Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Edge Not working other browsers do

Started by ThisTime , Jan 21 2018 04:52 PM

Please log in to reply

#1
ThisTime

Posted 21 January 2018 - 04:52 PM

Member

Member
12 posts

When I try and use Edge or Microsoft Solitaire Collection I can't reach the Internet. Edge Browser

I've tried Avast Antivirus, Malware Bites and Spybot Search and Destroy,

All my other browsers are working Chrome, Internet Explorer and Firefox all connect to the Internet.

Below is my Frst Scan Log.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.01.2018
Ran by Thomas (administrator) on THOMAS-HOFFICE (21-01-2018 14:23:46)
Running from C:\Users\Thomas\Desktop
Loaded Profiles: Thomas (Available Profiles: Thomas & Ralph & DefaultAppPool)
Platform: Windows 10 Pro Version 1709 16299.192 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
() C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Starfield Technologies) C:\Program Files (x86)\Workspace\offSyncService.exe
(imPcRemote LLC) C:\Program Files (x86)\imPcRemote\imPcRemote_Instant.exe
(imPcRemote LLC) C:\Program Files (x86)\imPcRemote\imPcRemote.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Program Files (x86)\NetTime\NetTimeService.exe
(uvnc bvba) C:\Program Files (x86)\uvnc bvba\PCHelpWareV2Server\pchelpwareV2.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Microsoft Corporation) C:\Windows\System32\vmms.exe
(Microsoft Corporation) C:\Windows\System32\vmcompute.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files (x86)\NetTime\NetTime.exe
(imPcRemote LLC) C:\Program Files (x86)\imPcRemote\imPcRemoteTray.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11712.1001.13.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(LogMeIn, Inc.) C:\Users\Thomas\AppData\Local\LogMeIn Client\LMIIgnition.exe
(LogMeIn, Inc.) C:\Users\Thomas\AppData\Local\LogMeIn Client\LMIGuardianSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE
(Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [246120 2018-01-20] (AVAST Software)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [HPWOTOOLBOX] => C:\Program Files (x86)\HP\HP Officejet Pro K850 Series\Toolbox\HPWOTBX.exe [356352 2007-01-08] (Hewlett-Packard Company)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-07-27] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1871344 2017-11-04] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4127488 2015-06-16] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [21384 2016-04-15] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [NetTime] => C:\Program Files (x86)\NetTime\NetTime.exe [772096 2012-05-12] ()
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-06-22] (Analog Devices, Inc.)
HKLM-x32\...\Run: [imPcRemoteTray] => C:\Program Files (x86)\imPcRemote\imPcRemoteTray.exe [1963936 2017-11-21] (imPcRemote LLC)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
Winlogon\Notify\PCANotify: C:\Windows\SysWOW64\PCANotify.dll [2007-04-27] (Symantec Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\Run: [Artisan 810(Network)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRA.EXE [223232 2009-02-23] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [1411584 2015-05-05] (Tonec Inc.)
HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\Run: [KiesPDLR.exe] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1015104 2015-07-27] (Samsung)
HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\Run: [Lync] => C:\Program Files\Microsoft Office\Office15\lync.exe [28164272 2017-12-12] (Microsoft Corporation)
HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\Run: [AcuRiteConnect2] => C:\Program Files (x86)\AcuRite\AcuRiteConnect.exe [1083904 2015-07-29] (Chaney Instrument Co)
HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\Run: [Starfield Updater] => C:\Users\Thomas\AppData\Local\Workspace\WorkspaceUpdate.exe [35008 2013-07-14] (Starfield Technologies)
HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [886768 2017-11-04] (Adobe Systems Incorporated)
HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4594552 2015-06-16] (Safer-Networking Ltd.)
HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\Run: [SoundMax] => C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe [3866624 2009-05-18] (Analog Devices, Inc.)
HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10257872 2018-01-09] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-07-21]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sadistic.lnk [2018-01-18]
ShortcutTarget: sadistic.lnk -> C:\Program Files (x86)\Prosthesis\lustig.exe (No File)
Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sadisticsadistic.lnk [2018-01-18]
ShortcutTarget: sadisticsadistic.lnk -> C:\Program Files (x86)\acord\assembled.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{0f24e132-3b97-47c9-b000-43cce991b22f}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{11809b8b-2005-45ab-94ca-3c3fd2cd8932}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{31f26d36-3618-4ebd-b263-e45518c0540b}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{31f26d36-3618-4ebd-b263-e45518c0540b}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{41b50d60-d143-4cd8-8fa6-4c7be61459f6}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{4a9a6fbd-2eb6-4822-be82-aa27e0f089d7}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{4e01f0e8-9d7f-41ee-aa65-0bd3121e76ee}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{558de6bb-e279-4307-b23d-d59ef1475826}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{558de6bb-e279-4307-b23d-d59ef1475826}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{57912f9d-6dd1-47a5-b667-5cc6ff512dc2}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{86cb0413-8399-4622-9c42-a03293dea40f}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{86cb0413-8399-4622-9c42-a03293dea40f}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{ce17f3a1-903d-45ff-9485-063f29a24f90}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{f169f507-1cda-4c4b-9c06-108f3d41db71}: [NameServer] 8.8.8.8

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
SearchScopes: HKLM -> DefaultScope value is missing
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-12-12] (Microsoft Corporation)
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-11-18] (Adobe Systems Incorporated)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-11-18] (Adobe Systems Incorporated)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2010-05-28] (Hewlett-Packard Co.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-08-24] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-01-20] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-11-18] (Adobe Systems Incorporated)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-20] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-11-18] (Adobe Systems Incorporated)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2010-05-28] (Hewlett-Packard Co.)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-11-18] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-11-18] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3514051097-1430166055-719602415-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-11-18] (Adobe Systems Incorporated)
DPF: HKLM {583C990C-2D38-410c-9A4A-0932D66A754F} hxxps://pulsesecure.net/dana-cached/sc/PulseSetupClient64.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} hxxps://vpn.mydtt.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: HKLM-x32 {73B1BB72-18BB-41AE-B53C-43704B5B5315} hxxps://video.envysion.com/plugins/default/EnvysionCtrl.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1263.cab
DPF: HKLM-x32 {8E375A63-C616-46F1-AC77-59DF78F3A826} hxxps://access.netsurion.com/dana-cached/sc/PulseSetupClient.cab
DPF: HKLM-x32 {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} hxxps://carlsjr-747.mydtt.com:8915/cab/OCXChecker_8500.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=3742
DPF: HKLM-x32 {FEC048AB-277A-460C-BF50-1A4193AEF148} hxxps://carlsjr-747.mydtt.com:8915/cab/DownloadCenter_8300.cab
Handler-x32: g7ps - {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Program Files (x86)\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll [2006-11-17] (G7 Productivity Systems, Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: fmc2sm82.default
FF ProfilePath: C:\Users\Thomas\AppData\Roaming\TomTom\HOME\Profiles\8pk0q5qg.default [2013-08-22]
FF Extension: (No Name) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\[email protected] [not found]
FF ProfilePath: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\fmc2sm82.default [2018-01-21]
FF Extension: (WBE Paste) - C:\Users\Thomas\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\wbepaste@starfield [2016-11-21] [Legacy] [not signed]
FF Extension: (Cisco WebEx Extension) - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\fmc2sm82.default\Extensions\[email protected] [2017-07-12]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2017-11-27]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-07-21] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\Firefox\Extensions: [[email protected]] - C:\Users\Thomas\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Thomas\AppData\Roaming\IDM\idmmzcc5 [2018-01-20] [Legacy] [not signed]
FF HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\Thomas\AppData\Roaming\IDM\idmmzcc5
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll [2018-01-09] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll [2018-01-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1231201.dll [2017-11-02] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-11-15] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files (x86)\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: USSC Web Components -> C:\Program Files (x86)\USSC Web Components\npUSSCWebVideoPlugin.dll [2015-05-15] ()
FF Plugin HKU\S-1-5-21-3514051097-1430166055-719602415-1001: @starfield.com/off -> C:\Users\Thomas\AppData\Roaming\Mozilla\Plugins\npoff.dll [2016-11-21] ( Starfield Technologies, LLC.)
FF Plugin HKU\S-1-5-21-3514051097-1430166055-719602415-1001: @starfield.com/off64 -> C:\Users\Thomas\AppData\Roaming\Mozilla\Plugins\npoff64.dll [2016-11-21] ( Starfield Technologies, LLC.)
FF Plugin HKU\S-1-5-21-3514051097-1430166055-719602415-1001: @starfield.com/wbe -> C:\Users\Thomas\AppData\Roaming\Mozilla\Plugins\npwbe.dll [2016-11-21] (Starfield Technology, LLC)
FF Plugin HKU\S-1-5-21-3514051097-1430166055-719602415-1001: @starfield.com/wbe64 -> C:\Users\Thomas\AppData\Roaming\Mozilla\Plugins\npwbe64.dll [2016-11-21] (Starfield Technology, LLC)
FF Plugin HKU\S-1-5-21-3514051097-1430166055-719602415-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Thomas\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-01-17] (Zoom Video Communications, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Thomas\AppData\Roaming\mozilla\plugins\npatgpc.dll [2017-04-20] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Thomas\AppData\Roaming\mozilla\plugins\npoff.dll [2016-11-21] ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\Thomas\AppData\Roaming\mozilla\plugins\npoff64.dll [2016-11-21] ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\Thomas\AppData\Roaming\mozilla\plugins\npwbe.dll [2016-11-21] (Starfield Technology, LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Thomas\AppData\Roaming\mozilla\plugins\npwbe64.dll [2016-11-21] (Starfield Technology, LLC)

Chrome:
=======
CHR Profile: C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default [2018-01-21]
CHR Extension: (Slides) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-17]
CHR Extension: (Docs) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-17]
CHR Extension: (Google Drive) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-10]
CHR Extension: (YouTube) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-10]
CHR Extension: (Google Search) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-10]
CHR Extension: (Sheets) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-17]
CHR Extension: (Google Docs Offline) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-13]
CHR Extension: (Chrome Media Router) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-29]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-04-20]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-04-20]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-04-20]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AEADIFilters; C:\WINDOWS\system32\AEADISRV.EXE [111616 2008-07-15] (Andrea Electronics Corporation)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7538536 2018-01-20] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [301168 2018-01-20] (AVAST Software)
R2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [39408 2010-09-13] ()
S2 CareMon; C:\Program Files (x86)\Spotmau\PowerSuite Golden Edition\PowerSuite 2012\PcCheck\CareMon.exe [146792 2011-11-15] () [File not signed]
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 File Backup; C:\Program Files (x86)\Workspace\offSyncService.exe [697472 2014-10-20] (Starfield Technologies)
S3 HgClientService; C:\WINDOWS\system32\hgclientservice.dll [125440 2017-09-29] (Microsoft Corporation)
R3 hns; C:\WINDOWS\System32\HostNetSvc.dll [1412096 2018-01-01] (Microsoft Corporation)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-22] (HP Inc.)
R2 imPcInstantService; C:\Program Files (x86)\imPcRemote\impcremote_instant.exe [521120 2016-02-04] (imPcRemote LLC)
R2 imPcRemoteService; C:\Program Files (x86)\imPcRemote\impcremote.exe [1469344 2017-11-21] (imPcRemote LLC)
S3 impc_service; C:\Program Files (x86)\imPcRemote\uvnc\rpuvnc.exe [1882832 2017-11-26] (UltraVNC)
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093880 2009-12-11] (Symantec Corporation)
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [3894760 2017-06-07] (Paramount Software UK Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-07-31] (Hewlett-Packard) [File not signed]
R2 NetTimeSvc; C:\Program Files (x86)\NetTime\NetTimeService.exe [473088 2012-05-12] () [File not signed]
R2 PcHelpware_service; C:\Program Files (x86)\uvnc bvba\PCHelpWareV2Server\pchelpwareV2.exe [2719456 2012-01-12] (uvnc bvba)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-07-31] (Hewlett-Packard) [File not signed]
S3 RoxMediaDB13; C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [1099248 2010-07-16] (Sonic Solutions)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1750712 2015-06-16] (Safer-Networking Ltd.) [File not signed]
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2102496 2015-06-16] (Safer-Networking Ltd.) [File not signed]
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [224712 2015-07-24] (Safer-Networking Ltd.) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-12-11] (Microsoft Corporation)
S2 spiceworks; C:\Program Files (x86)\Spiceworks\bin\spiceworks.exe [47344 2015-10-22] (Spiceworks, Inc.)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-20] (DEVGURU Co., LTD.)
R3 vmcompute; C:\WINDOWS\system32\vmcompute.exe [2542592 2018-01-01] (Microsoft Corporation)
R2 vmms; C:\WINDOWS\system32\vmms.exe [15047168 2018-01-01] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ACPIService; C:\WINDOWS\System32\drivers\OSDACPI.SYS [17992 2009-06-17] ()
R3 anvsnddrv; C:\WINDOWS\system32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [185096 2018-01-20] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [321512 2018-01-20] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [199448 2018-01-20] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343768 2018-01-20] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57696 2018-01-20] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [149344 2018-01-20] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46976 2018-01-20] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [146648 2018-01-20] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110336 2018-01-20] (AVAST Software)
S0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84384 2018-01-20] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1025176 2018-01-20] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [457896 2018-01-20] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [204456 2018-01-20] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [358672 2018-01-20] (AVAST Software)
S3 CW75; C:\WINDOWS\System32\Drivers\CW75.sys [24704 2008-11-27] (CASIO COMPUTER CO.,LTD.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 GenericMount; C:\WINDOWS\System32\drivers\GenericMount.sys [66608 2010-02-12] (Symantec Corporation)
R3 hvsocketcontrol; C:\WINDOWS\system32\drivers\hvsocketcontrol.sys [26112 2017-09-29] (Microsoft Corporation)
U1 lpsport; C:\Windows\System32\Drivers\lpsport.sys [61304 2018-01-20] ()
S3 lunparser; C:\WINDOWS\System32\drivers\lunparser.sys [23040 2017-09-29] (Microsoft Corporation)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2018-01-18] (Malwarebytes)
R1 mv2; C:\WINDOWS\System32\drivers\mv2.sys [12904 2011-03-18] (UVNC BVBA)
R3 netr28x; C:\WINDOWS\System32\drivers\netr28x.sys [2537984 2017-09-29] (MediaTek Inc.)
S1 nettalkd; C:\WINDOWS\System32\DRIVERS\nettalkd.sys [30944 2012-04-29] (NetTalk Inc.)
R2 NPF; C:\WINDOWS\SysWoW64\drivers\npf64.sys [36600 2015-04-30] (Riverbed Technology, Inc.)
R3 NW1900; C:\WINDOWS\System32\drivers\NW1900.sys [142656 2012-05-18] (NextWindow Limited)
S3 passthruparser; C:\WINDOWS\System32\drivers\passthruparser.sys [24064 2017-09-29] (Microsoft Corporation)
S3 pcip; C:\WINDOWS\System32\drivers\pcip.sys [48128 2017-09-29] (Microsoft Corporation)
S3 pvhdparser; C:\WINDOWS\System32\drivers\pvhdparser.sys [51712 2017-09-29] (Microsoft Corporation)
S3 ramparser; C:\WINDOWS\System32\drivers\ramparser.sys [31744 2017-09-29] (Microsoft Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R2 supersafer64; C:\Windows\SysWOW64\drivers\supersafer64.sys [238072 2011-11-15] (Spotmau)
R3 Synth3dVsp; C:\WINDOWS\System32\drivers\Synth3dVsp.sys [103424 2017-09-29] (Microsoft Corporation)
S3 TGBMPEnum; C:\WINDOWS\System32\DRIVERS\TGBMPEnum.sys [38584 2013-01-21] (TheGreenBow)
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [23040 2017-09-29] (Microsoft Corporation)
R1 VfpExt; C:\WINDOWS\System32\drivers\vfpext.sys [1207808 2018-01-01] (Microsoft Corporation)
S3 vhdparser; C:\WINDOWS\System32\drivers\vhdparser.sys [32768 2017-09-29] (Microsoft Corporation)
R0 vidsflt53; C:\WINDOWS\System32\DRIVERS\vsflt53.sys [141920 2012-08-13] (Acronis)
R3 vmsmp; C:\WINDOWS\System32\drivers\vmswitch.sys [1677824 2018-01-01] (Microsoft Corporation)
S3 VProEventMonitor; C:\WINDOWS\System32\DRIVERS\vproeventmonitor.sys [20528 2009-09-21] (Symantec Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
S3 appliand; \SystemRoot\system32\DRIVERS\appliand.sys [X]
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: hns -> C:\Windows\System32\HostNetSvc.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-21 11:41 - 2018-01-21 14:24 - 000034638 _____ C:\Users\Thomas\Desktop\FRST.txt
2018-01-21 11:40 - 2018-01-21 11:40 - 002393088 _____ (Farbar) C:\Users\Thomas\Desktop\FRST64.exe
2018-01-21 11:10 - 2018-01-21 11:15 - 000263211 _____ C:\Users\Thomas\Desktop\CHARBROILED SLIDERS_FINANCIALS & PRICING.pdf
2018-01-20 20:45 - 2018-01-20 20:45 - 000000000 ____D C:\Users\Ralph\AppData\Roaming\AVAST Software
2018-01-20 20:44 - 2018-01-20 20:44 - 000000000 ____D C:\Users\Ralph\AppData\Local\Western_Digital_Technolog
2018-01-20 20:42 - 2018-01-20 20:42 - 000000020 ___SH C:\Users\Ralph\ntuser.ini
2018-01-20 20:42 - 2018-01-20 20:42 - 000000000 ___RD C:\Users\Ralph\3D Objects
2018-01-20 20:42 - 2018-01-20 20:42 - 000000000 ____D C:\Users\Ralph\AppData\Local\ConnectedDevicesPlatform
2018-01-20 18:57 - 2018-01-20 18:57 - 000001139 _____ C:\Users\Public\Desktop\VLC media player.lnk
2018-01-20 18:53 - 2018-01-20 18:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2018-01-20 18:53 - 2018-01-20 18:53 - 000000000 ____D C:\ProgramData\Apple Computer
2018-01-20 18:53 - 2018-01-20 18:53 - 000000000 ____D C:\Program Files (x86)\QuickTime
2018-01-20 18:35 - 2018-01-20 18:35 - 000000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2018-01-20 18:31 - 2018-01-20 18:31 - 000000000 _____ C:\Users\Thomas\Downloads\fixlist.txt
2018-01-20 18:25 - 2018-01-20 18:25 - 000007176 _____ C:\Users\Thomas\Documents\cc_20180120_182549.reg
2018-01-20 18:25 - 2018-01-20 18:25 - 000000000 ____D C:\Users\Thomas\AppData\Roaming\AVAST Software
2018-01-20 18:24 - 2018-01-20 18:25 - 000427278 _____ C:\Users\Thomas\Documents\cc_20180120_182442.reg
2018-01-20 18:24 - 2018-01-20 18:24 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2018-01-20 18:24 - 2018-01-20 18:24 - 000003994 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-01-20 18:24 - 2018-01-20 18:24 - 000001979 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2018-01-20 18:24 - 2018-01-20 18:24 - 000001967 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2018-01-20 18:24 - 2018-01-20 18:24 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2018-01-20 18:24 - 2018-01-20 18:24 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2018-01-20 18:23 - 2018-01-20 18:24 - 000457896 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-01-20 18:23 - 2018-01-20 18:24 - 000146648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-01-20 18:23 - 2018-01-20 18:22 - 000457400 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys.151650145829609
2018-01-20 18:23 - 2018-01-20 18:22 - 000365680 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-01-20 18:23 - 2018-01-20 18:22 - 000358672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-01-20 18:23 - 2018-01-20 18:22 - 000204456 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2018-01-20 18:23 - 2018-01-20 18:22 - 000185096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-01-20 18:23 - 2018-01-20 18:22 - 000146664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys.151650145829609
2018-01-20 18:23 - 2018-01-20 18:22 - 000110336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2018-01-20 18:23 - 2018-01-20 18:22 - 000084384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-01-20 18:23 - 2018-01-20 18:22 - 000046976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-01-20 18:23 - 2018-01-20 18:21 - 001025176 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-01-20 18:23 - 2018-01-20 18:21 - 000343768 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys
2018-01-20 18:23 - 2018-01-20 18:21 - 000321512 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2018-01-20 18:23 - 2018-01-20 18:21 - 000199448 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2018-01-20 18:23 - 2018-01-20 18:21 - 000149344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-01-20 18:23 - 2018-01-20 18:21 - 000057696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2018-01-20 18:20 - 2018-01-20 21:42 - 000000000 ____D C:\ProgramData\AVAST Software
2018-01-20 18:20 - 2018-01-20 18:20 - 000003938 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-01-20 18:20 - 2018-01-20 18:20 - 000000000 ____D C:\Program Files\AVAST Software
2018-01-20 18:19 - 2018-01-20 18:19 - 011205832 _____ (Piriform Ltd) C:\Users\Thomas\Downloads\ccsetup539.exe
2018-01-20 13:08 - 2018-01-20 18:15 - 000000504 _____ C:\Users\Thomas\Downloads\Fixlog.txt
2018-01-20 12:23 - 2018-01-20 18:42 - 000106012 _____ C:\Users\Thomas\Downloads\Addition.txt
2018-01-20 12:20 - 2018-01-21 14:23 - 000000000 ____D C:\FRST
2018-01-20 12:20 - 2018-01-20 18:42 - 000091346 _____ C:\Users\Thomas\Downloads\FRST.txt
2018-01-20 12:20 - 2018-01-20 12:20 - 002393088 _____ (Farbar) C:\Users\Thomas\Downloads\FRST64.exe
2018-01-19 19:03 - 2018-01-19 19:03 - 000000000 ____D C:\Users\Thomas\Desktop\7662
2018-01-19 19:02 - 2018-01-19 19:36 - 000000000 ____D C:\Users\Thomas\Desktop\803
2018-01-18 11:03 - 2018-01-18 11:03 - 000000000 ____D C:\Users\Thomas\Working
2018-01-18 09:43 - 2018-01-18 21:22 - 000000000 ____D C:\Users\Thomas\AppData\Local\dtoulmp
2018-01-18 09:31 - 2018-01-18 09:31 - 000003414 _____ C:\WINDOWS\System32\Tasks\AGProxyCheck
2018-01-18 09:31 - 2018-01-18 09:31 - 000000000 ____D C:\Users\Thomas\AppData\Roaming\AGData
2018-01-18 09:07 - 2018-01-18 09:12 - 000039807 _____ C:\Users\Thomas\Desktop\Change of Status Rev 1-18 .pdf
2018-01-17 10:57 - 2018-01-17 21:55 - 000001155 _____ C:\Users\Thomas\Desktop\Change of Status.txt
2018-01-16 19:15 - 2018-01-16 19:15 - 000000000 ____D C:\Users\Thomas\AppData\Local\SolidDocuments
2018-01-11 21:24 - 2018-01-01 04:54 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-01-11 21:24 - 2018-01-01 04:53 - 001090984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-01-11 21:24 - 2018-01-01 04:52 - 000066712 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll
2018-01-11 21:24 - 2018-01-01 04:51 - 002242704 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmwp.exe
2018-01-11 21:24 - 2018-01-01 04:51 - 001414784 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-01-11 21:24 - 2018-01-01 04:51 - 001209240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-01-11 21:24 - 2018-01-01 04:51 - 001055128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-01-11 21:24 - 2018-01-01 04:51 - 000191816 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2018-01-11 21:24 - 2018-01-01 04:51 - 000059800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bam.sys
2018-01-11 21:24 - 2018-01-01 04:50 - 005905752 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-01-11 21:24 - 2018-01-01 04:50 - 000780464 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-01-11 21:24 - 2018-01-01 04:50 - 000479912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-01-11 21:24 - 2018-01-01 04:50 - 000077208 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-01-11 21:24 - 2018-01-01 04:49 - 008605080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-01-11 21:24 - 2018-01-01 04:49 - 000599448 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-01-11 21:24 - 2018-01-01 04:49 - 000319352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-01-11 21:24 - 2018-01-01 04:49 - 000292376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2018-01-11 21:24 - 2018-01-01 04:48 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-01-11 21:24 - 2018-01-01 04:48 - 001954048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-01-11 21:24 - 2018-01-01 04:48 - 000382360 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-01-11 21:24 - 2018-01-01 04:47 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-01-11 21:24 - 2018-01-01 04:47 - 000082840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-01-11 21:24 - 2018-01-01 04:46 - 002709704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-01-11 21:24 - 2018-01-01 04:46 - 000898216 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-01-11 21:24 - 2018-01-01 04:46 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-01-11 21:24 - 2018-01-01 04:46 - 000471960 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-01-11 21:24 - 2018-01-01 04:45 - 002395032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-01-11 21:24 - 2018-01-01 04:45 - 001277848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-01-11 21:24 - 2018-01-01 04:45 - 000398744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2018-01-11 21:24 - 2018-01-01 04:43 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-01-11 21:24 - 2018-01-01 04:43 - 000367336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2018-01-11 21:24 - 2018-01-01 04:43 - 000062872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fsdepends.sys
2018-01-11 21:24 - 2018-01-01 04:42 - 001029016 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2018-01-11 21:24 - 2018-01-01 04:42 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-01-11 21:24 - 2018-01-01 04:42 - 000494488 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-01-11 21:24 - 2018-01-01 04:42 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2018-01-11 21:24 - 2018-01-01 04:42 - 000109976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-01-11 21:24 - 2018-01-01 04:41 - 007676296 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-01-11 21:24 - 2018-01-01 04:41 - 000559512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-01-11 21:24 - 2018-01-01 04:41 - 000549552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2018-01-11 21:24 - 2018-01-01 04:40 - 001206680 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-01-11 21:24 - 2018-01-01 04:39 - 000902416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-01-11 21:24 - 2018-01-01 04:39 - 000677784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-01-11 21:24 - 2018-01-01 04:39 - 000508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2018-01-11 21:24 - 2018-01-01 04:39 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-01-11 21:24 - 2018-01-01 04:39 - 000129432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2018-01-11 21:24 - 2018-01-01 04:38 - 003904808 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-01-11 21:24 - 2018-01-01 04:38 - 000727448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-01-11 21:24 - 2018-01-01 04:38 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-01-11 21:24 - 2018-01-01 04:38 - 000103320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-01-11 21:24 - 2018-01-01 04:38 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
2018-01-11 21:24 - 2018-01-01 04:37 - 001426664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-01-11 21:24 - 2018-01-01 04:37 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2018-01-11 21:24 - 2018-01-01 04:36 - 000413888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-01-11 21:24 - 2018-01-01 04:36 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2018-01-11 21:24 - 2018-01-01 04:36 - 000166296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2018-01-11 21:24 - 2018-01-01 04:36 - 000113560 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
2018-01-11 21:24 - 2018-01-01 04:36 - 000057752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbios.sys
2018-01-11 21:24 - 2018-01-01 04:35 - 001170008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-01-11 21:24 - 2018-01-01 04:35 - 000075160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-01-11 21:24 - 2018-01-01 04:34 - 007385088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-01-11 21:24 - 2018-01-01 04:34 - 001336344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-01-11 21:24 - 2018-01-01 04:34 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-01-11 21:24 - 2018-01-01 04:34 - 000087384 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2018-01-11 21:24 - 2018-01-01 04:33 - 002773400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-01-11 21:24 - 2018-01-01 04:33 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-01-11 21:24 - 2018-01-01 04:32 - 004481240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-01-11 21:24 - 2018-01-01 04:32 - 000617304 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-01-11 21:24 - 2018-01-01 04:27 - 000713624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-01-11 21:24 - 2018-01-01 04:27 - 000163736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2018-01-11 21:24 - 2018-01-01 04:26 - 000428952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-01-11 21:24 - 2018-01-01 04:26 - 000081304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2018-01-11 21:24 - 2018-01-01 04:25 - 000615768 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2018-01-11 21:24 - 2018-01-01 04:25 - 000147864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-01-11 21:24 - 2018-01-01 04:23 - 021352144 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-01-11 21:24 - 2018-01-01 04:21 - 001103768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-01-11 21:24 - 2018-01-01 04:21 - 000614296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2018-01-11 21:24 - 2018-01-01 04:06 - 000311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2018-01-11 21:24 - 2018-01-01 04:03 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-01-11 21:24 - 2018-01-01 04:03 - 000650328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-01-11 21:24 - 2018-01-01 04:03 - 000566664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-01-11 21:24 - 2018-01-01 04:03 - 000123512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2018-01-11 21:24 - 2018-01-01 03:53 - 001615712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-01-11 21:24 - 2018-01-01 03:49 - 000481464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2018-01-11 21:24 - 2018-01-01 03:49 - 000258808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2018-01-11 21:24 - 2018-01-01 03:46 - 003485392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-01-11 21:24 - 2018-01-01 03:46 - 000289816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2018-01-11 21:24 - 2018-01-01 03:45 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-01-11 21:24 - 2018-01-01 03:45 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-01-11 21:24 - 2018-01-01 03:45 - 002192624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-01-11 21:24 - 2018-01-01 03:45 - 000450928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2018-01-11 21:24 - 2018-01-01 03:43 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-01-11 21:24 - 2018-01-01 03:42 - 006479552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-01-11 21:24 - 2018-01-01 03:42 - 004644912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-01-11 21:24 - 2018-01-01 03:42 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-01-11 21:24 - 2018-01-01 03:42 - 001003152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-01-11 21:24 - 2018-01-01 03:42 - 000982528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-01-11 21:24 - 2018-01-01 03:42 - 000386424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2018-01-11 21:24 - 2018-01-01 03:42 - 000129184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-01-11 21:24 - 2018-01-01 03:42 - 000074992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2018-01-11 21:24 - 2018-01-01 03:37 - 025247232 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-01-11 21:24 - 2018-01-01 03:34 - 000703568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-01-11 21:24 - 2018-01-01 03:32 - 015047168 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmms.exe
