-25 20:16 - 2017-11-25 20:17 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2017-11-25 20:16 - 2017-11-25 20:16 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2017-11-25 20:16 - 2017-11-25 20:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-11-25 19:51 - 2017-11-25 19:51 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-11-25 14:23 - 2017-11-25 14:23 - 000000000 _____ C:\autoexec.bat
2017-11-25 14:18 - 2017-11-25 14:18 - 000000000 ___HD C:\$Windows.~WS
2017-11-16 18:17 - 2017-11-16 18:17 - 038601376 _____ (Microsoft Corporation) C:\Users\VINCENT\Downloads\Windows-KB890830-x64-V5.54.exe
2017-11-16 12:21 - 2017-11-01 22:44 - 000581048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-11-16 12:21 - 2017-11-01 22:44 - 000341976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-11-16 12:21 - 2017-11-01 22:44 - 000269152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-11-16 12:21 - 2017-11-01 22:44 - 000139096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-11-16 12:21 - 2017-11-01 22:44 - 000120416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-11-16 12:21 - 2017-11-01 22:27 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2017-11-16 12:21 - 2017-11-01 22:19 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-11-16 12:21 - 2017-11-01 22:17 - 002641920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-11-16 12:21 - 2017-11-01 22:17 - 000538112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPTpm12.dll
2017-11-16 12:21 - 2017-11-01 22:15 - 000399360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-11-16 12:21 - 2017-11-01 22:14 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-11-16 12:21 - 2017-11-01 22:14 - 000297472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-11-16 12:21 - 2017-11-01 22:13 - 001988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-11-16 12:21 - 2017-11-01 22:12 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-11-16 12:21 - 2017-11-01 22:12 - 000656896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-11-16 12:21 - 2017-11-01 19:44 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-11-16 12:21 - 2017-10-09 02:41 - 000082272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2017-11-16 12:21 - 2017-10-09 02:37 - 000500576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2017-11-16 12:21 - 2017-10-09 02:34 - 000965464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2017-11-16 12:21 - 2017-10-09 02:34 - 000082608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcd.dll
2017-11-16 12:21 - 2017-10-09 02:30 - 000381792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-11-16 12:21 - 2017-10-09 02:30 - 000169304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2017-11-16 12:21 - 2017-10-09 02:28 - 000482384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2017-11-16 12:21 - 2017-10-09 02:16 - 000178008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-11-16 12:21 - 2017-10-09 02:02 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll
2017-11-16 12:21 - 2017-10-09 02:00 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceCredential.dll
2017-11-16 12:21 - 2017-10-09 01:59 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-11-16 12:21 - 2017-10-09 01:58 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-11-16 12:21 - 2017-10-09 01:53 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2017-11-16 12:21 - 2017-10-09 01:44 - 004423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-11-16 12:21 - 2017-10-09 01:44 - 000711168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2017-11-16 12:20 - 2017-11-01 23:06 - 000223584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-11-16 12:20 - 2017-11-01 22:53 - 002032472 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-11-16 12:20 - 2017-11-01 22:53 - 001578848 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-11-16 12:20 - 2017-11-01 22:53 - 000678752 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-11-16 12:20 - 2017-11-01 22:53 - 000613720 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-11-16 12:20 - 2017-11-01 22:53 - 000612192 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-11-16 12:20 - 2017-11-01 22:53 - 000484184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-11-16 12:20 - 2017-11-01 22:53 - 000379232 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-11-16 12:20 - 2017-11-01 22:53 - 000259936 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-11-16 12:20 - 2017-11-01 22:53 - 000190296 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-11-16 12:20 - 2017-11-01 22:53 - 000136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-11-16 12:20 - 2017-11-01 22:53 - 000067928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2017-11-16 12:20 - 2017-11-01 22:53 - 000034648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-11-16 12:20 - 2017-11-01 22:46 - 000635456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-11-16 12:20 - 2017-11-01 22:46 - 000484184 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2017-11-16 12:20 - 2017-11-01 22:43 - 000687968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-11-16 12:20 - 2017-11-01 22:43 - 000647520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-11-16 12:20 - 2017-11-01 22:43 - 000385856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-11-16 12:20 - 2017-11-01 22:43 - 000299360 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-11-16 12:20 - 2017-11-01 22:43 - 000144728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-11-16 12:20 - 2017-11-01 22:43 - 000124072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-11-16 12:20 - 2017-11-01 22:42 - 000089552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2017-11-16 12:20 - 2017-11-01 22:40 - 000455512 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-11-16 12:20 - 2017-11-01 22:33 - 000485520 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2017-11-16 12:20 - 2017-11-01 22:26 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-11-16 12:20 - 2017-11-01 22:21 - 012205056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-11-16 12:20 - 2017-11-01 22:16 - 000635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2017-11-16 12:20 - 2017-11-01 22:15 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-11-16 12:20 - 2017-11-01 22:14 - 003662848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-11-16 12:20 - 2017-11-01 22:12 - 002028032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-11-16 12:20 - 2017-11-01 22:12 - 000693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-11-16 12:20 - 2017-11-01 22:12 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2017-11-16 12:20 - 2017-11-01 22:12 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-11-16 12:20 - 2017-11-01 22:12 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2017-11-16 12:20 - 2017-11-01 22:12 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-11-16 12:20 - 2017-11-01 22:11 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-11-16 12:20 - 2017-11-01 22:11 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-11-16 12:20 - 2017-11-01 22:11 - 000099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-11-16 12:20 - 2017-11-01 22:09 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2017-11-16 12:20 - 2017-11-01 22:08 - 013107712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-11-16 12:20 - 2017-11-01 22:05 - 000626176 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPTpm12.dll
2017-11-16 12:20 - 2017-11-01 22:05 - 000389120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-11-16 12:20 - 2017-11-01 22:05 - 000297984 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-11-16 12:20 - 2017-11-01 22:05 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-11-16 12:20 - 2017-11-01 22:05 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-11-16 12:20 - 2017-11-01 22:04 - 003401216 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-11-16 12:20 - 2017-11-01 22:04 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-11-16 12:20 - 2017-11-01 22:04 - 000453632 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-11-16 12:20 - 2017-11-01 22:04 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-11-16 12:20 - 2017-11-01 22:04 - 000253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2017-11-16 12:20 - 2017-11-01 22:04 - 000171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-11-16 12:20 - 2017-11-01 22:04 - 000159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-11-16 12:20 - 2017-11-01 22:03 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-11-16 12:20 - 2017-11-01 22:03 - 000551424 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-11-16 12:20 - 2017-11-01 22:03 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-11-16 12:20 - 2017-11-01 22:01 - 002538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-11-16 12:20 - 2017-11-01 22:01 - 001984512 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-11-16 12:20 - 2017-11-01 22:00 - 004742144 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-11-16 12:20 - 2017-11-01 22:00 - 002097664 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-11-16 12:20 - 2017-11-01 22:00 - 000903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-11-16 12:20 - 2017-11-01 22:00 - 000799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-11-16 12:20 - 2017-11-01 22:00 - 000760320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-11-16 12:20 - 2017-11-01 22:00 - 000589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-11-16 12:20 - 2017-11-01 21:58 - 001285120 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-11-16 12:20 - 2017-10-09 02:40 - 001117016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2017-11-16 12:20 - 2017-10-09 02:37 - 000199000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2017-11-16 12:20 - 2017-10-09 02:37 - 000097120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll
2017-11-16 12:20 - 2017-10-09 02:35 - 001181528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-11-16 12:20 - 2017-10-09 02:33 - 000652344 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2017-11-16 12:20 - 2017-10-09 02:30 - 000509784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-11-16 12:20 - 2017-10-09 02:27 - 000206176 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-11-16 12:20 - 2017-10-09 02:26 - 002529120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-11-16 12:20 - 2017-10-09 02:26 - 001102680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-11-16 12:20 - 2017-10-09 02:25 - 000392024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2017-11-16 12:20 - 2017-10-09 02:24 - 000304232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-11-16 12:20 - 2017-10-09 02:22 - 001600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-11-16 12:20 - 2017-10-09 02:02 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mgmtapi.dll
2017-11-16 12:20 - 2017-10-09 02:00 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mgmtapi.dll
2017-11-16 12:20 - 2017-10-09 01:58 - 000173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-11-16 12:20 - 2017-10-09 01:57 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-11-16 12:20 - 2017-10-09 01:57 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCredential.dll
2017-11-16 12:20 - 2017-10-09 01:55 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-11-16 12:20 - 2017-10-09 01:55 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\system32\regsvc.dll
2017-11-16 12:20 - 2017-10-09 01:55 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2017-11-16 12:20 - 2017-10-09 01:54 - 000132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2017-11-16 12:20 - 2017-10-09 01:53 - 001478656 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-11-16 12:20 - 2017-10-09 01:52 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-11-16 12:20 - 2017-10-09 01:52 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll
2017-11-16 12:20 - 2017-10-09 01:51 - 000582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2017-11-16 12:20 - 2017-10-09 01:51 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2017-11-16 12:20 - 2017-10-09 01:51 - 000069120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spbcd.dll
2017-11-16 12:20 - 2017-10-09 01:50 - 001373184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-11-16 12:20 - 2017-10-09 01:50 - 000069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
2017-11-16 12:20 - 2017-10-09 01:48 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-11-16 12:20 - 2017-10-09 01:44 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-11-16 12:20 - 2017-10-09 01:44 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-11-16 12:20 - 2017-10-09 01:44 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2017-11-16 12:20 - 2017-10-09 01:43 - 001231360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-11-16 12:20 - 2017-10-09 01:41 - 001817088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-11-16 12:20 - 2017-10-09 00:29 - 000788624 _____ C:\WINDOWS\SysWOW64\locale.nls
2017-11-16 12:20 - 2017-10-09 00:29 - 000788624 _____ C:\WINDOWS\system32\locale.nls
2017-11-16 12:20 - 2017-03-04 06:29 - 000289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-11-16 12:20 - 2017-03-04 06:07 - 000909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2017-11-08 17:32 - 2017-11-08 17:35 - 000066150 _____ C:\Users\VINCENT\Downloads\Addition.txt
2017-11-08 17:29 - 2017-12-01 15:59 - 000000000 ____D C:\FRST
2017-11-08 17:29 - 2017-11-08 17:35 - 000076268 _____ C:\Users\VINCENT\Downloads\FRST.txt
2017-11-08 17:28 - 2017-11-08 17:29 - 002403328 _____ (Farbar) C:\Users\VINCENT\Downloads\FRST64.exe
2017-11-05 14:26 - 2017-11-05 14:26 - 000000000 _____ C:\WINDOWS\SysWOW64\SBRC.dat
2017-11-05 14:26 - 2016-03-04 12:26 - 000032400 _____ (ThreatTrack Security) C:\WINDOWS\system32\Drivers\gfiutil.sys
2017-11-05 14:26 - 2015-08-27 07:31 - 000040584 _____ (ThreatTrack Security) C:\WINDOWS\system32\Drivers\gfiark.sys
2017-11-04 14:08 - 2017-11-04 14:08 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\VINCENT\Downloads\uSeRiNiT (1).exe
2017-11-04 14:03 - 2017-11-25 19:43 - 000000000 ____D C:\VIPRERESCUE
2017-11-04 13:58 - 2017-11-04 14:03 - 328708096 _____ C:\Users\VINCENT\Downloads\VIPRERescue.exe
2017-11-04 13:56 - 2017-11-04 13:56 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\VINCENT\Downloads\eXplorer.exe
2017-11-04 13:55 - 2017-11-04 13:55 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\VINCENT\Downloads\rkildfsl (2).exe
2017-11-04 13:52 - 2017-11-04 13:52 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\VINCENT\Downloads\uSeRiNiT.exe
2017-11-04 13:52 - 2017-11-04 13:52 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\VINCENT\Downloads\rkill (1).exe
2017-11-04 13:51 - 2017-11-04 13:51 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\VINCENT\Downloads\rkill.scr
2017-11-04 13:51 - 2017-11-04 13:51 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\VINCENT\Downloads\rkill.exe
2017-11-04 13:35 - 2017-11-04 13:35 - 000000000 ___HD C:\$SysReset
2017-11-04 12:38 - 2017-11-04 12:38 - 003449304 _____ (AVG Technologies CZ, s.r.o.) C:\Users\VINCENT\Downloads\AVG_Protection_Free_1606.exe
2017-11-04 12:38 - 2017-11-04 12:38 - 000000000 ____D C:\Users\VINCENT\AppData\Local\AvgSetupLog
2017-11-04 12:38 - 2017-11-04 12:38 - 000000000 ____D C:\Users\VINCENT\AppData\Local\Avg
2017-11-04 12:38 - 2017-11-04 12:38 - 000000000 ____D C:\ProgramData\Avg
2017-11-04 12:35 - 2017-11-04 12:36 - 006334880 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2017-11-04 10:43 - 2017-11-04 10:43 - 000820792 _____ (Roblox Corporation) C:\Users\VINCENT\Downloads\RobloxPlayerLauncher (4).exe
2017-11-03 16:34 - 2017-11-03 16:35 - 078346672 _____ (Malwarebytes ) C:\Users\VINCENT\Downloads\mb3-setup-consumer-3.3.1.2183.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-12-01 15:46 - 2016-07-16 11:47 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-12-01 15:43 - 2016-09-24 10:02 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-12-01 11:29 - 2017-09-29 17:34 - 000000000 ____D C:\Program Files\rempl
2017-12-01 08:28 - 2016-07-16 11:47 - 000000000 ____D C:\WINDOWS\registration
2017-12-01 08:25 - 2017-09-30 15:16 - 000000000 ___HD C:\$WINDOWS.~BT
2017-12-01 08:23 - 2016-09-24 11:09 - 000026673 _____ C:\WINDOWS\diagwrn.xml
2017-12-01 08:23 - 2016-09-24 11:09 - 000026673 _____ C:\WINDOWS\diagerr.xml
2017-11-30 20:35 - 2016-09-24 10:10 - 001771110 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-30 20:30 - 2016-09-24 10:05 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-11-30 20:30 - 2015-03-08 19:23 - 000000000 __SHD C:\Users\VINCENT\IntelGraphicsProfiles
2017-11-30 20:28 - 2016-09-24 11:05 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-30 20:27 - 2016-07-16 06:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2017-11-30 19:24 - 2016-09-24 11:01 - 000000000 ___DC C:\WINDOWS\Panther
2017-11-30 18:51 - 2015-01-28 15:44 - 000000000 ____D C:\Users\VINCENT\Documents\Youcam
2017-11-30 18:42 - 2015-08-12 08:21 - 000000008 __RSH C:\ProgramData\ntuser.pol
2017-11-30 18:37 - 2016-11-14 11:43 - 000000000 ____D C:\Users\VINCENT\AppData\LocalLow\Temp
2017-11-30 18:31 - 2013-08-22 15:36 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-11-30 18:21 - 2016-07-16 06:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-11-30 18:20 - 2015-10-30 07:24 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-11-30 08:27 - 2016-07-16 11:47 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-29 01:09 - 2016-07-16 11:47 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-28 08:21 - 2015-01-28 07:26 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-11-28 06:36 - 2016-07-16 11:47 - 000000000 ____D C:\WINDOWS\rescache
2017-11-27 23:14 - 2016-07-16 11:45 - 000000000 ____D C:\WINDOWS\INF
2017-11-27 23:11 - 2016-09-24 10:02 - 000358312 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-11-27 23:09 - 2017-06-16 22:45 - 000000000 ___SD C:\WINDOWS\UpdateAssistantV2