2018-01-11 21:24 - 2018-01-01 03:27 - 004150784 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmchipset.dll
2018-01-11 21:24 - 2018-01-01 03:26 - 004576768 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvgm.exe
2018-01-11 21:24 - 2018-01-01 03:25 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-01-11 21:24 - 2018-01-01 03:25 - 002542592 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmcompute.exe
2018-01-11 21:24 - 2018-01-01 03:25 - 001412096 _____ (Microsoft Corporation) C:\WINDOWS\system32\HostNetSvc.dll
2018-01-11 21:24 - 2018-01-01 03:25 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-01-11 21:24 - 2018-01-01 03:25 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2018-01-11 21:24 - 2018-01-01 03:25 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-01-11 21:24 - 2018-01-01 03:25 - 000097792 _____ C:\WINDOWS\system32\runexehelper.exe
2018-01-11 21:24 - 2018-01-01 03:24 - 003668480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-01-11 21:24 - 2018-01-01 03:24 - 001677824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmswitch.sys
2018-01-11 21:24 - 2018-01-01 03:24 - 001411584 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmuidevices.dll
2018-01-11 21:24 - 2018-01-01 03:24 - 001282560 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmemulateddevices.dll
2018-01-11 21:24 - 2018-01-01 03:24 - 001207808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vfpext.sys
2018-01-11 21:24 - 2018-01-01 03:24 - 000523264 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmEmulatedStorage.dll
2018-01-11 21:24 - 2018-01-01 03:24 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmcompute.dll
2018-01-11 21:24 - 2018-01-01 03:24 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmDataStore.dll
2018-01-11 21:24 - 2018-01-01 03:24 - 000406016 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmicvdev.dll
2018-01-11 21:24 - 2018-01-01 03:24 - 000378368 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmEmulatedNic.dll
2018-01-11 21:24 - 2018-01-01 03:24 - 000376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsynthstor.dll
2018-01-11 21:24 - 2018-01-01 03:24 - 000363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmSynthNic.dll
2018-01-11 21:24 - 2018-01-01 03:24 - 000349696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Vid.sys
2018-01-11 21:24 - 2018-01-01 03:24 - 000319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsynth3dvideo.dll
2018-01-11 21:24 - 2018-01-01 03:24 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsmb.dll
2018-01-11 21:24 - 2018-01-01 03:24 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboutSettingsHandlers.dll
2018-01-11 21:24 - 2018-01-01 03:24 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2018-01-11 21:24 - 2018-01-01 03:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-01-11 21:24 - 2018-01-01 03:23 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-01-11 21:24 - 2018-01-01 03:23 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2018-01-11 21:24 - 2018-01-01 03:23 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-01-11 21:24 - 2018-01-01 03:23 - 000399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmpmem.dll
2018-01-11 21:24 - 2018-01-01 03:23 - 000385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2018-01-11 21:24 - 2018-01-01 03:23 - 000298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmusrv.dll
2018-01-11 21:24 - 2018-01-01 03:23 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2018-01-11 21:24 - 2018-01-01 03:23 - 000247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmdynmem.dll
2018-01-11 21:24 - 2018-01-01 03:23 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrivateCloudHNSPlugin.dll
2018-01-11 21:24 - 2018-01-01 03:23 - 000217600 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmserial.dll
2018-01-11 21:24 - 2018-01-01 03:23 - 000213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsynthfcvdev.dll
2018-01-11 21:24 - 2018-01-01 03:23 - 000193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpupvdev.dll
2018-01-11 21:24 - 2018-01-01 03:23 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpcievdev.dll
2018-01-11 21:24 - 2018-01-01 03:23 - 000184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmicrdv.dll
2018-01-11 21:24 - 2018-01-01 03:23 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbusr.sys
2018-01-11 21:24 - 2018-01-01 03:23 - 000121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-01-11 21:24 - 2018-01-01 03:23 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\CCGLaunchPad.dll
2018-01-11 21:24 - 2018-01-01 03:23 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\CCG.exe
2018-01-11 21:24 - 2018-01-01 03:23 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2018-01-11 21:24 - 2018-01-01 03:23 - 000020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RdvgmProxy.dll
2018-01-11 21:24 - 2018-01-01 03:22 - 000027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdvgmProxy.dll
2018-01-11 21:24 - 2018-01-01 03:22 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2018-01-11 21:24 - 2018-01-01 03:21 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-01-11 21:24 - 2018-01-01 03:21 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
2018-01-11 21:24 - 2018-01-01 03:21 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2018-01-11 21:24 - 2018-01-01 03:21 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2018-01-11 21:24 - 2018-01-01 03:21 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspptp.sys
2018-01-11 21:24 - 2018-01-01 03:21 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2018-01-11 21:24 - 2018-01-01 03:21 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2018-01-11 21:24 - 2018-01-01 03:20 - 019337216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-01-11 21:24 - 2018-01-01 03:20 - 018917888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-01-11 21:24 - 2018-01-01 03:20 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-01-11 21:24 - 2018-01-01 03:20 - 000397824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2018-01-11 21:24 - 2018-01-01 03:20 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-01-11 21:24 - 2018-01-01 03:20 - 000212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2018-01-11 21:24 - 2018-01-01 03:20 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2018-01-11 21:24 - 2018-01-01 03:20 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2018-01-11 21:24 - 2018-01-01 03:20 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2018-01-11 21:24 - 2018-01-01 03:20 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardDlg.dll
2018-01-11 21:24 - 2018-01-01 03:20 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshhttp.dll
2018-01-11 21:24 - 2018-01-01 03:19 - 008014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-01-11 21:24 - 2018-01-01 03:19 - 000795136 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalAuth.dll
2018-01-11 21:24 - 2018-01-01 03:19 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-01-11 21:24 - 2018-01-01 03:19 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2018-01-11 21:24 - 2018-01-01 03:19 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2018-01-11 21:24 - 2018-01-01 03:19 - 000416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2018-01-11 21:24 - 2018-01-01 03:19 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-01-11 21:24 - 2018-01-01 03:19 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-01-11 21:24 - 2018-01-01 03:19 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-01-11 21:24 - 2018-01-01 03:19 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2018-01-11 21:24 - 2018-01-01 03:19 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-01-11 21:24 - 2018-01-01 03:19 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2018-01-11 21:24 - 2018-01-01 03:19 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll
2018-01-11 21:24 - 2018-01-01 03:19 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2018-01-11 21:24 - 2018-01-01 03:19 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2018-01-11 21:24 - 2018-01-01 03:19 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2018-01-11 21:24 - 2018-01-01 03:19 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2018-01-11 21:24 - 2018-01-01 03:19 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshhttp.dll
2018-01-11 21:24 - 2018-01-01 03:18 - 000748032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2018-01-11 21:24 - 2018-01-01 03:18 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-01-11 21:24 - 2018-01-01 03:18 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcncsvc.dll
2018-01-11 21:24 - 2018-01-01 03:18 - 000436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-01-11 21:24 - 2018-01-01 03:18 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2018-01-11 21:24 - 2018-01-01 03:18 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-01-11 21:24 - 2018-01-01 03:18 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2018-01-11 21:24 - 2018-01-01 03:18 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-01-11 21:24 - 2018-01-01 03:18 - 000380928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EncDec.dll
2018-01-11 21:24 - 2018-01-01 03:18 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-01-11 21:24 - 2018-01-01 03:18 - 000369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\APHostService.dll
2018-01-11 21:24 - 2018-01-01 03:18 - 000343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-01-11 21:24 - 2018-01-01 03:18 - 000276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2018-01-11 21:24 - 2018-01-01 03:18 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2018-01-11 21:24 - 2018-01-01 03:18 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2018-01-11 21:24 - 2018-01-01 03:18 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll
2018-01-11 21:24 - 2018-01-01 03:17 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-01-11 21:24 - 2018-01-01 03:17 - 006564864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-01-11 21:24 - 2018-01-01 03:17 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2018-01-11 21:24 - 2018-01-01 03:17 - 000791552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-01-11 21:24 - 2018-01-01 03:17 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-01-11 21:24 - 2018-01-01 03:17 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2018-01-11 21:24 - 2018-01-01 03:17 - 000594432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-01-11 21:24 - 2018-01-01 03:17 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-01-11 21:24 - 2018-01-01 03:17 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-01-11 21:24 - 2018-01-01 03:17 - 000555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2018-01-11 21:24 - 2018-01-01 03:17 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2018-01-11 21:24 - 2018-01-01 03:17 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2018-01-11 21:24 - 2018-01-01 03:17 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2018-01-11 21:24 - 2018-01-01 03:17 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2018-01-11 21:24 - 2018-01-01 03:17 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msoert2.dll
2018-01-11 21:24 - 2018-01-01 03:16 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-01-11 21:24 - 2018-01-01 03:16 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-01-11 21:24 - 2018-01-01 03:16 - 003676672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-01-11 21:24 - 2018-01-01 03:16 - 000956928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2018-01-11 21:24 - 2018-01-01 03:16 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-01-11 21:24 - 2018-01-01 03:16 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-01-11 21:24 - 2018-01-01 03:16 - 000812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-01-11 21:24 - 2018-01-01 03:16 - 000720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-01-11 21:24 - 2018-01-01 03:16 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-01-11 21:24 - 2018-01-01 03:16 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-01-11 21:24 - 2018-01-01 03:16 - 000624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2018-01-11 21:24 - 2018-01-01 03:16 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-01-11 21:24 - 2018-01-01 03:16 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-01-11 21:24 - 2018-01-01 03:16 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2018-01-11 21:24 - 2018-01-01 03:16 - 000235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2018-01-11 21:24 - 2018-01-01 03:16 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-01-11 21:24 - 2018-01-01 03:16 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-01-11 21:24 - 2018-01-01 03:15 - 012687872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-01-11 21:24 - 2018-01-01 03:15 - 006029312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-01-11 21:24 - 2018-01-01 03:15 - 002349568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2018-01-11 21:24 - 2018-01-01 03:15 - 001657856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-01-11 21:24 - 2018-01-01 03:15 - 001381888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2018-01-11 21:24 - 2018-01-01 03:15 - 001245184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2018-01-11 21:24 - 2018-01-01 03:15 - 000970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2018-01-11 21:24 - 2018-01-01 03:15 - 000951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2018-01-11 21:24 - 2018-01-01 03:15 - 000756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-01-11 21:24 - 2018-01-01 03:15 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2018-01-11 21:24 - 2018-01-01 03:15 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2018-01-11 21:24 - 2018-01-01 03:15 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2018-01-11 21:24 - 2018-01-01 03:15 - 000258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2018-01-11 21:24 - 2018-01-01 03:14 - 023655936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-01-11 21:24 - 2018-01-01 03:14 - 002465280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-01-11 21:24 - 2018-01-01 03:14 - 001495040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-01-11 21:24 - 2018-01-01 03:14 - 001097728 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2018-01-11 21:24 - 2018-01-01 03:14 - 001003008 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-01-11 21:24 - 2018-01-01 03:14 - 000985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-01-11 21:24 - 2018-01-01 03:14 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-01-11 21:24 - 2018-01-01 03:14 - 000870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-01-11 21:24 - 2018-01-01 03:13 - 013657600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-01-11 21:24 - 2018-01-01 03:13 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-01-11 21:24 - 2018-01-01 03:13 - 003121664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2018-01-11 21:24 - 2018-01-01 03:13 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-01-11 21:24 - 2018-01-01 03:13 - 002013184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-01-11 21:24 - 2018-01-01 03:13 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-01-11 21:24 - 2018-01-01 03:13 - 001474560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-01-11 21:24 - 2018-01-01 03:13 - 000897024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-01-11 21:24 - 2018-01-01 03:12 - 002633216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-01-11 21:24 - 2018-01-01 03:12 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-01-11 21:24 - 2018-01-01 03:12 - 001573376 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2018-01-11 21:24 - 2018-01-01 03:12 - 001547776 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-01-11 21:24 - 2018-01-01 03:12 - 001424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-01-11 21:24 - 2018-01-01 03:12 - 000760320 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2018-01-11 21:24 - 2018-01-01 03:12 - 000464384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2018-01-11 21:24 - 2018-01-01 03:11 - 008108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-01-11 21:24 - 2018-01-01 03:11 - 004748288 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-01-11 21:24 - 2018-01-01 03:11 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-01-11 21:24 - 2018-01-01 03:11 - 003165696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-01-11 21:24 - 2018-01-01 03:11 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-01-11 21:24 - 2018-01-01 03:11 - 002082304 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-01-11 21:24 - 2018-01-01 03:11 - 001955328 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistSvc.dll
2018-01-11 21:24 - 2018-01-01 03:11 - 001822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-01-11 21:24 - 2018-01-01 03:11 - 001816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-01-11 21:24 - 2018-01-01 03:11 - 001597952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-01-11 21:24 - 2018-01-01 03:11 - 001343488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2018-01-11 21:24 - 2018-01-01 03:11 - 001231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-01-11 21:24 - 2018-01-01 03:11 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-01-11 21:24 - 2018-01-01 03:11 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-01-11 21:24 - 2018-01-01 03:11 - 000715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-01-11 21:24 - 2018-01-01 03:10 - 003126272 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-01-11 21:24 - 2018-01-01 03:10 - 002528256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-01-11 21:24 - 2018-01-01 03:09 - 001487872 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-01-11 21:24 - 2018-01-01 03:09 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-01-11 21:24 - 2018-01-01 03:09 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-01-11 21:24 - 2018-01-01 03:09 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2018-01-11 21:24 - 2018-01-01 03:08 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-01-11 21:24 - 2018-01-01 03:08 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-01-11 21:24 - 2018-01-01 03:08 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-01-11 21:24 - 2018-01-01 03:08 - 000424448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2018-01-11 21:24 - 2018-01-01 03:06 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscproxystub.dll
2018-01-11 21:24 - 2018-01-01 03:05 - 002510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2018-01-11 21:24 - 2018-01-01 03:05 - 001160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2018-01-11 21:23 - 2018-01-01 03:24 - 000038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2018-01-11 21:23 - 2018-01-01 03:24 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\synth3dvideoproxy.dll
2018-01-11 21:23 - 2018-01-01 03:23 - 000260096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vfpctrl.exe
2018-01-11 21:23 - 2018-01-01 03:23 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\convertvhd.exe
2018-01-11 21:23 - 2018-01-01 03:23 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsif.dll
2018-01-11 21:23 - 2018-01-01 03:23 - 000047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2018-01-11 21:23 - 2018-01-01 03:23 - 000023040 _____ C:\WINDOWS\system32\hnsproxy.dll
2018-01-11 21:23 - 2018-01-01 03:23 - 000015872 _____ C:\WINDOWS\system32\hgclientserviceps.dll
2018-01-11 21:23 - 2018-01-01 03:22 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rfxvmt.dll
2018-01-11 21:23 - 2018-01-01 03:22 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2018-01-11 21:23 - 2018-01-01 03:22 - 000017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll
2018-01-11 21:23 - 2018-01-01 03:21 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2018-01-11 21:23 - 2018-01-01 03:21 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppLockerCSP.dll
2018-01-11 21:23 - 2018-01-01 03:21 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2018-01-11 21:23 - 2018-01-01 03:20 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-01-11 21:23 - 2018-01-01 03:20 - 000215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2018-01-11 21:23 - 2018-01-01 03:20 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2018-01-11 21:23 - 2018-01-01 03:20 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2018-01-11 21:23 - 2018-01-01 03:20 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2018-01-11 21:23 - 2018-01-01 03:20 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-01-11 21:23 - 2018-01-01 03:19 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-01-11 21:23 - 2018-01-01 03:19 - 000188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2018-01-11 21:23 - 2018-01-01 03:19 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2018-01-11 21:23 - 2018-01-01 03:19 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msoert2.dll
2018-01-11 21:23 - 2018-01-01 03:19 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2018-01-11 21:23 - 2018-01-01 03:18 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2018-01-11 21:23 - 2018-01-01 03:18 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll
2018-01-11 21:23 - 2018-01-01 03:18 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
2018-01-11 21:23 - 2018-01-01 03:18 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2018-01-11 21:23 - 2018-01-01 03:18 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2018-01-11 21:23 - 2018-01-01 03:17 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-01-11 21:23 - 2018-01-01 03:16 - 000966656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2018-01-11 21:23 - 2018-01-01 03:10 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscproxystub.dll
2018-01-11 21:23 - 2018-01-01 03:08 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
2018-01-11 21:23 - 2018-01-01 03:05 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-01-10 19:17 - 2018-01-10 19:17 - 000000000 ____D C:\WINDOWS\PCHEALTH
2018-01-06 10:53 - 2018-01-18 09:23 - 000000000 ____D C:\Users\Thomas\Desktop\Expense
2018-01-06 10:24 - 2018-01-06 10:24 - 003004608 _____ (imPcRemote LLC ) C:\Users\Thomas\Desktop\impcremote_tray_setup.exe
2018-01-06 09:56 - 2018-01-06 09:55 - 000026988 _____ C:\1_SetupLog-EDM-Remote-Setup_7.11.33.0.txt
2018-01-04 18:01 - 2018-01-04 18:54 - 000000000 ____D C:\Users\Thomas\Desktop\Schedule Forecast Sheets
2018-01-03 13:23 - 2018-01-04 17:52 - 000000000 ____D C:\Users\Thomas\Desktop\SqlDbxPersonal
2018-01-03 08:38 - 2018-01-18 08:58 - 000000000 ____D C:\Users\Thomas\Desktop\Per 1 Wk 3
2017-12-28 17:04 - 2017-12-28 20:06 - 000000000 ____D C:\Users\Thomas\Desktop\QSR Setup Files
2017-12-28 16:26 - 2017-12-28 17:05 - 000000000 ____D C:\Users\Thomas\Desktop\QSR
2017-12-27 21:22 - 2017-12-27 21:22 - 000092777 _____ C:\Users\Thomas\Desktop\Explorer Registration.pdf
2017-12-27 10:12 - 2017-12-27 10:16 - 000000000 ____D C:\Users\Thomas\Desktop\Text2Folders
2017-12-26 20:18 - 2017-12-26 20:18 - 000420521 _____ C:\Users\Thomas\Desktop\Text2Folders.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-21 14:20 - 2013-08-26 05:33 - 000000000 ____D C:\Users\Thomas\Documents\Outlook Files
2018-01-21 14:04 - 2017-12-11 09:00 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-01-21 11:16 - 2016-10-29 15:31 - 000000000 ____D C:\Users\Thomas\AppData\Local\LogMeInIgnition
2018-01-21 10:52 - 2016-11-15 18:51 - 000000000 ____D C:\Users\Thomas\AppData\LocalLow\Mozilla
2018-01-21 09:51 - 2017-12-11 09:57 - 000004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FE021765-4DFF-4C6A-8755-7383173B03F0}
2018-01-21 01:27 - 2017-12-11 09:57 - 000003262 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForThomas
2018-01-21 01:27 - 2017-11-15 14:16 - 000000366 _____ C:\WINDOWS\Tasks\HPCeeScheduleForThomas.job
2018-01-20 23:41 - 2017-09-29 05:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-01-20 23:41 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-01-20 23:41 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-01-20 23:11 - 2016-01-27 14:18 - 000001315 _____ C:\Users\Thomas\Documents\Plex Server.rdg
2018-01-20 20:44 - 2015-11-20 11:06 - 000000000 ____D C:\Users\Ralph\AppData\Local\Packages
2018-01-20 20:42 - 2017-12-11 09:09 - 000000000 ____D C:\Users\Ralph
2018-01-20 20:42 - 2015-11-20 11:06 - 000000000 ____D C:\Users\Ralph\AppData\Local\TileDataLayer
2018-01-20 20:42 - 2015-11-12 20:21 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-01-20 20:42 - 2013-04-12 21:02 - 000002332 _____ C:\Users\Ralph\Desktop\Google Chrome.lnk
2018-01-20 19:16 - 2017-12-11 09:11 - 000000000 ____D C:\Users\Thomas\AppData\Local\Packages
2018-01-20 19:15 - 2017-12-11 10:22 - 000000000 ____D C:\Users\Thomas\AppData\Local\PackageStaging
2018-01-20 19:00 - 2015-05-18 18:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-01-20 18:59 - 2015-05-18 18:02 - 000097344 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2018-01-20 18:58 - 2015-05-18 18:01 - 000000000 ____D C:\Program Files (x86)\Java
2018-01-20 18:57 - 2013-03-17 09:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2018-01-20 18:51 - 2014-07-05 08:53 - 000000000 ____D C:\Users\Thomas\AppData\Local\Adobe
2018-01-20 18:51 - 2012-02-18 09:29 - 000000000 ____D C:\WINDOWS\SysWOW64\Adobe
2018-01-20 18:35 - 2017-12-11 09:09 - 000000000 ____D C:\Users\DefaultAppPool
2018-01-20 18:22 - 2017-02-06 19:53 - 000000000 ____D C:\Users\Thomas\AppData\Roaming\CoreFTP
2018-01-20 18:22 - 2014-02-03 23:32 - 000000000 ____D C:\Users\Thomas\AppData\Roaming\IDM
2018-01-20 18:21 - 2017-12-10 21:33 - 000000000 ___DC C:\WINDOWS\Panther
2018-01-20 18:21 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-01-20 18:21 - 2017-09-29 05:44 - 000000000 ____D C:\WINDOWS\INF
2018-01-20 18:20 - 2017-05-30 08:16 - 000000000 ____D C:\Program Files\CCleaner
2018-01-20 18:19 - 2017-05-30 08:16 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-01-20 13:13 - 2017-12-11 09:57 - 000000446 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2018-01-20 13:12 - 2017-12-11 09:57 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-01-20 13:12 - 2015-07-18 20:32 - 000000008 __RSH C:\ProgramData\ntuser.pol
2018-01-20 13:11 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2018-01-20 13:11 - 2017-09-29 00:45 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2018-01-20 13:11 - 2009-07-13 19:20 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2018-01-20 11:24 - 2017-05-31 09:21 - 000000000 ____D C:\Users\Thomas\AppData\Roaming\Pulse Secure
2018-01-20 09:22 - 2012-02-21 14:58 - 000000000 ____D C:\ProgramData\LogMeIn
2018-01-20 09:20 - 2016-10-29 15:31 - 000000000 ____D C:\Users\Thomas\AppData\Local\LogMeIn Client
2018-01-19 22:38 - 2016-05-19 16:32 - 000000000 ____D C:\Users\Thomas\AppData\Roaming\AVG
2018-01-19 22:38 - 2016-05-19 16:26 - 000000000 ____D C:\Program Files (x86)\AVG
2018-01-19 22:38 - 2016-05-19 16:25 - 000000000 ____D C:\ProgramData\Avg
2018-01-19 22:38 - 2016-05-19 16:24 - 000000000 ____D C:\Users\Thomas\AppData\Local\Avg
2018-01-19 22:38 - 2012-02-19 10:28 - 000000000 ____D C:\ProgramData\Sonic
2018-01-19 11:07 - 2016-05-09 16:31 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-01-19 10:16 - 2016-05-19 16:24 - 000000000 ____D C:\Users\Thomas\AppData\Local\AvgSetupLog
2018-01-19 08:50 - 2015-07-10 21:52 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-01-19 08:50 - 2015-07-10 21:52 - 000000000 ____D C:\ProgramData\Fast Track Software Suite
2018-01-19 05:10 - 2017-08-15 11:03 - 000000666 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3514051097-1430166055-719602415-1001.job
2018-01-19 05:10 - 2017-08-15 11:03 - 000000570 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3514051097-1430166055-719602415-1001.job
2018-01-19 02:33 - 2017-12-11 09:57 - 000003834 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-3514051097-1430166055-719602415-1001
2018-01-19 02:33 - 2017-12-11 09:57 - 000003738 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-3514051097-1430166055-719602415-1001
2018-01-19 02:33 - 2017-08-15 11:03 - 000000000 ____D C:\Users\Thomas\AppData\Local\GoToMeeting
2018-01-18 20:37 - 2015-06-20 21:45 - 000000000 ____D C:\Users\Thomas\AppData\Roaming\spotmau
2018-01-18 20:37 - 2015-05-16 15:20 - 000000000 ____D C:\ProgramData\Spotmau
2018-01-18 11:03 - 2017-12-11 09:09 - 000000000 ____D C:\Users\Thomas
2018-01-18 10:14 - 2017-12-11 09:04 - 001202026 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-01-18 10:10 - 2017-09-29 00:45 - 019660800 _____ C:\WINDOWS\system32\config\HARDWARE
2018-01-18 09:36 - 2017-11-24 18:51 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-01-18 09:29 - 2017-08-19 20:53 - 000000000 ____D C:\Users\Thomas\Desktop\New folder
2018-01-18 09:23 - 2017-12-10 09:18 - 000000000 ____D C:\Users\Thomas\Desktop\OCS
2018-01-14 06:09 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\rescache
2018-01-11 22:11 - 2015-12-13 07:37 - 000000000 ___RD C:\Users\Thomas\3D Objects
2018-01-11 22:10 - 2017-12-11 09:00 - 000535096 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-01-11 22:06 - 2017-09-29 05:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-01-11 22:06 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-01-11 22:06 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-01-11 22:05 - 2017-09-29 05:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-01-11 22:05 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-01-11 22:05 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\system32\migwiz
2018-01-11 22:05 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-01-11 22:05 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\Provisioning
2018-01-11 22:05 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-01-11 22:05 - 2017-09-29 00:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-01-11 21:30 - 2017-09-29 05:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-01-11 21:27 - 2017-09-29 05:41 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2018-01-11 21:27 - 2017-09-29 05:41 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-01-11 21:27 - 2017-09-29 05:41 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-01-10 20:03 - 2016-11-21 08:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-01-10 19:27 - 2013-08-15 02:02 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-01-10 19:19 - 2017-10-12 17:01 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-01-10 19:19 - 2012-02-17 02:11 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-01-10 19:18 - 2015-06-20 22:23 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2018-01-10 19:16 - 2009-07-13 18:34 - 000000601 _____ C:\WINDOWS\win.ini
2018-01-09 20:11 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-01-09 20:11 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-01-06 10:24 - 2017-11-18 14:39 - 000000000 ____D C:\Program Files (x86)\imPcRemote
2018-01-06 10:24 - 2017-01-27 16:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\imPcRemote
2018-01-05 09:38 - 2016-11-21 08:20 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2018-01-05 09:38 - 2016-11-21 08:19 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-01-04 13:07 - 2015-09-13 08:07 - 000002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-04 01:19 - 2017-12-20 11:45 - 000000000 ____D C:\Users\Thomas\Desktop\GBV Misc
2017-12-31 20:22 - 2017-08-07 17:14 - 000000319 _____ C:\Users\Thomas\Desktop\Xpient Passwords.txt
2017-12-30 09:53 - 2017-10-16 06:47 - 000000152 _____ C:\WINDOWS\SysWOW64\pchw2Log.txt
2017-12-29 17:11 - 2017-10-27 09:43 - 000000748 _____ C:\Users\Thomas\Desktop\GBV Comcast.txt
2017-12-28 16:32 - 2017-12-20 11:09 - 000000000 ____D C:\Users\Thomas\Desktop\CKE Validation
2017-12-23 10:40 - 2017-12-11 08:54 - 000000000 ____D C:\Windows.old
2017-12-22 05:45 - 2017-09-29 05:49 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-12-22 05:45 - 2017-09-29 05:49 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2013-04-13 21:00 - 2013-04-13 21:00 - 000000031 _____ () C:\Users\Thomas\AppData\Roaming\Days5.ini
2012-11-15 00:20 - 2012-11-15 00:20 - 000007859 _____ () C:\Users\Thomas\AppData\Roaming\pcouffin.cat
2012-11-15 00:20 - 2012-11-15 00:20 - 000001167 _____ () C:\Users\Thomas\AppData\Roaming\pcouffin.inf
2012-11-15 00:20 - 2012-11-15 00:20 - 000000034 _____ () C:\Users\Thomas\AppData\Roaming\pcouffin.log
2012-11-15 00:20 - 2012-11-15 00:20 - 000082816 _____ (VSO Software) C:\Users\Thomas\AppData\Roaming\pcouffin.sys
2013-05-24 12:24 - 2013-06-01 19:23 - 000002039 _____ () C:\Users\Thomas\AppData\Roaming\SAS7_000.DAT
2015-05-12 21:51 - 2015-05-12 21:51 - 000001057 _____ () C:\Users\Thomas\AppData\Roaming\vso_ts_preview.xml
2017-01-01 08:16 - 2017-01-01 08:16 - 000000600 _____ () C:\Users\Thomas\AppData\Roaming\winscp.rnd
2013-04-24 12:46 - 2013-04-24 12:46 - 000000218 _____ () C:\Users\Thomas\AppData\Local\recently-used.xbel
2015-09-13 22:06 - 2015-10-05 11:38 - 000007606 _____ () C:\Users\Thomas\AppData\Local\resmon.resmoncfg