2017-11-27 23:09 - 2016-07-16 11:47 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-11-27 23:09 - 2016-07-16 11:47 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-11-27 22:22 - 2016-07-16 11:36 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-11-27 15:33 - 2017-10-10 20:55 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-11-27 15:32 - 2015-01-31 02:30 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-11-27 12:20 - 2017-04-28 16:08 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-11-26 13:15 - 2015-06-16 15:13 - 000000000 ____D C:\Program Files (x86)\Steam
2017-11-26 13:14 - 2015-01-28 15:42 - 000000000 ____D C:\Users\VINCENT\AppData\Local\Packages
2017-11-25 15:14 - 2016-09-24 10:11 - 000000000 ____D C:\Users\VINCENT
2017-11-23 17:43 - 2015-09-13 16:44 - 000000000 ____D C:\Users\VINCENT\AppData\Roaming\Skype
2017-11-21 10:40 - 2015-07-20 18:14 - 000545440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-11-17 17:31 - 2017-05-21 18:12 - 000000000 ____D C:\Program Files\HP
2017-11-17 17:31 - 2016-09-24 10:06 - 000000000 ____D C:\ProgramData\HP
2017-11-16 17:54 - 2016-07-16 11:47 - 000231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2017-11-16 17:54 - 2016-07-16 11:47 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2017-11-16 17:54 - 2016-07-16 11:47 - 000000000 ___RD C:\Program Files\Windows Defender
2017-11-16 17:54 - 2016-07-16 11:47 - 000000000 ____D C:\WINDOWS\SysWOW64\en-GB
2017-11-16 17:54 - 2016-07-16 11:47 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-11-16 17:54 - 2016-07-16 11:47 - 000000000 ____D C:\WINDOWS\system32\en-GB
2017-11-16 17:54 - 2016-07-16 11:47 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-11-16 17:54 - 2016-07-16 11:47 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2017-11-16 12:45 - 2015-01-31 02:30 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-11-08 20:01 - 2016-10-06 17:22 - 000000000 ____D C:\Program Files (x86)\Glyph
2017-11-05 14:35 - 2016-05-23 18:37 - 000000251 _____ C:\Users\VINCENT\AppData\LocalLow\rbxcsettings.rbx
2017-11-05 00:47 - 2017-07-11 20:14 - 000835568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-11-05 00:47 - 2017-07-11 20:14 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-04 13:21 - 2015-03-08 18:34 - 000000000 ____D C:\Users\VINCENT\AppData\Local\ElevatedDiagnostics
==================== Files in the root of some directories =======
2016-12-12 18:50 - 2016-11-23 13:37 - 000000570 _____ () C:\Users\VINCENT\AppData\Local\TroubleshooterConfig.json
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-11-26 13:53
==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-11-2017
Ran by VINCENT (01-12-2017 15:59:57)
Running from C:\Users\VINCENT\Desktop
Windows 10 Home Version 1607 14393.1914 (X64) (2016-09-24 11:25:50)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-61005078-2373781621-4259978329-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-61005078-2373781621-4259978329-503 - Limited - Disabled)
Guest (S-1-5-21-61005078-2373781621-4259978329-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-61005078-2373781621-4259978329-1003 - Limited - Enabled)
VINCENT (S-1-5-21-61005078-2373781621-4259978329-1001 - Administrator - Enabled) => C:\Users\VINCENT
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Ableton Live 9 Lite (HKLM\...\{9130C3A8-3BEA-4A24-88F9-50EFB036F999}) (Version: 9.0.0.0 - Ableton)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 27.0.0.124 - Adobe Systems Incorporated)
Ample Bass P Lite II version 2.3.1 (HKLM-x32\...\{26ACA0DD-7C66-40D7-B992-CC27CA024F2A}_is1) (Version: 2.3.1 - Ample Sound Technology Co., Ltd.)
ANT Drivers Installer x64 (HKLM\...\{7664AF65-7B0D-4171-9F0F-50455278B428}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.13 - Michael Tippach)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.7.2314 - AVAST Software)
Bejeweled 3 (HKLM-x32\...\WTA-4503b4b6-0fae-4892-9453-df2ee9c29aea) (Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BOSS TONE STUDIO for GT (HKLM-x32\...\{29D27D34-9609-11D9-098D-4A868943B6F1}) (Version: 1.1.3 - Roland Corporation) Hidden
BOSS TONE STUDIO for GT (HKLM-x32\...\BOSS-TONE-STUDIO-for-GT) (Version: 1.1.3 - Roland Corporation)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version:  - Broadcom Corporation)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version:  - Broadcom Corporation)
Broadcom Bluetooth Drivers (HKLM\...\{0A1B4690-E176-4533-8058-939480AEE1D0}) (Version: 12.0.1.850 - Broadcom Corporation)
Build-a-lot (HKLM-x32\...\WTA-6e6aeb59-7920-4e07-beae-d658009663a8) (Version: 2.2.0.98 - WildTangent) Hidden
Building the Great Wall of China Collector's Edition (HKLM-x32\...\WTA-4e8eb2a5-1c2f-42b2-a795-e854c1a45b21) (Version: 3.0.2.48 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Crazy Chicken Soccer (HKLM-x32\...\WTA-f1e8e51e-1739-4158-aa96-6888839e778d) (Version: 2.2.0.110 - WildTangent) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.)
CyberLink MediaEspresso 6.7 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.7.1.4928 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.5.5724 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.6.3702 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.6.4422 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4.4230 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.3.3907 - CyberLink Corp.)
DigiTech RP1000 Drivers (HKLM\...\{BFC66125-5A67-45A6-8B3A-7DDFA3910D30}) (Version: 2.1.1 - DigiTech) Hidden
DigiTech RP1000 Drivers (HKLM-x32\...\DigiTech RP1000 Drivers) (Version: 2.1.1 - DigiTech)
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Elevated Installer (HKLM-x32\...\{1052502B-4C91-43F9-B160-AE39ED57C9F0}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: 6.9.2.1179 - Steinberg Media Technologies GmbH)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
EPSON SX420W Series Printer Uninstall (HKLM\...\EPSON SX420W Series) (Version:  - SEIKO EPSON Corporation)
Evernote v. 5.1.1 (HKLM-x32\...\{19ABCFE2-7EED-11E3-B98A-00163E98E7D6}) (Version: 5.1.1.2334 - Evernote Corp.)
Farm Frenzy (HKLM-x32\...\WTA-2bf9a606-6d85-43af-bf63-67a21cae596c) (Version: 2.2.0.98 - WildTangent) Hidden
Garmin Express (HKLM-x32\...\{BCC7CA85-E57F-452D-BB44-15A1CE018BD0}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{bd8bd200-9a60-4969-b267-6b565f36e3da}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express Tray (HKLM-x32\...\{DA9C865D-6762-4931-8588-0B13B7A0796B}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-90ca4f56-9c88-454b-af27-16cedbc08293) (Version: 2.2.0.110 - WildTangent) Hidden
GT-001 Driver (HKLM\...\RolandRDID0148) (Version:  - Roland Corporation)
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Documentation (HKLM-x32\...\{8126E380-F9C6-4317-9CEE-9BBDDAB676E5}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
HP ENVY 5640 series Basic Device Software (HKLM\...\{BA8749DB-3A36-4CA3-B84C-6007C6E4F84F}) (Version: 40.11.1107.1739 - HP Inc.)
HP ENVY 5640 series Help (HKLM-x32\...\{B04B1DB6-0AA9-4790-95CE-5A45C8F647FD}) (Version: 34.0.0 - Hewlett Packard)
HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
HP My Display (HKLM-x32\...\{448286F7-9BCC-4254-A6DC-CB40DC852F55}) (Version: 2.08.20.0 - Portrait Displays, Inc.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7493.4758 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.06 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.5.37.19 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.8.37.11 - Hewlett-Packard Company)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Ignite (HKLM-x32\...\{9A731246-E02E-44DC-940D-0F8110C1789D}) (Version: 1.3.1 - AIR Music Technology)
Ignite (HKLM-x32\...\{9C3723A2-E8F3-4F55-8655-8176E50E2D19}) (Version: 1.3.1 - AIR Music Technology) Hidden
Inst5675 (HKLM\...\{2DE6247C-7077-451B-8BA7-FFD1A2ABBB47}) (Version: 8.01.06 - Softex Inc.) Hidden
Inst5676 (HKLM\...\{878F6913-7421-4713-97F7-0A736EE2A188}) (Version: 8.01.06 - Softex Inc.) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4360 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.)
Java 8 Update 92 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418092F0}) (Version: 8.0.920.14 - Oracle Corporation)
Jewel Match 3 (HKLM-x32\...\WTA-a0a59cb7-f1c5-4a82-8a37-f684743e7446) (Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
M-Audio Axiom AIR Mini 32 1.0.1 (x64) (HKLM\...\{613163E3-0FC3-4CA3-8835-05D2D6C03523}) (Version: 1.0.1 - M-Audio)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-61005078-2373781621-4259978329-1001\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.12.1.43352 - Electronic Arts, Inc.)
PACE License Support Win64 (HKLM\...\{72ad9d51-0903-4fe7-af5d-33b3185fa6e9}) (Version: 2.4.2.0737 - PACE Anti-Piracy, Inc.) Hidden
PACE License Support Win64 (HKLM-x32\...\InstallShield_{72ad9d51-0903-4fe7-af5d-33b3185fa6e9}) (Version: 2.4.2.0737 - PACE Anti-Piracy, Inc.)
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-503e1451-a92d-4fac-be9a-0429304c5dc8) (Version: 3.0.2.51 - WildTangent) Hidden
Pokémon Trading Card Game Online (HKLM-x32\...\{095E9DEE-7EBA-4197-8A50-54FF77BFCBAC}) (Version: 2.41.0 - The Pokémon Company International)
Polar Bowler (HKLM-x32\...\WTA-21f0b7a4-7c33-4811-bb46-03bf391547c8) (Version: 2.2.0.97 - WildTangent) Hidden
Product Improvement Study for HP ENVY 5640 series (HKLM\...\{2FA76FDB-0A84-4AFD-B5AE-7785C2510AF6}) (Version: 40.11.1107.1739 - HP Inc.)
Ranch Rush 2 - Premium Edition (HKLM-x32\...\WTA-c14e0424-bb2c-4381-9ceb-1b05f25652f5) (Version: 2.2.0.98 - WildTangent) Hidden
Rapture3D 2.4.11 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10143.21278 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.23.1126.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7548 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.7316 - CyberLink Corp.) Hidden
Roblox Player for VINCENT (HKU\S-1-5-21-61005078-2373781621-4259978329-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - Roblox Corporation)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype Web Plugin (HKLM-x32\...\{E5A9C069-5D0C-4EA2-A07E-973014B99F0C}) (Version: 7.2.0.422 - Skype Technologies S.A.)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Steinberg Cubase LE 5 (HKLM-x32\...\{50C78780-1A54-4A5C-B3A7-FF828C62C5C2}) (Version: 5.1.2 - Steinberg Media Technologies GmbH)
Steinberg HALionOne (HKLM-x32\...\{E70E7159-93B1-470D-9FBD-D8E9EF34B538}) (Version: 1.1.0.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Essential Set (HKLM-x32\...\{C04D5974-F528-4347-A494-EAF56124CC1A}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1250 - SUPERAntiSpyware.com)
Trinklit Supreme (HKLM-x32\...\WTA-a1abbbe5-becb-4ef4-b5b8-e2dcffe9b0db) (Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (HKLM-x32\...\WTA-6bb2105f-d916-4538-8d09-9c55835fdd5e) (Version: 3.0.2.32 - WildTangent) Hidden
Virtual Families (HKLM-x32\...\WTA-97af6557-28de-426e-9bac-fdd4dbda3596) (Version: 2.2.0.98 - WildTangent) Hidden
Wedding Dash (HKLM-x32\...\WTA-bedbeb75-b58e-403a-b57c-15ddc334f04f) (Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.11.2 - WildTangent) Hidden
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
X-Edit (HKLM-x32\...\{47107F5F-FDEC-4A01-896C-E76245743F1A}) (Version: 2.7.1.1 - DigiTech) Hidden
X-Edit (HKLM-x32\...\X-Edit) (Version: 2.7.1.1 - DigiTech)
Youda Jewel Shop (HKLM-x32\...\WTA-4c62c20e-7496-4446-929d-01cbc7e1c82c) (Version: 3.0.2.51 - WildTangent) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-61005078-2373781621-4259978329-1001_Classes\CLSID\{20BEBD18-11D0-4470-AAE1-F34B9E8D9761}\InprocServer32 -> C:\Users\VINCENT\AppData\Local\SkypePlugin\7.2.0.422\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-61005078-2373781621-4259978329-1001_Classes\CLSID\{B5322578-1624-4C26-BB8C-E366FFB9314F}\localserver32 -> C:\Users\VINCENT\AppData\Local\SkypePlugin\7.2.0.422\GatewayVersion-x64.exe (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-28] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-28] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-28] (AVAST Software)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2014-01-08] (Cyberlink)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2014-01-08] (Cyberlink)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-28] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-01-19] (Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\WINDOWS\system32\igfxOSP.dll [2016-01-19] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-28] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {03CEF316-AE3B-443E-8F7F-454AEEC447EB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {0502FD51-CB24-45EE-ACEF-D4ED790E37BA} - System32\Tasks\{82CEF556-8A21-47C3-A43D-9087AD770202} => "c:\program files\internet explorer\iexplore.exe" hxxps://ui.skype.com/ui/0/7.39.0.102/en/abandoninstall?page=tsProgressBar
Task: {08716796-08F3-4781-83F4-17BE63C154FC} - System32\Tasks\{4E18870E-53C2-4053-BCAA-B057E5196A3B} => "c:\program files\internet explorer\iexplore.exe" hxxps://ui.skype.com/ui/0/7.39.0.102/en/abandoninstall?page=tsProgressBar
Task: {0CEDE914-13E4-4702-8AFA-F35B54361EF8} - System32\Tasks\{C82AECA2-F2E3-44F7-87B1-4F03A8626F15} => "c:\program files\internet explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/7.25.0.106/en/abandoninstall?page=tsProgressBar
Task: {10072AC6-F8FB-4057-85E6-C7621244CC7A} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-17] ()
Task: {1086C7CC-553A-46DA-AED2-4822E71CC813} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\VINCENT\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {120635B1-02EB-472E-8B94-D6D61381E92B} - System32\Tasks\{23974633-A98A-4FE8-A104-D3426937EB02} => "c:\program files\internet explorer\iexplore.exe" hxxps://ui.skype.com/ui/0/7.33.0.105/en/abandoninstall?page=tsInstall
Task: {141A23B7-FC16-4F61-AABC-533506C81EDE} - System32\Tasks\HPCustParticipation HP ENVY 5640 series => C:\Program Files\HP\HP ENVY 5640 series\Bin\HPCustPartic.exe [2017-02-08] (HP Inc.)
Task: {26956F50-14D4-4B55-B7B6-773644BE366E} - System32\Tasks\SUPERAntiSpyware Scheduled Task 374be41b-4387-48eb-a39e-90a86f48af4f => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {27F64E4E-1E6D-4242-81FA-2E570693810E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-10-09] (Microsoft Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {41B397CE-12EC-4263-AEEC-8EE2DF6383CE} - System32\Tasks\{674919B6-9508-456B-8555-1C6DB3D30FBA} => "c:\program files\internet explorer\iexplore.exe" hxxps://ui.skype.com/ui/0/7.39.0.102/en/abandoninstall?page=tsProgressBar
Task: {44A4D6B3-BC65-46C6-8906-A6F79BEDACDC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-11-27] (Microsoft Corporation)
Task: {4872E1E9-C28A-4C37-9B29-2E21A85045FC} - System32\Tasks\{3CE9FAE0-70CF-44AB-8CD8-D594981EFEB3} => "c:\program files\internet explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/7.26.0.101/en/abandoninstall?page=tsProgressBar
Task: {591EB34F-11D9-4736-AF2B-94101C4D4160} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {5C399377-8772-4031-9454-B51F5289BE92} - System32\Tasks\YCMServiceAgent => c:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-03-07] (CyberLink Corp.)
Task: {6687ACB6-48A5-4428-A6C3-2430A9AEA766} - System32\Tasks\{14594933-48B2-4983-90E0-3687BBFB9061} => "c:\program files\internet explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/7.25.0.106/en/abandoninstall?page=tsProgressBar
Task: {67ACE5C8-5FE3-477F-AB0B-3272452CD807} - System32\Tasks\{8A567FF2-B876-47C9-BF89-7251C126B1C6} => "c:\windows\system32\launchwinapp.exe" hxxp://ui.skype.com/ui/0/7.24.0.104/en/abandoninstall?page=tsProgressBar
Task: {6941CEC9-9C95-4722-A5D2-326D6C3F7911} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-11-08] (HP Inc.)
Task: {6C89A731-F626-43C9-88E7-58AE66A303CD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {6D825A09-C460-4882-9615-733562AAF34E} - System32\Tasks\{4F87D9D9-E038-40D0-B202-7D4792EF8169} => C:\WINDOWS\system32\pcalua.exe -a C:\ProgramData\{C5EE6DA0-A057-4009-BADC-FB7523A5715F}\X-Edit.exe -c REMOVE=TRUE MODIFY=FALSE
Task: {76DC2823-BDD6-48CB-A5E0-A1A8972EA9C4} - System32\Tasks\Microsoft\Windows\rempl\shell => C:\Program Files\rempl\remsh.exe
Task: {7779CFE3-D760-4ED2-935B-AE32196EE047} - System32\Tasks\{D1A29812-B29D-481C-A803-24E79FBE7896} => C:\windows\system32\pcalua.exe -a C:\Users\VINCENT\Downloads\forge-1.8-11.14.1.1334-installer-win.exe -d C:\Users\VINCENT\Downloads
Task: {8424B7D2-4424-410D-B787-9F58BC5FA778} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant printer driver installation => C:\WINDOWS\TEMP\EN5640__Full_WebPack_1107.exe <==== ATTENTION
Task: {8F6146BB-0BC4-4578-9916-473174A3E53D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {96C83B6D-6884-4663-9A25-F5FD01BC3BA5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-10-09] (Microsoft Corporation)
Task: {A1226773-4D8C-4591-BB13-BE70DA02D1DE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-10-09] (Microsoft Corporation)
Task: {A7F0E571-C0EC-4689-B104-167A76EEAE1D} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-03-28] ()
Task: {AC14622D-A4BC-47AE-B2C6-6604FFC32F39} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-10-09] (Microsoft Corporation)
Task: {B095FDC6-6A03-4F77-89BA-4DE40E4016D7} - System32\Tasks\{350094FC-FACE-41D5-8B91-9F7CC3722C74} => "c:\program files\internet explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/7.25.0.106/en/abandoninstall?page=tsProgressBar
Task: {B1A07583-AFA1-4422-A8E8-AD501DE0980D} - System32\Tasks\Microsoft\Windows\rempl\shell-unlock => C:\Program Files\rempl\remsh.exe
Task: {C8EBF192-538B-42DF-8FC7-EE98349578DC} - System32\Tasks\SUPERAntiSpyware Scheduled Task 0fd020c8-16a7-436e-83e1-876308315550 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {CF65F259-0859-45C3-A43C-7088F2F4BB2B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {D51F380B-9743-43B3-ABC9-1A394B2A11E4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {DE1D7AC2-B698-4FD5-B5A5-71A7C6910F71} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-11-28] (AVAST Software)