ZeroAccess:
C:\Windows\Installer\{fb4af4e3-55ea-6ba4-c706-0d6f88b499a3}

Some files in TEMP:
====================
2018-01-20 11:24 - 2018-01-20 11:24 - 002119552 _____ () C:\Users\Thomas\AppData\Local\Temp\dsHostCheckerSetup.exe
2018-01-20 11:23 - 2018-01-20 11:23 - 002136368 _____ (Pulse Secure, LLC) C:\Users\Thomas\AppData\Local\Temp\PSSetupClientInstaller.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-01-20 17:13

==================== End of FRST.txt ============================

Addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21.01.2018
Ran by Thomas (21-01-2018 14:26:01)
Running from C:\Users\Thomas\Desktop
Windows 10 Pro Version 1709 16299.192 (X64) (2017-12-11 17:58:32)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3514051097-1430166055-719602415-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3514051097-1430166055-719602415-503 - Limited - Disabled)
Guest (S-1-5-21-3514051097-1430166055-719602415-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3514051097-1430166055-719602415-1002 - Limited - Enabled)
Ralph (S-1-5-21-3514051097-1430166055-719602415-1005 - Limited - Enabled) => C:\Users\Ralph
Thomas (S-1-5-21-3514051097-1430166055-719602415-1001 - Administrator - Enabled) => C:\Users\Thomas
WDAGUtilityAccount (S-1-5-21-3514051097-1430166055-719602415-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1Click DVD Copy Pro 4.2.9.0 (HKLM-x32\...\1Click DVD Copy Pro_is1) (Version: - LG Software Innovations)
4 Elements II Collector's Edition (HKLM-x32\...\{301B6A6D-3586-42B4-BA0E-59E0921C9CA4}) (Version: 1.0.0 - LeeGT-Games)
64 Bit HP CIO Components Installer (HKLM\...\{3138F992-045B-4F55-825C-53B231E647CA}) (Version: 13.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Able Duplicate Finder 2.1 (HKLM-x32\...\Able Duplicate Finder_is1) (Version: - )
Able2Extract Professional v6.0 (HKLM-x32\...\Able2Extract Professional v6.0) (Version: - )
Ablebits.com Duplicate Remover for Microsoft Excel (HKLM-x32\...\{8B444B32-E6ED-40CC-9FFF-224BD3EB761C}) (Version: 4.2.16 - Add-in Express Ltd)
Active@ LiveCD 4 (HKLM-x32\...\{F09C52F9-660B-4FE3-8041-AFF6DB177FAA}_is1) (Version: 4 - LSoft Technologies Inc)
AcuRite Connect (HKLM-x32\...\{6E613C42-AC6D-457D-BE81-88811AD84473}) (Version: 1.1.9 - Chaney Instrument Co.)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 28.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.1.201 - Adobe Systems, Inc.)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: - Amazon)
Antique Shop 2 - Lost Gems - London (HKLM-x32\...\Antique Shop 2 - Lost Gems - London) (Version: 1.0.0 - LeeGT-Games)
Any Video Converter Ultimate 5.8.0 (HKLM-x32\...\Any Video Converter Ultimate_is1) (Version: - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Applian Director (HKLM-x32\...\Applian Director2.12) (Version: 2.12 - Applian Technologies Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.9.2322 - AVAST Software)
BetterJPEG 3 (HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\BetterJPEG3) (Version: 3.0.2.1 - BetterJPEG Team)
Bluetooth by hp (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9600 - Broadcom Corporation)
bpd_scan_Carrier (HKLM-x32\...\{05DC79C6-4213-45D3-BE8A-50B8B7C1F0E1}) (Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (HKLM-x32\...\{048DDE77-66D5-4335-8497-903856759B58}) (Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (HKLM-x32\...\{ED3D79A6-B3BB-4482-B226-0B620F97258A}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (HKLM-x32\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.213.000 - Hewlett-Packard) Hidden
Bulk Rename Utility 2.7.1.2 (HKLM\...\Bulk Rename Utility_is1) (Version: - TGRMN Software)
Bullzip PDF Printer 10.1.0.1871 (HKLM\...\Bullzip PDF Printer_is1) (Version: 10.1.0.1871 - Bullzip)
Buttons & OSDs control application gen2 (HKLM-x32\...\{5A627DFB-EA4C-4FFA-B711-69E849FB40D8}) (Version: 1.0.0.21 - Hewlett-Packard)
CCleaner (HKLM\...\CCleaner) (Version: 5.39 - Piriform)
CinEx HD Utility (HKLM-x32\...\CinEx HD Utility) (Version: - )
Cisco WebEx Meetings (HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version: - DownloadHelper)
ConvertXtoDVD 4.1.19.365 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.19.365 - )
Core FTP LE x64 (HKLM\...\{FEBD6FB7-F7A1-49D7-8348-0320D4E534A3}) (Version: 2.1.1887 - CoreFTP)
Cw75_InterNational_x64 (HKLM-x32\...\{FA39E17B-D2A8-4457-9D53-FC2889E5AC09}) (Version: 1.00.0000 - 会社名)
Dell System Detect (HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\d24084d039586cae) (Version: 8.5.0.4 - Dell)
Desktop Central - Free Windows Tools (HKLM-x32\...\{6B371D2F-7AAD-432D-A8C9-A46CC34FE026}) (Version: 6.00 - AdventNet)
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.213.000 - Hewlett-Packard) Hidden
DIRECTV GenieGO (HKLM-x32\...\{359BF4D0-CE16-4CD3-866E-27925C0447AE}) (Version: 2.3.0.20 - DIRECTV, LLC) Hidden
DIRECTV GenieGO (HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\InstallShield_{359BF4D0-CE16-4CD3-866E-27925C0447AE}) (Version: 2.3.0.20 - DIRECTV, LLC)
DirectX for Managed Code Update (Summer 2004) (HKLM-x32\...\{E9E34215-82EF-4909-BE2F-F581F0DC9062}) (Version: 9.02.2904 - Microsoft) Hidden
DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 140.0.100.000 - Hewlett-Packard) Hidden
Duplicate File Cleaner v2.6 (HKLM-x32\...\Duplicate File Cleaner_is1) (Version: - Cheese Software Ltd.)
DVD Menu Pack for HP TouchSmart Video (HKLM-x32\...\{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.1.4412 - Hewlett-Packard) Hidden
DVDFab 8.1.6.1 (04/02/2012) Qt (HKLM-x32\...\DVDFab 8 Qt_is1) (Version: - Fengtao Software Inc.)
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS)
EMCO MoveOnBoot 2.2 (HKLM\...\{9951DB6D-E55F-4A24-9EEB-BC8747AADBD3}) (Version: 2.2.10.3469 - EMCO Software)
EPSON Artisan 810 Series Printer Uninstall (HKLM\...\EPSON Artisan 810 Series) (Version: - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
Excel Password Recovery Lastic 1.2 (HKLM-x32\...\Excel Password Recovery Lastic_is1) (Version: - )
Extended Asian Language font pack for Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-A00000000004}) (Version: 11.0.0 - Adobe Systems Incorporated)
Facebook for HP TouchSmart (HKLM-x32\...\{8AE50893-3A87-4439-9A57-942ED43F7189}) (Version: 1.1.0004 - Hewlett-Packard)
Fast Track Software Suite (HKLM-x32\...\{B9684050-0BCF-44D0-9A8E-79D8DE309F21}) (Version: 2.27.20 - Phase Research) Hidden
FastStone Capture 8.1 (HKLM-x32\...\FastStone Capture) (Version: 8.1 - FastStone Soft)
FastStone Photo Resizer 3.5 (HKLM-x32\...\FastStone Photo Resizer) (Version: 3.5 - FastStone Soft.)
FastSum 1.7 Standard Edition and FastSum 1.9 Command-Line Edition (HKLM-x32\...\FastSum_is1) (Version: - Kirill Zinov)
Fax (HKLM-x32\...\{9294F169-72EE-4D74-AE92-CA25F64B4FF8}) (Version: 140.0.213.000 - Hewlett-Packard) Hidden
FREE Word and Excel password recovery Wizard version 2.1.15 (HKLM-x32\...\{BEE8AFD4-907F-4BD5-B2E9-6606291415E8}_is1) (Version: 2.1.15 - FREE Password Recovery Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
GoTo Opener (HKLM-x32\...\{8B2D47CC-1558-4939-B27F-41E30530072A}) (Version: 1.0.467 - LogMeIn, Inc.)
GoToMeeting 8.20.0.8199 (HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\GoToMeeting) (Version: 8.20.0.8199 - LogMeIn, Inc.)
GPBaseService2 (HKLM-x32\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.1.0.0 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP KEYBOARD (HKLM-x32\...\HP KEYBOARD_is1) (Version: 1.5.4.23 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{C5B6133F-8943-44F2-AF72-778E2701481A}) (Version: 1.0.8.0 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP OfficeJet L7300/L7500/7600/7700 (HKLM\...\{9D6C64CC-EA60-47A6-9C97-82C38231EDAE}) (Version: 14.0 - HP)
HP Officejet Pro K850 Series Toolbox (HKLM-x32\...\{4281A68E-F4D1-4E0F-B144-D7149630BFA1}) (Version: 1.00.0000 - Hewlett-Packard)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.5.37.19 - HP)
HP Support Solutions Framework (HKLM-x32\...\{CE7447C2-EF12-4EF3-BE51-BFC3B049C0F6}) (Version: 12.8.47.1 - HP)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP TouchSmart (HKLM-x32\...\{6839961F-1F33-404C-9478-DF85A20CF131}) (Version: 4.0.39.0 - Hewlett-Packard)
HP TouchSmart Calendar (HKLM-x32\...\{297FA7DE-08E5-44A6-8F66-9E26F61F4810}) (Version: 4.1.3869.29064 - Hewlett-Packard)
HP TouchSmart Canvas (HKLM-x32\...\{909CE9B4-76A7-4C3D-A9AC-CE231B3E4B40}) (Version: 2.0.3917.26233 - Hewlett-Packard)
HP TouchSmart Notes (HKLM-x32\...\{1F40643A-3489-4262-B7BA-F2EC6FA0A1C8}) (Version: 4.1.3916.21107 - Hewlett-Packard)
HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)
HP TouchSmart Twitter (HKLM-x32\...\{631705A2-6152-4879-A1F0-6EFBF12CD247}) (Version: 3.0.3910.29600 - Hewlett-Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
HPProductAssistant (HKLM-x32\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.213.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
imPcRemote Client (HKLM-x32\...\imPcRemote_is1) (Version: - imPcRemote LLC)
imPcRemote Manager (HKLM-x32\...\imPcRemote Manager_is1) (Version: - imPcRemote LLC)
Insane Jewels (HKLM-x32\...\Insane Jewels) (Version: 1.0.0 - LeeGT-Games)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
iVMS-4200(v2.03) (HKLM-x32\...\{7697245D-2E00-4B83-AD27-C051DE314D1F}) (Version: 2.3.1.3 - hikvision)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Jihosoft File Recovery version 8.2.4 (HKLM-x32\...\{BEC43ECB-3E62-4C87-A7CA-8A260D3876C7}_is1) (Version: 8.2.4 - ShenZhen JIHOSOFT Co., Ltd)
Karen's Directory Printer (HKLM-x32\...\Karen's Directory Printer) (Version: 5.3.0.2 - Karen Kenworthy)
Lazesoft Recovery Suite version 4.0 Unlimited Edition (HKLM-x32\...\LS-32CB12D5-CC47-4BC8-BC97-0613CDCB0406_is1) (Version: 4.0 - Lazesoft)
Learn ReportBuilder (HKLM-x32\...\{5A0FB92C-26DF-4E13-958D-509F3926A44B}) (Version: - Digital Metaphors) Hidden
Learn ReportBuilder (HKLM-x32\...\Learn ReportBuilder) (Version: - Digital Metaphors)
Learn ReportBuilder RAP (HKLM-x32\...\{0053271F-949A-41D7-B4CF-415B10CC10B7}) (Version: - Digital Metaphors) Hidden
Learn ReportBuilder RAP (HKLM-x32\...\Learn ReportBuilder RAP) (Version: - Digital Metaphors)
LiveUpdate 3.3 (Symantec Corporation) (HKLM-x32\...\LiveUpdate) (Version: 3.3.0.96 - Symantec Corporation)
Macrium Reflect Free Edition (HKLM\...\{77A97A7F-31F6-496A-9625-589717602062}) (Version: 6.3.1821 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.3 - Paramount Software (UK) Ltd.)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
MarketResearch (HKLM-x32\...\{D360FA88-17C8-4F14-B67F-13AAF9607B12}) (Version: 140.0.214.000 - Hewlett-Packard) Hidden
MediaInfo 0.7.73 (HKLM\...\MediaInfo) (Version: 0.7.73 - MediaArea.net)
MediaTab (HKLM\...\MediaTab) (Version: 1.4 - ShalafiSoft)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Report Builder 2.0 (HKLM-x32\...\{91CB3AD8-DFA7-4BA5-86F7-4DA10724CF5F}) (Version: 10.0.1600.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Theme Pack for HP TouchSmart Video (HKLM-x32\...\{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.1.4412 - Hewlett-Packard) Hidden
Mozilla Firefox 52.0.1 ESR (x64 en-US) (HKLM\...\Mozilla Firefox 52.0.1 ESR (x64 en-US)) (Version: 52.0.1 - Mozilla)
Mozilla Firefox 57.0.4 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0.4 (x64 en-US)) (Version: 57.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.4.6577 - Mozilla)
MPM (HKLM-x32\...\{B5A4C902-1636-48DB-8E38-F0DB102DDB59}) (Version: 1.00.0000 - Hewlett-Packard)
NetTime (HKLM-x32\...\NetTime_is1) (Version: - Mark Griffiths)
Network64 (HKLM\...\{48C0866E-57EB-444C-8371-8E4321066BC3}) (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (HKLM\...\{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}) (Version: 140.0.221.000 - Hewlett-Packard) Hidden
No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.0.1 - Vitalwerks Internet Solutions LLC)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.2.2 - Notepad++ Team)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Office Password Unlocker (HKLM-x32\...\{F5656363-D1F7-41B9-B73D-5A8CA56E44C3}_is1) (Version: - Office Password Unlocker, Inc.)
Office Product Key Finder 1.2 (HKLM-x32\...\Office Product Key Finder_is1) (Version: - Nsasoft, LLC.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Outlook Password Unlocker 3.0.1.4 (HKLM-x32\...\{B5478E1B-1778-4C0E-AA21-04DCAB318733}_is1) (Version: - Password Unlocker Studio)
Pavtube Video DVD Converter Ultimate Ver 4.8.6.0 (HKLM-x32\...\Pavtube Video DVD Converter Ultimate Pre-Activat~CDA04184_is1) (Version: - )
pcAnywhere Hot Fix 4 - TECH182142 (HKLM-x32\...\{693BEB0A-A1CB-44C6-93F1-70C4485102C6}) (Version: 1.0.1026 - Symantec Corporation)
PCHelpWareV2 (HKLM-x32\...\{384FCC24-4F6C-4CE7-A629-002BD6350915}) (Version: 1.0.0 - uvnc bvba)
PCHelpWareV2Server (HKLM-x32\...\{B7EA9D5D-82CB-4B82-BAB7-3ACFDD210D2D}) (Version: 1.0.0 - uvnc bvba)
Pulse Secure Host Checker (HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\PulseSecure_Host_Checker) (Version: 8.3.4.60519 - Pulse Secure, LLC)
Pulse Secure Setup Client (HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\Pulse_Setup_Client) (Version: 8.3.4.1161 - Pulse Secure, LLC)
Pulse Secure Setup Client 64-bit Activex Control (HKLM\...\Pulse_Setup_Client Activex Control) (Version: 2.1.1.1 - Pulse Secure, LLC)
PuTTY (HKLM-x32\...\{ED9EF59B-0799-428E-823D-6D2B7B4FE2E0}) (Version: 0.67.0.0 - Simon Tatham)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RBVirtualFolder64Inst (HKLM\...\{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}) (Version: 1.00.0000 - Roxio, Inc.) Hidden
Recovery Toolbox for Outlook 3.4 (HKLM-x32\...\Recovery Toolbox for Outlook_is1) (Version: - Recovery ToolBox)
Remote Desktop Connection Manager (HKLM-x32\...\{0240359E-6A4C-4884-9E94-B397A02D893C}) (Version: 2.7.14060 - Microsoft Corporation)
Replay Converter 4 (HKLM-x32\...\Replay Converter 4) (Version: 4.20 - Applian Technologies Inc.)
Replay Media Catcher 4 (4.4.3) (HKLM-x32\...\Replay Media Catcher 4) (Version: 4.4.3 - Applian Technologies)
Replay Media Splitter 1.10.1106.26 (HKLM-x32\...\Replay_Media_Splitter_1.2) (Version: 1.10.1106.26 - Applian Technologies Inc.)
Replay Music (HKLM-x32\...\Replay Music4.40B) (Version: 4.40B - Applian Technologies Inc.)
Replay Video Capture 5 (HKLM-x32\...\Replay Video Capture5.4.2) (Version: 5.4.2 - Applian Technologies Inc.)
Resource Hacker Version 4.2.5 (HKLM-x32\...\ResourceHacker_is1) (Version: - )
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
RouterPasswordDecryptor v3.0 (HKLM-x32\...\RouterPasswordDecryptor) (Version: 3.0 - SecurityXploded)
Roxio CinePlayer (HKLM-x32\...\{C03F3D5B-0D83-4F81-A324-32F4E7F1BF6A}) (Version: 5.6 - Roxio)
Roxio Creator 2011 Content (HKLM-x32\...\{9F717571-FEE8-45CD-8B03-5B2D06AD28F7}) (Version: 13.0.098 - Roxio)
Roxio Creator 2011 Pro (HKLM-x32\...\{4433FF9E-AF21-4E41-B296-4E13BF4D52F5}) (Version: 13.0 - Roxio)
Roxio PhotoShow (HKLM-x32\...\Roxio PhotoShow) (Version: 6.0 - Sonic Solutions)
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.102 - RoxioNow)
Samsung Kies (HKLM-x32\...\{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15075.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15075.2 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
save2pc 5.17 (HKLM-x32\...\save2pc & music2pc_is1) (Version: - FDRLab, Inc.)
Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.167.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.0.15064.11 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.0.15064.11 - Samsung Electronics Co., Ltd.)
SmartSound Common Data (HKLM-x32\...\{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Quicktracks 5 (HKLM-x32\...\{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.7 - SmartSound Software Inc.) Hidden
SmartWebPrinting (HKLM-x32\...\{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}) (Version: 140.0.213.000 - Hewlett-Packard) Hidden
SolutionCenter (HKLM-x32\...\{BC5DD87B-0143-4D14-AAE6-97109614DC6B}) (Version: 140.0.214.000 - Hewlett-Packard) Hidden
Spiceworks Desktop (HKLM-x32\...\Spiceworks) (Version: 7.4.0119 - Spiceworks, Inc.)
Spotmau PowerSuite Golden 2012 (build 7.0.1) (HKLM-x32\...\{182201E0-FCBA-4667-B226-B5AE3F4C623D}_is1) (Version: - Spotmau Software Co., Ltd.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.5.43 - Safer-Networking Ltd.)
Status (HKLM-x32\...\{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}) (Version: 140.0.256.000 - Hewlett-Packard) Hidden
Streaming Video Recorder V4.1.1 (HKLM\...\{2CD65167-671F-49A3-B6C7-3B919DF028E2}_is1) (Version: 4.1.1 - Apowersoft)
StreamTransport version: 1.0.2.2171 (HKLM-x32\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version: - )
Surveillance_client version 1.1.36 (HKLM-x32\...\{8EE152D1-61CD-406B-84EC-144BFDADB7D2}_is1) (Version: 1.1.36 - Dvrsoft Systems, Inc.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Chronicles of Noahs Ark (HKLM-x32\...\The Chronicles of Noahs Ark) (Version: 1.0.0.2 - LeeGT-Games)
The Mahjong Huntress (HKLM-x32\...\The Mahjong Huntress) (Version: 1.0.0 - LeeGT-Games)
Toolbox (HKLM-x32\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (HKLM-x32\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.213.000 - Hewlett-Packard) Hidden
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
UltraVnc (HKLM\...\Ultravnc2_is1) (Version: 1.2.1.2 - uvnc bvba)
Update for Skype for Business 2015 (KB4011638) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8B0F5A1C-5EFC-423D-91C5-EAB7F8CEC9E7}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4011638) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8B0F5A1C-5EFC-423D-91C5-EAB7F8CEC9E7}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4011638) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{8B0F5A1C-5EFC-423D-91C5-EAB7F8CEC9E7}) (Version: - Microsoft)
USSC Web Components (HKLM-x32\...\{4AD000A7-A6AD-46B1-95DC-11912B026D37}_is1) (Version: - )
VD64Inst (HKLM\...\{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}) (Version: 1.00.0000 - Roxio, Inc.) Hidden
VersaCheck Platinum 2010 (HKLM-x32\...\{086026D0-B765-4C19-8654-43D0E110F5E5}) (Version: 10.0.1.0 - G7 Productivity Systems, Inc.)
Video Enhancer 1.9.10 (HKLM-x32\...\Video Enhancer_is1) (Version: - Infognition Co. Ltd.)
Video Padlock (HKLM-x32\...\Video Padlock1.14) (Version: 1.14 - Applian Technologies Inc.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN)
WD Access (HKLM-x32\...\{046643f7-6206-46bb-8968-92c37fee39e0}) (Version: 1.4.5949.29996 - Western Digital Technologies, Inc.)
WD Access (HKLM-x32\...\{C0624809-D60D-4AFF-8AF3-9452125AF4C1}) (Version: 1.4.5949.29996 - Western Digital Technologies, Inc) Hidden
WebReg (HKLM-x32\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.213.017 - Hewlett-Packard) Hidden
Website Ripper Copier (HKLM-x32\...\Website Ripper Copier) (Version: 3.9.1 - )
WinDirStat 1.1.2 (HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\WinDirStat) (Version: - )
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinHTTrack Website Copier 3.48-21 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.48.21 - HTTrack)
WinPcap 4.1.2-Spiceworks (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 4.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
Workspace Desktop (HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\workspacedesktop) (Version: - Starfield Technologies)
XMedia Recode version 3.1.9.1 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.9.1 - XMedia Recode)
Zoom (HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\ZoomUMX) (Version: 4.0 - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3514051097-1430166055-719602415-1001_Classes\CLSID\{011C46A2-AD76-339E-9581-B5854D08C2B2}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3514051097-1430166055-719602415-1001_Classes\CLSID\{0B0DD328-2A55-3B40-B932-B71E51F41389}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3514051097-1430166055-719602415-1001_Classes\CLSID\{1BFB1268-6353-495A-AB78-97BF7CAB4D59}\InprocServer32 -> C:\Users\Thomas\AppData\Local\Workspace\gdeditwrapperax64.dll (Starfield Technologies)
CustomCLSID: HKU\S-1-5-21-3514051097-1430166055-719602415-1001_Classes\CLSID\{4D766FD3-B880-49D3-B7BD-6CF925221E04}\InprocServer32 -> C:\Program Files\Roxio 2011\Virtual Drive 10\DC_ShellExt64.dll (Sonic Solutions)
CustomCLSID: HKU\S-1-5-21-3514051097-1430166055-719602415-1001_Classes\CLSID\{4F8ABD16-E446-43C3-A154-484F507060B4}\InprocServer32 -> C:\Users\Thomas\AppData\Roaming\Add-in Express\Duplicate Remover for Microsoft Excel\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-3514051097-1430166055-719602415-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Thomas\AppData\Local\GoToMeeting\8034\G2MOutlookAddin64.dll (LogMeIn, Inc.)
CustomCLSID: HKU\S-1-5-21-3514051097-1430166055-719602415-1001_Classes\CLSID\{869C14C8-1830-491F-B575-5F9AB40D2B42}\InprocServer32 -> C:\Program Files\MediaInfo\MediaInfo_InfoTip.dll (hxxp://MediaArea.net/MediaInfo)
CustomCLSID: HKU\S-1-5-21-3514051097-1430166055-719602415-1001_Classes\CLSID\{B5B8593C-89BC-44a7-BCE3-32FE4FED7C5C}\InprocServer32 -> C:\Users\Thomas\AppData\Local\Workspace\wbetoolsax64.dll (Starfield Technology, LLC)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-20] (AVAST Software)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-20] (AVAST Software)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2014-04-21] (Tonec Inc.)
ShellIconOverlayIdentifiers: [off0] -> {8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll [2012-05-30] (Starfield Technologies, LLC)
ShellIconOverlayIdentifiers: [off1] -> {8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll [2012-05-30] (Starfield Technologies, LLC)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2015-04-15] ()
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-20] (AVAST Software)
ContextMenuHandlers1: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files\Bulk Rename Utility\BRUhere64.dll [2010-06-20] (Bulk Rename Utility)
ContextMenuHandlers1: [FastSum Pro] -> {3EBECDE6-3E57-4AC2-A6A9-316C00CE1FA2} => C:\Program Files (x86)\FastSum\Ext\SFastSum64.dll [2011-07-31] ()
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2015-06-16] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2015-06-16] (Safer-Networking Ltd.)
ContextMenuHandlers1: [ShellConverter] -> {30A4E07E-068A-4d91-8F05-691283A1336B} => C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSShellConverter64.dll [2012-12-25] (Online Media Technologies Ltd.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-02-17] ()
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2012-02-17] ()
ContextMenuHandlers2: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files\Bulk Rename Utility\BRUhere64.dll [2010-06-20] (Bulk Rename Utility)
ContextMenuHandlers2: [FastSum Pro] -> {3EBECDE6-3E57-4AC2-A6A9-316C00CE1FA2} => C:\Program Files (x86)\FastSum\Ext\SFastSum64.dll [2011-07-31] ()
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-20] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers4: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files\Bulk Rename Utility\BRUhere64.dll [2010-06-20] (Bulk Rename Utility)
ContextMenuHandlers4: [FastSum Pro] -> {3EBECDE6-3E57-4AC2-A6A9-316C00CE1FA2} => C:\Program Files (x86)\FastSum\Ext\SFastSum64.dll [2011-07-31] ()
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-02-17] ()
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2012-02-17] ()
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-20] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2015-06-16] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2015-06-16] (Safer-Networking Ltd.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-02-17] ()
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2012-02-17] ()
ContextMenuHandlers1_S-1-5-21-3514051097-1430166055-719602415-1001: [RXDCExtSvr] -> {4D766FD3-B880-49D3-B7BD-6CF925221E04} => C:\Program Files\Roxio 2011\Virtual Drive 10\DC_ShellExt64.dll [2010-07-14] (Sonic Solutions)
ContextMenuHandlers2_S-1-5-21-3514051097-1430166055-719602415-1001: [RXDCExtSvr] -> {4D766FD3-B880-49D3-B7BD-6CF925221E04} => C:\Program Files\Roxio 2011\Virtual Drive 10\DC_ShellExt64.dll [2010-07-14] (Sonic Solutions)
ContextMenuHandlers6_S-1-5-21-3514051097-1430166055-719602415-1001: [RXDCExtSvr] -> {4D766FD3-B880-49D3-B7BD-6CF925221E04} => C:\Program Files\Roxio 2011\Virtual Drive 10\DC_ShellExt64.dll [2010-07-14] (Sonic Solutions)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {008BBC4D-6825-43C6-ACF1-79D5EFA9A5DA} - System32\Tasks\{EDC0046F-07AC-4EB7-A048-B8D294F4E726} => C:\Windows\system32\pcalua.exe -a "C:\Users\Thomas\Downloads\SP3_R2-2014-02-03\SP3 R2\Infusion_Launcher.exe" -d "C:\Users\Thomas\Downloads\SP3_R2-2014-02-03\SP3 R2"
Task: {030DDA47-46EF-4A63-B957-8505D0701A67} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {04890AA9-DA0B-4BBA-8241-E7F02DA98AA9} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0CA7BA1B-C92E-4E34-8163-614483F71871} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {0E4C5AB2-3A48-41AB-9163-CFF702CBACB1} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0F6691F1-1628-4CBD-A482-5DD014D8E152} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {122A19F7-BBD3-4EAF-A15A-EFD9320456AF} - System32\Tasks\{B90920B0-DFF1-432E-87A9-9A2857CC0E4E} => C:\Windows\system32\pcalua.exe -a C:\Users\Thomas\Desktop\setup.exe -d C:\Users\Thomas\AppData\Roaming\IDM
Task: {12CDDE32-B11A-4B67-957D-5548A641293A} - System32\Tasks\{8B318B25-29AC-42AD-9866-9B53ABC9039F} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Microsoft Security Client\Setup.exe" -c /x
Task: {14D5C998-CA68-4657-A500-216F7086B006} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-13] (Google Inc.)
Task: {1797E4F5-AE4F-4AA3-A2F1-60D44CDF1920} - System32\Tasks\{4081608E-4DB7-40B1-B6F7-8D7B6E30ABBF} => C:\Windows\system32\pcalua.exe -a "C:\Users\Thomas\Documents\Packager\Deployment\GBV Full Product Install.exe" -d C:\Users\Thomas\Documents\Packager\Deployment
Task: {1939D702-5242-4B04-AB11-2EACDEA83BF2} - \FGZ5DsvrQbzf -> No File <==== ATTENTION
Task: {264AF36B-DADC-4336-BDAC-60E00255AA2B} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {29E0B605-CA0A-49AD-9BCB-26F999ABF9C7} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2A2DED0D-20C4-411A-B32A-F73F70F738CB} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-01-20] (AVAST Software)
Task: {2AE401A3-6485-4C34-BE86-C1595C3A98AF} - System32\Tasks\{8445013A-CFD5-4908-922B-6F77D945F298} => C:\Windows\system32\pcalua.exe -a D:\PCA\pcAnywhere_12.5_SP3.exe -d D:\PCA
Task: {2C494C68-E2E6-46ED-B6C4-F0FB6C3B2CAB} - System32\Tasks\G2MUpdateTask-S-1-5-21-3514051097-1430166055-719602415-1001 => C:\Users\Thomas\AppData\Local\GoToMeeting\8199\g2mupdate.exe [2018-01-19] (LogMeIn, Inc.)
Task: {3037B933-A577-4055-88C0-DD08A3F869FC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-01-09] (Adobe Systems Incorporated)
Task: {332097DD-8AE0-4B75-9B5F-DE69D978D9A7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-11-08] (HP Inc.)
Task: {34B580A9-D14B-4212-897A-ABF8EF5BCCA9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {3912F321-3865-49E6-8087-86955C43BD07} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {3CBEE0E4-3D3A-42BD-8D6A-36D28A37280F} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-01-20] (AVAST Software)
Task: {43056485-495E-41A6-9D27-DED2DADA3B72} - System32\Tasks\{FFEC5F09-0DF5-4126-A6FC-F4BF05E8FD85} => C:\Windows\system32\pcalua.exe -a C:\Users\Thomas\Desktop\OutlookPRSetup(1).exe -d C:\Users\Thomas\Desktop
Task: {46F36D64-6EB4-43C2-8A82-E290142A8B77} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {5096B642-394E-4D7D-B7EB-98F5D75828AE} - System32\Tasks\{D6FA7412-DCE1-442E-9E19-F44058C2B5BC} => C:\Windows\system32\pcalua.exe -a D:\LearnRB.exe -d D:\
Task: {5115AD79-DBE3-4577-BBC1-422311B52188} - System32\Tasks\G2MUploadTask-S-1-5-21-3514051097-1430166055-719602415-1001 => C:\Users\Thomas\AppData\Local\GoToMeeting\8199\g2mupload.exe [2018-01-19] (LogMeIn, Inc.)
Task: {51D46654-CD42-4136-B504-272A75F53BFB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {566A691E-E3C5-4C5C-B544-71B3F776241D} - System32\Tasks\{54A4AC75-5255-4D6B-8FA7-EBC4F3D099D2} => C:\Windows\system32\pcalua.exe -a D:\cpm.exe -d D:\
Task: {5AEC4DF5-974A-441E-8DE6-A8C57DBB8173} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {5D51E6ED-32F7-4D6F-9ACE-C879C2A711E9} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {65AF57AD-19BE-47E8-8564-BC6631B1A715} - System32\Tasks\{1F0906E6-3884-4B00-8DB5-0891C045E471} => C:\Program Files (x86)\Top Password\Outlook Password Recovery.exe
Task: {6684EF42-3C8E-4AB2-A33D-2C494B7B046D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {692D6E91-F010-4FF1-AAEE-C53ACC135A8D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {6A4D9D5F-2BB3-4371-9656-451DE1C6EF5A} - System32\Tasks\{C4CC8763-35AE-42C8-9B21-9F77C821F41C} => C:\Windows\system32\pcalua.exe -a D:\LearnRAP.exe -d D:\
Task: {6DAFCF23-5C88-4E71-A42E-0EF55D3109A3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {7071A30C-7CFC-439D-95B5-1AB29AA3B01B} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {71C4DF35-C899-43BA-9392-8126B84B3AF7} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {7A2DFC50-15EC-4AB8-9F18-4923BDDFDFD7} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {7B4AD7B8-B12E-4096-947B-A747A41CAA2F} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7BFF6038-B0B8-4BA3-86DA-9814865B29BE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {7CBD65AB-CB47-4618-8292-F787ABBBA4F2} - System32\Tasks\AGProxyCheck => C:\Program [Argument = Files (x86)\AnonymizerGadget\AGService.exe /recove]
Task: {7D642250-8688-4151-94F8-38CEE1AEEACB} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {818C5F64-92C0-446D-A31D-F4DA85656851} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {82A43266-BE09-4B38-B5C4-D1786C10A6B2} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {8307689F-C4DC-4877-95FD-977C1D6E1CCF} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-12-19] (Oracle Corporation)
Task: {861A1ADF-FC69-4111-9654-B57CBB1BE981} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {86E5D015-1DBF-48F1-A766-9F5E7ABEA972} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-01-09] (Piriform Ltd)
Task: {8B56D738-06CC-4361-803F-8F12CDB5367B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {9368EEA1-6B56-4720-A2BA-015A6E6A4300} - System32\Tasks\{082414D4-DECD-45ED-8D36-70DF77CE578F} => C:\Program Files (x86)\Top Password\Outlook Password Recovery.exe
Task: {9CA895BA-7BE1-4726-9F3C-7DB0723062F2} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9DD50FE8-7894-4645-962F-313094279460} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9FA2A439-FE1F-4E51-8E33-32CE3FDA3525} - System32\Tasks\{A229EEF0-259B-45AF-AA6E-DFC19D4A916A} => C:\Windows\system32\pcalua.exe -a "C:\Users\Thomas\Desktop\Work\CARL'S JR\Fast Track PC Software Setup 2.27.exe" -d "C:\Users\Thomas\Desktop\Work\CARL'S JR"
Task: {A33BF2D0-40E1-4D0D-9F3C-EE88239E0931} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {A5EF40D9-72FF-4377-BC13-E2B53F7046DB} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-01-09] (Piriform Ltd)
Task: {A8B3540E-8C75-4FFB-B27B-CEC266D2822C} - System32\Tasks\{5ED44850-6D51-465C-8E64-4FA514C44DF3} => C:\Users\Thomas\Desktop\setup.exe
Task: {B3E66B62-C792-4962-AFD2-7966093DF344} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B4DE15FC-0B6E-42A7-9F4B-DAEFDB189B1E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-13] (Google Inc.)
Task: {B6625B62-E768-4E05-9B5C-E2687E0494D8} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {BCDC45A7-7F35-4A39-B052-B5F6E82F26CA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-01-10] (HP Inc.)
Task: {BE5A1B82-5B7A-4E4C-997C-FC6FEACFB3BF} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {C3E0DCF7-D117-4BC7-8649-6DF4E56A07FE} - System32\Tasks\{A0654F33-9C7E-47BF-BE0F-BC02A70FB926} => C:\Windows\system32\pcalua.exe -a C:\Users\Thomas\Downloads\Compressed\DD\DrDeleteExeandSourceRARSFX.exe -d C:\Users\Thomas\Downloads\Compressed\DD
Task: {C5B7DC36-AE41-418D-9515-8590AD0D931D} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C6280E09-BD92-4A13-8B48-7C4EDBFDF327} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {C90D64E8-E228-4811-990C-51863402BEA5} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {CEDB01A5-51D2-463E-8419-D0E3F1DBF5DE} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-15] ()
Task: {CF43E065-6E44-47BC-8BE7-5DABF931489B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-11-08] (HP Inc.)
Task: {DA662B32-FAEA-4097-ACFE-51959443F98B} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DE5A407F-A215-4E6C-AC97-3FBDE647B7CA} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E2CA905C-54D6-4686-8F67-D94A67767374} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {E47A5808-1830-4937-AB36-A6913A4C1B26} - System32\Tasks\HPCeeScheduleForThomas => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-01-22] (Hewlett-Packard)
Task: {EBF20C53-E485-4222-ABB2-A0F13E523B5A} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {ED7CE213-8779-43D3-A45F-E0BCDC328D3A} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe [2010-09-03] (CyberLink)
Task: {F0C37CE5-92C2-46FF-8C53-433F366D579C} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
Task: {F3144A31-131A-4F51-B7ED-1B79299A0B03} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {F41F2ECA-E036-438F-B258-8B5ACD8A1321} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F52339C6-1F63-4096-A9A8-5B1D1D5E1357} - System32\Tasks\{C0D4C62C-4077-4080-9968-FB1B5F838CE2} => C:\Program Files (x86)\Top Password\Outlook Password Recovery.exe
Task: {FAEFCD16-5B5B-4628-BFD0-44264F09D384} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FD54B222-90AD-48FB-8669-7C5D6F56501F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3514051097-1430166055-719602415-1001.job => C:\Users\Thomas\AppData\Local\GoToMeeting\8199\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3514051097-1430166055-719602415-1001.job => C:\Users\Thomas\AppData\Local\GoToMeeting\8199\g2mupload.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForThomas.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\projects\New folder\Fast Track\F Drive\Fast Track Shortcuts\0_DAILY_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daily.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\projects\New folder\Fast Track\F Drive\Fast Track Shortcuts\1_Breakfast 6am-11am_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart1.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\projects\New folder\Fast Track\F Drive\Fast Track Shortcuts\2_Lunch 11am-2pm_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart2.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\projects\New folder\Fast Track\F Drive\Fast Track Shortcuts\3_Mid-Day 2pm-5pm_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart3.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\projects\New folder\Fast Track\F Drive\Fast Track Shortcuts\4_Dinner 5pm-8pm_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart4.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\projects\New folder\Fast Track\F Drive\Fast Track Shortcuts\5_Late-Night 8pm-10pm_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart5.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\projects\New folder\Fast Track\F Drive\Fast Track Shortcuts\6_Really-Late-Night 10pm-12am_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart6.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\projects\New folder\Fast Track\F Drive\Fast Track Shortcuts\7_Graveyard 12am-6am_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart7.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\projects\New folder\Fast Track\F Drive\Fast Track Shortcuts\Remote.lnk -> C:\ProgramData\Fast Track Software Suite\Remote.BAT (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\projects\New folder\Fast Track\F Drive\Fast Track Shortcuts\Reports.lnk -> C:\ProgramData\Fast Track Software Suite\Reports.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Passport BU\NTFS\Documents and Settings\PAR\Start Menu\Programs\PAR POS Device Drivers\unInstall PAR POS Device Drivers.lnk -> C:\Program Files\PARTech\PARDeviceDrivers\parunins.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Work\Batch File\Fast Track Software Suite\Fast Track Shortcuts\ODR DAILY.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daily.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Work\Batch File\Fast Track Software Suite\Fast Track Shortcuts\ODR_Daypart1.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart1.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Work\Batch File\Fast Track Software Suite\Fast Track Shortcuts\ODR_Daypart2.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart2.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Work\Batch File\Fast Track Software Suite\Fast Track Shortcuts\ODR_Daypart3.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart3.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Work\Batch File\Fast Track Software Suite\Fast Track Shortcuts\ODR_Daypart4.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart4.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Work\Batch File\Fast Track Software Suite\Fast Track Shortcuts\ODR_Daypart5.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart5.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Work\Batch File\Fast Track Software Suite\Fast Track Shortcuts\ODR_Daypart6.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart6.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Work\Batch File\Fast Track Software Suite\Fast Track Shortcuts\ODR_Daypart7.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart7.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Work\Batch File\Fast Track Software Suite\Fast Track Shortcuts\ODR_Daypart8.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart8.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Work\Batch File\Fast Track Software Suite\Fast Track Shortcuts\Remote.lnk -> C:\ProgramData\Fast Track Software Suite\Remote.BAT (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Work\Batch File\Fast Track Software Suite\Fast Track Shortcuts\Reports.lnk -> C:\ProgramData\Fast Track Software Suite\Reports.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\New folder\Fast Track Shortcuts\0_DAILY_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daily.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\New folder\Fast Track Shortcuts\1_Breakfast 6am-11am_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart1.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\New folder\Fast Track Shortcuts\2_Lunch 11am-2pm_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart2.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\New folder\Fast Track Shortcuts\3_Mid-Day 2pm-5pm_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart3.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\New folder\Fast Track Shortcuts\4_Dinner 5pm-8pm_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart4.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\New folder\Fast Track Shortcuts\5_Late-Night 8pm-10pm_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart5.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\New folder\Fast Track Shortcuts\6_Really-Late-Night 10pm-12am_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart6.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\New folder\Fast Track Shortcuts\7_Graveyard 12am-6am_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart7.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\New folder\Fast Track Shortcuts\Remote.lnk -> C:\ProgramData\Fast Track Software Suite\Remote.BAT (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\New folder\Fast Track Shortcuts\Reports.lnk -> C:\ProgramData\Fast Track Software Suite\Reports.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\Fast Track Shortcuts\0_DAILY_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daily.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\Fast Track Shortcuts\1_Breakfast 6am-11am_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart1.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\Fast Track Shortcuts\2_Lunch 11am-2pm_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart2.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\Fast Track Shortcuts\3_Mid-Day 2pm-5pm_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart3.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\Fast Track Shortcuts\4_Dinner 5pm-8pm_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart4.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\Fast Track Shortcuts\5_Late-Night 8pm-10pm_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart5.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\Fast Track Shortcuts\6_Really-Late-Night 10pm-12am_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart6.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\Fast Track Shortcuts\7_Graveyard 12am-6am_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart7.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\Fast Track Shortcuts\Remote.lnk -> C:\ProgramData\Fast Track Software Suite\Remote.BAT (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\Fast Track Shortcuts\Reports.lnk -> C:\ProgramData\Fast Track Software Suite\Reports.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\Drive Timer Config\F Drive\Fast Track Shortcuts\0_DAILY_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daily.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\Drive Timer Config\F Drive\Fast Track Shortcuts\1_Breakfast 6am-11am_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart1.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\Drive Timer Config\F Drive\Fast Track Shortcuts\2_Lunch 11am-2pm_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart2.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\Drive Timer Config\F Drive\Fast Track Shortcuts\3_Mid-Day 2pm-5pm_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart3.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\Drive Timer Config\F Drive\Fast Track Shortcuts\4_Dinner 5pm-8pm_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart4.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\Drive Timer Config\F Drive\Fast Track Shortcuts\5_Late-Night 8pm-10pm_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart5.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\Drive Timer Config\F Drive\Fast Track Shortcuts\6_Really-Late-Night 10pm-12am_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart6.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\Drive Timer Config\F Drive\Fast Track Shortcuts\7_Graveyard 12am-6am_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart7.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\Drive Timer Config\F Drive\Fast Track Shortcuts\Remote.lnk -> C:\ProgramData\Fast Track Software Suite\Remote.BAT (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\Drive Timer Config\F Drive\Fast Track Shortcuts\Reports.lnk -> C:\ProgramData\Fast Track Software Suite\Reports.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\Lexar\PAR Terminal Recovery\Vigo 3.50\Extracted\NTFS\Documents and Settings\PAR\Start Menu\Programs\PAR POS Device Drivers\unInstall PAR POS Device Drivers.lnk -> C:\Program Files\PARTech\PARDeviceDrivers\parunins.bat (No File)

ShortcutWithArgument: C:\Users\Thomas\Desktop\Shamrock.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.dmadelivers.com/
ShortcutWithArgument: C:\Users\Thomas\Desktop\Theft Spot.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://app.theftspot.com/login/index.php

==================== Loaded Modules (Whitelisted) ==============

2013-04-08 22:23 - 2012-09-18 14:27 - 000192512 _____ () C:\WINDOWS\System32\zlhp1020.dll
2013-02-15 10:14 - 2012-09-18 14:27 - 000065024 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\pphp1020.dll
2010-08-30 19:14 - 2010-09-13 09:02 - 000039408 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
2017-10-14 08:55 - 2017-12-08 09:40 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-04-09 07:46 - 2012-05-12 00:27 - 000473088 _____ () C:\Program Files (x86)\NetTime\NetTimeService.exe
2018-01-11 21:23 - 2018-01-01 03:23 - 000023040 _____ () C:\Windows\System32\hnsproxy.dll
2018-01-20 18:21 - 2018-01-20 18:21 - 000067920 _____ () c:\Program Files\AVAST Software\Avast\x64\module_lifetime.dll
2018-01-20 18:21 - 2018-01-20 18:21 - 000067984 _____ () C:\Program Files\AVAST Software\Avast\x64\dll_loader.dll
2018-01-20 18:21 - 2018-01-20 18:21 - 000236840 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2018-01-20 18:21 - 2018-01-20 18:21 - 000902824 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2018-01-20 18:21 - 2018-01-20 18:21 - 000349568 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2018-01-20 18:21 - 2018-01-20 18:21 - 000337096 _____ () C:\Program Files\AVAST Software\Avast\x64\tasks_core.dll
2017-09-29 05:41 - 2017-09-29 05:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-02-23 07:29 - 2017-02-23 07:29 - 008909512 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-06-16 20:32 - 2012-02-17 19:55 - 000193536 _____ () C:\Program Files\WinRAR\rarext.dll
2016-11-11 21:38 - 2011-07-31 17:56 - 013645829 _____ () C:\Program Files (x86)\FastSum\Ext\SFastSum64.dll
2015-04-15 12:13 - 2015-04-15 12:13 - 000222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2017-12-11 01:56 - 2017-12-11 01:56 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-11 01:56 - 2017-12-11 01:56 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-01-18 07:42 - 2018-01-18 07:42 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-01-18 07:42 - 2018-01-18 07:42 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-01-18 07:42 - 2018-01-18 07:42 - 024677376 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-01-03 05:13 - 2018-01-03 05:14 - 002550272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\skypert.dll
2018-01-18 07:42 - 2018-01-18 07:42 - 000667648 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2017-04-09 07:46 - 2012-05-12 08:28 - 000772096 _____ () C:\Program Files (x86)\NetTime\NetTime.exe
2018-01-09 21:33 - 2018-01-09 21:33 - 004698840 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11712.1001.13.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-11-04 12:57 - 2017-11-04 12:57 - 007014384 _____ () C:\Program Files (x86)\Adobe\Acrobat DC\PDFMaker\Common\X64\AdobePDFMakerX.dll
2016-06-14 12:37 - 2016-06-14 12:37 - 002210480 _____ () C:\Program Files\Microsoft Office\Office15\tmpod.dll
2015-10-13 14:10 - 2015-10-13 14:10 - 001428648 _____ () C:\Program Files\Microsoft Office\Office15\ADDINS\UmOutlookAddin.dll
2017-11-04 12:57 - 2017-11-04 12:57 - 002863088 _____ () C:\Program Files (x86)\Adobe\Acrobat DC\PDFMaker\Common\X64\SendAsLinkX.dll
2010-08-30 19:14 - 2010-09-13 09:02 - 003153904 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BEngine.dll
2010-08-30 19:14 - 2010-09-13 09:02 - 000107504 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\Logging.dll
2010-08-30 19:14 - 2010-09-13 09:02 - 000523248 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\TRREngine.dll
2016-05-09 16:42 - 2012-08-23 09:38 - 000574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-05-09 16:31 - 2014-05-13 11:04 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-05-09 16:31 - 2014-05-13 11:04 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-05-09 16:31 - 2014-05-13 11:04 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2018-01-20 18:21 - 2018-01-20 18:21 - 000058016 _____ () c:\program files\avast software\avast\module_lifetime.dll
2018-01-20 18:21 - 2018-01-20 18:21 - 000057504 _____ () C:\Program Files\AVAST Software\Avast\dll_loader.dll
2018-01-20 18:21 - 2018-01-20 18:21 - 000206152 _____ () c:\program files\avast software\avast\JsonRpcServer.dll
2018-01-20 18:21 - 2018-01-20 18:21 - 000289272 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2018-01-20 18:21 - 2018-01-20 18:21 - 000196248 _____ () C:\Program Files\AVAST Software\Avast\network_notifications.dll
2018-01-20 18:21 - 2018-01-20 18:21 - 000745408 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2018-01-20 18:21 - 2018-01-20 18:21 - 000148936 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-01-20 18:21 - 2018-01-20 18:21 - 000293944 _____ () c:\program files\avast software\avast\streamback.dll
2018-01-20 18:26 - 2018-01-20 18:26 - 005779600 _____ () c:\program files\avast software\avast\defs\18012000\algo.dll
2018-01-21 06:29 - 2018-01-21 06:29 - 005779600 _____ () c:\program files\avast software\avast\defs\18012100\algo.dll
2018-01-20 18:22 - 2018-01-20 18:22 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-01-20 18:21 - 2018-01-20 18:21 - 000282560 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2013-09-13 18:51 - 2013-09-13 18:51 - 000087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 18:51 - 2013-09-13 18:51 - 001242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-12-12 16:12 - 2012-12-12 16:12 - 000425472 _____ () C:\Program Files (x86)\VideoLAN\VLC\axvlc.dll
2012-12-12 16:12 - 2012-12-12 16:12 - 000111104 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll
2012-12-12 16:13 - 2012-12-12 16:13 - 002286592 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:1677AB3F [178]
AlternateDataStreams: C:\ProgramData\Temp:D5FBE8F9 [334]
AlternateDataStreams: C:\ProgramData\Temp:E5721E15 [145]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\cinemanow.com -> hxxp://cinemanow.com
IE trusted site: HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\cinemanow.com -> hxxps://cinemanow.com
IE trusted site: HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\gofileroom.com -> gofileroom.com
IE trusted site: HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\hp.com -> hxxp://hp.com
IE trusted site: HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\qflix.com -> hxxp://qflix.com
IE trusted site: HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\roxio.com -> hxxp://roxio.com
IE trusted site: HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\secureserver.net -> hxxps://email12.secureserver.net
IE trusted site: HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\sonic.com -> hxxp://redirect.sonic.com
IE restricted site: HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\123simsen.com -> www.123simsen.com