Task: {F1167672-9E61-40F5-9388-938550865447} - System32\Tasks\{F12A1056-6948-4136-A393-AD26B927ABD1} => "c:\program files\internet explorer\iexplore.exe" hxxps://ui.skype.com/ui/0/7.32.0.104/en/abandoninstall?page=tsMain
Task: {F2C4084D-7F33-4490-9ACC-01827C845CDE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {F92665F2-6429-4AA3-A7D9-97FE46731B94} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-10-11] (HP Inc.)
Task: {FF6E27E8-385F-461F-B2A7-B181C4745347} - System32\Tasks\{8BDE11AF-3E6D-4F29-B4ED-5521F55D08EA} => "c:\program files\internet explorer\iexplore.exe" hxxps://ui.skype.com/ui/0/7.32.0.104/en/abandoninstall?page=tsProgressBar
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 0fd020c8-16a7-436e-83e1-876308315550.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 374be41b-4387-48eb-a39e-90a86f48af4f.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============
2016-07-16 11:42 - 2016-07-16 11:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-09-13 15:57 - 2017-09-07 06:01 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2014-02-07 10:24 - 2014-02-07 10:24 - 002108928 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-02-07 10:21 - 2014-02-07 10:21 - 000035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-02-07 10:21 - 2014-02-07 10:21 - 000055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-02-07 10:21 - 2014-02-07 10:21 - 000021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-02-07 10:40 - 2014-02-07 10:40 - 000368528 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-02-07 10:40 - 2014-02-07 10:40 - 000714128 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2015-05-15 15:26 - 2015-05-15 15:26 - 000085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 15:26 - 2015-05-15 15:26 - 001346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-11-29 17:24 - 2017-11-01 08:55 - 002299344 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2016-09-24 10:56 - 2016-09-24 10:56 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-15 17:40 - 2017-03-04 06:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-15 17:41 - 2017-03-04 06:12 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-15 17:41 - 2017-03-04 06:05 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-15 17:41 - 2017-03-04 06:05 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-11-27 22:12 - 2017-11-18 03:28 - 001033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-11-27 22:12 - 2017-11-18 03:28 - 002424832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-11-27 22:12 - 2017-11-18 03:31 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2014-02-07 10:28 - 2014-02-07 10:28 - 000065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2017-11-03 16:42 - 2017-11-03 16:42 - 001919680 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8700.40675.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2017-11-03 16:42 - 2017-11-03 16:42 - 001226416 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8700.40675.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Word.dll
2017-11-15 13:18 - 2017-11-15 13:18 - 000061952 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11710.1001.27.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData:514A75302A0E5A4C [217]
AlternateDataStreams: C:\Users\All Users:514A75302A0E5A4C [217]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 13:25 - 2017-11-30 18:32 - 000000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-61005078-2373781621-4259978329-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "AvastUI.exe"
HKU\S-1-5-21-61005078-2373781621-4259978329-1001\...\StartupApproved\Run: => "GarminExpressTrayApp"
HKU\S-1-5-21-61005078-2373781621-4259978329-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-61005078-2373781621-4259978329-1001\...\StartupApproved\Run: => "Steam"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{83A1F4D5-4AD7-4DC5-B131-700B193F8ADA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\YoutubersLife\YoutubersLife.exe
FirewallRules: [{6EA883D9-3783-431F-BADF-EF8CB3090A1B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\YoutubersLife\YoutubersLife.exe
FirewallRules: [{8F253446-8481-4C46-AAA8-BCB11444D98A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\There's Poop In My Soup\PoopInMySoup.exe
FirewallRules: [{D93D7B02-AD6D-4450-B997-8570E8475CE7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\There's Poop In My Soup\PoopInMySoup.exe
FirewallRules: [{963E433A-1246-4C5E-98BF-8A436DA970D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TurboDismount\TurboDismount.exe
FirewallRules: [{4A46A9F9-DA58-4D55-BF64-2D3DB6CF1606}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TurboDismount\TurboDismount.exe
FirewallRules: [{981D4D2E-A3F1-4345-8761-9184462D2E7A}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [{7A913E68-8084-4AED-9AF8-E2094601A1B1}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [{308C19AF-8ED2-48F9-B98F-27F2F6DD6DB5}] => (Allow) C:\Users\VINCENT\AppData\Local\Temp\7zS714F\HPDiagnosticCoreUI.exe
FirewallRules: [{6C2B952F-8CF1-4E4D-B6FD-532F1D13140E}] => (Allow) C:\Users\VINCENT\AppData\Local\Temp\7zS714F\HPDiagnosticCoreUI.exe
FirewallRules: [{02A6940D-2113-456F-BCEF-AC55DB48ED9F}] => (Allow) C:\Users\VINCENT\AppData\Local\Temp\7zS70FA\HPDiagnosticCoreUI.exe
FirewallRules: [{E9913014-1404-4EA2-ACDD-DF2791D1EE13}] => (Allow) C:\Users\VINCENT\AppData\Local\Temp\7zS70FA\HPDiagnosticCoreUI.exe
FirewallRules: [{87607621-A183-4F50-AA95-131108B98B74}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{3912B2AD-A424-465D-8DAB-C417A055486A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Octodad Dadliest Catch\OctodadDadliestCatch.exe
FirewallRules: [{8E31C835-DDA4-44D4-BB17-B05247ECEA97}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Octodad Dadliest Catch\OctodadDadliestCatch.exe
FirewallRules: [{EBAF6C0D-C2CB-4355-863F-EE17BBD41CF8}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{6D1ADC78-75B4-44B6-B5D5-1B4D2FAE45A9}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{A633BAEA-AE1E-4C28-92AD-007AE71DA774}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CA486716-4697-4ADA-A626-5B7C435348A6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{80793AE5-39FE-4EF1-BC76-4C2A498DFA3A}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{F9AC422A-3D4D-42B5-8AB9-6EDF0D900A44}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{EE05BBD3-06D3-4601-A6A2-30C3B5734B3C}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [TCP Query User{DFE49AE8-22FE-4444-BC59-B925FA655315}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [UDP Query User{FC99D5D7-EC0F-4D4D-B660-4FE4DB57A18A}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{911B8683-F755-4D04-905C-019D552F082E}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{C4B419DE-50B4-4B50-ABAD-FAD1945DAFF3}C:\users\vincent\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\vincent\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{BE35506D-9769-4073-AC7E-76B24BA35F4F}C:\users\vincent\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\vincent\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{C8A4D20A-93D5-44CC-8D6A-C0481836C583}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{516975ED-B100-49A0-852E-6E045737E221}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{FBA4668B-91C2-4762-9573-8E71B05F5A17}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{44087DE7-8C25-4533-A261-312D47411A44}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{78DC77D8-028E-4EE3-825B-1B01B6FA1606}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{85DE178C-96D6-43F2-B654-5B17EE37E776}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{E7CE4BE2-9071-47E1-A90D-7B884664ECA6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{1CA65B3C-247C-414A-B244-7033FB7DC54C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{C50026BC-E891-45E9-812E-E9E8063FEDD9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{2A7E8BA1-CFB0-4029-8211-95922DA8439E}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{92405311-DDE2-47AF-9048-84580F772646}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{030D828A-C459-4A77-973F-9FA0312D24AA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3BFF507B-CEAE-4493-B215-6E45713A00AB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CC66EB30-6AFC-49EC-BB0F-6D0C6BA2E4FE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{23E31A2A-3C8E-4794-ACD6-78116D3F6180}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [TCP Query User{1249A627-DCDE-4543-B744-9BFF914FC8FE}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{8CFEF3CA-C04B-4316-BF86-83EC81A88DEF}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{2A42DDDD-E512-4C2E-BC6E-F7AB8B60B570}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{0F0721F3-A66E-4F78-AF99-1972A23E0E01}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{A98A03F2-0230-4AC2-8BBD-4407CD91BD86}] => (Allow) C:\Users\VINCENT\AppData\Local\Temp\7zS6B2F\HPDiagnosticCoreUI.exe
FirewallRules: [{5AB0EBB8-CCA7-401C-AE75-93CF8112E67A}] => (Allow) C:\Users\VINCENT\AppData\Local\Temp\7zS6B2F\HPDiagnosticCoreUI.exe
FirewallRules: [{9847452F-9E40-47E1-A0C6-6219406A57F8}] => (Allow) C:\Users\VINCENT\AppData\Local\Temp\7zS4768\HPDiagnosticCoreUI.exe
FirewallRules: [{22E727CC-CBE9-4803-ABC0-955BBB088018}] => (Allow) C:\Users\VINCENT\AppData\Local\Temp\7zS4768\HPDiagnosticCoreUI.exe
FirewallRules: [{34AB8337-2FD4-4026-BFDA-FD7626C8DE88}] => (Allow) C:\Users\VINCENT\AppData\Local\Temp\7zS47AA\HPDiagnosticCoreUI.exe
FirewallRules: [{05E44358-7A24-4813-98C4-A0CC9AC18812}] => (Allow) C:\Users\VINCENT\AppData\Local\Temp\7zS47AA\HPDiagnosticCoreUI.exe
FirewallRules: [{AD4B06A7-D52A-46CD-AEB8-9F9584D818A4}] => (Allow) C:\Users\VINCENT\AppData\Local\Temp\7zS573E\HPDiagnosticCoreUI.exe
FirewallRules: [{091B97E5-395C-4A63-95EC-E3A3E21D310E}] => (Allow) C:\Users\VINCENT\AppData\Local\Temp\7zS573E\HPDiagnosticCoreUI.exe
FirewallRules: [{675ED59F-0CB9-4CFE-AC3B-1C305A4E7731}] => (Allow) C:\Users\VINCENT\AppData\Local\Temp\7zS17AF\HPDiagnosticCoreUI.exe
FirewallRules: [{C5A5886C-8271-4359-B06A-F8DA9FEE21D1}] => (Allow) C:\Users\VINCENT\AppData\Local\Temp\7zS17AF\HPDiagnosticCoreUI.exe
FirewallRules: [{E5332E16-636E-4BB2-9654-D58086B15735}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{AF6F891B-A19D-419D-985D-009169FAC5F8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{436AFCF4-8DF4-4BF4-9D46-82A48A78F423}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Digimon Masters Online - Steam\DMLauncher.exe
FirewallRules: [{45487AB5-98AE-4BEA-806F-D932BA004BB8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Digimon Masters Online - Steam\DMLauncher.exe
FirewallRules: [{A11548FC-B577-451B-BB61-B452317845C6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{B3192EB1-4D38-4B86-989A-4B461E3F5A19}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{A22138BE-2915-40F2-A18A-781471B2463B}] => (Allow) C:\Users\VINCENT\AppData\Local\Temp\7zS377A\HPDiagnosticCoreUI.exe
FirewallRules: [{E822206F-D2E8-402D-8F2A-DAC17513874A}] => (Allow) C:\Users\VINCENT\AppData\Local\Temp\7zS377A\HPDiagnosticCoreUI.exe
FirewallRules: [{DF2ABF49-805D-4682-A3A3-8BA0FD57D8A2}] => (Allow) C:\Users\VINCENT\AppData\Local\Temp\7zS37D6\HPDiagnosticCoreUI.exe
FirewallRules: [{52A1234C-D5D1-474E-8440-CF9385F3EA82}] => (Allow) C:\Users\VINCENT\AppData\Local\Temp\7zS37D6\HPDiagnosticCoreUI.exe
FirewallRules: [{8B4C1147-8EDB-464B-AACD-CC93EEA2BE94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DiRT Showdown\showdown.exe
FirewallRules: [{6D64C5C3-9A32-4612-8C14-09B81D28EEEB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DiRT Showdown\showdown.exe
FirewallRules: [{EB01A0AA-195A-4ADB-8482-34F3CDD1B379}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\A Story About My Uncle\Binaries\Win32\ASAMU-Win32-Shipping.exe
FirewallRules: [{984FD65F-9DE1-4DB8-8890-4A7AE88D7D33}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\A Story About My Uncle\Binaries\Win32\ASAMU-Win32-Shipping.exe
FirewallRules: [{E9F86F6B-C59C-4682-8459-9ED53CF3D012}] => (Allow) C:\Program Files\HP\HP ENVY 5640 series\Bin\DeviceSetup.exe
FirewallRules: [{CA492791-1BC5-4BF2-9E2B-8BA41F987F4F}] => (Allow) LPort=5357
FirewallRules: [{DCDC1670-31F9-45C3-9C49-5910ED495801}] => (Allow) C:\Program Files\HP\HP ENVY 5640 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{1A2FB5E7-B71B-4D0B-B907-6BB31C3F39BD}] => (Allow) C:\Users\VINCENT\AppData\Local\Temp\7zS0067\HPDiagnosticCoreUI.exe
FirewallRules: [{42E5567B-E8A0-4007-829E-1A7A92D9E8EB}] => (Allow) C:\Users\VINCENT\AppData\Local\Temp\7zS0067\HPDiagnosticCoreUI.exe
FirewallRules: [{15ABDFE4-A67D-4116-9DC8-E38B221A5837}] => (Allow) C:\Users\VINCENT\AppData\Local\Temp\7zS00D0\HPDiagnosticCoreUI.exe
FirewallRules: [{EB6F02C2-1B81-4BC7-83CD-E56DAD7001CD}] => (Allow) C:\Users\VINCENT\AppData\Local\Temp\7zS00D0\HPDiagnosticCoreUI.exe
FirewallRules: [{75C77B19-A585-4D32-B422-152296F6BCA2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Escapists\TheEscapists.exe
FirewallRules: [{7C652DFC-0549-4EF0-8A48-A6E670A1FA68}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Escapists\TheEscapists.exe
FirewallRules: [{BD83345D-DBC7-4A2A-A865-B7E5CD682137}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{1264CC8C-EE7C-416D-97D9-E223D9DC718D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
==================== Restore Points =========================
29-11-2017 22:54:06 Windows Update
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (12/01/2017 12:33:11 PM) (Source: MsiInstaller) (EventID: 1002) (User: NT AUTHORITY)
Description: Unexpected or missing value (name: 'PackageName', value: '') in key 'HKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList'
Error: (12/01/2017 11:29:23 AM) (Source: MsiInstaller) (EventID: 11722) (User: NT AUTHORITY)
Description: Product: Update for Windows 10 for x64-based Systems (KB4023057) -- Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor.  Action CreateScheduledTaskShell, location: C:\Program Files\rempl\, command: C:\WINDOWS\SysWOW64\schtasks.exe -create -tn Microsoft\Windows\rempl\shell -xml rempl.xml -F
Error: (12/01/2017 05:44:11 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\System32\CloudExperienceHostCommon.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Runtime Broker because of this error.
Program: Runtime Broker
File: C:\Windows\System32\CloudExperienceHostCommon.dll
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
 - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
 - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
Additional Data
Error value: C0000242
Disk type: 3
Error: (12/01/2017 05:44:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RuntimeBroker.exe, version: 10.0.14393.0, time stamp: 0x57899b96
Faulting module name: CloudExperienceHostCommon.dll, version: 10.0.14393.1715, time stamp: 0x59b0d6a8
Exception code: 0xc0000006
Fault offset: 0x0000000000008590
Faulting process ID: 0x23b4
Faulting application start time: 0x01d36a1adea28651
Faulting application path: C:\Windows\System32\RuntimeBroker.exe
Faulting module path: C:\Windows\System32\CloudExperienceHostCommon.dll
Report ID: c7fa040f-9c06-414a-b521-fa1f4029bf51
Faulting package full name:
Faulting package-relative application ID:
Error: (11/30/2017 08:36:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RuntimeBroker.exe, version: 10.0.14393.0, time stamp: 0x57899b96
Faulting module name: ntdll.dll, version: 10.0.14393.1715, time stamp: 0x59b0d03e
Exception code: 0xc0000005
Fault offset: 0x00000000000495fc
Faulting process ID: 0x1760
Faulting application start time: 0x01d36a1ad8f8fce0
Faulting application path: C:\Windows\System32\RuntimeBroker.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report ID: 9ea48748-a39e-4d87-8953-9767b602e604
Faulting package full name:
Faulting package-relative application ID:
Error: (11/30/2017 08:36:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RuntimeBroker.exe, version: 10.0.14393.0, time stamp: 0x57899b96
Faulting module name: ntdll.dll, version: 10.0.14393.1715, time stamp: 0x59b0d03e
Exception code: 0xc0000005
Fault offset: 0x00000000000495fc
Faulting process ID: 0x13e4
Faulting application start time: 0x01d36a1a0f18856e
Faulting application path: C:\Windows\System32\RuntimeBroker.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report ID: 91357d56-10f9-42ba-a82c-9dc9e362f443
Faulting package full name:
Faulting package-relative application ID:
Error: (11/30/2017 07:14:05 PM) (Source: MsiInstaller) (EventID: 11722) (User: NT AUTHORITY)
Description: Product: Update for Windows 10 for x64-based Systems (KB4023057) -- Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor.  Action CreateScheduledTaskShell, location: C:\Program Files\rempl\, command: C:\WINDOWS\SysWOW64\schtasks.exe -create -tn Microsoft\Windows\rempl\shell -xml rempl.xml -F
Error: (11/30/2017 06:51:57 PM) (Source: MsiInstaller) (EventID: 11722) (User: NT AUTHORITY)
Description: Product: Update for Windows 10 for x64-based Systems (KB4023057) -- Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor.  Action CreateScheduledTaskShell, location: C:\Program Files\rempl\, command: C:\WINDOWS\SysWOW64\schtasks.exe -create -tn Microsoft\Windows\rempl\shell -xml rempl.xml -F
Error: (11/30/2017 06:50:58 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Error: (11/30/2017 06:49:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RuntimeBroker.exe, version: 10.0.14393.0, time stamp: 0x57899b96
Faulting module name: ntdll.dll, version: 10.0.14393.1715, time stamp: 0x59b0d03e
Exception code: 0xc0000005
Fault offset: 0x00000000000495fc
Faulting process ID: 0x205c
Faulting application start time: 0x01d36a0be90541d3
Faulting application path: C:\Windows\System32\RuntimeBroker.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report ID: 4ebace88-2833-4a1f-91d9-99435a233af0
Faulting package full name:
Faulting package-relative application ID:

System errors:
=============
Error: (12/01/2017 12:32:21 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1053" attempting to start the service hpqwmiex with arguments "Unavailable" in order to run the server:
{F5539356-2F02-40D4-999E-FA61F45FE12E}
Error: (12/01/2017 12:32:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Software Framework Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (12/01/2017 12:32:21 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Software Framework Service service to connect.
Error: (12/01/2017 12:32:19 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1053" attempting to start the service hpqwmiex with arguments "Unavailable" in order to run the server:
{F5539356-2F02-40D4-999E-FA61F45FE12E}
Error: (12/01/2017 12:32:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Software Framework Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (12/01/2017 12:32:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Software Framework Service service to connect.
Error: (12/01/2017 12:32:18 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1053" attempting to start the service hpqwmiex with arguments "Unavailable" in order to run the server:
{F5539356-2F02-40D4-999E-FA61F45FE12E}
Error: (12/01/2017 12:32:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Software Framework Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (12/01/2017 12:32:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Software Framework Service service to connect.
Error: (12/01/2017 11:29:29 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 10 Version 1607 for x64-based Systems (KB4023057).

CodeIntegrity:
===================================
  Date: 2017-12-01 15:43:25.631
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-11-28 06:27:35.203
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-11-26 13:54:44.502
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-11-17 05:21:11.781
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-11-08 17:45:22.563
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-11-04 14:18:37.609
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-11-01 13:39:52.273
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-10-31 15:45:14.444
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-10-30 13:46:11.933
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-10-29 14:02:41.031
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================
Processor: Intel® Core™ i5-4590T CPU @ 2.00GHz
Percentage of memory in use: 34%
Total physical RAM: 8114.73 MB
Available physical RAM: 5297.32 MB
Total Virtual: 9394.73 MB
Available Virtual: 6205.02 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:916.76 GB) (Free:329.95 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery Image) (Fixed) (Total:12.83 GB) (Free:1.61 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: B885745F)
Partition: GPT.
==================== End of Addition.txt ============================