There are 7898 more sites.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2017-07-12 17:47 - 000451925 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1   localhost
127.0.0.1   www.007guard.com
127.0.0.1   007guard.com
127.0.0.1   008i.com
127.0.0.1   www.008k.com
127.0.0.1   008k.com
127.0.0.1   www.00hq.com
127.0.0.1   00hq.com
127.0.0.1   010402.com
127.0.0.1   www.032439.com
127.0.0.1   032439.com
127.0.0.1   www.0scan.com
127.0.0.1   0scan.com
127.0.0.1   1000gratisproben.com
127.0.0.1   www.1000gratisproben.com
127.0.0.1   1001namen.com
127.0.0.1   www.1001namen.com
127.0.0.1   100888290cs.com
127.0.0.1   www.100888290cs.com
127.0.0.1   www.100sexlinks.com
127.0.0.1   100sexlinks.com
127.0.0.1   10sek.com
127.0.0.1   www.10sek.com
127.0.0.1   www.1-2005-search.com
127.0.0.1   1-2005-search.com
127.0.0.1   123fporn.info
127.0.0.1   www.123fporn.info
127.0.0.1   123haustiereundmehr.com
127.0.0.1   www.123haustiereundmehr.com
127.0.0.1   123moviedownload.com

There are 15534 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3514051097-1430166055-719602415-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Buttons & OSDs control application gen2 => C:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen2\FastUserSwitching.exe
MSCONFIG\startupreg: CPMonitor => "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe"
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: EEventManager => C:\Program Files (x86)\EPSONS~1\EVENTM~1\EEVENT~1.EXE
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP KEYBOARD => "C:\Program Files (x86)\Hewlett-Packard\HP KEYBOARD\HPKEYBOARD.EXE"
MSCONFIG\startupreg: IDMan => C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
MSCONFIG\startupreg: LogMeIn GUI => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe"
MSCONFIG\startupreg: SoundMAXPnP => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
MSCONFIG\startupreg: Starfield Updater => "C:\Users\Thomas\AppData\Local\Workspace\WorkspaceUpdate.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: wben => "C:\Program Files (x86)\Workspace\wben.exe"
MSCONFIG\startupreg: Workspace Status => "C:\Program Files (x86)\Workspace\workspacestatus.exe"
HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "SoundMAXPnP"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "IDSCCOMSL9"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\StartupApproved\Run: => "AcuRiteConnect2"
HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\StartupApproved\Run: => "Artisan 810(Network)"
HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\StartupApproved\Run: => "IDMan"
HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\StartupApproved\Run: => "KiesPDLR.exe"
HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\StartupApproved\Run: => "cdloader"
HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\StartupApproved\Run: => "AcuRiteConnect1"
HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\StartupApproved\Run: => "Spybot-S&D Cleaning"
HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\StartupApproved\Run: => "Lync"
HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\StartupApproved\Run: => "Starfield Updater"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [VIRT-MIGL-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe
FirewallRules: [VIRT-REMOTEDESKTOP-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe
FirewallRules: [VIRTCL-WMI-RPCSS-In-TCP-NoScope] => (Allow) $(runtime.system32)\svchost.exe
FirewallRules: [VIRTCL-WMI-WINMGMT-In-TCP-NoScope] => (Allow) $(runtime.system32)\svchost.exe
FirewallRules: [VIRTCL-WMI-WINMGMT-Out-TCP-NoScope] => (Allow) $(runtime.system32)\svchost.exe
FirewallRules: [VIRTCL-WMI-ASYNC-In-TCP-NoScope] => (Allow) $(runtime.system32)\wbem\unsecapp.exe
FirewallRules: [UDP Query User{02CAA7B5-25D8-4198-8444-B4651A2A8AC2}C:\program files (x86)\western digital\wd app manager\wdappmanager.exe] => (Allow) C:\program files (x86)\western digital\wd app manager\wdappmanager.exe
FirewallRules: [TCP Query User{9B9BED08-C0EF-4A74-9F75-B28429313BCC}C:\program files (x86)\western digital\wd app manager\wdappmanager.exe] => (Allow) C:\program files (x86)\western digital\wd app manager\wdappmanager.exe
FirewallRules: [{4D276280-64BE-4800-B7DD-8F4217E9D9C7}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{0B75C176-1943-4393-8C92-C23DFC51F498}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{17B44EBE-A52C-4E72-A389-6748CC0B6AA9}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{6B99505D-132D-4A80-B097-25EB49951CF2}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{9F5E433A-3D6C-47F3-AD0E-7E360C1C2129}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{6015DBA6-222E-43A0-83DE-E5E80E25096B}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{6A23F0D8-C159-46D3-A974-B59DDDFDB619}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{DBF9EC20-5066-4BCB-96DF-5AF1431E5C10}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{9CD7FD09-26F8-467A-81E9-28906801575A}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{9F3E81E5-4BCF-475B-83BC-A1DD8DF0AA23}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [UDP Query User{AD0A9247-1164-48E0-9A95-9EC71C59100A}C:\program files (x86)\dvrsoft\surveillance_client\surveillance_client.exe] => (Allow) C:\program files (x86)\dvrsoft\surveillance_client\surveillance_client.exe
FirewallRules: [TCP Query User{19913EC0-2C8F-42B4-8D8F-6D23E01C8221}C:\program files (x86)\dvrsoft\surveillance_client\surveillance_client.exe] => (Allow) C:\program files (x86)\dvrsoft\surveillance_client\surveillance_client.exe
FirewallRules: [UDP Query User{FACEBA1F-8EEE-4EF5-9DDC-6328CC1F9ABD}C:\program files\ivms-4200 station\ivms-4200\ivms-4200 client\ivms-4200.exe] => (Allow) C:\program files\ivms-4200 station\ivms-4200\ivms-4200 client\ivms-4200.exe
FirewallRules: [TCP Query User{33B3F693-B946-4AD4-86CB-52FE39C285F1}C:\program files\ivms-4200 station\ivms-4200\ivms-4200 client\ivms-4200.exe] => (Allow) C:\program files\ivms-4200 station\ivms-4200\ivms-4200 client\ivms-4200.exe
FirewallRules: [{B8E148B0-D5C5-4F52-9461-1D33EA394B94}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{9EED9C93-1DDD-4DB6-B654-60DE1BF7CDC8}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{83B1F87D-E661-49D8-AA24-EF065FB2126E}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{52E9DEBF-CBBA-4518-A537-4498A8D74676}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [TCP Query User{54DB2B4D-BCDE-4EEC-943B-99E94C96313E}C:\users\thomas\appdata\local\logmein client\lmiignition.exe] => (Allow) C:\users\thomas\appdata\local\logmein client\lmiignition.exe
FirewallRules: [UDP Query User{12F9322C-3ED3-418E-AB6C-553D94A71693}C:\users\thomas\appdata\local\logmein client\lmiignition.exe] => (Allow) C:\users\thomas\appdata\local\logmein client\lmiignition.exe
FirewallRules: [TCP Query User{96DB5EB0-85A6-406A-B717-CB0D13BE0DE8}C:\users\thomas\appdata\local\logmein client\lmiignition.exe] => (Allow) C:\users\thomas\appdata\local\logmein client\lmiignition.exe
FirewallRules: [UDP Query User{EA3D6FB0-54E0-4179-A3D6-3D86A4FD19F8}C:\users\thomas\appdata\local\logmein client\lmiignition.exe] => (Allow) C:\users\thomas\appdata\local\logmein client\lmiignition.exe
FirewallRules: [{8D9791CE-B862-461C-AFAB-2B8FF13483D2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{92648342-EF25-4FA1-885F-62AFD4603F27}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{BEEF5AAB-9A0D-4799-8A36-CBE9F37BED84}C:\program files (x86)\western digital\wd app manager\wdappmanager.exe] => (Allow) C:\program files (x86)\western digital\wd app manager\wdappmanager.exe
FirewallRules: [UDP Query User{EFC61EAF-27A4-4624-B893-43D82D248F54}C:\program files (x86)\western digital\wd app manager\wdappmanager.exe] => (Allow) C:\program files (x86)\western digital\wd app manager\wdappmanager.exe
FirewallRules: [{D31390E8-4FF7-4C92-B8E8-F4A615DDF371}] => (Allow) LPort=5900
FirewallRules: [{FE8AF1F0-992A-4E4D-B040-11E1412FEFED}] => (Allow) LPort=5800
FirewallRules: [{2B8CAD2D-8F95-4E3B-8288-EFACA0E10067}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe
FirewallRules: [{F8122082-DC30-49BC-B5C8-FDDC93C0EBF1}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe
FirewallRules: [{236C2DB4-8E85-4369-8E7B-AB3219153F09}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe
FirewallRules: [{625A3D94-0077-480F-89F8-AEBF8768CDAB}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe
FirewallRules: [TCP Query User{995DBEC1-25D3-44B8-8A5F-09CDEA290833}C:\program files\ivms-4200 station\ivms-4200\ivms-4200 client\ivms-4200.exe] => (Allow) C:\program files\ivms-4200 station\ivms-4200\ivms-4200 client\ivms-4200.exe
FirewallRules: [UDP Query User{7D70766C-3585-461D-9805-0D17E257962C}C:\program files\ivms-4200 station\ivms-4200\ivms-4200 client\ivms-4200.exe] => (Allow) C:\program files\ivms-4200 station\ivms-4200\ivms-4200 client\ivms-4200.exe
FirewallRules: [{F0E3ED7F-28F0-4B82-947C-FD6A138F0428}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{B1862BDF-282E-41D1-9B16-D0736AE009BC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{F8907774-F059-4630-9805-022F1774D952}] => (Allow) C:\Program Files (x86)\Nsasoft\OfficeProductKeyFinder\OfficeProductKeyFinder.exe
FirewallRules: [{AE142741-A05F-4162-B97E-B93475284E99}] => (Allow) C:\Program Files (x86)\Nsasoft\OfficeProductKeyFinder\OfficeProductKeyFinder.exe
FirewallRules: [TCP Query User{9FCD7914-9807-404C-9E8D-693CC29B7FEA}C:\users\thomas\downloads\access_server.exe] => (Allow) C:\users\thomas\downloads\access_server.exe
FirewallRules: [UDP Query User{70D644B5-6AC4-4047-8B71-2B9954A21489}C:\users\thomas\downloads\access_server.exe] => (Allow) C:\users\thomas\downloads\access_server.exe
FirewallRules: [TCP Query User{CFDA7F25-873E-4D69-B56D-0A5070BB2A41}C:\program files (x86)\uvnc bvba\pchelpwarev2\pchelpwarev2viewer.exe] => (Allow) C:\program files (x86)\uvnc bvba\pchelpwarev2\pchelpwarev2viewer.exe
FirewallRules: [UDP Query User{F63E2750-C506-49EA-8637-666DA11EF86E}C:\program files (x86)\uvnc bvba\pchelpwarev2\pchelpwarev2viewer.exe] => (Allow) C:\program files (x86)\uvnc bvba\pchelpwarev2\pchelpwarev2viewer.exe
FirewallRules: [DNS Server Forward Rule - TCP - 57d73a50-7e0d-4e84-849b-2e46e6935a27 - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - UDP - 57d73a50-7e0d-4e84-849b-2e46e6935a27 - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - TCP - b297a900-9308-4974-aeb2-6cc1a59da218 - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - UDP - b297a900-9308-4974-aeb2-6cc1a59da218 - 0] => (Allow) LPort=53
FirewallRules: [{2035546A-2FCA-4744-89FD-28E6F8F0C795}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

20-01-2018 10:43:00 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP Color LaserJet CP2025dn
Description: HP Color LaserJet CP2025dn
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (01/21/2018 10:51:16 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.16299.15 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1f0c

Start Time: 01d392e884e42725

Termination Time: 30

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id: 0e1ecd75-0eb4-442a-945c-a8ed588dbd9d

Faulting package full name:

Faulting package-relative application ID:

Error: (01/21/2018 06:29:43 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (01/21/2018 06:29:42 AM) (Source: Perflib) (EventID: 1017) (User: )
Description: Disabled performance counter data collection from the "ASP.NET_64_2.0.50727" service because the performance counter library for that service has generated one or more errors. The errors that forced this action have been written to the application event log. Correct the errors before enabling the performance counters for this service.

Error: (01/21/2018 06:29:42 AM) (Source: Perflib) (EventID: 1022) (User: )
Description: Windows cannot open the 64-bit extensible counter DLL ASP.NET_64_2.0.50727 in a 32-bit environment. Contact the file vendor to obtain a 32-bit version. Alternatively if you are running a 64-bit native environment, you can open the 64-bit extensible counter DLL by using the 64-bit version of Performance Monitor. To use this tool, open the Windows folder, open the System32 folder, and then start Perfmon.exe.

Error: (01/21/2018 02:27:14 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (01/20/2018 06:56:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: THOMAS-HOFFICE)
Description: Package Microsoft.MicrosoftEdge_41.16299.15.0_neutral__8wekyb3d8bbwe+ContentProcess#{00021402-0002-0000-2bee-380100000000} was terminated because it took too long to suspend.

Error: (01/20/2018 06:24:45 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll".
Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/20/2018 06:24:41 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll".
Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/20/2018 06:05:07 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (01/19/2018 10:43:42 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

System errors:
=============
Error: (01/21/2018 10:23:59 AM) (Source: DCOM) (EventID: 10016) (User: THOMAS-HOFFICE)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user Thomas-HOffice\Thomas SID (S-1-5-21-3514051097-1430166055-719602415-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/20/2018 10:23:57 PM) (Source: DCOM) (EventID: 10016) (User: THOMAS-HOFFICE)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user Thomas-HOffice\Thomas SID (S-1-5-21-3514051097-1430166055-719602415-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/20/2018 10:20:47 PM) (Source: DCOM) (EventID: 10016) (User: THOMAS-HOFFICE)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user Thomas-HOffice\Thomas SID (S-1-5-21-3514051097-1430166055-719602415-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/20/2018 08:53:00 PM) (Source: DCOM) (EventID: 10016) (User: THOMAS-HOFFICE)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user Thomas-HOffice\Thomas SID (S-1-5-21-3514051097-1430166055-719602415-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/20/2018 08:45:57 PM) (Source: DCOM) (EventID: 10016) (User: THOMAS-HOFFICE)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user Thomas-HOffice\Thomas SID (S-1-5-21-3514051097-1430166055-719602415-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/20/2018 08:45:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/20/2018 08:45:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/20/2018 08:45:09 PM) (Source: MTConfig) (EventID: 1) (User: )
Description: An attempt to configure the input mode of a multitouch device failed.

Error: (01/20/2018 08:45:09 PM) (Source: MTConfig) (EventID: 1) (User: )
Description: An attempt to configure the input mode of a multitouch device failed.

Error: (01/20/2018 08:45:09 PM) (Source: MTConfig) (EventID: 1) (User: )
Description: An attempt to configure the input mode of a multitouch device failed.

CodeIntegrity:
===================================
Date: 2018-01-21 14:24:31.475
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-21 14:24:31.471
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-21 14:24:31.417
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-21 14:24:31.413
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-21 11:42:19.196
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-21 11:42:19.193
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-21 11:42:19.150
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-21 11:42:19.146
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-20 20:46:50.463
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-20 20:46:50.460
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T6600 @ 2.20GHz
Percentage of memory in use: 83%
Total physical RAM: 4061.15 MB
Available physical RAM: 668.43 MB
Total Virtual: 8157.15 MB
Available Virtual: 4001.67 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1861.03 GB) (Free:1285.75 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:1 GB) (Free:0.97 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: B6A11712)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1861 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=462 MB) - (Type=27)
Partition 4: (Not Active) - (Size=1 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

Any support would be greatly appreciated.

Thank You

#2
Bruce1270

Posted 27 January 2018 - 04:31 PM

Trusted Helper

Malware Removal
1,714 posts

Hello ThisTime and :welcome:

My name is Bruce1270 and I will be helping you with your malware problem.

A few things before we get started.

Please read all instructions carefully. If there is anything you do not understand please ask me first before doing anything.
Please be patient. I am a volunteer who does this in my spare time so I will try to get back to you as soon as possible.
Please follow all instructions in the order given.
Please do not install any other software unless advised. This may hinder the removal process.
At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
Please make sure you reply within 4 days to my responses, if there is no reply within 4 days, the topic will be closed and you will need to request the topic be reopened.

Important!

Please save or print off these instructions. Part of this fix may require you to be in safe mode where you will not be able to access the internet or my instructions!

I would strongly recommend you back up your personal data and folders before we begin.

Malware removal can be very long, complicated and may take multiple steps. I understand this may be frustrating but please stay with this topic until your machine is declared clean. The results will hopefully be very rewarding.
As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.

OK. Let's move on.

Step1 -Remove SpyBot

I see that you have Spybot Search & Destroy. We no longer recommend this product because of the poor testing results. I recommend uninstalling this program.

To do this:
Please go to Start Menu -> Control Panel -> Uninstall a program or Programs and Features
In the list of installed programs locate and click on Spybot - search & destroy.
Click uninstall.
Say Yes to uninstall and completely remove spybot.

Click on Open Immunizer
Click on Undo Immunization

Allow it to complete removing the immunization
Click on the X top right hand of Immunization box to close.
Click on Next to continue to uninstall spybot.
Click on Uninstall
Restart the sytem.

Step2 - FRST fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Download the attached fixlist.txt to your desktop. fixlist.txt 13.45KB 219 downloads
Ensure fixlist.txt is in the same location as FRST.exe on your desktop.
Run FRST by right clicking on it and selecting Run as Administrator and press Fix
On completion a log (fixlog.txt) will be generated.
Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.

Step3 - Farbar Service Scanner

Please download Farbar Service Scanner to your desktop.
Locate the FSS.exe file and right click on it. Choose run as administrator
Make sure the following options are checked:
Internet Services
Windows Firewall
System Restore
Security Center
Windows Update
Press "Scan".
It will create a log (FSS.txt) on your desktop.
Please copy and paste the log to your reply.

Things for your next post:
fixlog.txt
FSS.txt

#3
ThisTime

Posted 27 January 2018 - 08:25 PM

Member

Topic Starter
Member
12 posts

Thank You Bruce1270,

Below is the FixLog

Fix result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018
Ran by Thomas (27-01-2018 18:02:38) Run:22
Running from C:\Users\Thomas\Desktop
Loaded Profiles: Thomas (Available Profiles: Thomas & Ralph & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sadistic.lnk [2018-01-18]
ShortcutTarget: sadistic.lnk -> C:\Program Files (x86)\Prosthesis\lustig.exe (No File)
Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sadisticsadistic.lnk [2018-01-18]
ShortcutTarget: sadisticsadistic.lnk -> C:\Program Files (x86)\acord\assembled.exe (No File)
SearchScopes: HKLM -> DefaultScope value is missing
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
FF Extension: (No Name) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\[email protected] [not found]
S3 appliand; \SystemRoot\system32\DRIVERS\appliand.sys [X]
U3 idsvc; no ImagePath
C:\Windows\Installer\{fb4af4e3-55ea-6ba4-c706-0d6f88b499a3}
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {1939D702-5242-4B04-AB11-2EACDEA83BF2} - \FGZ5DsvrQbzf -> No File <==== ATTENTION
Task: {5D51E6ED-32F7-4D6F-9ACE-C879C2A711E9} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {861A1ADF-FC69-4111-9654-B57CBB1BE981} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {B3E66B62-C792-4962-AFD2-7966093DF344} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B6625B62-E768-4E05-9B5C-E2687E0494D8} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {C6280E09-BD92-4A13-8B48-7C4EDBFDF327} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {F3144A31-131A-4F51-B7ED-1B79299A0B03} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {FD54B222-90AD-48FB-8669-7C5D6F56501F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\projects\New folder\Fast Track\F Drive\Fast Track Shortcuts\0_DAILY_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daily.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\projects\New folder\Fast Track\F Drive\Fast Track Shortcuts\1_Breakfast 6am-11am_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart1.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\projects\New folder\Fast Track\F Drive\Fast Track Shortcuts\2_Lunch 11am-2pm_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart2.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\projects\New folder\Fast Track\F Drive\Fast Track Shortcuts\3_Mid-Day 2pm-5pm_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart3.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\projects\New folder\Fast Track\F Drive\Fast Track Shortcuts\4_Dinner 5pm-8pm_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart4.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\projects\New folder\Fast Track\F Drive\Fast Track Shortcuts\5_Late-Night 8pm-10pm_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart5.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\projects\New folder\Fast Track\F Drive\Fast Track Shortcuts\6_Really-Late-Night 10pm-12am_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart6.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\projects\New folder\Fast Track\F Drive\Fast Track Shortcuts\7_Graveyard 12am-6am_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart7.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\projects\New folder\Fast Track\F Drive\Fast Track Shortcuts\Remote.lnk -> C:\ProgramData\Fast Track Software Suite\Remote.BAT (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\projects\New folder\Fast Track\F Drive\Fast Track Shortcuts\Reports.lnk -> C:\ProgramData\Fast Track Software Suite\Reports.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Passport BU\NTFS\Documents and Settings\PAR\Start Menu\Programs\PAR POS Device Drivers\unInstall PAR POS Device Drivers.lnk -> C:\Program Files\PARTech\PARDeviceDrivers\parunins.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Work\Batch File\Fast Track Software Suite\Fast Track Shortcuts\ODR DAILY.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daily.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Work\Batch File\Fast Track Software Suite\Fast Track Shortcuts\ODR_Daypart1.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart1.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Work\Batch File\Fast Track Software Suite\Fast Track Shortcuts\ODR_Daypart2.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart2.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Work\Batch File\Fast Track Software Suite\Fast Track Shortcuts\ODR_Daypart3.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart3.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Work\Batch File\Fast Track Software Suite\Fast Track Shortcuts\ODR_Daypart4.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart4.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Work\Batch File\Fast Track Software Suite\Fast Track Shortcuts\ODR_Daypart5.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart5.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Work\Batch File\Fast Track Software Suite\Fast Track Shortcuts\ODR_Daypart6.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart6.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Work\Batch File\Fast Track Software Suite\Fast Track Shortcuts\ODR_Daypart7.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart7.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Work\Batch File\Fast Track Software Suite\Fast Track Shortcuts\ODR_Daypart8.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart8.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Work\Batch File\Fast Track Software Suite\Fast Track Shortcuts\Remote.lnk -> C:\ProgramData\Fast Track Software Suite\Remote.BAT (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Work\Batch File\Fast Track Software Suite\Fast Track Shortcuts\Reports.lnk -> C:\ProgramData\Fast Track Software Suite\Reports.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\New folder\Fast Track Shortcuts\0_DAILY_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daily.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\New folder\Fast Track Shortcuts\1_Breakfast 6am-11am_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart1.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\New folder\Fast Track Shortcuts\2_Lunch 11am-2pm_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart2.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\New folder\Fast Track Shortcuts\3_Mid-Day 2pm-5pm_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart3.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\New folder\Fast Track Shortcuts\4_Dinner 5pm-8pm_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart4.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\New folder\Fast Track Shortcuts\5_Late-Night 8pm-10pm_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart5.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\New folder\Fast Track Shortcuts\6_Really-Late-Night 10pm-12am_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart6.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\New folder\Fast Track Shortcuts\7_Graveyard 12am-6am_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart7.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\New folder\Fast Track Shortcuts\Remote.lnk -> C:\ProgramData\Fast Track Software Suite\Remote.BAT (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\New folder\Fast Track Shortcuts\Reports.lnk -> C:\ProgramData\Fast Track Software Suite\Reports.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\Fast Track Shortcuts\0_DAILY_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daily.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\Fast Track Shortcuts\1_Breakfast 6am-11am_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart1.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\Fast Track Shortcuts\2_Lunch 11am-2pm_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart2.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\Fast Track Shortcuts\3_Mid-Day 2pm-5pm_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart3.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\Fast Track Shortcuts\4_Dinner 5pm-8pm_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart4.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\Fast Track Shortcuts\5_Late-Night 8pm-10pm_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart5.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\Fast Track Shortcuts\6_Really-Late-Night 10pm-12am_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart6.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\Fast Track Shortcuts\7_Graveyard 12am-6am_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart7.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\Fast Track Shortcuts\Remote.lnk -> C:\ProgramData\Fast Track Software Suite\Remote.BAT (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\Fast Track Shortcuts\Reports.lnk -> C:\ProgramData\Fast Track Software Suite\Reports.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\Drive Timer Config\F Drive\Fast Track Shortcuts\0_DAILY_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daily.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\Drive Timer Config\F Drive\Fast Track Shortcuts\1_Breakfast 6am-11am_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart1.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\Drive Timer Config\F Drive\Fast Track Shortcuts\2_Lunch 11am-2pm_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart2.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\Drive Timer Config\F Drive\Fast Track Shortcuts\3_Mid-Day 2pm-5pm_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart3.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\Drive Timer Config\F Drive\Fast Track Shortcuts\4_Dinner 5pm-8pm_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart4.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\Drive Timer Config\F Drive\Fast Track Shortcuts\5_Late-Night 8pm-10pm_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart5.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\Drive Timer Config\F Drive\Fast Track Shortcuts\6_Really-Late-Night 10pm-12am_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart6.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\Drive Timer Config\F Drive\Fast Track Shortcuts\7_Graveyard 12am-6am_ODR.lnk -> C:\ProgramData\Fast Track Software Suite\ODR_Daypart7.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\Drive Timer Config\F Drive\Fast Track Shortcuts\Remote.lnk -> C:\ProgramData\Fast Track Software Suite\Remote.BAT (No File)
Shortcut: C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\Drive Timer Config\F Drive\Fast Track Shortcuts\Reports.lnk -> C:\ProgramData\Fast Track Software Suite\Reports.bat (No File)
Shortcut: C:\Users\Thomas\Desktop\Lexar\PAR Terminal Recovery\Vigo 3.50\Extracted\NTFS\Documents and Settings\PAR\Start Menu\Programs\PAR POS Device Drivers\unInstall PAR POS Device Drivers.lnk -> C:\Program Files\PARTech\PARDeviceDrivers\parunins.bat (No File)
C:\Program Files (x86)\Prosthesis
C:\Program Files (x86)\acord
C:\system32\DRIVERS\appliand.sys
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
Hosts:
EmptyTemp:

*****************

Restore point was successfully created.
"C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sadistic.lnk" => not found
C:\Program Files => FRST is scripted not to move this directory.
"C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sadisticsadistic.lnk" => not found
C:\Program Files => FRST is scripted not to move this directory.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}" => removed successfully
HKLM\Software\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found
C:\Program Files (x86)\TomTom HOME 2\xul\extensions\[email protected] => path removed successfully
"HKLM\System\CurrentControlSet\Services\appliand" => removed successfully
appliand => service removed successfully
"HKLM\System\CurrentControlSet\Services\idsvc" => removed successfully
idsvc => service removed successfully
C:\Windows\Installer\{fb4af4e3-55ea-6ba4-c706-0d6f88b499a3} => moved successfully
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets" => removed successfully
HKLM\Software\Classes\CLSID\{6B9228DA-9C15-419e-856C-19E768A13BDC} => key not found
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1939D702-5242-4B04-AB11-2EACDEA83BF2} => could not remove key. ErrorCode1: 0x00000002
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1939D702-5242-4B04-AB11-2EACDEA83BF2}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FGZ5DsvrQbzf" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5D51E6ED-32F7-4D6F-9ACE-C879C2A711E9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D51E6ED-32F7-4D6F-9ACE-C879C2A711E9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{861A1ADF-FC69-4111-9654-B57CBB1BE981}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{861A1ADF-FC69-4111-9654-B57CBB1BE981}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B3E66B62-C792-4962-AFD2-7966093DF344}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B3E66B62-C792-4962-AFD2-7966093DF344}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B6625B62-E768-4E05-9B5C-E2687E0494D8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6625B62-E768-4E05-9B5C-E2687E0494D8}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => key not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C6280E09-BD92-4A13-8B48-7C4EDBFDF327}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6280E09-BD92-4A13-8B48-7C4EDBFDF327}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3144A31-131A-4F51-B7ED-1B79299A0B03}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3144A31-131A-4F51-B7ED-1B79299A0B03}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FD54B222-90AD-48FB-8669-7C5D6F56501F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD54B222-90AD-48FB-8669-7C5D6F56501F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\projects\New folder\Fast Track\F Drive\Fast Track Shortcuts\0_DAILY_ODR.lnk" => Could not move.
"C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\projects\New folder\Fast Track\F Drive\Fast Track Shortcuts\1_Breakfast 6am-11am_ODR.lnk" => Could not move.
"C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\projects\New folder\Fast Track\F Drive\Fast Track Shortcuts\2_Lunch 11am-2pm_ODR.lnk" => Could not move.
"C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\projects\New folder\Fast Track\F Drive\Fast Track Shortcuts\3_Mid-Day 2pm-5pm_ODR.lnk" => Could not move.
"C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\projects\New folder\Fast Track\F Drive\Fast Track Shortcuts\4_Dinner 5pm-8pm_ODR.lnk" => Could not move.
"C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\projects\New folder\Fast Track\F Drive\Fast Track Shortcuts\5_Late-Night 8pm-10pm_ODR.lnk" => Could not move.
"C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\projects\New folder\Fast Track\F Drive\Fast Track Shortcuts\6_Really-Late-Night 10pm-12am_ODR.lnk" => Could not move.
"C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\projects\New folder\Fast Track\F Drive\Fast Track Shortcuts\7_Graveyard 12am-6am_ODR.lnk" => Could not move.
"C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\projects\New folder\Fast Track\F Drive\Fast Track Shortcuts\Remote.lnk" => Could not move.
"C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\projects\New folder\Fast Track\F Drive\Fast Track Shortcuts\Reports.lnk" => Could not move.
"C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Passport BU\NTFS\Documents and Settings\PAR\Start Menu\Programs\PAR POS Device Drivers\unInstall PAR POS Device Drivers.lnk" => Could not move.
"C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Work\Batch File\Fast Track Software Suite\Fast Track Shortcuts\ODR DAILY.lnk" => Could not move.
"C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Work\Batch File\Fast Track Software Suite\Fast Track Shortcuts\ODR_Daypart1.lnk" => Could not move.
"C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Work\Batch File\Fast Track Software Suite\Fast Track Shortcuts\ODR_Daypart2.lnk" => Could not move.
"C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Work\Batch File\Fast Track Software Suite\Fast Track Shortcuts\ODR_Daypart3.lnk" => Could not move.
"C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Work\Batch File\Fast Track Software Suite\Fast Track Shortcuts\ODR_Daypart4.lnk" => Could not move.
"C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Work\Batch File\Fast Track Software Suite\Fast Track Shortcuts\ODR_Daypart5.lnk" => Could not move.
"C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Work\Batch File\Fast Track Software Suite\Fast Track Shortcuts\ODR_Daypart6.lnk" => Could not move.
"C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Work\Batch File\Fast Track Software Suite\Fast Track Shortcuts\ODR_Daypart7.lnk" => Could not move.
"C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Work\Batch File\Fast Track Software Suite\Fast Track Shortcuts\ODR_Daypart8.lnk" => Could not move.
"C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Work\Batch File\Fast Track Software Suite\Fast Track Shortcuts\Remote.lnk" => Could not move.
"C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Work\Batch File\Fast Track Software Suite\Fast Track Shortcuts\Reports.lnk" => Could not move.
"C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\New folder\Fast Track Shortcuts\0_DAILY_ODR.lnk" => Could not move.
"C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\New folder\Fast Track Shortcuts\1_Breakfast 6am-11am_ODR.lnk" => Could not move.
"C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\New folder\Fast Track Shortcuts\2_Lunch 11am-2pm_ODR.lnk" => Could not move.
"C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\New folder\Fast Track Shortcuts\3_Mid-Day 2pm-5pm_ODR.lnk" => Could not move.
"C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\New folder\Fast Track Shortcuts\4_Dinner 5pm-8pm_ODR.lnk" => Could not move.
"C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\New folder\Fast Track Shortcuts\5_Late-Night 8pm-10pm_ODR.lnk" => Could not move.
"C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\New folder\Fast Track Shortcuts\6_Really-Late-Night 10pm-12am_ODR.lnk" => Could not move.
"C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\New folder\Fast Track Shortcuts\7_Graveyard 12am-6am_ODR.lnk" => Could not move.
"C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\New folder\Fast Track Shortcuts\Remote.lnk" => Could not move.
"C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\New folder\Fast Track Shortcuts\Reports.lnk" => Could not move.
"C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\Fast Track Shortcuts\0_DAILY_ODR.lnk" => Could not move.
"C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\Fast Track Shortcuts\1_Breakfast 6am-11am_ODR.lnk" => Could not move.
"C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\Fast Track Shortcuts\2_Lunch 11am-2pm_ODR.lnk" => Could not move.
"C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\Fast Track Shortcuts\3_Mid-Day 2pm-5pm_ODR.lnk" => Could not move.
"C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\Fast Track Shortcuts\4_Dinner 5pm-8pm_ODR.lnk" => Could not move.
"C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\Fast Track Shortcuts\5_Late-Night 8pm-10pm_ODR.lnk" => Could not move.
"C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\Fast Track Shortcuts\6_Really-Late-Night 10pm-12am_ODR.lnk" => Could not move.
"C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\Fast Track Shortcuts\7_Graveyard 12am-6am_ODR.lnk" => Could not move.
"C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\Fast Track Shortcuts\Remote.lnk" => Could not move.
"C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\Fast Track Shortcuts\Reports.lnk" => Could not move.
"C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\Drive Timer Config\F Drive\Fast Track Shortcuts\0_DAILY_ODR.lnk" => Could not move.
"C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\Drive Timer Config\F Drive\Fast Track Shortcuts\1_Breakfast 6am-11am_ODR.lnk" => Could not move.
"C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\Drive Timer Config\F Drive\Fast Track Shortcuts\2_Lunch 11am-2pm_ODR.lnk" => Could not move.
"C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\Drive Timer Config\F Drive\Fast Track Shortcuts\3_Mid-Day 2pm-5pm_ODR.lnk" => Could not move.
"C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\Drive Timer Config\F Drive\Fast Track Shortcuts\4_Dinner 5pm-8pm_ODR.lnk" => Could not move.
"C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\Drive Timer Config\F Drive\Fast Track Shortcuts\5_Late-Night 8pm-10pm_ODR.lnk" => Could not move.
"C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\Drive Timer Config\F Drive\Fast Track Shortcuts\6_Really-Late-Night 10pm-12am_ODR.lnk" => Could not move.
"C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\Drive Timer Config\F Drive\Fast Track Shortcuts\7_Graveyard 12am-6am_ODR.lnk" => Could not move.
"C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\Drive Timer Config\F Drive\Fast Track Shortcuts\Remote.lnk" => Could not move.
"C:\Users\Thomas\Desktop\New folder\5-29-17\To\New folder\Clean Desk\Clean\Drive Timer Config\F Drive\Fast Track Shortcuts\Reports.lnk" => Could not move.
"C:\Users\Thomas\Desktop\Lexar\PAR Terminal Recovery\Vigo 3.50\Extracted\NTFS\Documents and Settings\PAR\Start Menu\Programs\PAR POS Device Drivers\unInstall PAR POS Device Drivers.lnk" => Could not move.
"C:\Program Files (x86)\Prosthesis" => not found
"C:\Program Files (x86)\acord" => not found
"C:\system32\DRIVERS\appliand.sys" => not found

========= netsh advfirewall reset =========

Ok.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state on =========

Ok.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 79956897 B
Java, Flash, Steam htmlcache => 1453 B
Windows/system/drivers => 204275382 B
Edge => 9216 B
Chrome => 312504580 B
Firefox => 404987215 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 23130 B
NetworkService => 0 B
Thomas => 461348144 B
Ralph => 60739725 B
DefaultAppPool => 0 B

RecycleBin => 0 B
EmptyTemp: => 1.4 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 18:10:13 ====

Farbar FSS.txt

Farbar Service Scanner Version: 27-01-2016
Ran by Thomas (administrator) on 27-01-2018 at 18:23:44
Running from "C:\Users\Thomas\Desktop"
Microsoft Windows 10 Pro (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

#4
Bruce1270

Posted 28 January 2018 - 07:00 AM

Trusted Helper

Malware Removal
1,714 posts

Hi ThisTime

Here are some more steps to go through

Step1 - AdwCleaner

Download AdwCleaner from here to the Desktop

Close all open windows and browsers
Double click the Adwcleaner icon to execute the program
When the Tool opens for the first time accept the Terms of use
Click the Scan button and wait for the program to finish.
Click on Tools then options

tick to reset -
proxy
winsock
TCP/IP Settings
IPSec
IE policies
Chrome policies
Chrome preferences
Click OK.
Please click Clean button.
when cleaning is finished, you may be prompted to restart your computer. Do so.
Upon completion, a log (AdwCleaner[C*].txt) will open.
Please copy and paste this in your next reply.

Step2 - Malwarebytes

Launch Malwarebytes Anti-Malware
The MBAM dashboard may appear with an alert to update - click the button Fix Now;
Navigate to the Settings tab > Detection and Protection and ensure all the boxes under Detection Options are checked.
Return to the Dashboard click on Scan Now;
If threats are detected, make sure everything is set to Quarantine and click on Apply actions. If the program asks to reboot your PC, let it do so;
On completion of the scan click on History > Application Log. After that click on the top Scan Log > Export, select Text File and save the log to your Desktop;
Copy and Paste the contents of the log in your next reply.

Step3 - Emsisoft Emergency Kit
Download the Emsisoft Emergency Kit and execute it. From there, click on the Extract button to extract the program in the EEK folder;
Once the extraction is complete, Emsisoft Emergency Kit will open, and suggest you to run an online update before using the program. Click on Yes to launch it.
After the update, click on Malware Scan under 2. Scan and accept to let Emsisoft Emergency Kit detect PUPs (click on Yes).
Once the scan is complete, if items are detected make sure that every item in the list is checked, and click on Quarantine selected;
If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
After the restart, click on the Start Emsisoft Emergency Kit icon again on your desktop to open it;
This time, click on Logs;
From there, go under the Quarantine Log tab, and click on the Export button;
Save the log on your desktop, then open it, and copy/paste its content in your next reply;

Step4 - Fresh FRST logs
Please run Farbars Recovery Scan Tool again. Run FRST by right clicking on it and selecting Run as Administrator. Allow it to update if it wants to.
Please tick the Addition.txt box under Optional Scan.
Press Scan button.
It will make logs FRST.txt & Addition.txt in the same directory the tool is run.
Please copy and paste the FRST.txt and Addition.txt to your reply.

Things for your next post:
AdwCleaner[C*].txt
MBAM log
Emsisoft log
FRST and Addition logs
How is the computer running now? Any difference to Edge?

#5
ThisTime

Posted 28 January 2018 - 10:06 PM

Member

Topic Starter
Member
12 posts

# AdwCleaner 7.0.7.0 - Logfile created on Sun Jan 28 18:21:37 2018
# Updated on 2018/18/01 by Malwarebytes
# Running on Windows 10 Pro (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Program Files (x86)\SecurityXploded

***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted: AGProxyCheck

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Deleted: [Key] - HKLM\SOFTWARE\Applian Technologies
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{EAC7DE5C-9520-435D-91AA-4A02E4773CEA}
Deleted: [Key] - HKU\S-1-5-21-3514051097-1430166055-719602415-1001\Software\SetupCompany
Deleted: [Key] - HKCU\Software\SetupCompany

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

SearchProvider deleted: TelevisionFanatic - search.tb.ask.com

*************************

::Tracing keys deleted
::Winsock settings cleared
::Proxy settings cleared
::TCP/IP settings cleared
::IPSec settings cleared
::IE policies deleted
::Chrome policies deleted
::Additional Actions: 0

*************************

C:/AdwCleaner/AdwCleaner[C1].txt - [13273 B] - [2016/5/16 14:36:19]
C:/AdwCleaner/AdwCleaner[C2].txt - [1233 B] - [2016/5/18 19:56:32]
C:/AdwCleaner/AdwCleaner[C3].txt - [1379 B] - [2016/5/19 20:49:10]
C:/AdwCleaner/AdwCleaner[C4].txt - [6370 B] - [2016/5/20 15:18:12]
C:/AdwCleaner/AdwCleaner[C5].txt - [12902 B] - [2017/5/6 22:38:2]
C:/AdwCleaner/AdwCleaner[C6].txt - [2335 B] - [2017/5/7 0:35:45]
C:/AdwCleaner/AdwCleaner[C7].txt - [2628 B] - [2018/1/27 2:1:56]
C:/AdwCleaner/AdwCleaner[S1].txt - [14732 B] - [2016/5/16 14:24:1]
C:/AdwCleaner/AdwCleaner[S2].txt - [932 B] - [2016/5/16 14:41:59]
C:/AdwCleaner/AdwCleaner[S3].txt - [1064 B] - [2016/5/18 19:25:22]
C:/AdwCleaner/AdwCleaner[S4].txt - [1212 B] - [2016/5/19 19:5:49]
C:/AdwCleaner/AdwCleaner[S5].txt - [1358 B] - [2016/5/19 23:46:50]
C:/AdwCleaner/AdwCleaner[S6].txt - [6634 B] - [2016/5/20 4:39:22]
C:/AdwCleaner/AdwCleaner[S7].txt - [12174 B] - [2017/5/6 22:28:3]
C:/AdwCleaner/AdwCleaner[S8].txt - [2416 B] - [2017/5/7 0:30:14]
C:/AdwCleaner/AdwCleaner[S9].txt - [3286 B] - [2018/1/27 2:1:3]

########## EOF - C:\AdwCleaner\AdwCleaner[C7].txt ##########

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/28/18
Scan Time: 6:44 PM
Log File: 4e60d738-049e-11e8-b653-00247e1da3a2.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3809
License: Free

-System Information-
OS: Windows 10 (Build 16299.192)
CPU: x64
File System: NTFS
User: THOMAS-HOFFICE\Thomas

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 404976
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 17 min, 27 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

(end)

Emsisoft Emergency Kit 2017.12.0.8334 stable [en-us]
OS: Windows 10 (Version 10.0, Build 16299, 64-bit Edition)

Forensics log

Date Component Action Details
1/28/2018 7:50:44 PM User THOMAS-HOFFICE\THOMAS Infection quarantined PUP "Application.Toolbar (A)" in "{F3D0D36F-23F8-4682-A195-74C92B03D4AF}".
1/28/2018 7:21:44 PM Scanner Scan finished Found 2 objects , user to decide on further actions.
1/28/2018 7:09:49 PM Scanner Detection PUP "Application.Toolbar (A)" in "{F3D0D36F-23F8-4682-A195-74C92B03D4AF}" and PUP "Application.Toolbar (A)" in "{F3D0D36F-23F8-4682-A195-74C92B03D4AF}"
1/28/2018 7:08:39 PM User THOMAS-HOFFICE\Thomas Scan started Malware Scan
1/28/2018 7:08:39 PM User THOMAS-HOFFICE\Thomas Setting modified "Detect PUPs" has been changed to "Enabled".
1/28/2018 7:08:09 PM User Update Downloaded and installed 106 files (22039 kb) (1 min. 21 sec.).
1/28/2018 7:06:49 PM Core Notification "Recommended Reading:How to create, manage and store passwords securely".
1/28/2018 7:06:43 PM User Update Failed with error "Server returned error" (0 sec.).

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.01.2018
Ran by Thomas (administrator) on THOMAS-HOFFICE (28-01-2018 19:52:44)
Running from C:\Users\Thomas\Desktop
Loaded Profiles: Thomas & Ralph & DefaultAppPool (Available Profiles: Thomas & Ralph & DefaultAppPool)
Platform: Windows 10 Pro Version 1709 16299.192 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Starfield Technologies) C:\Program Files (x86)\Workspace\offSyncService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(imPcRemote LLC) C:\Program Files (x86)\imPcRemote\imPcRemote_Instant.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(uvnc bvba) C:\Program Files (x86)\uvnc bvba\PCHelpWareV2Server\pchelpwareV2.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Microsoft Corporation) C:\Windows\System32\vmms.exe
(Apache Software Foundation) C:\Program Files (x86)\Spiceworks\httpd\bin\spiceworks-httpd.exe
(Microsoft Corporation) C:\Windows\System32\vmcompute.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Apache Software Foundation) C:\Program Files (x86)\Spiceworks\httpd\bin\spiceworks-httpd.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [246120 2018-01-20] (AVAST Software)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [HPWOTOOLBOX] => C:\Program Files (x86)\HP\HP Officejet Pro K850 Series\Toolbox\HPWOTBX.exe [356352 2007-01-08] (Hewlett-Packard Company)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-07-27] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1871344 2017-11-04] (Adobe Systems Inc.)
HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [21384 2016-04-15] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [NetTime] => C:\Program Files (x86)\NetTime\NetTime.exe [772096 2012-05-12] ()
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-06-22] (Analog Devices, Inc.)
HKLM-x32\...\Run: [imPcRemoteTray] => C:\Program Files (x86)\imPcRemote\imPcRemoteTray.exe [1963936 2017-11-21] (imPcRemote LLC)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
Winlogon\Notify\PCANotify: C:\Windows\SysWOW64\PCANotify.dll [2007-04-27] (Symantec Corporation)
HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\Run: [Artisan 810(Network)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRA.EXE [223232 2009-02-23] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [1411584 2015-05-05] (Tonec Inc.)
HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\Run: [KiesPDLR.exe] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1015104 2015-07-27] (Samsung)
HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\Run: [Lync] => C:\Program Files\Microsoft Office\Office15\lync.exe [28164272 2017-12-12] (Microsoft Corporation)
HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\Run: [AcuRiteConnect2] => C:\Program Files (x86)\AcuRite\AcuRiteConnect.exe [1083904 2015-07-29] (Chaney Instrument Co)
HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\Run: [Starfield Updater] => C:\Users\Thomas\AppData\Local\Workspace\WorkspaceUpdate.exe [35008 2013-07-14] (Starfield Technologies)
HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [886768 2017-11-04] (Adobe Systems Incorporated)
HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\Run: [SoundMax] => C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe [3866624 2009-05-18] (Analog Devices, Inc.)
HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10257872 2018-01-09] (Piriform Ltd)
HKU\S-1-5-21-3514051097-1430166055-719602415-1005\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [1411584 2015-05-05] (Tonec Inc.)
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-07-21]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{0f24e132-3b97-47c9-b000-43cce991b22f}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{11809b8b-2005-45ab-94ca-3c3fd2cd8932}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{31f26d36-3618-4ebd-b263-e45518c0540b}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{31f26d36-3618-4ebd-b263-e45518c0540b}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{41b50d60-d143-4cd8-8fa6-4c7be61459f6}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{4a9a6fbd-2eb6-4822-be82-aa27e0f089d7}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{4e01f0e8-9d7f-41ee-aa65-0bd3121e76ee}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{558de6bb-e279-4307-b23d-d59ef1475826}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{57912f9d-6dd1-47a5-b667-5cc6ff512dc2}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{86cb0413-8399-4622-9c42-a03293dea40f}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{86cb0413-8399-4622-9c42-a03293dea40f}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{ce17f3a1-903d-45ff-9485-063f29a24f90}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{f169f507-1cda-4c4b-9c06-108f3d41db71}: [NameServer] 8.8.8.8

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3514051097-1430166055-719602415-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-12-12] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-11-18] (Adobe Systems Incorporated)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-11-18] (Adobe Systems Incorporated)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2010-05-28] (Hewlett-Packard Co.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-08-24] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-01-20] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-11-18] (Adobe Systems Incorporated)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-20] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-11-18] (Adobe Systems Incorporated)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2010-05-28] (Hewlett-Packard Co.)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-11-18] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-11-18] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3514051097-1430166055-719602415-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-11-18] (Adobe Systems Incorporated)
DPF: HKLM {583C990C-2D38-410c-9A4A-0932D66A754F} hxxps://pulsesecure.net/dana-cached/sc/PulseSetupClient64.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} hxxps://vpn.mydtt.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: HKLM-x32 {73B1BB72-18BB-41AE-B53C-43704B5B5315} hxxps://video.envysion.com/plugins/default/EnvysionCtrl.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1263.cab
DPF: HKLM-x32 {8E375A63-C616-46F1-AC77-59DF78F3A826} hxxps://access.netsurion.com/dana-cached/sc/PulseSetupClient.cab
DPF: HKLM-x32 {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} hxxps://carlsjr-747.mydtt.com:8915/cab/OCXChecker_8500.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=3742
DPF: HKLM-x32 {FEC048AB-277A-460C-BF50-1A4193AEF148} hxxps://carlsjr-747.mydtt.com:8915/cab/DownloadCenter_8300.cab
Handler-x32: g7ps - {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Program Files (x86)\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll [2006-11-17] (G7 Productivity Systems, Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: fmc2sm82.default
FF ProfilePath: C:\Users\Thomas\AppData\Roaming\TomTom\HOME\Profiles\8pk0q5qg.default [2013-08-22]
FF ProfilePath: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\fmc2sm82.default [2018-01-28]
FF Extension: (WBE Paste) - C:\Users\Thomas\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\wbepaste@starfield [2016-11-21] [Legacy] [not signed]
FF Extension: (Cisco WebEx Extension) - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\fmc2sm82.default\Extensions\[email protected] [2017-07-12]
FF Extension: (Avast Online Security) - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\fmc2sm82.default\Extensions\[email protected] [2018-01-20]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2017-11-27]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-07-21] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\Firefox\Extensions: [[email protected]] - C:\Users\Thomas\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Thomas\AppData\Roaming\IDM\idmmzcc5 [2018-01-27] [Legacy] [not signed]
FF HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\Thomas\AppData\Roaming\IDM\idmmzcc5
FF HKU\S-1-5-21-3514051097-1430166055-719602415-1005\...\Firefox\Extensions: [[email protected]] - C:\Users\Ralph\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Ralph\AppData\Roaming\IDM\idmmzcc5 [2018-01-20] [Legacy] [not signed]
FF HKU\S-1-5-21-3514051097-1430166055-719602415-1005\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\Ralph\AppData\Roaming\IDM\idmmzcc5
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll [2018-01-09] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll [2018-01-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1231201.dll [2017-11-02] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-11-15] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files (x86)\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: USSC Web Components -> C:\Program Files (x86)\USSC Web Components\npUSSCWebVideoPlugin.dll [2015-05-15] ()
FF Plugin HKU\S-1-5-21-3514051097-1430166055-719602415-1001: @starfield.com/off -> C:\Users\Thomas\AppData\Roaming\Mozilla\Plugins\npoff.dll [2016-11-21] ( Starfield Technologies, LLC.)
FF Plugin HKU\S-1-5-21-3514051097-1430166055-719602415-1001: @starfield.com/off64 -> C:\Users\Thomas\AppData\Roaming\Mozilla\Plugins\npoff64.dll [2016-11-21] ( Starfield Technologies, LLC.)
FF Plugin HKU\S-1-5-21-3514051097-1430166055-719602415-1001: @starfield.com/wbe -> C:\Users\Thomas\AppData\Roaming\Mozilla\Plugins\npwbe.dll [2016-11-21] (Starfield Technology, LLC)
FF Plugin HKU\S-1-5-21-3514051097-1430166055-719602415-1001: @starfield.com/wbe64 -> C:\Users\Thomas\AppData\Roaming\Mozilla\Plugins\npwbe64.dll [2016-11-21] (Starfield Technology, LLC)
FF Plugin HKU\S-1-5-21-3514051097-1430166055-719602415-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Thomas\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-01-17] (Zoom Video Communications, Inc.)
FF Plugin HKU\S-1-5-21-3514051097-1430166055-719602415-1005: @hulu.com/Hulu Desktop -> C:\Users\Default.migrated\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Users\Thomas\AppData\Roaming\mozilla\plugins\npatgpc.dll [2017-04-20] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Thomas\AppData\Roaming\mozilla\plugins\npoff.dll [2016-11-21] ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\Thomas\AppData\Roaming\mozilla\plugins\npoff64.dll [2016-11-21] ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\Thomas\AppData\Roaming\mozilla\plugins\npwbe.dll [2016-11-21] (Starfield Technology, LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Thomas\AppData\Roaming\mozilla\plugins\npwbe64.dll [2016-11-21] (Starfield Technology, LLC)

Chrome:
=======
CHR Profile: C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default [2018-01-28]
CHR Extension: (Slides) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-17]
CHR Extension: (Docs) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-17]
CHR Extension: (Google Drive) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-10]
CHR Extension: (YouTube) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-10]
CHR Extension: (Google Search) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-10]
CHR Extension: (Sheets) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-17]
CHR Extension: (Google Docs Offline) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-30]
CHR Extension: (Avast Online Security) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-01-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-13]
CHR Extension: (Chrome Media Router) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-29]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-04-20]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-04-20]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-04-20]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AEADIFilters; C:\WINDOWS\system32\AEADISRV.EXE [111616 2008-07-15] (Andrea Electronics Corporation)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7538536 2018-01-20] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [301168 2018-01-20] (AVAST Software)
R2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [39408 2010-09-13] ()
S2 CareMon; C:\Program Files (x86)\Spotmau\PowerSuite Golden Edition\PowerSuite 2012\PcCheck\CareMon.exe [146792 2011-11-15] () [File not signed]
R2 File Backup; C:\Program Files (x86)\Workspace\offSyncService.exe [697472 2014-10-20] (Starfield Technologies)
S3 HgClientService; C:\WINDOWS\system32\hgclientservice.dll [125440 2017-09-29] (Microsoft Corporation)
R3 hns; C:\WINDOWS\System32\HostNetSvc.dll [1412096 2018-01-01] (Microsoft Corporation)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-22] (HP Inc.)
R2 imPcInstantService; C:\Program Files (x86)\imPcRemote\impcremote_instant.exe [521120 2016-02-04] (imPcRemote LLC)
S2 imPcRemoteService; C:\Program Files (x86)\imPcRemote\impcremote.exe [1469344 2017-11-21] (imPcRemote LLC)
S3 impc_service; C:\Program Files (x86)\imPcRemote\uvnc\rpuvnc.exe [1882832 2017-11-26] (UltraVNC)
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093880 2009-12-11] (Symantec Corporation)
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [3894760 2017-06-07] (Paramount Software UK Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-07-31] (Hewlett-Packard) [File not signed]
S2 NetTimeSvc; C:\Program Files (x86)\NetTime\NetTimeService.exe [473088 2012-05-12] () [File not signed]
R2 PcHelpware_service; C:\Program Files (x86)\uvnc bvba\PCHelpWareV2Server\pchelpwareV2.exe [2719456 2012-01-12] (uvnc bvba)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-07-31] (Hewlett-Packard) [File not signed]
S3 RoxMediaDB13; C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [1099248 2010-07-16] (Sonic Solutions)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-12-11] (Microsoft Corporation)
S2 spiceworks; C:\Program Files (x86)\Spiceworks\bin\spiceworks.exe [47344 2015-10-22] (Spiceworks, Inc.)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-20] (DEVGURU Co., LTD.)
R3 vmcompute; C:\WINDOWS\system32\vmcompute.exe [2542592 2018-01-01] (Microsoft Corporation)
R2 vmms; C:\WINDOWS\system32\vmms.exe [15047168 2018-01-01] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ACPIService; C:\WINDOWS\System32\drivers\OSDACPI.SYS [17992 2009-06-17] ()
R3 anvsnddrv; C:\WINDOWS\system32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [185096 2018-01-20] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [321512 2018-01-20] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [199448 2018-01-20] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343768 2018-01-20] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57696 2018-01-20] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [149344 2018-01-20] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46976 2018-01-20] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [146648 2018-01-20] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110336 2018-01-20] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84384 2018-01-20] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1025176 2018-01-20] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [457896 2018-01-20] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [204456 2018-01-20] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [358672 2018-01-20] (AVAST Software)
S3 CW75; C:\WINDOWS\System32\Drivers\CW75.sys [24704 2008-11-27] (CASIO COMPUTER CO.,LTD.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S4 epp; C:\EEK\bin64\epp.sys [124552 2016-11-23] (Emsisoft Ltd)
R3 GenericMount; C:\WINDOWS\System32\drivers\GenericMount.sys [66608 2010-02-12] (Symantec Corporation)
R3 hvsocketcontrol; C:\WINDOWS\system32\drivers\hvsocketcontrol.sys [26112 2017-09-29] (Microsoft Corporation)
S3 lunparser; C:\WINDOWS\System32\drivers\lunparser.sys [23040 2017-09-29] (Microsoft Corporation)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2018-01-28] (Malwarebytes)
R1 mv2; C:\WINDOWS\System32\drivers\mv2.sys [12904 2011-03-18] (UVNC BVBA)
R3 netr28x; C:\WINDOWS\System32\drivers\netr28x.sys [2537984 2017-09-29] (MediaTek Inc.)
S1 nettalkd; C:\WINDOWS\System32\DRIVERS\nettalkd.sys [30944 2012-04-29] (NetTalk Inc.)
R2 NPF; C:\WINDOWS\SysWoW64\drivers\npf64.sys [36600 2015-04-30] (Riverbed Technology, Inc.)
R3 NW1900; C:\WINDOWS\System32\drivers\NW1900.sys [142656 2012-05-18] (NextWindow Limited)
S3 passthruparser; C:\WINDOWS\System32\drivers\passthruparser.sys [24064 2017-09-29] (Microsoft Corporation)
S3 pcip; C:\WINDOWS\System32\drivers\pcip.sys [48128 2017-09-29] (Microsoft Corporation)
S3 pvhdparser; C:\WINDOWS\System32\drivers\pvhdparser.sys [51712 2017-09-29] (Microsoft Corporation)
S3 ramparser; C:\WINDOWS\System32\drivers\ramparser.sys [31744 2017-09-29] (Microsoft Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R2 supersafer64; C:\Windows\SysWOW64\drivers\supersafer64.sys [238072 2011-11-15] (Spotmau)
R3 Synth3dVsp; C:\WINDOWS\System32\drivers\Synth3dVsp.sys [103424 2017-09-29] (Microsoft Corporation)
S3 TGBMPEnum; C:\WINDOWS\System32\DRIVERS\TGBMPEnum.sys [38584 2013-01-21] (TheGreenBow)
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [23040 2017-09-29] (Microsoft Corporation)
R1 VfpExt; C:\WINDOWS\System32\drivers\vfpext.sys [1207808 2018-01-01] (Microsoft Corporation)
S3 vhdparser; C:\WINDOWS\System32\drivers\vhdparser.sys [32768 2017-09-29] (Microsoft Corporation)
R0 vidsflt53; C:\WINDOWS\System32\DRIVERS\vsflt53.sys [141920 2012-08-13] (Acronis)
R3 vmsmp; C:\WINDOWS\System32\drivers\vmswitch.sys [1677824 2018-01-01] (Microsoft Corporation)
S3 VProEventMonitor; C:\WINDOWS\System32\DRIVERS\vproeventmonitor.sys [20528 2009-09-21] (Symantec Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: hns -> C:\Windows\System32\HostNetSvc.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-28 19:52 - 2018-01-28 19:53 - 000033412 _____ C:\Users\Thomas\Desktop\FRST.txt
2018-01-28 19:06 - 2018-01-28 19:06 - 000000000 ____D C:\ProgramData\Emsisoft
2018-01-28 19:04 - 2018-01-28 19:51 - 000000000 ____D C:\EEK
2018-01-28 10:23 - 2018-01-28 10:23 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-01-28 10:18 - 2018-01-28 19:51 - 000000000 ____D C:\Users\Thomas\Desktop\New Logs
2018-01-28 10:03 - 2018-01-28 10:03 - 000000244 _____ C:\Users\Thomas\Desktop\Edge Not working other browsers do - Virus, Spyware, Malware Removal.url
2018-01-28 09:39 - 2018-01-28 09:40 - 313576592 _____ C:\Users\Thomas\Desktop\EmsisoftEmergencyKit.exe
2018-01-28 09:38 - 2018-01-28 09:38 - 008206624 _____ (Malwarebytes) C:\Users\Thomas\Desktop\adwcleaner_7.0.7.0.exe
2018-01-27 18:02 - 2018-01-27 18:02 - 000000000 ____D C:\Users\Thomas\Desktop\FRST-OlderVersion
2018-01-27 18:01 - 2018-01-27 18:01 - 000899584 _____ (Farbar) C:\Users\Thomas\Desktop\FSS.exe
2018-01-27 17:15 - 2018-01-27 17:15 - 000000000 ____D C:\Users\Public\Pulse Secure
2018-01-27 16:51 - 2018-01-27 16:54 - 000000085 _____ C:\WINDOWS\wininit.ini
2018-01-27 16:43 - 2017-07-12 17:47 - 000451925 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20180127-164352.backup
2018-01-27 07:49 - 2018-01-27 07:49 - 000000000 ____D C:\Users\Thomas\AppData\Local\CrashDumps
2018-01-26 17:19 - 2018-01-26 17:19 - 000003608 _____ C:\WINDOWS\System32\Tasks\[email protected]
2018-01-26 15:48 - 2018-01-26 15:48 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2018-01-26 12:43 - 2018-01-26 12:43 - 000000000 ____D C:\Rem-VBSqt
2018-01-26 11:19 - 2018-01-26 11:19 - 000003804 _____ C:\WINDOWS\System32\Tasks\AutoKMS
2018-01-26 10:33 - 2018-01-26 12:39 - 000000000 ____D C:\ProgramData\RogueKiller
2018-01-26 10:33 - 2018-01-26 10:33 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-01-21 11:40 - 2018-01-27 18:02 - 002393088 _____ (Farbar) C:\Users\Thomas\Desktop\FRST64.exe
2018-01-20 20:45 - 2018-01-20 20:45 - 000000000 ____D C:\Users\Ralph\AppData\Roaming\AVAST Software
2018-01-20 20:44 - 2018-01-20 20:44 - 000000000 ____D C:\Users\Ralph\AppData\Local\Western_Digital_Technolog
2018-01-20 20:42 - 2018-01-20 20:42 - 000000020 ___SH C:\Users\Ralph\ntuser.ini
2018-01-20 20:42 - 2018-01-20 20:42 - 000000000 ___RD C:\Users\Ralph\3D Objects
2018-01-20 20:42 - 2018-01-20 20:42 - 000000000 ____D C:\Users\Ralph\AppData\Local\ConnectedDevicesPlatform
2018-01-20 18:53 - 2018-01-20 18:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2018-01-20 18:53 - 2018-01-20 18:53 - 000000000 ____D C:\ProgramData\Apple Computer
2018-01-20 18:53 - 2018-01-20 18:53 - 000000000 ____D C:\Program Files (x86)\QuickTime
2018-01-20 18:35 - 2018-01-20 18:35 - 000000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2018-01-20 18:25 - 2018-01-20 18:25 - 000000000 ____D C:\Users\Thomas\AppData\Roaming\AVAST Software
2018-01-20 18:24 - 2018-01-20 18:24 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2018-01-20 18:24 - 2018-01-20 18:24 - 000003994 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-01-20 18:24 - 2018-01-20 18:24 - 000001979 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2018-01-20 18:24 - 2018-01-20 18:24 - 000001967 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2018-01-20 18:24 - 2018-01-20 18:24 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2018-01-20 18:24 - 2018-01-20 18:24 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2018-01-20 18:23 - 2018-01-20 18:24 - 000457896 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-01-20 18:23 - 2018-01-20 18:24 - 000146648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-01-20 18:23 - 2018-01-20 18:22 - 000365680 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-01-20 18:23 - 2018-01-20 18:22 - 000358672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-01-20 18:23 - 2018-01-20 18:22 - 000204456 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2018-01-20 18:23 - 2018-01-20 18:22 - 000185096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-01-20 18:23 - 2018-01-20 18:22 - 000110336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2018-01-20 18:23 - 2018-01-20 18:22 - 000084384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-01-20 18:23 - 2018-01-20 18:22 - 000046976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-01-20 18:23 - 2018-01-20 18:21 - 001025176 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-01-20 18:23 - 2018-01-20 18:21 - 000343768 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys
2018-01-20 18:23 - 2018-01-20 18:21 - 000321512 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2018-01-20 18:23 - 2018-01-20 18:21 - 000199448 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2018-01-20 18:23 - 2018-01-20 18:21 - 000149344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-01-20 18:23 - 2018-01-20 18:21 - 000057696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2018-01-20 18:20 - 2018-01-20 21:42 - 000000000 ____D C:\ProgramData\AVAST Software
2018-01-20 18:20 - 2018-01-20 18:20 - 000003938 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-01-20 18:20 - 2018-01-20 18:20 - 000000000 ____D C:\Program Files\AVAST Software
2018-01-20 12:20 - 2018-01-28 19:52 - 000000000 ____D C:\FRST
2018-01-18 11:03 - 2018-01-18 11:03 - 000000000 ____D C:\Users\Thomas\Working
2018-01-18 09:43 - 2018-01-18 21:22 - 000000000 ____D C:\Users\Thomas\AppData\Local\dtoulmp
2018-01-16 19:15 - 2018-01-16 19:15 - 000000000 ____D C:\Users\Thomas\AppData\Local\SolidDocuments
2018-01-11 21:24 - 2018-01-01 09:15 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-01-11 21:24 - 2018-01-01 04:54 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-01-11 21:24 - 2018-01-01 04:53 - 001090984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-01-11 21:24 - 2018-01-01 04:52 - 000066712 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll
2018-01-11 21:24 - 2018-01-01 04:51 - 002242704 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmwp.exe
2018-01-11 21:24 - 2018-01-01 04:51 - 001414784 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-01-11 21:24 - 2018-01-01 04:51 - 001209240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-01-11 21:24 - 2018-01-01 04:51 - 001055128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-01-11 21:24 - 2018-01-01 04:51 - 000191816 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2018-01-11 21:24 - 2018-01-01 04:51 - 000059800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bam.sys
2018-01-11 21:24 - 2018-01-01 04:50 - 005905752 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-01-11 21:24 - 2018-01-01 04:50 - 000780464 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-01-11 21:24 - 2018-01-01 04:50 - 000479912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-01-11 21:24 - 2018-01-01 04:50 - 000077208 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-01-11 21:24 - 2018-01-01 04:49 - 008605080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-01-11 21:24 - 2018-01-01 04:49 - 000599448 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-01-11 21:24 - 2018-01-01 04:49 - 000319352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-01-11 21:24 - 2018-01-01 04:49 - 000292376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2018-01-11 21:24 - 2018-01-01 04:48 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-01-11 21:24 - 2018-01-01 04:48 - 001954048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-01-11 21:24 - 2018-01-01 04:48 - 000382360 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-01-11 21:24 - 2018-01-01 04:47 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-01-11 21:24 - 2018-01-01 04:47 - 000082840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-01-11 21:24 - 2018-01-01 04:46 - 002709704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-01-11 21:24 - 2018-01-01 04:46 - 000898216 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-01-11 21:24 - 2018-01-01 04:46 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-01-11 21:24 - 2018-01-01 04:46 - 000471960 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-01-11 21:24 - 2018-01-01 04:45 - 002395032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-01-11 21:24 - 2018-01-01 04:45 - 001277848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-01-11 21:24 - 2018-01-01 04:45 - 000398744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2018-01-11 21:24 - 2018-01-01 04:43 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-01-11 21:24 - 2018-01-01 04:43 - 000367336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2018-01-11 21:24 - 2018-01-01 04:43 - 000062872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fsdepends.sys
2018-01-11 21:24 - 2018-01-01 04:42 - 001029016 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2018-01-11 21:24 - 2018-01-01 04:42 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-01-11 21:24 - 2018-01-01 04:42 - 000494488 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-01-11 21:24 - 2018-01-01 04:42 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2018-01-11 21:24 - 2018-01-01 04:42 - 000109976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-01-11 21:24 - 2018-01-01 04:41 - 007676296 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-01-11 21:24 - 2018-01-01 04:41 - 000559512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-01-11 21:24 - 2018-01-01 04:41 - 000549552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2018-01-11 21:24 - 2018-01-01 04:40 - 001206680 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-01-11 21:24 - 2018-01-01 04:39 - 000902416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-01-11 21:24 - 2018-01-01 04:39 - 000677784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-01-11 21:24 - 2018-01-01 04:39 - 000508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2018-01-11 21:24 - 2018-01-01 04:39 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-01-11 21:24 - 2018-01-01 04:39 - 000129432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2018-01-11 21:24 - 2018-01-01 04:38 - 003904808 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-01-11 21:24 - 2018-01-01 04:38 - 000727448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-01-11 21:24 - 2018-01-01 04:38 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-01-11 21:24 - 2018-01-01 04:38 - 000103320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-01-11 21:24 - 2018-01-01 04:38 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
2018-01-11 21:24 - 2018-01-01 04:37 - 001426664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-01-11 21:24 - 2018-01-01 04:37 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2018-01-11 21:24 - 2018-01-01 04:36 - 000413888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-01-11 21:24 - 2018-01-01 04:36 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2018-01-11 21:24 - 2018-01-01 04:36 - 000166296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2018-01-11 21:24 - 2018-01-01 04:36 - 000113560 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
2018-01-11 21:24 - 2018-01-01 04:36 - 000057752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbios.sys
2018-01-11 21:24 - 2018-01-01 04:35 - 001170008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-01-11 21:24 - 2018-01-01 04:35 - 000075160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-01-11 21:24 - 2018-01-01 04:34 - 007385088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-01-11 21:24 - 2018-01-01 04:34 - 001336344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-01-11 21:24 - 2018-01-01 04:34 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-01-11 21:24 - 2018-01-01 04:34 - 000087384 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2018-01-11 21:24 - 2018-01-01 04:33 - 002773400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-01-11 21:24 - 2018-01-01 04:33 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-01-11 21:24 - 2018-01-01 04:32 - 004481240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-01-11 21:24 - 2018-01-01 04:32 - 000617304 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-01-11 21:24 - 2018-01-01 04:27 - 000713624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-01-11 21:24 - 2018-01-01 04:27 - 000163736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2018-01-11 21:24 - 2018-01-01 04:26 - 000428952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-01-11 21:24 - 2018-01-01 04:26 - 000081304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2018-01-11 21:24 - 2018-01-01 04:25 - 000615768 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2018-01-11 21:24 - 2018-01-01 04:25 - 000147864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-01-11 21:24 - 2018-01-01 04:23 - 021352144 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-01-11 21:24 - 2018-01-01 04:21 - 001103768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-01-11 21:24 - 2018-01-01 04:21 - 000614296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2018-01-11 21:24 - 2018-01-01 04:06 - 000311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2018-01-11 21:24 - 2018-01-01 04:03 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-01-11 21:24 - 2018-01-01 04:03 - 000650328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-01-11 21:24 - 2018-01-01 04:03 - 000566664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-01-11 21:24 - 2018-01-01 04:03 - 000123512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2018-01-11 21:24 - 2018-01-01 03:53 - 001615712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-01-11 21:24 - 2018-01-01 03:49 - 000481464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2018-01-11 21:24 - 2018-01-01 03:49 - 000258808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2018-01-11 21:24 - 2018-01-01 03:46 - 003485392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-01-11 21:24 - 2018-01-01 03:46 - 000289816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2018-01-11 21:24 - 2018-01-01 03:45 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-01-11 21:24 - 2018-01-01 03:45 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-01-11 21:24 - 2018-01-01 03:45 - 002192624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-01-11 21:24 - 2018-01-01 03:45 - 000450928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2018-01-11 21:24 - 2018-01-01 03:43 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-01-11 21:24 - 2018-01-01 03:42 - 006479552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-01-11 21:24 - 2018-01-01 03:42 - 004644912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-01-11 21:24 - 2018-01-01 03:42 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-01-11 21:24 - 2018-01-01 03:42 - 001003152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-01-11 21:24 - 2018-01-01 03:42 - 000982528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-01-11 21:24 - 2018-01-01 03:42 - 000386424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2018-01-11 21:24 - 2018-01-01 03:42 - 000129184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-01-11 21:24 - 2018-01-01 03:42 - 000074992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2018-01-11 21:24 - 2018-01-01 03:37 - 025247232 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-01-11 21:24 - 2018-01-01 03:34 - 000703568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-01-11 21:24 - 2018-01-01 03:32 - 015047168 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmms.exe
2018-01-11 21:24 - 2018-01-01 03:27 - 004150784 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmchipset.dll
2018-01-11 21:24 - 2018-01-01 03:26 - 004576768 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvgm.exe
2018-01-11 21:24 - 2018-01-01 03:25 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-01-11 21:24 - 2018-01-01 03:25 - 002542592 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmcompute.exe
2018-01-11 21:24 - 2018-01-01 03:25 - 001412096 _____ (Microsoft Corporation) C:\WINDOWS\system32\HostNetSvc.dll
2018-01-11 21:24 - 2018-01-01 03:25 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-01-11 21:24 - 2018-01-01 03:25 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2018-01-11 21:24 - 2018-01-01 03:25 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-01-11 21:24 - 2018-01-01 03:25 - 000097792 _____ C:\WINDOWS\system32\runexehelper.exe
2018-01-11 21:24 - 2018-01-01 03:24 - 003668480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-01-11 21:24 - 2018-01-01 03:24 - 001677824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmswitch.sys
2018-01-11 21:24 - 2018-01-01 03:24 - 001411584 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmuidevices.dll
2018-01-11 21:24 - 2018-01-01 03:24 - 001282560 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmemulateddevices.dll
2018-01-11 21:24 - 2018-01-01 03:24 - 001207808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vfpext.sys
2018-01-11 21:24 - 2018-01-01 03:24 - 000523264 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmEmulatedStorage.dll
2018-01-11 21:24 - 2018-01-01 03:24 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmcompute.dll
2018-01-11 21:24 - 2018-01-01 03:24 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmDataStore.dll
2018-01-11 21:24 - 2018-01-01 03:24 - 000406016 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmicvdev.dll
2018-01-11 21:24 - 2018-01-01 03:24 - 000378368 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmEmulatedNic.dll
2018-01-11 21:24 - 2018-01-01 03:24 - 000376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsynthstor.dll
2018-01-11 21:24 - 2018-01-01 03:24 - 000363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmSynthNic.dll
2018-01-11 21:24 - 2018-01-01 03:24 - 000349696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Vid.sys
2018-01-11 21:24 - 2018-01-01 03:24 - 000319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsynth3dvideo.dll
2018-01-11 21:24 - 2018-01-01 03:24 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsmb.dll
2018-01-11 21:24 - 2018-01-01 03:24 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboutSettingsHandlers.dll
2018-01-11 21:24 - 2018-01-01 03:24 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2018-01-11 21:24 - 2018-01-01 03:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-01-11 21:24 - 2018-01-01 03:23 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-01-11 21:24 - 2018-01-01 03:23 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2018-01-11 21:24 - 2018-01-01 03:23 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-01-11 21:24 - 2018-01-01 03:23 - 000399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmpmem.dll
2018-01-11 21:24 - 2018-01-01 03:23 - 000385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2018-01-11 21:24 - 2018-01-01 03:23 - 000298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmusrv.dll
2018-01-11 21:24 - 2018-01-01 03:23 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2018-01-11 21:24 - 2018-01-01 03:23 - 000247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmdynmem.dll
2018-01-11 21:24 - 2018-01-01 03:23 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrivateCloudHNSPlugin.dll
2018-01-11 21:24 - 2018-01-01 03:23 - 000217600 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmserial.dll
2018-01-11 21:24 - 2018-01-01 03:23 - 000213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsynthfcvdev.dll
2018-01-11 21:24 - 2018-01-01 03:23 - 000193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpupvdev.dll
2018-01-11 21:24 - 2018-01-01 03:23 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpcievdev.dll
2018-01-11 21:24 - 2018-01-01 03:23 - 000184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmicrdv.dll
2018-01-11 21:24 - 2018-01-01 03:23 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbusr.sys
2018-01-11 21:24 - 2018-01-01 03:23 - 000121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-01-11 21:24 - 2018-01-01 03:23 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\CCGLaunchPad.dll
2018-01-11 21:24 - 2018-01-01 03:23 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\CCG.exe
2018-01-11 21:24 - 2018-01-01 03:23 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2018-01-11 21:24 - 2018-01-01 03:23 - 000020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RdvgmProxy.dll
2018-01-11 21:24 - 2018-01-01 03:22 - 000027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdvgmProxy.dll
2018-01-11 21:24 - 2018-01-01 03:22 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2018-01-11 21:24 - 2018-01-01 03:21 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-01-11 21:24 - 2018-01-01 03:21 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
2018-01-11 21:24 - 2018-01-01 03:21 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2018-01-11 21:24 - 2018-01-01 03:21 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2018-01-11 21:24 - 2018-01-01 03:21 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspptp.sys
2018-01-11 21:24 - 2018-01-01 03:21 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2018-01-11 21:24 - 2018-01-01 03:21 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2018-01-11 21:24 - 2018-01-01 03:20 - 019337216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-01-11 21:24 - 2018-01-01 03:20 - 018917888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-01-11 21:24 - 2018-01-01 03:20 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-01-11 21:24 - 2018-01-01 03:20 - 000397824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2018-01-11 21:24 - 2018-01-01 03:20 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-01-11 21:24 - 2018-01-01 03:20 - 000212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2018-01-11 21:24 - 2018-01-01 03:20 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2018-01-11 21:24 - 2018-01-01 03:20 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2018-01-11 21:24 - 2018-01-01 03:20 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2018-01-11 21:24 - 2018-01-01 03:20 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardDlg.dll
2018-01-11 21:24 - 2018-01-01 03:20 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshhttp.dll
2018-01-11 21:24 - 2018-01-01 03:19 - 008014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-01-11 21:24 - 2018-01-01 03:19 - 000795136 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalAuth.dll
2018-01-11 21:24 - 2018-01-01 03:19 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-01-11 21:24 - 2018-01-01 03:19 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2018-01-11 21:24 - 2018-01-01 03:19 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2018-01-11 21:24 - 2018-01-01 03:19 - 000416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2018-01-11 21:24 - 2018-01-01 03:19 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-01-11 21:24 - 2018-01-01 03:19 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-01-11 21:24 - 2018-01-01 03:19 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-01-11 21:24 - 2018-01-01 03:19 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2018-01-11 21:24 - 2018-01-01 03:19 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-01-11 21:24 - 2018-01-01 03:19 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2018-01-11 21:24 - 2018-01-01 03:19 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll
2018-01-11 21:24 - 2018-01-01 03:19 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2018-01-11 21:24 - 2018-01-01 03:19 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2018-01-11 21:24 - 2018-01-01 03:19 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2018-01-11 21:24 - 2018-01-01 03:19 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2018-01-11 21:24 - 2018-01-01 03:19 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshhttp.dll
2018-01-11 21:24 - 2018-01-01 03:18 - 000748032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2018-01-11 21:24 - 2018-01-01 03:18 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-01-11 21:24 - 2018-01-01 03:18 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcncsvc.dll
2018-01-11 21:24 - 2018-01-01 03:18 - 000436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-01-11 21:24 - 2018-01-01 03:18 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2018-01-11 21:24 - 2018-01-01 03:18 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-01-11 21:24 - 2018-01-01 03:18 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2018-01-11 21:24 - 2018-01-01 03:18 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-01-11 21:24 - 2018-01-01 03:18 - 000380928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EncDec.dll
2018-01-11 21:24 - 2018-01-01 03:18 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-01-11 21:24 - 2018-01-01 03:18 - 000369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\APHostService.dll
2018-01-11 21:24 - 2018-01-01 03:18 - 000343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-01-11 21:24 - 2018-01-01 03:18 - 000276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2018-01-11 21:24 - 2018-01-01 03:18 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2018-01-11 21:24 - 2018-01-01 03:18 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2018-01-11 21:24 - 2018-01-01 03:18 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll
2018-01-11 21:24 - 2018-01-01 03:17 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-01-11 21:24 - 2018-01-01 03:17 - 006564864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-01-11 21:24 - 2018-01-01 03:17 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2018-01-11 21:24 - 2018-01-01 03:17 - 000791552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-01-11 21:24 - 2018-01-01 03:17 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-01-11 21:24 - 2018-01-01 03:17 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2018-01-11 21:24 - 2018-01-01 03:17 - 000594432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-01-11 21:24 - 2018-01-01 03:17 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-01-11 21:24 - 2018-01-01 03:17 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-01-11 21:24 - 2018-01-01 03:17 - 000555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2018-01-11 21:24 - 2018-01-01 03:17 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2018-01-11 21:24 - 2018-01-01 03:17 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2018-01-11 21:24 - 2018-01-01 03:17 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2018-01-11 21:24 - 2018-01-01 03:17 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2018-01-11 21:24 - 2018-01-01 03:17 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msoert2.dll
2018-01-11 21:24 - 2018-01-01 03:16 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-01-11 21:24 - 2018-01-01 03:16 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-01-11 21:24 - 2018-01-01 03:16 - 003676672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-01-11 21:24 - 2018-01-01 03:16 - 000956928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2018-01-11 21:24 - 2018-01-01 03:16 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-01-11 21:24 - 2018-01-01 03:16 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-01-11 21:24 - 2018-01-01 03:16 - 000812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-01-11 21:24 - 2018-01-01 03:16 - 000720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-01-11 21:24 - 2018-01-01 03:16 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-01-11 21:24 - 2018-01-01 03:16 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-01-11 21:24 - 2018-01-01 03:16 - 000624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2018-01-11 21:24 - 2018-01-01 03:16 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-01-11 21:24 - 2018-01-01 03:16 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-01-11 21:24 - 2018-01-01 03:16 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2018-01-11 21:24 - 2018-01-01 03:16 - 000235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2018-01-11 21:24 - 2018-01-01 03:16 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-01-11 21:24 - 2018-01-01 03:16 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-01-11 21:24 - 2018-01-01 03:15 - 012687872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-01-11 21:24 - 2018-01-01 03:15 - 006029312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-01-11 21:24 - 2018-01-01 03:15 - 002349568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2018-01-11 21:24 - 2018-01-01 03:15 - 001657856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-01-11 21:24 - 2018-01-01 03:15 - 001381888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2018-01-11 21:24 - 2018-01-01 03:15 - 001245184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2018-01-11 21:24 - 2018-01-01 03:15 - 000970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2018-01-11 21:24 - 2018-01-01 03:15 - 000951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2018-01-11 21:24 - 2018-01-01 03:15 - 000756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-01-11 21:24 - 2018-01-01 03:15 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2018-01-11 21:24 - 2018-01-01 03:15 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2018-01-11 21:24 - 2018-01-01 03:15 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2018-01-11 21:24 - 2018-01-01 03:15 - 000258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2018-01-11 21:24 - 2018-01-01 03:14 - 023655936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-01-11 21:24 - 2018-01-01 03:14 - 002465280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-01-11 21:24 - 2018-01-01 03:14 - 001495040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-01-11 21:24 - 2018-01-01 03:14 - 001097728 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2018-01-11 21:24 - 2018-01-01 03:14 - 001003008 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-01-11 21:24 - 2018-01-01 03:14 - 000985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-01-11 21:24 - 2018-01-01 03:14 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-01-11 21:24 - 2018-01-01 03:14 - 000870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-01-11 21:24 - 2018-01-01 03:13 - 013657600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-01-11 21:24 - 2018-01-01 03:13 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-01-11 21:24 - 2018-01-01 03:13 - 003121664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2018-01-11 21:24 - 2018-01-01 03:13 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-01-11 21:24 - 2018-01-01 03:13 - 002013184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-01-11 21:24 - 2018-01-01 03:13 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-01-11 21:24 - 2018-01-01 03:13 - 001474560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-01-11 21:24 - 2018-01-01 03:13 - 000897024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-01-11 21:24 - 2018-01-01 03:12 - 002633216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-01-11 21:24 - 2018-01-01 03:12 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-01-11 21:24 - 2018-01-01 03:12 - 001573376 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2018-01-11 21:24 - 2018-01-01 03:12 - 001547776 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-01-11 21:24 - 2018-01-01 03:12 - 001424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-01-11 21:24 - 2018-01-01 03:12 - 000760320 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2018-01-11 21:24 - 2018-01-01 03:12 - 000464384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2018-01-11 21:24 - 2018-01-01 03:11 - 008108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-01-11 21:24 - 2018-01-01 03:11 - 004748288 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-01-11 21:24 - 2018-01-01 03:11 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-01-11 21:24 - 2018-01-01 03:11 - 003165696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-01-11 21:24 - 2018-01-01 03:11 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-01-11 21:24 - 2018-01-01 03:11 - 002082304 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-01-11 21:24 - 2018-01-01 03:11 - 001955328 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistSvc.dll
2018-01-11 21:24 - 2018-01-01 03:11 - 001822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-01-11 21:24 - 2018-01-01 03:11 - 001816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-01-11 21:24 - 2018-01-01 03:11 - 001597952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-01-11 21:24 - 2018-01-01 03:11 - 001343488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2018-01-11 21:24 - 2018-01-01 03:11 - 001231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-01-11 21:24 - 2018-01-01 03:11 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-01-11 21:24 - 2018-01-01 03:11 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-01-11 21:24 - 2018-01-01 03:11 - 000715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-01-11 21:24 - 2018-01-01 03:10 - 003126272 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-01-11 21:24 - 2018-01-01 03:10 - 002528256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-01-11 21:24 - 2018-01-01 03:09 - 001487872 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-01-11 21:24 - 2018-01-01 03:09 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-01-11 21:24 - 2018-01-01 03:09 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-01-11 21:24 - 2018-01-01 03:09 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2018-01-11 21:24 - 2018-01-01 03:08 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-01-11 21:24 - 2018-01-01 03:08 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-01-11 21:24 - 2018-01-01 03:08 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-01-11 21:24 - 2018-01-01 03:08 - 000424448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2018-01-11 21:24 - 2018-01-01 03:06 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscproxystub.dll
2018-01-11 21:24 - 2018-01-01 03:05 - 002510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2018-01-11 21:24 - 2018-01-01 03:05 - 001160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2018-01-11 21:23 - 2018-01-01 03:24 - 000038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2018-01-11 21:23 - 2018-01-01 03:24 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\synth3dvideoproxy.dll
2018-01-11 21:23 - 2018-01-01 03:23 - 000260096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vfpctrl.exe
2018-01-11 21:23 - 2018-01-01 03:23 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\convertvhd.exe
2018-01-11 21:23 - 2018-01-01 03:23 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsif.dll
2018-01-11 21:23 - 2018-01-01 03:23 - 000047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2018-01-11 21:23 - 2018-01-01 03:23 - 000023040 _____ C:\WINDOWS\system32\hnsproxy.dll
2018-01-11 21:23 - 2018-01-01 03:23 - 000015872 _____ C:\WINDOWS\system32\hgclientserviceps.dll
2018-01-11 21:23 - 2018-01-01 03:22 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rfxvmt.dll
2018-01-11 21:23 - 2018-01-01 03:22 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2018-01-11 21:23 - 2018-01-01 03:22 - 000017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll
2018-01-11 21:23 - 2018-01-01 03:21 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2018-01-11 21:23 - 2018-01-01 03:21 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppLockerCSP.dll
2018-01-11 21:23 - 2018-01-01 03:21 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2018-01-11 21:23 - 2018-01-01 03:20 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-01-11 21:23 - 2018-01-01 03:20 - 000215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2018-01-11 21:23 - 2018-01-01 03:20 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2018-01-11 21:23 - 2018-01-01 03:20 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2018-01-11 21:23 - 2018-01-01 03:20 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2018-01-11 21:23 - 2018-01-01 03:20 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-01-11 21:23 - 2018-01-01 03:19 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-01-11 21:23 - 2018-01-01 03:19 - 000188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2018-01-11 21:23 - 2018-01-01 03:19 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2018-01-11 21:23 - 2018-01-01 03:19 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msoert2.dll
2018-01-11 21:23 - 2018-01-01 03:19 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2018-01-11 21:23 - 2018-01-01 03:18 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2018-01-11 21:23 - 2018-01-01 03:18 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll
2018-01-11 21:23 - 2018-01-01 03:18 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
2018-01-11 21:23 - 2018-01-01 03:18 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2018-01-11 21:23 - 2018-01-01 03:18 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2018-01-11 21:23 - 2018-01-01 03:17 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-01-11 21:23 - 2018-01-01 03:16 - 000966656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2018-01-11 21:23 - 2018-01-01 03:10 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscproxystub.dll
2018-01-11 21:23 - 2018-01-01 03:08 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
2018-01-11 21:23 - 2018-01-01 03:05 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-01-10 19:17 - 2018-01-10 19:17 - 000000000 ____D C:\WINDOWS\PCHEALTH

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-28 19:50 - 2017-12-11 09:00 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-01-28 18:51 - 2016-11-15 18:51 - 000000000 ____D C:\Users\Thomas\AppData\LocalLow\Mozilla
2018-01-28 17:13 - 2012-06-14 11:07 - 000000000 ____D C:\Temp
2018-01-28 16:53 - 2017-08-19 20:53 - 000000000 ____D C:\Users\Thomas\Desktop\New folder
2018-01-28 15:33 - 2017-12-11 09:57 - 000004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FE021765-4DFF-4C6A-8755-7383173B03F0}
2018-01-28 14:51 - 2012-03-08 12:11 - 000000000 ____D C:\Users\Thomas\AppData\Local\ElevatedDiagnostics
2018-01-28 14:15 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-01-28 14:14 - 2017-12-11 09:57 - 000000446 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2018-01-28 14:13 - 2017-12-11 09:57 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-01-28 14:12 - 2017-09-29 00:45 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2018-01-28 10:24 - 2016-05-16 06:23 - 000000000 ____D C:\AdwCleaner
2018-01-28 10:23 - 2017-11-15 14:16 - 000000366 _____ C:\WINDOWS\Tasks\HPCeeScheduleForThomas.job
2018-01-28 09:56 - 2012-04-21 11:42 - 000000000 ____D C:\Users\Thomas\AppData\LocalLow\Temp
2018-01-28 01:28 - 2017-12-11 09:57 - 000003262 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForThomas
2018-01-27 18:10 - 2012-06-03 16:15 - 000000000 ____D C:\Users\Thomas\AppData\Roaming\DMCache
2018-01-27 17:15 - 2017-05-31 09:21 - 000000000 ____D C:\Users\Thomas\AppData\Roaming\Pulse Secure
2018-01-27 16:57 - 2016-05-09 16:31 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-01-27 16:53 - 2016-05-09 16:31 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-01-26 17:11 - 2017-12-11 09:00 - 000533368 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-01-26 17:10 - 2016-11-21 08:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-01-26 16:57 - 2017-09-29 05:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-01-26 16:57 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-01-26 10:29 - 2014-02-03 23:32 - 000000000 ____D C:\Users\Thomas\AppData\Roaming\IDM
2018-01-26 07:05 - 2012-02-21 14:58 - 000000000 ____D C:\ProgramData\LogMeIn
2018-01-26 00:00 - 2016-10-29 15:31 - 000000000 ____D C:\Users\Thomas\AppData\Local\LogMeInIgnition
2018-01-23 09:32 - 2016-11-21 08:19 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-01-22 13:04 - 2017-09-29 05:44 - 000000000 ____D C:\WINDOWS\INF
2018-01-21 15:21 - 2017-09-29 05:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-01-20 20:44 - 2015-11-20 11:06 - 000000000 ____D C:\Users\Ralph\AppData\Local\Packages
2018-01-20 20:42 - 2017-12-11 09:09 - 000000000 ____D C:\Users\Ralph
2018-01-20 20:42 - 2015-11-20 11:06 - 000000000 ____D C:\Users\Ralph\AppData\Local\TileDataLayer
2018-01-20 20:42 - 2015-11-12 20:21 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-01-20 20:42 - 2013-04-12 21:02 - 000002332 _____ C:\Users\Ralph\Desktop\Google Chrome.lnk
2018-01-20 19:16 - 2017-12-11 09:11 - 000000000 ____D C:\Users\Thomas\AppData\Local\Packages
2018-01-20 19:15 - 2017-12-11 10:22 - 000000000 ____D C:\Users\Thomas\AppData\Local\PackageStaging
2018-01-20 19:00 - 2015-05-18 18:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-01-20 18:59 - 2015-05-18 18:02 - 000097344 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2018-01-20 18:58 - 2015-05-18 18:01 - 000000000 ____D C:\Program Files (x86)\Java
2018-01-20 18:57 - 2013-03-17 09:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2018-01-20 18:51 - 2014-07-05 08:53 - 000000000 ____D C:\Users\Thomas\AppData\Local\Adobe
2018-01-20 18:51 - 2012-02-18 09:29 - 000000000 ____D C:\WINDOWS\SysWOW64\Adobe
2018-01-20 18:35 - 2017-12-11 09:09 - 000000000 ____D C:\Users\DefaultAppPool
2018-01-20 18:22 - 2017-02-06 19:53 - 000000000 ____D C:\Users\Thomas\AppData\Roaming\CoreFTP
2018-01-20 18:21 - 2017-12-10 21:33 - 000000000 ___DC C:\WINDOWS\Panther
2018-01-20 18:21 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-01-20 18:20 - 2017-05-30 08:16 - 000000000 ____D C:\Program Files\CCleaner
2018-01-20 18:19 - 2017-05-30 08:16 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-01-20 13:12 - 2015-07-18 20:32 - 000000008 __RSH C:\ProgramData\ntuser.pol
2018-01-20 13:11 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2018-01-20 09:20 - 2016-10-29 15:31 - 000000000 ____D C:\Users\Thomas\AppData\Local\LogMeIn Client
2018-01-19 22:38 - 2016-05-19 16:32 - 000000000 ____D C:\Users\Thomas\AppData\Roaming\AVG
2018-01-19 22:38 - 2016-05-19 16:26 - 000000000 ____D C:\Program Files (x86)\AVG
2018-01-19 22:38 - 2016-05-19 16:25 - 000000000 ____D C:\ProgramData\Avg
2018-01-19 22:38 - 2016-05-19 16:24 - 000000000 ____D C:\Users\Thomas\AppData\Local\Avg
2018-01-19 22:38 - 2012-02-19 10:28 - 000000000 ____D C:\ProgramData\Sonic
2018-01-19 10:16 - 2016-05-19 16:24 - 000000000 ____D C:\Users\Thomas\AppData\Local\AvgSetupLog
2018-01-19 08:50 - 2015-07-10 21:52 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-01-19 08:50 - 2015-07-10 21:52 - 000000000 ____D C:\ProgramData\Fast Track Software Suite
2018-01-19 05:10 - 2017-08-15 11:03 - 000000666 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3514051097-1430166055-719602415-1001.job
2018-01-19 05:10 - 2017-08-15 11:03 - 000000570 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3514051097-1430166055-719602415-1001.job
2018-01-19 02:33 - 2017-12-11 09:57 - 000003834 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-3514051097-1430166055-719602415-1001
2018-01-19 02:33 - 2017-12-11 09:57 - 000003738 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-3514051097-1430166055-719602415-1001
2018-01-19 02:33 - 2017-08-15 11:03 - 000000000 ____D C:\Users\Thomas\AppData\Local\GoToMeeting
2018-01-18 20:37 - 2015-06-20 21:45 - 000000000 ____D C:\Users\Thomas\AppData\Roaming\spotmau
2018-01-18 20:37 - 2015-05-16 15:20 - 000000000 ____D C:\ProgramData\Spotmau
2018-01-18 11:03 - 2017-12-11 09:09 - 000000000 ____D C:\Users\Thomas
2018-01-18 10:14 - 2017-12-11 09:04 - 001202026 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-01-18 10:10 - 2017-09-29 00:45 - 019660800 _____ C:\WINDOWS\system32\config\HARDWARE
2018-01-14 06:09 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\rescache
2018-01-11 22:11 - 2015-12-13 07:37 - 000000000 ___RD C:\Users\Thomas\3D Objects
2018-01-11 22:06 - 2017-09-29 05:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-01-11 22:06 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-01-11 22:06 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-01-11 22:05 - 2017-09-29 05:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-01-11 22:05 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-01-11 22:05 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\system32\migwiz
2018-01-11 22:05 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-01-11 22:05 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\Provisioning
2018-01-11 22:05 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-01-11 22:05 - 2017-09-29 00:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-01-11 21:27 - 2017-09-29 05:41 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2018-01-11 21:27 - 2017-09-29 05:41 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-01-11 21:27 - 2017-09-29 05:41 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-01-10 19:27 - 2013-08-15 02:02 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-01-10 19:19 - 2017-10-12 17:01 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-01-10 19:19 - 2012-02-17 02:11 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-01-10 19:18 - 2015-06-20 22:23 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2018-01-10 19:16 - 2009-07-13 18:34 - 000000601 _____ C:\WINDOWS\win.ini
2018-01-09 20:11 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-01-09 20:11 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-01-06 10:24 - 2017-11-18 14:39 - 000000000 ____D C:\Program Files (x86)\imPcRemote
2018-01-06 10:24 - 2017-01-27 16:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\imPcRemote
2018-01-05 09:38 - 2016-11-21 08:20 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2018-01-04 13:07 - 2015-09-13 08:07 - 000002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-30 09:53 - 2017-10-16 06:47 - 000000152 _____ C:\WINDOWS\SysWOW64\pchw2Log.txt

==================== Files in the root of some directories =======

2013-04-13 21:00 - 2013-04-13 21:00 - 000000031 _____ () C:\Users\Thomas\AppData\Roaming\Days5.ini
2012-11-15 00:20 - 2012-11-15 00:20 - 000007859 _____ () C:\Users\Thomas\AppData\Roaming\pcouffin.cat
2012-11-15 00:20 - 2012-11-15 00:20 - 000001167 _____ () C:\Users\Thomas\AppData\Roaming\pcouffin.inf
2012-11-15 00:20 - 2012-11-15 00:20 - 000000034 _____ () C:\Users\Thomas\AppData\Roaming\pcouffin.log
2012-11-15 00:20 - 2012-11-15 00:20 - 000082816 _____ (VSO Software) C:\Users\Thomas\AppData\Roaming\pcouffin.sys
2013-05-24 12:24 - 2013-06-01 19:23 - 000002039 _____ () C:\Users\Thomas\AppData\Roaming\SAS7_000.DAT
2015-05-12 21:51 - 2015-05-12 21:51 - 000001057 _____ () C:\Users\Thomas\AppData\Roaming\vso_ts_preview.xml
2017-01-01 08:16 - 2017-01-01 08:16 - 000000600 _____ () C:\Users\Thomas\AppData\Roaming\winscp.rnd
2013-04-24 12:46 - 2013-04-24 12:46 - 000000218 _____ () C:\Users\Thomas\AppData\Local\recently-used.xbel
2015-09-13 22:06 - 2015-10-05 11:38 - 000007606 _____ () C:\Users\Thomas\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-01-20 17:13

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018
Ran by Thomas (28-01-2018 19:54:43)
Running from C:\Users\Thomas\Desktop
Windows 10 Pro Version 1709 16299.192 (X64) (2017-12-11 17:58:32)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3514051097-1430166055-719602415-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3514051097-1430166055-719602415-503 - Limited - Disabled)
Guest (S-1-5-21-3514051097-1430166055-719602415-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3514051097-1430166055-719602415-1002 - Limited - Enabled)
Ralph (S-1-5-21-3514051097-1430166055-719602415-1005 - Limited - Enabled) => C:\Users\Ralph
Thomas (S-1-5-21-3514051097-1430166055-719602415-1001 - Administrator - Enabled) => C:\Users\Thomas
WDAGUtilityAccount (S-1-5-21-3514051097-1430166055-719602415-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1Click DVD Copy Pro 4.2.9.0 (HKLM-x32\...\1Click DVD Copy Pro_is1) (Version: - LG Software Innovations)
4 Elements II Collector's Edition (HKLM-x32\...\{301B6A6D-3586-42B4-BA0E-59E0921C9CA4}) (Version: 1.0.0 - LeeGT-Games)
64 Bit HP CIO Components Installer (HKLM\...\{3138F992-045B-4F55-825C-53B231E647CA}) (Version: 13.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Able Duplicate Finder 2.1 (HKLM-x32\...\Able Duplicate Finder_is1) (Version: - )
Able2Extract Professional v6.0 (HKLM-x32\...\Able2Extract Professional v6.0) (Version: - )
Ablebits.com Duplicate Remover for Microsoft Excel (HKLM-x32\...\{8B444B32-E6ED-40CC-9FFF-224BD3EB761C}) (Version: 4.2.16 - Add-in Express Ltd)
Active@ LiveCD 4 (HKLM-x32\...\{F09C52F9-660B-4FE3-8041-AFF6DB177FAA}_is1) (Version: 4 - LSoft Technologies Inc)
AcuRite Connect (HKLM-x32\...\{6E613C42-AC6D-457D-BE81-88811AD84473}) (Version: 1.1.9 - Chaney Instrument Co.)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 28.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.1.201 - Adobe Systems, Inc.)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: - Amazon)
Antique Shop 2 - Lost Gems - London (HKLM-x32\...\Antique Shop 2 - Lost Gems - London) (Version: 1.0.0 - LeeGT-Games)
Any Video Converter Ultimate 5.8.0 (HKLM-x32\...\Any Video Converter Ultimate_is1) (Version: - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Applian Director (HKLM-x32\...\Applian Director2.12) (Version: 2.12 - Applian Technologies Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.9.2322 - AVAST Software)
BetterJPEG 3 (HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\BetterJPEG3) (Version: 3.0.2.1 - BetterJPEG Team)
Bluetooth by hp (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9600 - Broadcom Corporation)
bpd_scan_Carrier (HKLM-x32\...\{05DC79C6-4213-45D3-BE8A-50B8B7C1F0E1}) (Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (HKLM-x32\...\{048DDE77-66D5-4335-8497-903856759B58}) (Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (HKLM-x32\...\{ED3D79A6-B3BB-4482-B226-0B620F97258A}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (HKLM-x32\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.213.000 - Hewlett-Packard) Hidden
Bulk Rename Utility 2.7.1.2 (HKLM\...\Bulk Rename Utility_is1) (Version: - TGRMN Software)
Bullzip PDF Printer 10.1.0.1871 (HKLM\...\Bullzip PDF Printer_is1) (Version: 10.1.0.1871 - Bullzip)
Buttons & OSDs control application gen2 (HKLM-x32\...\{5A627DFB-EA4C-4FFA-B711-69E849FB40D8}) (Version: 1.0.0.21 - Hewlett-Packard)
CCleaner (HKLM\...\CCleaner) (Version: 5.39 - Piriform)
CinEx HD Utility (HKLM-x32\...\CinEx HD Utility) (Version: - )
Cisco WebEx Meetings (HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version: - DownloadHelper)
ConvertXtoDVD 4.1.19.365 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.19.365 - )
Core FTP LE x64 (HKLM\...\{FEBD6FB7-F7A1-49D7-8348-0320D4E534A3}) (Version: 2.1.1887 - CoreFTP)
Cw75_InterNational_x64 (HKLM-x32\...\{FA39E17B-D2A8-4457-9D53-FC2889E5AC09}) (Version: 1.00.0000 - 会社名)
Dell System Detect (HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\d24084d039586cae) (Version: 8.5.0.4 - Dell)
Desktop Central - Free Windows Tools (HKLM-x32\...\{6B371D2F-7AAD-432D-A8C9-A46CC34FE026}) (Version: 6.00 - AdventNet)
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.213.000 - Hewlett-Packard) Hidden
DIRECTV GenieGO (HKLM-x32\...\{359BF4D0-CE16-4CD3-866E-27925C0447AE}) (Version: 2.3.0.20 - DIRECTV, LLC) Hidden
DIRECTV GenieGO (HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\InstallShield_{359BF4D0-CE16-4CD3-866E-27925C0447AE}) (Version: 2.3.0.20 - DIRECTV, LLC)
DirectX for Managed Code Update (Summer 2004) (HKLM-x32\...\{E9E34215-82EF-4909-BE2F-F581F0DC9062}) (Version: 9.02.2904 - Microsoft) Hidden
DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 140.0.100.000 - Hewlett-Packard) Hidden
Duplicate File Cleaner v2.6 (HKLM-x32\...\Duplicate File Cleaner_is1) (Version: - Cheese Software Ltd.)
DVD Menu Pack for HP TouchSmart Video (HKLM-x32\...\{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.1.4412 - Hewlett-Packard) Hidden
DVDFab 8.1.6.1 (04/02/2012) Qt (HKLM-x32\...\DVDFab 8 Qt_is1) (Version: - Fengtao Software Inc.)
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS)
EMCO MoveOnBoot 2.2 (HKLM\...\{9951DB6D-E55F-4A24-9EEB-BC8747AADBD3}) (Version: 2.2.10.3469 - EMCO Software)
EPSON Artisan 810 Series Printer Uninstall (HKLM\...\EPSON Artisan 810 Series) (Version: - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
Excel Password Recovery Lastic 1.2 (HKLM-x32\...\Excel Password Recovery Lastic_is1) (Version: - )
Extended Asian Language font pack for Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-A00000000004}) (Version: 11.0.0 - Adobe Systems Incorporated)
Facebook for HP TouchSmart (HKLM-x32\...\{8AE50893-3A87-4439-9A57-942ED43F7189}) (Version: 1.1.0004 - Hewlett-Packard)
Fast Track Software Suite (HKLM-x32\...\{B9684050-0BCF-44D0-9A8E-79D8DE309F21}) (Version: 2.27.20 - Phase Research) Hidden
FastStone Capture 8.1 (HKLM-x32\...\FastStone Capture) (Version: 8.1 - FastStone Soft)
FastStone Photo Resizer 3.5 (HKLM-x32\...\FastStone Photo Resizer) (Version: 3.5 - FastStone Soft.)
FastSum 1.7 Standard Edition and FastSum 1.9 Command-Line Edition (HKLM-x32\...\FastSum_is1) (Version: - Kirill Zinov)
Fax (HKLM-x32\...\{9294F169-72EE-4D74-AE92-CA25F64B4FF8}) (Version: 140.0.213.000 - Hewlett-Packard) Hidden
FREE Word and Excel password recovery Wizard version 2.1.15 (HKLM-x32\...\{BEE8AFD4-907F-4BD5-B2E9-6606291415E8}_is1) (Version: 2.1.15 - FREE Password Recovery Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
GoTo Opener (HKLM-x32\...\{8B2D47CC-1558-4939-B27F-41E30530072A}) (Version: 1.0.467 - LogMeIn, Inc.)
GoToMeeting 8.20.0.8199 (HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\GoToMeeting) (Version: 8.20.0.8199 - LogMeIn, Inc.)
GPBaseService2 (HKLM-x32\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.1.0.0 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP KEYBOARD (HKLM-x32\...\HP KEYBOARD_is1) (Version: 1.5.4.23 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{C5B6133F-8943-44F2-AF72-778E2701481A}) (Version: 1.0.8.0 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP OfficeJet L7300/L7500/7600/7700 (HKLM\...\{9D6C64CC-EA60-47A6-9C97-82C38231EDAE}) (Version: 14.0 - HP)
HP Officejet Pro K850 Series Toolbox (HKLM-x32\...\{4281A68E-F4D1-4E0F-B144-D7149630BFA1}) (Version: 1.00.0000 - Hewlett-Packard)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.5.37.19 - HP)
HP Support Solutions Framework (HKLM-x32\...\{CE7447C2-EF12-4EF3-BE51-BFC3B049C0F6}) (Version: 12.8.47.1 - HP)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP TouchSmart (HKLM-x32\...\{6839961F-1F33-404C-9478-DF85A20CF131}) (Version: 4.0.39.0 - Hewlett-Packard)
HP TouchSmart Calendar (HKLM-x32\...\{297FA7DE-08E5-44A6-8F66-9E26F61F4810}) (Version: 4.1.3869.29064 - Hewlett-Packard)
HP TouchSmart Canvas (HKLM-x32\...\{909CE9B4-76A7-4C3D-A9AC-CE231B3E4B40}) (Version: 2.0.3917.26233 - Hewlett-Packard)
HP TouchSmart Notes (HKLM-x32\...\{1F40643A-3489-4262-B7BA-F2EC6FA0A1C8}) (Version: 4.1.3916.21107 - Hewlett-Packard)
HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)
HP TouchSmart Twitter (HKLM-x32\...\{631705A2-6152-4879-A1F0-6EFBF12CD247}) (Version: 3.0.3910.29600 - Hewlett-Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
HPProductAssistant (HKLM-x32\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.213.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Hulu Desktop (HKU\S-1-5-21-3514051097-1430166055-719602415-1005\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
imPcRemote Client (HKLM-x32\...\imPcRemote_is1) (Version: - imPcRemote LLC)
imPcRemote Manager (HKLM-x32\...\imPcRemote Manager_is1) (Version: - imPcRemote LLC)
Insane Jewels (HKLM-x32\...\Insane Jewels) (Version: 1.0.0 - LeeGT-Games)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
iVMS-4200(v2.03) (HKLM-x32\...\{7697245D-2E00-4B83-AD27-C051DE314D1F}) (Version: 2.3.1.3 - hikvision)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Jihosoft File Recovery version 8.2.4 (HKLM-x32\...\{BEC43ECB-3E62-4C87-A7CA-8A260D3876C7}_is1) (Version: 8.2.4 - ShenZhen JIHOSOFT Co., Ltd)
Karen's Directory Printer (HKLM-x32\...\Karen's Directory Printer) (Version: 5.3.0.2 - Karen Kenworthy)
Lazesoft Recovery Suite version 4.0 Unlimited Edition (HKLM-x32\...\LS-32CB12D5-CC47-4BC8-BC97-0613CDCB0406_is1) (Version: 4.0 - Lazesoft)
Learn ReportBuilder (HKLM-x32\...\{5A0FB92C-26DF-4E13-958D-509F3926A44B}) (Version: - Digital Metaphors) Hidden
Learn ReportBuilder (HKLM-x32\...\Learn ReportBuilder) (Version: - Digital Metaphors)
Learn ReportBuilder RAP (HKLM-x32\...\{0053271F-949A-41D7-B4CF-415B10CC10B7}) (Version: - Digital Metaphors) Hidden
Learn ReportBuilder RAP (HKLM-x32\...\Learn ReportBuilder RAP) (Version: - Digital Metaphors)
LiveUpdate 3.3 (Symantec Corporation) (HKLM-x32\...\LiveUpdate) (Version: 3.3.0.96 - Symantec Corporation)
Macrium Reflect Free Edition (HKLM\...\{77A97A7F-31F6-496A-9625-589717602062}) (Version: 6.3.1821 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.3 - Paramount Software (UK) Ltd.)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
MarketResearch (HKLM-x32\...\{D360FA88-17C8-4F14-B67F-13AAF9607B12}) (Version: 140.0.214.000 - Hewlett-Packard) Hidden
MediaInfo 0.7.73 (HKLM\...\MediaInfo) (Version: 0.7.73 - MediaArea.net)
MediaTab (HKLM\...\MediaTab) (Version: 1.4 - ShalafiSoft)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Report Builder 2.0 (HKLM-x32\...\{91CB3AD8-DFA7-4BA5-86F7-4DA10724CF5F}) (Version: 10.0.1600.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Theme Pack for HP TouchSmart Video (HKLM-x32\...\{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.1.4412 - Hewlett-Packard) Hidden
Mozilla Firefox 52.0.1 ESR (x64 en-US) (HKLM\...\Mozilla Firefox 52.0.1 ESR (x64 en-US)) (Version: 52.0.1 - Mozilla)
Mozilla Firefox 58.0 (x64 en-US) (HKLM\...\Mozilla Firefox 58.0 (x64 en-US)) (Version: 58.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 58.0.0.6592 - Mozilla)
MPM (HKLM-x32\...\{B5A4C902-1636-48DB-8E38-F0DB102DDB59}) (Version: 1.00.0000 - Hewlett-Packard)
NetTime (HKLM-x32\...\NetTime_is1) (Version: - Mark Griffiths)
Network64 (HKLM\...\{48C0866E-57EB-444C-8371-8E4321066BC3}) (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (HKLM\...\{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}) (Version: 140.0.221.000 - Hewlett-Packard) Hidden
No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.0.1 - Vitalwerks Internet Solutions LLC)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.2.2 - Notepad++ Team)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Office Password Unlocker (HKLM-x32\...\{F5656363-D1F7-41B9-B73D-5A8CA56E44C3}_is1) (Version: - Office Password Unlocker, Inc.)
Office Product Key Finder 1.2 (HKLM-x32\...\Office Product Key Finder_is1) (Version: - Nsasoft, LLC.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Outlook Password Unlocker 3.0.1.4 (HKLM-x32\...\{B5478E1B-1778-4C0E-AA21-04DCAB318733}_is1) (Version: - Password Unlocker Studio)
Pavtube Video DVD Converter Ultimate Ver 4.8.6.0 (HKLM-x32\...\Pavtube Video DVD Converter Ultimate Pre-Activat~CDA04184_is1) (Version: - )
pcAnywhere Hot Fix 4 - TECH182142 (HKLM-x32\...\{693BEB0A-A1CB-44C6-93F1-70C4485102C6}) (Version: 1.0.1026 - Symantec Corporation)
PCHelpWareV2 (HKLM-x32\...\{384FCC24-4F6C-4CE7-A629-002BD6350915}) (Version: 1.0.0 - uvnc bvba)
PCHelpWareV2Server (HKLM-x32\...\{B7EA9D5D-82CB-4B82-BAB7-3ACFDD210D2D}) (Version: 1.0.0 - uvnc bvba)
Pulse Secure Setup Client 64-bit Activex Control (HKLM\...\Pulse_Setup_Client Activex Control) (Version: 2.1.1.1 - Pulse Secure, LLC)
PuTTY (HKLM-x32\...\{ED9EF59B-0799-428E-823D-6D2B7B4FE2E0}) (Version: 0.67.0.0 - Simon Tatham)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RBVirtualFolder64Inst (HKLM\...\{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}) (Version: 1.00.0000 - Roxio, Inc.) Hidden
Recovery Toolbox for Outlook 3.4 (HKLM-x32\...\Recovery Toolbox for Outlook_is1) (Version: - Recovery ToolBox)
Remote Desktop Connection Manager (HKLM-x32\...\{0240359E-6A4C-4884-9E94-B397A02D893C}) (Version: 2.7.14060 - Microsoft Corporation)
Replay Converter 4 (HKLM-x32\...\Replay Converter 4) (Version: 4.20 - Applian Technologies Inc.)
Replay Media Catcher 4 (4.4.3) (HKLM-x32\...\Replay Media Catcher 4) (Version: 4.4.3 - Applian Technologies)
Replay Media Splitter 1.10.1106.26 (HKLM-x32\...\Replay_Media_Splitter_1.2) (Version: 1.10.1106.26 - Applian Technologies Inc.)
Replay Music (HKLM-x32\...\Replay Music4.40B) (Version: 4.40B - Applian Technologies Inc.)
Replay Video Capture 5 (HKLM-x32\...\Replay Video Capture5.4.2) (Version: 5.4.2 - Applian Technologies Inc.)
Resource Hacker Version 4.2.5 (HKLM-x32\...\ResourceHacker_is1) (Version: - )
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
RouterPasswordDecryptor v3.0 (HKLM-x32\...\RouterPasswordDecryptor) (Version: 3.0 - SecurityXploded)
Roxio CinePlayer (HKLM-x32\...\{C03F3D5B-0D83-4F81-A324-32F4E7F1BF6A}) (Version: 5.6 - Roxio)
Roxio Creator 2011 Content (HKLM-x32\...\{9F717571-FEE8-45CD-8B03-5B2D06AD28F7}) (Version: 13.0.098 - Roxio)
Roxio Creator 2011 Pro (HKLM-x32\...\{4433FF9E-AF21-4E41-B296-4E13BF4D52F5}) (Version: 13.0 - Roxio)
Roxio PhotoShow (HKLM-x32\...\Roxio PhotoShow) (Version: 6.0 - Sonic Solutions)
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.102 - RoxioNow)
Samsung Kies (HKLM-x32\...\{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15075.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15075.2 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
save2pc 5.17 (HKLM-x32\...\save2pc & music2pc_is1) (Version: - FDRLab, Inc.)
Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.167.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.0.15064.11 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.0.15064.11 - Samsung Electronics Co., Ltd.)
SmartSound Common Data (HKLM-x32\...\{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Quicktracks 5 (HKLM-x32\...\{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.7 - SmartSound Software Inc.) Hidden
SmartWebPrinting (HKLM-x32\...\{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}) (Version: 140.0.213.000 - Hewlett-Packard) Hidden
SolutionCenter (HKLM-x32\...\{BC5DD87B-0143-4D14-AAE6-97109614DC6B}) (Version: 140.0.214.000 - Hewlett-Packard) Hidden
Spiceworks Desktop (HKLM-x32\...\Spiceworks) (Version: 7.4.0119 - Spiceworks, Inc.)
Spotmau PowerSuite Golden 2012 (build 7.0.1) (HKLM-x32\...\{182201E0-FCBA-4667-B226-B5AE3F4C623D}_is1) (Version: - Spotmau Software Co., Ltd.)
Status (HKLM-x32\...\{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}) (Version: 140.0.256.000 - Hewlett-Packard) Hidden
Streaming Video Recorder V4.1.1 (HKLM\...\{2CD65167-671F-49A3-B6C7-3B919DF028E2}_is1) (Version: 4.1.1 - Apowersoft)
StreamTransport version: 1.0.2.2171 (HKLM-x32\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version: - )
Surveillance_client version 1.1.36 (HKLM-x32\...\{8EE152D1-61CD-406B-84EC-144BFDADB7D2}_is1) (Version: 1.1.36 - Dvrsoft Systems, Inc.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Chronicles of Noahs Ark (HKLM-x32\...\The Chronicles of Noahs Ark) (Version: 1.0.0.2 - LeeGT-Games)
The Mahjong Huntress (HKLM-x32\...\The Mahjong Huntress) (Version: 1.0.0 - LeeGT-Games)
Toolbox (HKLM-x32\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (HKLM-x32\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.213.000 - Hewlett-Packard) Hidden
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
UltraVnc (HKLM\...\Ultravnc2_is1) (Version: 1.2.1.2 - uvnc bvba)
Update for Skype for Business 2015 (KB4011638) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8B0F5A1C-5EFC-423D-91C5-EAB7F8CEC9E7}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4011638) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8B0F5A1C-5EFC-423D-91C5-EAB7F8CEC9E7}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4011638) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{8B0F5A1C-5EFC-423D-91C5-EAB7F8CEC9E7}) (Version: - Microsoft)
USSC Web Components (HKLM-x32\...\{4AD000A7-A6AD-46B1-95DC-11912B026D37}_is1) (Version: - )
VD64Inst (HKLM\...\{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}) (Version: 1.00.0000 - Roxio, Inc.) Hidden
VersaCheck Platinum 2010 (HKLM-x32\...\{086026D0-B765-4C19-8654-43D0E110F5E5}) (Version: 10.0.1.0 - G7 Productivity Systems, Inc.)
Video Enhancer 1.9.10 (HKLM-x32\...\Video Enhancer_is1) (Version: - Infognition Co. Ltd.)
Video Padlock (HKLM-x32\...\Video Padlock1.14) (Version: 1.14 - Applian Technologies Inc.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN)
WD Access (HKLM-x32\...\{046643f7-6206-46bb-8968-92c37fee39e0}) (Version: 1.4.5949.29996 - Western Digital Technologies, Inc.)
WD Access (HKLM-x32\...\{C0624809-D60D-4AFF-8AF3-9452125AF4C1}) (Version: 1.4.5949.29996 - Western Digital Technologies, Inc) Hidden
WebReg (HKLM-x32\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.213.017 - Hewlett-Packard) Hidden
Website Ripper Copier (HKLM-x32\...\Website Ripper Copier) (Version: 3.9.1 - )
WinDirStat 1.1.2 (HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\WinDirStat) (Version: - )
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinHTTrack Website Copier 3.48-21 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.48.21 - HTTrack)
WinPcap 4.1.2-Spiceworks (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 4.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
Workspace Desktop (HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\workspacedesktop) (Version: - Starfield Technologies)
Workspace Desktop (HKU\S-1-5-21-3514051097-1430166055-719602415-1005\...\workspacedesktop) (Version: - Starfield Technologies)
XMedia Recode version 3.1.9.1 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.9.1 - XMedia Recode)
Zoom (HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\ZoomUMX) (Version: 4.0 - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3514051097-1430166055-719602415-1001_Classes\CLSID\{011C46A2-AD76-339E-9581-B5854D08C2B2}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3514051097-1430166055-719602415-1001_Classes\CLSID\{0B0DD328-2A55-3B40-B932-B71E51F41389}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3514051097-1430166055-719602415-1001_Classes\CLSID\{1BFB1268-6353-495A-AB78-97BF7CAB4D59}\InprocServer32 -> C:\Users\Thomas\AppData\Local\Workspace\gdeditwrapperax64.dll (Starfield Technologies)
CustomCLSID: HKU\S-1-5-21-3514051097-1430166055-719602415-1001_Classes\CLSID\{4D766FD3-B880-49D3-B7BD-6CF925221E04}\InprocServer32 -> C:\Program Files\Roxio 2011\Virtual Drive 10\DC_ShellExt64.dll (Sonic Solutions)
CustomCLSID: HKU\S-1-5-21-3514051097-1430166055-719602415-1001_Classes\CLSID\{4F8ABD16-E446-43C3-A154-484F507060B4}\InprocServer32 -> C:\Users\Thomas\AppData\Roaming\Add-in Express\Duplicate Remover for Microsoft Excel\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-3514051097-1430166055-719602415-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Thomas\AppData\Local\GoToMeeting\8034\G2MOutlookAddin64.dll (LogMeIn, Inc.)
CustomCLSID: HKU\S-1-5-21-3514051097-1430166055-719602415-1001_Classes\CLSID\{869C14C8-1830-491F-B575-5F9AB40D2B42}\InprocServer32 -> C:\Program Files\MediaInfo\MediaInfo_InfoTip.dll (hxxp://MediaArea.net/MediaInfo)
CustomCLSID: HKU\S-1-5-21-3514051097-1430166055-719602415-1001_Classes\CLSID\{B5B8593C-89BC-44a7-BCE3-32FE4FED7C5C}\InprocServer32 -> C:\Users\Thomas\AppData\Local\Workspace\wbetoolsax64.dll (Starfield Technology, LLC)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-20] (AVAST Software)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-20] (AVAST Software)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2014-04-21] (Tonec Inc.)
ShellIconOverlayIdentifiers: [off0] -> {8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll [2012-05-30] (Starfield Technologies, LLC)
ShellIconOverlayIdentifiers: [off1] -> {8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll [2012-05-30] (Starfield Technologies, LLC)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2015-04-15] ()
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-20] (AVAST Software)
ContextMenuHandlers1: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files\Bulk Rename Utility\BRUhere64.dll [2010-06-20] (Bulk Rename Utility)
ContextMenuHandlers1: [FastSum Pro] -> {3EBECDE6-3E57-4AC2-A6A9-316C00CE1FA2} => C:\Program Files (x86)\FastSum\Ext\SFastSum64.dll [2011-07-31] ()
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd)
ContextMenuHandlers1: [ShellConverter] -> {30A4E07E-068A-4d91-8F05-691283A1336B} => C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSShellConverter64.dll [2012-12-25] (Online Media Technologies Ltd.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-02-17] ()
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2012-02-17] ()
ContextMenuHandlers2: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files\Bulk Rename Utility\BRUhere64.dll [2010-06-20] (Bulk Rename Utility)
ContextMenuHandlers2: [FastSum Pro] -> {3EBECDE6-3E57-4AC2-A6A9-316C00CE1FA2} => C:\Program Files (x86)\FastSum\Ext\SFastSum64.dll [2011-07-31] ()
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-20] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers4: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files\Bulk Rename Utility\BRUhere64.dll [2010-06-20] (Bulk Rename Utility)
ContextMenuHandlers4: [FastSum Pro] -> {3EBECDE6-3E57-4AC2-A6A9-316C00CE1FA2} => C:\Program Files (x86)\FastSum\Ext\SFastSum64.dll [2011-07-31] ()
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-02-17] ()
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2012-02-17] ()
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-20] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-02-17] ()
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2012-02-17] ()
ContextMenuHandlers1_S-1-5-21-3514051097-1430166055-719602415-1001: [RXDCExtSvr] -> {4D766FD3-B880-49D3-B7BD-6CF925221E04} => C:\Program Files\Roxio 2011\Virtual Drive 10\DC_ShellExt64.dll [2010-07-14] (Sonic Solutions)
ContextMenuHandlers2_S-1-5-21-3514051097-1430166055-719602415-1001: [RXDCExtSvr] -> {4D766FD3-B880-49D3-B7BD-6CF925221E04} => C:\Program Files\Roxio 2011\Virtual Drive 10\DC_ShellExt64.dll [2010-07-14] (Sonic Solutions)
ContextMenuHandlers6_S-1-5-21-3514051097-1430166055-719602415-1001: [RXDCExtSvr] -> {4D766FD3-B880-49D3-B7BD-6CF925221E04} => C:\Program Files\Roxio 2011\Virtual Drive 10\DC_ShellExt64.dll [2010-07-14] (Sonic Solutions)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {008BBC4D-6825-43C6-ACF1-79D5EFA9A5DA} - System32\Tasks\{EDC0046F-07AC-4EB7-A048-B8D294F4E726} => C:\Windows\system32\pcalua.exe -a "C:\Users\Thomas\Downloads\SP3_R2-2014-02-03\SP3 R2\Infusion_Launcher.exe" -d "C:\Users\Thomas\Downloads\SP3_R2-2014-02-03\SP3 R2"
Task: {030DDA47-46EF-4A63-B957-8505D0701A67} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {04890AA9-DA0B-4BBA-8241-E7F02DA98AA9} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0C8CEC46-ADF3-4F30-B3AF-47BC20566121} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {0E4C5AB2-3A48-41AB-9163-CFF702CBACB1} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0F6691F1-1628-4CBD-A482-5DD014D8E152} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {0F9F7D2D-CF3D-4632-8F81-DF8A37A8E70F} - System32\Tasks\HPCeeScheduleForThomas => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-01-22] (Hewlett-Packard)
Task: {122A19F7-BBD3-4EAF-A15A-EFD9320456AF} - System32\Tasks\{B90920B0-DFF1-432E-87A9-9A2857CC0E4E} => C:\Windows\system32\pcalua.exe -a C:\Users\Thomas\Desktop\setup.exe -d C:\Users\Thomas\AppData\Roaming\IDM
Task: {12CDDE32-B11A-4B67-957D-5548A641293A} - System32\Tasks\{8B318B25-29AC-42AD-9866-9B53ABC9039F} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Microsoft Security Client\Setup.exe" -c /x
Task: {14D5C998-CA68-4657-A500-216F7086B006} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-13] (Google Inc.)
Task: {1797E4F5-AE4F-4AA3-A2F1-60D44CDF1920} - System32\Tasks\{4081608E-4DB7-40B1-B6F7-8D7B6E30ABBF} => C:\Windows\system32\pcalua.exe -a "C:\Users\Thomas\Documents\Packager\Deployment\GBV Full Product Install.exe" -d C:\Users\Thomas\Documents\Packager\Deployment
Task: {264AF36B-DADC-4336-BDAC-60E00255AA2B} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {29E0B605-CA0A-49AD-9BCB-26F999ABF9C7} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2A2DED0D-20C4-411A-B32A-F73F70F738CB} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-01-20] (AVAST Software)
Task: {2AE401A3-6485-4C34-BE86-C1595C3A98AF} - System32\Tasks\{8445013A-CFD5-4908-922B-6F77D945F298} => C:\Windows\system32\pcalua.exe -a D:\PCA\pcAnywhere_12.5_SP3.exe -d D:\PCA
Task: {2C494C68-E2E6-46ED-B6C4-F0FB6C3B2CAB} - System32\Tasks\G2MUpdateTask-S-1-5-21-3514051097-1430166055-719602415-1001 => C:\Users\Thomas\AppData\Local\GoToMeeting\8199\g2mupdate.exe [2018-01-19] (LogMeIn, Inc.)
Task: {3037B933-A577-4055-88C0-DD08A3F869FC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-01-09] (Adobe Systems Incorporated)
Task: {332097DD-8AE0-4B75-9B5F-DE69D978D9A7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-11-08] (HP Inc.)
Task: {34B580A9-D14B-4212-897A-ABF8EF5BCCA9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {3912F321-3865-49E6-8087-86955C43BD07} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {3CBEE0E4-3D3A-42BD-8D6A-36D28A37280F} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-01-20] (AVAST Software)
Task: {43056485-495E-41A6-9D27-DED2DADA3B72} - System32\Tasks\{FFEC5F09-0DF5-4126-A6FC-F4BF05E8FD85} => C:\Windows\system32\pcalua.exe -a C:\Users\Thomas\Desktop\OutlookPRSetup(1).exe -d C:\Users\Thomas\Desktop
Task: {46F36D64-6EB4-43C2-8A82-E290142A8B77} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {5096B642-394E-4D7D-B7EB-98F5D75828AE} - System32\Tasks\{D6FA7412-DCE1-442E-9E19-F44058C2B5BC} => C:\Windows\system32\pcalua.exe -a D:\LearnRB.exe -d D:\
Task: {5115AD79-DBE3-4577-BBC1-422311B52188} - System32\Tasks\G2MUploadTask-S-1-5-21-3514051097-1430166055-719602415-1001 => C:\Users\Thomas\AppData\Local\GoToMeeting\8199\g2mupload.exe [2018-01-19] (LogMeIn, Inc.)
Task: {51D46654-CD42-4136-B504-272A75F53BFB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {566A691E-E3C5-4C5C-B544-71B3F776241D} - System32\Tasks\{54A4AC75-5255-4D6B-8FA7-EBC4F3D099D2} => C:\Windows\system32\pcalua.exe -a D:\cpm.exe -d D:\
Task: {597BFC34-0203-4DF9-8B98-4B64790ADD18} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-01-05] (Adobe Systems, Incorporated)
Task: {5AEC4DF5-974A-441E-8DE6-A8C57DBB8173} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {65AF57AD-19BE-47E8-8564-BC6631B1A715} - System32\Tasks\{1F0906E6-3884-4B00-8DB5-0891C045E471} => C:\Program Files (x86)\Top Password\Outlook Password Recovery.exe
Task: {6684EF42-3C8E-4AB2-A33D-2C494B7B046D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6A4D9D5F-2BB3-4371-9656-451DE1C6EF5A} - System32\Tasks\{C4CC8763-35AE-42C8-9B21-9F77C821F41C} => C:\Windows\system32\pcalua.exe -a D:\LearnRAP.exe -d D:\
Task: {6DAFCF23-5C88-4E71-A42E-0EF55D3109A3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {7071A30C-7CFC-439D-95B5-1AB29AA3B01B} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {71C4DF35-C899-43BA-9392-8126B84B3AF7} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {7A2DFC50-15EC-4AB8-9F18-4923BDDFDFD7} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {7B4AD7B8-B12E-4096-947B-A747A41CAA2F} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7BFF6038-B0B8-4BA3-86DA-9814865B29BE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {7D642250-8688-4151-94F8-38CEE1AEEACB} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {818C5F64-92C0-446D-A31D-F4DA85656851} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {82A43266-BE09-4B38-B5C4-D1786C10A6B2} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {8307689F-C4DC-4877-95FD-977C1D6E1CCF} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-12-19] (Oracle Corporation)
Task: {86E5D015-1DBF-48F1-A766-9F5E7ABEA972} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-01-09] (Piriform Ltd)
Task: {9368EEA1-6B56-4720-A2BA-015A6E6A4300} - System32\Tasks\{082414D4-DECD-45ED-8D36-70DF77CE578F} => C:\Program Files (x86)\Top Password\Outlook Password Recovery.exe
Task: {9CA895BA-7BE1-4726-9F3C-7DB0723062F2} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9DD50FE8-7894-4645-962F-313094279460} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9FA2A439-FE1F-4E51-8E33-32CE3FDA3525} - System32\Tasks\{A229EEF0-259B-45AF-AA6E-DFC19D4A916A} => C:\Windows\system32\pcalua.exe -a "C:\Users\Thomas\Desktop\Work\CARL'S JR\Fast Track PC Software Setup 2.27.exe" -d "C:\Users\Thomas\Desktop\Work\CARL'S JR"
Task: {A33BF2D0-40E1-4D0D-9F3C-EE88239E0931} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {A5EF40D9-72FF-4377-BC13-E2B53F7046DB} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-01-09] (Piriform Ltd)
Task: {A8B3540E-8C75-4FFB-B27B-CEC266D2822C} - System32\Tasks\{5ED44850-6D51-465C-8E64-4FA514C44DF3} => C:\Users\Thomas\Desktop\setup.exe
Task: {B4DE15FC-0B6E-42A7-9F4B-DAEFDB189B1E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-13] (Google Inc.)
Task: {BCDC45A7-7F35-4A39-B052-B5F6E82F26CA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-01-10] (HP Inc.)
Task: {BE5A1B82-5B7A-4E4C-997C-FC6FEACFB3BF} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {C3E0DCF7-D117-4BC7-8649-6DF4E56A07FE} - System32\Tasks\{A0654F33-9C7E-47BF-BE0F-BC02A70FB926} => C:\Windows\system32\pcalua.exe -a C:\Users\Thomas\Downloads\Compressed\DD\DrDeleteExeandSourceRARSFX.exe -d C:\Users\Thomas\Downloads\Compressed\DD
Task: {C5B7DC36-AE41-418D-9515-8590AD0D931D} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C90D64E8-E228-4811-990C-51863402BEA5} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {CEDB01A5-51D2-463E-8419-D0E3F1DBF5DE} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-15] ()
Task: {CF43E065-6E44-47BC-8BE7-5DABF931489B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-11-08] (HP Inc.)
Task: {DA662B32-FAEA-4097-ACFE-51959443F98B} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DE5A407F-A215-4E6C-AC97-3FBDE647B7CA} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E2CA905C-54D6-4686-8F67-D94A67767374} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {EBF20C53-E485-4222-ABB2-A0F13E523B5A} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {ED7CE213-8779-43D3-A45F-E0BCDC328D3A} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe [2010-09-03] (CyberLink)
Task: {F0C37CE5-92C2-46FF-8C53-433F366D579C} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
Task: {F41F2ECA-E036-438F-B258-8B5ACD8A1321} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F52339C6-1F63-4096-A9A8-5B1D1D5E1357} - System32\Tasks\{C0D4C62C-4077-4080-9968-FB1B5F838CE2} => C:\Program Files (x86)\Top Password\Outlook Password Recovery.exe
Task: {FAEFCD16-5B5B-4628-BFD0-44264F09D384} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3514051097-1430166055-719602415-1001.job => C:\Users\Thomas\AppData\Local\GoToMeeting\8199\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3514051097-1430166055-719602415-1001.job => C:\Users\Thomas\AppData\Local\GoToMeeting\8199\g2mupload.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForThomas.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2013-04-08 22:23 - 2012-09-18 14:27 - 000192512 _____ () C:\WINDOWS\System32\zlhp1020.dll
2013-02-15 10:14 - 2012-09-18 14:27 - 000065024 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\pphp1020.dll
2010-08-30 19:14 - 2010-09-13 09:02 - 000039408 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
2017-10-14 08:55 - 2017-12-08 09:40 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-01-11 21:23 - 2018-01-01 03:23 - 000023040 _____ () C:\Windows\System32\hnsproxy.dll
2017-09-29 05:41 - 2017-09-29 05:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-01-18 07:42 - 2018-01-18 07:42 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-01-18 07:42 - 2018-01-18 07:42 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-01-18 07:42 - 2018-01-18 07:42 - 024677376 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-01-03 05:13 - 2018-01-03 05:14 - 002550272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\skypert.dll
2018-01-18 07:42 - 2018-01-18 07:42 - 000667648 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2017-02-23 07:29 - 2017-02-23 07:29 - 008909512 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-06-16 20:32 - 2012-02-17 19:55 - 000193536 _____ () C:\Program Files\WinRAR\rarext.dll
2016-11-11 21:38 - 2011-07-31 17:56 - 013645829 _____ () C:\Program Files (x86)\FastSum\Ext\SFastSum64.dll
2017-12-11 01:56 - 2017-12-11 01:56 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-11 01:56 - 2017-12-11 01:56 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-01-20 18:21 - 2018-01-20 18:21 - 000058016 _____ () c:\program files\avast software\avast\module_lifetime.dll
2018-01-20 18:21 - 2018-01-20 18:21 - 000057504 _____ () C:\Program Files\AVAST Software\Avast\dll_loader.dll
2018-01-20 18:21 - 2018-01-20 18:21 - 000206152 _____ () c:\program files\avast software\avast\JsonRpcServer.dll
2018-01-20 18:21 - 2018-01-20 18:21 - 000289272 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2018-01-20 18:21 - 2018-01-20 18:21 - 000196248 _____ () C:\Program Files\AVAST Software\Avast\network_notifications.dll
2018-01-28 10:58 - 2018-01-28 10:58 - 005779088 _____ () c:\program files\avast software\avast\defs\18012800\algo.dll
2018-01-20 18:21 - 2018-01-20 18:21 - 000745408 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2018-01-20 18:21 - 2018-01-20 18:21 - 000148936 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-01-20 18:21 - 2018-01-20 18:21 - 000293944 _____ () c:\program files\avast software\avast\streamback.dll
2010-08-30 19:14 - 2010-09-13 09:02 - 003153904 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BEngine.dll
2010-08-30 19:14 - 2010-09-13 09:02 - 000107504 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\Logging.dll
2010-08-30 19:14 - 2010-09-13 09:02 - 000523248 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\TRREngine.dll
2015-05-26 07:47 - 2015-05-26 07:47 - 000067584 _____ () C:\Program Files (x86)\Spiceworks\httpd\bin\zlib1.dll
2018-01-20 18:22 - 2018-01-20 18:22 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-01-20 18:21 - 2018-01-20 18:21 - 000282560 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:1677AB3F [178]
AlternateDataStreams: C:\ProgramData\Temp:D5FBE8F9 [334]
AlternateDataStreams: C:\ProgramData\Temp:E5721E15 [145]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\cinemanow.com -> hxxp://cinemanow.com
IE trusted site: HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\cinemanow.com -> hxxps://cinemanow.com
IE trusted site: HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\gofileroom.com -> gofileroom.com
IE trusted site: HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\hp.com -> hxxp://hp.com
IE trusted site: HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\qflix.com -> hxxp://qflix.com
IE trusted site: HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\roxio.com -> hxxp://roxio.com
IE trusted site: HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\secureserver.net -> hxxps://email12.secureserver.net
IE trusted site: HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\sonic.com -> hxxp://redirect.sonic.com
IE trusted site: HKU\S-1-5-21-3514051097-1430166055-719602415-1005\...\cinemanow.com -> hxxp://cinemanow.com
IE trusted site: HKU\S-1-5-21-3514051097-1430166055-719602415-1005\...\cinemanow.com -> hxxps://cinemanow.com
IE trusted site: HKU\S-1-5-21-3514051097-1430166055-719602415-1005\...\gofileroom.com -> gofileroom.com
IE trusted site: HKU\S-1-5-21-3514051097-1430166055-719602415-1005\...\hp.com -> hxxp://hp.com
IE trusted site: HKU\S-1-5-21-3514051097-1430166055-719602415-1005\...\qflix.com -> hxxp://qflix.com
IE trusted site: HKU\S-1-5-21-3514051097-1430166055-719602415-1005\...\roxio.com -> hxxp://roxio.com
IE trusted site: HKU\S-1-5-21-3514051097-1430166055-719602415-1005\...\secureserver.net -> hxxps://email12.secureserver.net
IE trusted site: HKU\S-1-5-21-3514051097-1430166055-719602415-1005\...\sonic.com -> hxxp://redirect.sonic.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2018-01-27 18:07 - 000000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3514051097-1430166055-719602415-1001\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-3514051097-1430166055-719602415-1005\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 8.8.8.8 - 75.75.75.75
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Buttons & OSDs control application gen2 => C:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen2\FastUserSwitching.exe
MSCONFIG\startupreg: CPMonitor => "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe"
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: EEventManager => C:\Program Files (x86)\EPSONS~1\EVENTM~1\EEVENT~1.EXE
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP KEYBOARD => "C:\Program Files (x86)\Hewlett-Packard\HP KEYBOARD\HPKEYBOARD.EXE"
MSCONFIG\startupreg: IDMan => C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
MSCONFIG\startupreg: LogMeIn GUI => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe"
MSCONFIG\startupreg: SoundMAXPnP => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
MSCONFIG\startupreg: Starfield Updater => "C:\Users\Thomas\AppData\Local\Workspace\WorkspaceUpdate.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: wben => "C:\Program Files (x86)\Workspace\wben.exe"
MSCONFIG\startupreg: Workspace Status => "C:\Program Files (x86)\Workspace\workspacestatus.exe"
HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "SoundMAXPnP"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "IDSCCOMSL9"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\StartupApproved\Run: => "AcuRiteConnect2"
HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\StartupApproved\Run: => "Artisan 810(Network)"
HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\StartupApproved\Run: => "IDMan"
HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\StartupApproved\Run: => "KiesPDLR.exe"
HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\StartupApproved\Run: => "cdloader"
HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\StartupApproved\Run: => "AcuRiteConnect1"
HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\StartupApproved\Run: => "Spybot-S&D Cleaning"
HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\StartupApproved\Run: => "Lync"
HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\StartupApproved\Run: => "Starfield Updater"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

20-01-2018 10:43:00 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP Color LaserJet CP2025dn
Description: HP Color LaserJet CP2025dn
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (01/28/2018 02:46:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 10.0.16299.192 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2e38

Start Time: 01d398893bff91c3

Termination Time: 53

Application Path: C:\Windows\explorer.exe

Report Id: 15325d86-b500-4d4c-909b-7ed6dc356639

Faulting package full name:

Faulting package-relative application ID:

Error: (01/28/2018 02:36:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 10.0.16299.192 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 450

Start Time: 01d398885c044186

Termination Time: 4576

Application Path: C:\Windows\explorer.exe

Report Id: 75cc94f7-2742-44b3-884b-6fddf9bf94fc

Faulting package full name:

Faulting package-relative application ID:

Error: (01/28/2018 02:35:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 10.0.16299.192 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 26a4

Start Time: 01d398879636b5f5

Termination Time: 3815

Application Path: C:\Windows\explorer.exe

Report Id: b2252cd1-0400-4656-9016-6a35e0acd9fe

Faulting package full name:

Faulting package-relative application ID:

Error: (01/28/2018 02:30:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 10.0.16299.192 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2638

Start Time: 01d39886dc60753b

Termination Time: 8011

Application Path: C:\Windows\explorer.exe

Report Id: f0a818c0-79d8-4d7e-bd4f-ee14c2e47fd0

Faulting package full name:

Faulting package-relative application ID:

Error: (01/28/2018 02:25:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 10.0.16299.192 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2f0c

Start Time: 01d39886741cceb9

Termination Time: 1134

Application Path: C:\Windows\explorer.exe

Report Id: af4e3958-0d22-4c60-ad12-e56be96dba92

Faulting package full name:

Faulting package-relative application ID:

Error: (01/28/2018 02:22:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 10.0.16299.192 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1b74

Start Time: 01d3988551866654

Termination Time: 60

Application Path: C:\Windows\explorer.exe

Report Id: b79c2cfc-9ba3-4b18-98b9-9520ec633a4d

Faulting package full name:

Faulting package-relative application ID:

Error: (01/27/2018 06:15:22 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (01/27/2018 06:04:37 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.

Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (01/27/2018 06:03:06 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

System Error:
The system cannot find the file specified.
.

Error: (01/27/2018 06:02:48 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {bef3149d-a31a-4d12-862b-a7bd493e6531}

System errors:
=============
Error: (01/28/2018 04:56:27 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (01/28/2018 02:55:29 PM) (Source: DCOM) (EventID: 10016) (User: THOMAS-HOFFICE)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user Thomas-HOffice\Thomas SID (S-1-5-21-3514051097-1430166055-719602415-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/28/2018 02:45:43 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.

Error: (01/28/2018 02:45:16 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk2\DR5, has a bad block.

Error: (01/28/2018 02:42:10 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

CodeIntegrity:
===================================
Date: 2018-01-27 16:27:56.338
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-27 16:27:56.303
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-27 16:27:53.745
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-27 02:10:01.483
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-27 02:10:01.479
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-26 18:04:38.236
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-26 18:04:38.233
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-26 18:04:34.514
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-26 17:37:30.230
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-26 17:37:30.226
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T6600 @ 2.20GHz
Percentage of memory in use: 50%
Total physical RAM: 4061.15 MB
Available physical RAM: 2027.32 MB
Total Virtual: 8157.15 MB
Available Virtual: 5340.93 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1861.03 GB) (Free:1668.31 GB) NTFS
Drive f: (New Volume) (Fixed) (Total:1 GB) (Free:0.97 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: B6A11712)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1861 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=462 MB) - (Type=27)
Partition 4: (Not Active) - (Size=1 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

Thank You,

#6
ThisTime

Posted 29 January 2018 - 12:19 PM

Member

Topic Starter
Member
12 posts

Sorry forgot to say no Change with Edge still won't connect to the web.

#7
Bruce1270

Posted 29 January 2018 - 04:07 PM

Trusted Helper

Malware Removal
1,714 posts

Hi ThisTime

Sorry forgot to say no Change with Edge still won't connect to the web.

Thanks for the update. :thumbsup:

We'll come back to it once we've completed our last scans to check there is nothing untoward

Step1 - FRST fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Download the attached fixlist.txt to your desktop.

fixlist.txt 758bytes 176 downloads

Ensure fixlist.txt is in the same location as FRST.exe on your desktop.
Run FRST by right clicking on it and selecting Run as Administrator and press Fix
On completion a log (fixlog.txt) will be generated.
Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.

Step2 - CK Scan
Download CKScanner from here
Important - Save it to your desktop.
CKScanner.exe (Right click and "Run as administrator").
Give permission if necessary, and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved. Please run the program once only.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

#8
ThisTime

Posted 29 January 2018 - 08:38 PM

Member

Topic Starter
Member
12 posts

Fix result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018
Ran by Thomas (29-01-2018 17:16:38) Run:23
Running from C:\Users\Thomas\Desktop
Loaded Profiles: Thomas (Available Profiles: Thomas & Ralph & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
FF Plugin HKU\S-1-5-21-3514051097-1430166055-719602415-1005: @hulu.com/Hulu Desktop -> C:\Users\Default.migrated\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll [No File]
C:\Program Files\Common Files\AV\Spybot - Search and Destroy
C:\Program Files (x86)\Spybot - Search & Destroy 2
C:\ProgramData\Spybot - Search & Destroy
AlternateDataStreams: C:\ProgramData\Temp:1677AB3F [178]
AlternateDataStreams: C:\ProgramData\Temp:D5FBE8F9 [334]
AlternateDataStreams: C:\ProgramData\Temp:E5721E15 [145]
EmptyTemp:
*****************

Restore point was successfully created.
"HKU\S-1-5-21-3514051097-1430166055-719602415-1001\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotPostWindows10UpgradeReInstall" => removed successfully
"HKU\S-1-5-21-3514051097-1430166055-719602415-1005\Software\MozillaPlugins\@hulu.com/Hulu Desktop" => not found
"C:\Users\Default.migrated\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll" => not found
C:\Program Files\Common Files\AV\Spybot - Search and Destroy => moved successfully
C:\Program Files (x86)\Spybot - Search & Destroy 2 => moved successfully
C:\ProgramData\Spybot - Search & Destroy => moved successfully
C:\ProgramData\Temp => ":1677AB3F" ADS removed successfully
C:\ProgramData\Temp => ":D5FBE8F9" ADS removed successfully
C:\ProgramData\Temp => ":E5721E15" ADS removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 43366885 B
Java, Flash, Steam htmlcache => 1289 B
Windows/system/drivers => 10773367 B
Edge => 9728 B
Chrome => 45848088 B
Firefox => 81538393 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
Thomas => 22913843 B
Ralph => 0 B
DefaultAppPool => 0 B

RecycleBin => 179367 B
EmptyTemp: => 205.4 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 17:18:14 ====

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\spiceworks\pkg\gems\crack-0.4.2\crack.gemspec
c:\program files (x86)\spiceworks\pkg\gems\crack-0.4.2\gemfile
c:\program files (x86)\spiceworks\pkg\gems\crack-0.4.2\history
c:\program files (x86)\spiceworks\pkg\gems\crack-0.4.2\license
c:\program files (x86)\spiceworks\pkg\gems\crack-0.4.2\readme.md
c:\program files (x86)\spiceworks\pkg\gems\crack-0.4.2\lib\crack.rb
c:\program files (x86)\spiceworks\pkg\gems\crack-0.4.2\lib\crack\json.rb
c:\program files (x86)\spiceworks\pkg\gems\crack-0.4.2\lib\crack\util.rb
c:\program files (x86)\spiceworks\pkg\gems\crack-0.4.2\lib\crack\version.rb
c:\program files (x86)\spiceworks\pkg\gems\crack-0.4.2\lib\crack\xml.rb
c:\program files (x86)\spiceworks\pkg\specifications\crack-0.4.2.gemspec
scanner sequence 3.IE.11.MQNARZ
----- EOF -----

Still no change

Edited by ThisTime, 30 January 2018 - 11:08 AM.

#9
Bruce1270

Posted 30 January 2018 - 02:22 PM

Trusted Helper

Malware Removal
1,714 posts

Hi ThisTime

Task: {0C8CEC46-ADF3-4F30-B3AF-47BC20566121} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe

is appearing in the logs.

It can be used to "crack" or patch unregistered copies of Microsoft software.

Also these:

c:\program files (x86)\spiceworks\pkg\gems\crack-0.4.2\crack.gemspec
c:\program files (x86)\spiceworks\pkg\gems\crack-0.4.2\gemfile
c:\program files (x86)\spiceworks\pkg\gems\crack-0.4.2\history
c:\program files (x86)\spiceworks\pkg\gems\crack-0.4.2\license
c:\program files (x86)\spiceworks\pkg\gems\crack-0.4.2\readme.md
c:\program files (x86)\spiceworks\pkg\gems\crack-0.4.2\lib\crack.rb
c:\program files (x86)\spiceworks\pkg\gems\crack-0.4.2\lib\crack\json.rb
c:\program files (x86)\spiceworks\pkg\gems\crack-0.4.2\lib\crack\util.rb
c:\program files (x86)\spiceworks\pkg\gems\crack-0.4.2\lib\crack\version.rb
c:\program files (x86)\spiceworks\pkg\gems\crack-0.4.2\lib\crack\xml.rb
c:\program files (x86)\spiceworks\pkg\specifications\crack-0.4.2.gemspec

The use of Keygens and Cracks inevitably leads to infection. Further, it is contrary to this sites Terms of Use.

As a result, in order for me to continue helping you, please remove all of them.

#10
ThisTime

Posted 30 January 2018 - 08:46 PM

Member

Topic Starter
Member
12 posts

I had purchased this computer used from ebay several years ago. it had Windows 7 on it when I purchased it, I Believe I have removed the Items Don't know what Spiceworks is.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.01.2018
Ran by Thomas (administrator) on THOMAS-HOFFICE (30-01-2018 18:38:18)
Running from C:\Users\Thomas\Desktop
Loaded Profiles: Thomas (Available Profiles: Thomas & Ralph & DefaultAppPool)
Platform: Windows 10 Pro Version 1709 16299.192 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(uvnc bvba) C:\Program Files (x86)\uvnc bvba\PCHelpWareV2Server\pchelpwareV2.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(imPcRemote LLC) C:\Program Files (x86)\imPcRemote\imPcRemote.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(imPcRemote LLC) C:\Program Files (x86)\imPcRemote\imPcRemote_Instant.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Starfield Technologies) C:\Program Files (x86)\Workspace\offSyncService.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Windows\System32\vmms.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\System32\vmcompute.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(imPcRemote LLC) C:\Program Files (x86)\imPcRemote\imPcRemoteTray.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\wbengine.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [246120 2018-01-20] (AVAST Software)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [HPWOTOOLBOX] => C:\Program Files (x86)\HP\HP Officejet Pro K850 Series\Toolbox\HPWOTBX.exe [356352 2007-01-08] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1871344 2017-11-04] (Adobe Systems Inc.)
HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [21384 2016-04-15] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-06-22] (Analog Devices, Inc.)
HKLM-x32\...\Run: [imPcRemoteTray] => C:\Program Files (x86)\imPcRemote\imPcRemoteTray.exe [1963936 2017-11-21] (imPcRemote LLC)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM-x32\...\Run: [Winsuite2012] => [X]
Winlogon\Notify\PCANotify: C:\Windows\SysWOW64\PCANotify.dll [2007-04-27] (Symantec Corporation)
HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [1411584 2015-05-05] (Tonec Inc.)
HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\Run: [Lync] => C:\Program Files\Microsoft Office\Office15\lync.exe [28164272 2017-12-12] (Microsoft Corporation)
HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\Run: [AcuRiteConnect2] => C:\Program Files (x86)\AcuRite\AcuRiteConnect.exe [1083904 2015-07-29] (Chaney Instrument Co)
HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\Run: [Starfield Updater] => C:\Users\Thomas\AppData\Local\Workspace\WorkspaceUpdate.exe [35008 2013-07-14] (Starfield Technologies)
HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [886768 2017-11-04] (Adobe Systems Incorporated)
HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\Run: [SoundMax] => C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe [3866624 2009-05-18] (Analog Devices, Inc.)
HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10257872 2018-01-09] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-07-21]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-12-12] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-11-18] (Adobe Systems Incorporated)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-11-18] (Adobe Systems Incorporated)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2010-05-28] (Hewlett-Packard Co.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-08-24] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-01-20] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-11-18] (Adobe Systems Incorporated)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-20] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-11-18] (Adobe Systems Incorporated)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2010-05-28] (Hewlett-Packard Co.)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-11-18] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-11-18] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3514051097-1430166055-719602415-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-11-18] (Adobe Systems Incorporated)
DPF: HKLM {583C990C-2D38-410c-9A4A-0932D66A754F} hxxps://pulsesecure.net/dana-cached/sc/PulseSetupClient64.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} hxxps://vpn.mydtt.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: HKLM-x32 {73B1BB72-18BB-41AE-B53C-43704B5B5315} hxxps://video.envysion.com/plugins/default/EnvysionCtrl.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1263.cab
DPF: HKLM-x32 {8E375A63-C616-46F1-AC77-59DF78F3A826} hxxps://access.netsurion.com/dana-cached/sc/PulseSetupClient.cab
DPF: HKLM-x32 {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} hxxps://carlsjr-747.mydtt.com:8915/cab/OCXChecker_8500.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=3742
DPF: HKLM-x32 {FEC048AB-277A-460C-BF50-1A4193AEF148} hxxps://carlsjr-747.mydtt.com:8915/cab/DownloadCenter_8300.cab
Handler-x32: g7ps - {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Program Files (x86)\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll [2006-11-17] (G7 Productivity Systems, Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: fmc2sm82.default
FF ProfilePath: C:\Users\Thomas\AppData\Roaming\TomTom\HOME\Profiles\8pk0q5qg.default [2013-08-22]
FF ProfilePath: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\fmc2sm82.default [2018-01-30]
FF Extension: (WBE Paste) - C:\Users\Thomas\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\wbepaste@starfield [2016-11-21] [Legacy] [not signed]
FF Extension: (Cisco WebEx Extension) - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\fmc2sm82.default\Extensions\[email protected] [2017-07-12]
FF Extension: (Avast Online Security) - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\fmc2sm82.default\Extensions\[email protected] [2018-01-20]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2017-11-27]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-07-21] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\Firefox\Extensions: [[email protected]] - C:\Users\Thomas\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Thomas\AppData\Roaming\IDM\idmmzcc5 [2018-01-27] [Legacy] [not signed]
FF HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\Thomas\AppData\Roaming\IDM\idmmzcc5
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll [2018-01-09] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll [2018-01-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1231201.dll [2017-11-02] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-11-15] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files (x86)\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: USSC Web Components -> C:\Program Files (x86)\USSC Web Components\npUSSCWebVideoPlugin.dll [2015-05-15] ()
FF Plugin HKU\S-1-5-21-3514051097-1430166055-719602415-1001: @starfield.com/off -> C:\Users\Thomas\AppData\Roaming\Mozilla\Plugins\npoff.dll [2016-11-21] ( Starfield Technologies, LLC.)
FF Plugin HKU\S-1-5-21-3514051097-1430166055-719602415-1001: @starfield.com/off64 -> C:\Users\Thomas\AppData\Roaming\Mozilla\Plugins\npoff64.dll [2016-11-21] ( Starfield Technologies, LLC.)
FF Plugin HKU\S-1-5-21-3514051097-1430166055-719602415-1001: @starfield.com/wbe -> C:\Users\Thomas\AppData\Roaming\Mozilla\Plugins\npwbe.dll [2016-11-21] (Starfield Technology, LLC)
FF Plugin HKU\S-1-5-21-3514051097-1430166055-719602415-1001: @starfield.com/wbe64 -> C:\Users\Thomas\AppData\Roaming\Mozilla\Plugins\npwbe64.dll [2016-11-21] (Starfield Technology, LLC)
FF Plugin HKU\S-1-5-21-3514051097-1430166055-719602415-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Thomas\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-01-17] (Zoom Video Communications, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Thomas\AppData\Roaming\mozilla\plugins\npatgpc.dll [2017-04-20] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Thomas\AppData\Roaming\mozilla\plugins\npoff.dll [2016-11-21] ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\Thomas\AppData\Roaming\mozilla\plugins\npoff64.dll [2016-11-21] ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\Thomas\AppData\Roaming\mozilla\plugins\npwbe.dll [2016-11-21] (Starfield Technology, LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Thomas\AppData\Roaming\mozilla\plugins\npwbe64.dll [2016-11-21] (Starfield Technology, LLC)

Chrome:
=======
CHR Profile: C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default [2018-01-30]
CHR Extension: (Slides) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-17]
CHR Extension: (Docs) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-17]
CHR Extension: (Google Drive) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-10]
CHR Extension: (YouTube) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-10]
CHR Extension: (Google Search) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-10]
CHR Extension: (Sheets) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-17]
CHR Extension: (Google Docs Offline) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-30]
CHR Extension: (Avast Online Security) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-01-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-13]
CHR Extension: (Chrome Media Router) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-29]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-04-20]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-04-20]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-04-20]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AEADIFilters; C:\WINDOWS\system32\AEADISRV.EXE [111616 2008-07-15] (Andrea Electronics Corporation)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7538536 2018-01-20] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [301168 2018-01-20] (AVAST Software)
R2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [39408 2010-09-13] ()
R2 File Backup; C:\Program Files (x86)\Workspace\offSyncService.exe [697472 2014-10-20] (Starfield Technologies)
S3 HgClientService; C:\WINDOWS\system32\hgclientservice.dll [125440 2017-09-29] (Microsoft Corporation)
R3 hns; C:\WINDOWS\System32\HostNetSvc.dll [1412096 2018-01-01] (Microsoft Corporation)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-22] (HP Inc.)
R2 imPcInstantService; C:\Program Files (x86)\imPcRemote\impcremote_instant.exe [521120 2016-02-04] (imPcRemote LLC)
R2 imPcRemoteService; C:\Program Files (x86)\imPcRemote\impcremote.exe [1469344 2017-11-21] (imPcRemote LLC)
S3 impc_service; C:\Program Files (x86)\imPcRemote\uvnc\rpuvnc.exe [1882832 2017-11-26] (UltraVNC)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-07-31] (Hewlett-Packard) [File not signed]
R2 PcHelpware_service; C:\Program Files (x86)\uvnc bvba\PCHelpWareV2Server\pchelpwareV2.exe [2719456 2012-01-12] (uvnc bvba)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-07-31] (Hewlett-Packard) [File not signed]
S3 RoxMediaDB13; C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [1099248 2010-07-16] (Sonic Solutions)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-12-11] (Microsoft Corporation)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-20] (DEVGURU Co., LTD.)
R3 vmcompute; C:\WINDOWS\system32\vmcompute.exe [2542592 2018-01-01] (Microsoft Corporation)
R2 vmms; C:\WINDOWS\system32\vmms.exe [15047168 2018-01-01] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ACPIService; C:\WINDOWS\System32\drivers\OSDACPI.SYS [17992 2009-06-17] ()
R3 anvsnddrv; C:\WINDOWS\system32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [185096 2018-01-20] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [321512 2018-01-20] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [199448 2018-01-20] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343768 2018-01-20] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57696 2018-01-20] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [149344 2018-01-20] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46976 2018-01-20] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [146648 2018-01-20] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110336 2018-01-20] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84384 2018-01-20] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1025176 2018-01-20] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [457896 2018-01-20] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [204456 2018-01-20] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [358672 2018-01-20] (AVAST Software)
S3 CW75; C:\WINDOWS\System32\Drivers\CW75.sys [24704 2008-11-27] (CASIO COMPUTER CO.,LTD.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 GenericMount; C:\WINDOWS\System32\drivers\GenericMount.sys [66608 2010-02-12] (Symantec Corporation)
R3 hvsocketcontrol; C:\WINDOWS\system32\drivers\hvsocketcontrol.sys [26112 2017-09-29] (Microsoft Corporation)
S3 lunparser; C:\WINDOWS\System32\drivers\lunparser.sys [23040 2017-09-29] (Microsoft Corporation)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2018-01-28] (Malwarebytes)
R1 mv2; C:\WINDOWS\System32\drivers\mv2.sys [12904 2011-03-18] (UVNC BVBA)
R3 netr28x; C:\WINDOWS\System32\drivers\netr28x.sys [2537984 2017-09-29] (MediaTek Inc.)
S1 nettalkd; C:\WINDOWS\System32\DRIVERS\nettalkd.sys [30944 2012-04-29] (NetTalk Inc.)
R3 NW1900; C:\WINDOWS\System32\drivers\NW1900.sys [142656 2012-05-18] (NextWindow Limited)
S3 passthruparser; C:\WINDOWS\System32\drivers\passthruparser.sys [24064 2017-09-29] (Microsoft Corporation)
S3 pcip; C:\WINDOWS\System32\drivers\pcip.sys [48128 2017-09-29] (Microsoft Corporation)
S3 pvhdparser; C:\WINDOWS\System32\drivers\pvhdparser.sys [51712 2017-09-29] (Microsoft Corporation)
S3 ramparser; C:\WINDOWS\System32\drivers\ramparser.sys [31744 2017-09-29] (Microsoft Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R2 supersafer64; C:\Windows\SysWOW64\drivers\supersafer64.sys [238072 2011-11-15] (Spotmau)
R3 Synth3dVsp; C:\WINDOWS\System32\drivers\Synth3dVsp.sys [103424 2017-09-29] (Microsoft Corporation)
S3 TGBMPEnum; C:\WINDOWS\System32\DRIVERS\TGBMPEnum.sys [38584 2013-01-21] (TheGreenBow)
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [23040 2017-09-29] (Microsoft Corporation)
R1 VfpExt; C:\WINDOWS\System32\drivers\vfpext.sys [1207808 2018-01-01] (Microsoft Corporation)
S3 vhdparser; C:\WINDOWS\System32\drivers\vhdparser.sys [32768 2017-09-29] (Microsoft Corporation)
R0 vidsflt53; C:\WINDOWS\System32\DRIVERS\vsflt53.sys [141920 2012-08-13] (Acronis)
R3 vmsmp; C:\WINDOWS\System32\drivers\vmswitch.sys [1677824 2018-01-01] (Microsoft Corporation)
S3 VProEventMonitor; C:\WINDOWS\System32\DRIVERS\vproeventmonitor.sys [20528 2009-09-21] (Symantec Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: hns -> C:\Windows\System32\HostNetSvc.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-30 18:38 - 2018-01-30 18:38 - 000030223 _____ C:\Users\Thomas\Desktop\FRST.txt
2018-01-30 16:54 - 2018-01-30 16:54 - 000000127 _____ C:\Users\Thomas\Desktop\ckfiles.txt
2018-01-29 18:36 - 2018-01-29 18:37 - 000000000 ____D C:\Users\Thomas\Desktop\New Folder (2)
2018-01-29 18:19 - 2018-01-29 18:19 - 000146944 _____ C:\Users\Thomas\Desktop\Labor Table 2018.xls
2018-01-29 17:15 - 2018-01-29 18:37 - 000000045 _____ C:\Users\Thomas\Desktop\IRIS.txt
2018-01-29 17:14 - 2018-01-29 17:14 - 000468480 _____ () C:\Users\Thomas\Desktop\CKScanner.exe
2018-01-29 16:49 - 2018-01-29 18:31 - 000000000 ____D C:\Users\Thomas\Desktop\Per 2 Wk 1
2018-01-29 12:04 - 2018-01-29 12:04 - 000000000 ____D C:\Users\Thomas\Documents\imPcRemote
2018-01-29 12:01 - 2018-01-29 12:01 - 000000000 ____D C:\Users\Thomas\Documents\New folder
2018-01-29 11:59 - 2018-01-30 09:17 - 000000000 ____D C:\Users\Thomas\Documents\Outlook Files
2018-01-29 11:10 - 2018-01-29 11:10 - 000000000 ____D C:\Users\Thomas\Documents\My PhotoShows
2018-01-29 11:03 - 2018-01-29 11:03 - 000000000 ____D C:\Users\Thomas\Documents\Custom Office Templates
2018-01-28 20:52 - 2018-01-30 09:10 - 000000292 _____ C:\Users\Thomas\Documents\Plex Server.rdg
2018-01-28 20:52 - 2018-01-28 09:49 - 000001315 _____ C:\Users\Thomas\Documents\Plex Server.rdg.old
2018-01-28 20:48 - 2018-01-28 20:48 - 001188352 _____ C:\Users\Thomas\Downloads\rdcman(1).msi
2018-01-28 20:47 - 2018-01-28 20:47 - 001188352 _____ C:\Users\Thomas\Downloads\rdcman.msi
2018-01-28 20:27 - 2018-01-28 20:34 - 000002238 ____H C:\Users\Thomas\Documents\Default.rdp
2018-01-28 19:06 - 2018-01-28 19:06 - 000000000 ____D C:\ProgramData\Emsisoft
2018-01-28 19:04 - 2018-01-28 20:04 - 000000000 ____D C:\EEK
2018-01-28 10:23 - 2018-01-28 10:23 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-01-28 10:18 - 2018-01-30 16:39 - 000000000 ____D C:\Users\Thomas\Desktop\New Logs
2018-01-28 10:03 - 2018-01-28 10:03 - 000000244 _____ C:\Users\Thomas\Desktop\Edge Not working other browsers do - Virus, Spyware, Malware Removal.url
2018-01-28 09:39 - 2018-01-28 09:40 - 313576592 _____ C:\Users\Thomas\Desktop\EmsisoftEmergencyKit.exe
2018-01-28 09:38 - 2018-01-28 09:38 - 008206624 _____ (Malwarebytes) C:\Users\Thomas\Desktop\adwcleaner_7.0.7.0.exe
2018-01-27 18:02 - 2018-01-27 18:02 - 000000000 ____D C:\Users\Thomas\Desktop\FRST-OlderVersion
2018-01-27 18:01 - 2018-01-27 18:01 - 000899584 _____ (Farbar) C:\Users\Thomas\Desktop\FSS.exe
2018-01-27 17:15 - 2018-01-27 17:15 - 000000000 ____D C:\Users\Public\Pulse Secure
2018-01-27 16:51 - 2018-01-27 16:54 - 000000085 _____ C:\WINDOWS\wininit.ini
2018-01-27 16:43 - 2017-07-12 17:47 - 000451925 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20180127-164352.backup
2018-01-27 07:49 - 2018-01-30 16:50 - 000000000 ____D C:\Users\Thomas\AppData\Local\CrashDumps
2018-01-26 17:19 - 2018-01-26 17:19 - 000003608 _____ C:\WINDOWS\System32\Tasks\[email protected]
2018-01-26 15:48 - 2018-01-26 15:48 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2018-01-26 12:43 - 2018-01-26 12:43 - 000000000 ____D C:\Rem-VBSqt
2018-01-26 10:33 - 2018-01-26 12:39 - 000000000 ____D C:\ProgramData\RogueKiller
2018-01-26 10:33 - 2018-01-26 10:33 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-01-21 11:40 - 2018-01-27 18:02 - 002393088 _____ (Farbar) C:\Users\Thomas\Desktop\FRST64.exe
2018-01-20 20:45 - 2018-01-20 20:45 - 000000000 ____D C:\Users\Ralph\AppData\Roaming\AVAST Software
2018-01-20 20:44 - 2018-01-20 20:44 - 000000000 ____D C:\Users\Ralph\AppData\Local\Western_Digital_Technolog
2018-01-20 20:42 - 2018-01-20 20:42 - 000000020 ___SH C:\Users\Ralph\ntuser.ini
2018-01-20 20:42 - 2018-01-20 20:42 - 000000000 ___RD C:\Users\Ralph\3D Objects
2018-01-20 20:42 - 2018-01-20 20:42 - 000000000 ____D C:\Users\Ralph\AppData\Local\ConnectedDevicesPlatform
2018-01-20 18:53 - 2018-01-20 18:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2018-01-20 18:53 - 2018-01-20 18:53 - 000000000 ____D C:\ProgramData\Apple Computer
2018-01-20 18:53 - 2018-01-20 18:53 - 000000000 ____D C:\Program Files (x86)\QuickTime
2018-01-20 18:35 - 2018-01-20 18:35 - 000000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2018-01-20 18:25 - 2018-01-20 18:25 - 000000000 ____D C:\Users\Thomas\AppData\Roaming\AVAST Software
2018-01-20 18:24 - 2018-01-20 18:24 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2018-01-20 18:24 - 2018-01-20 18:24 - 000003994 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-01-20 18:24 - 2018-01-20 18:24 - 000001979 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2018-01-20 18:24 - 2018-01-20 18:24 - 000001967 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2018-01-20 18:24 - 2018-01-20 18:24 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2018-01-20 18:24 - 2018-01-20 18:24 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2018-01-20 18:23 - 2018-01-20 18:24 - 000457896 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-01-20 18:23 - 2018-01-20 18:24 - 000146648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-01-20 18:23 - 2018-01-20 18:22 - 000365680 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-01-20 18:23 - 2018-01-20 18:22 - 000358672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-01-20 18:23 - 2018-01-20 18:22 - 000204456 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2018-01-20 18:23 - 2018-01-20 18:22 - 000185096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-01-20 18:23 - 2018-01-20 18:22 - 000110336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2018-01-20 18:23 - 2018-01-20 18:22 - 000084384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-01-20 18:23 - 2018-01-20 18:22 - 000046976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-01-20 18:23 - 2018-01-20 18:21 - 001025176 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-01-20 18:23 - 2018-01-20 18:21 - 000343768 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys
2018-01-20 18:23 - 2018-01-20 18:21 - 000321512 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2018-01-20 18:23 - 2018-01-20 18:21 - 000199448 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2018-01-20 18:23 - 2018-01-20 18:21 - 000149344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-01-20 18:23 - 2018-01-20 18:21 - 000057696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2018-01-20 18:20 - 2018-01-20 21:42 - 000000000 ____D C:\ProgramData\AVAST Software
2018-01-20 18:20 - 2018-01-20 18:20 - 000003938 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-01-20 18:20 - 2018-01-20 18:20 - 000000000 ____D C:\Program Files\AVAST Software
2018-01-20 12:20 - 2018-01-30 18:38 - 000000000 ____D C:\FRST
2018-01-18 11:03 - 2018-01-18 11:03 - 000000000 ____D C:\Users\Thomas\Working
2018-01-18 09:43 - 2018-01-18 21:22 - 000000000 ____D C:\Users\Thomas\AppData\Local\dtoulmp
2018-01-16 19:15 - 2018-01-16 19:15 - 000000000 ____D C:\Users\Thomas\AppData\Local\SolidDocuments
2018-01-11 21:24 - 2018-01-01 09:15 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-01-11 21:24 - 2018-01-01 04:54 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-01-11 21:24 - 2018-01-01 04:53 - 001090984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-01-11 21:24 - 2018-01-01 04:52 - 000066712 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll
2018-01-11 21:24 - 2018-01-01 04:51 - 002242704 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmwp.exe
2018-01-11 21:24 - 2018-01-01 04:51 - 001414784 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-01-11 21:24 - 2018-01-01 04:51 - 001209240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-01-11 21:24 - 2018-01-01 04:51 - 001055128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-01-11 21:24 - 2018-01-01 04:51 - 000191816 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2018-01-11 21:24 - 2018-01-01 04:51 - 000059800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bam.sys
2018-01-11 21:24 - 2018-01-01 04:50 - 005905752 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-01-11 21:24 - 2018-01-01 04:50 - 000780464 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-01-11 21:24 - 2018-01-01 04:50 - 000479912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-01-11 21:24 - 2018-01-01 04:50 - 000077208 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-01-11 21:24 - 2018-01-01 04:49 - 008605080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-01-11 21:24 - 2018-01-01 04:49 - 000599448 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-01-11 21:24 - 2018-01-01 04:49 - 000319352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-01-11 21:24 - 2018-01-01 04:49 - 000292376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2018-01-11 21:24 - 2018-01-01 04:48 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-01-11 21:24 - 2018-01-01 04:48 - 001954048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-01-11 21:24 - 2018-01-01 04:48 - 000382360 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-01-11 21:24 - 2018-01-01 04:47 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-01-11 21:24 - 2018-01-01 04:47 - 000082840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-01-11 21:24 - 2018-01-01 04:46 - 002709704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-01-11 21:24 - 2018-01-01 04:46 - 000898216 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-01-11 21:24 - 2018-01-01 04:46 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-01-11 21:24 - 2018-01-01 04:46 - 000471960 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-01-11 21:24 - 2018-01-01 04:45 - 002395032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-01-11 21:24 - 2018-01-01 04:45 - 001277848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-01-11 21:24 - 2018-01-01 04:45 - 000398744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2018-01-11 21:24 - 2018-01-01 04:43 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-01-11 21:24 - 2018-01-01 04:43 - 000367336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2018-01-11 21:24 - 2018-01-01 04:43 - 000062872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fsdepends.sys
2018-01-11 21:24 - 2018-01-01 04:42 - 001029016 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2018-01-11 21:24 - 2018-01-01 04:42 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-01-11 21:24 - 2018-01-01 04:42 - 000494488 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-01-11 21:24 - 2018-01-01 04:42 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2018-01-11 21:24 - 2018-01-01 04:42 - 000109976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-01-11 21:24 - 2018-01-01 04:41 - 007676296 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-01-11 21:24 - 2018-01-01 04:41 - 000559512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-01-11 21:24 - 2018-01-01 04:41 - 000549552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2018-01-11 21:24 - 2018-01-01 04:40 - 001206680 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-01-11 21:24 - 2018-01-01 04:39 - 000902416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-01-11 21:24 - 2018-01-01 04:39 - 000677784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-01-11 21:24 - 2018-01-01 04:39 - 000508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2018-01-11 21:24 - 2018-01-01 04:39 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-01-11 21:24 - 2018-01-01 04:39 - 000129432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2018-01-11 21:24 - 2018-01-01 04:38 - 003904808 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-01-11 21:24 - 2018-01-01 04:38 - 000727448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-01-11 21:24 - 2018-01-01 04:38 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-01-11 21:24 - 2018-01-01 04:38 - 000103320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-01-11 21:24 - 2018-01-01 04:38 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
2018-01-11 21:24 - 2018-01-01 04:37 - 001426664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-01-11 21:24 - 2018-01-01 04:37 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2018-01-11 21:24 - 2018-01-01 04:36 - 000413888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-01-11 21:24 - 2018-01-01 04:36 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2018-01-11 21:24 - 2018-01-01 04:36 - 000166296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2018-01-11 21:24 - 2018-01-01 04:36 - 000113560 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
2018-01-11 21:