  • 0

#8
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
start
CloseProcesses:
CreateRestorePoint:
2017-11-08 20:01 - 2016-10-06 17:22 - 000000000 ____D C:\Program Files (x86)\Glyph
Task: {8424B7D2-4424-410D-B787-9F58BC5FA778} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant printer driver installation => C:\WINDOWS\TEMP\EN5640__Full_WebPack_1107.exe <==== ATTENTION
C:\WINDOWS\TEMP\EN5640__Full_WebPack_1107.exe
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll -> No File
AlternateDataStreams: C:\ProgramData:514A75302A0E5A4C [217]
AlternateDataStreams: C:\Users\All Users:514A75302A0E5A4C [217]
Emptytemp:
  • Click Format and ensure Wordwrap is unchecked.
  • Save as Fixlist.txt to your Desktop (Must be in this location)
  • Run FRST/FRST64 and press the Fix button just once and wait.
  • If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
  • The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.
  • 0

#9
Vince09

Vince09

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Hi,

 

Fixlog below:

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 30-11-2017
Ran by VINCENT (02-12-2017 12:02:15) Run:2
Running from C:\Users\VINCENT\Desktop
Loaded Profiles: VINCENT (Available Profiles: VINCENT)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
2017-11-08 20:01 - 2016-10-06 17:22 - 000000000 ____D C:\Program Files (x86)\Glyph
Task: {8424B7D2-4424-410D-B787-9F58BC5FA778} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant printer driver installation => C:\WINDOWS\TEMP\EN5640__Full_WebPack_1107.exe <==== ATTENTION
C:\WINDOWS\TEMP\EN5640__Full_WebPack_1107.exe
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll -> No File
AlternateDataStreams: C:\ProgramData:514A75302A0E5A4C [217]
AlternateDataStreams: C:\Users\All Users:514A75302A0E5A4C [217]
Emptytemp:
*****************
Processes closed successfully.
Restore point was successfully created.
C:\Program Files (x86)\Glyph => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8424B7D2-4424-410D-B787-9F58BC5FA778} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8424B7D2-4424-410D-B787-9F58BC5FA778} => key removed successfully
C:\WINDOWS\System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant printer driver installation => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\HP Support Assistant printer driver installation => key removed successfully
"C:\WINDOWS\TEMP\EN5640__Full_WebPack_1107.exe" => not found.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => key removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key removed successfully
C:\ProgramData => ":514A75302A0E5A4C" ADS could not remove.
C:\Users\All Users => ":514A75302A0E5A4C" ADS could not remove.
=========== EmptyTemp: ==========
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 15005516 B
Java, Flash, Steam htmlcache => 1285 B
Windows/system/drivers => 1855405874 B
Edge => 247805693 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 3886 B
VINCENT => 34350903 B
RecycleBin => 0 B
EmptyTemp: => 2 GB temporary data Removed.
================================

The system needed a reboot.
==== End of Fixlog 12:04:39 ====

  • 0

#10
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
Hello,

Any change in operation of the computer. Run it for a while if needed.

Thanks
Joe :)
  • 0

#11
Vince09

Vince09

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi Joe. The pc updated windows over the weekend which was a great success. It then allowed me to open my anti virus and run a boot time scan. Also malware bytes. I have since ran a couple of times and nothing has been found. I am so grateful that you took the time to help. Do you think all will be ok now?
  • 0

#12
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
Hello,

Lets let it run for a few days and see how it goes.

Thanks
Joe :)
  • 0






Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP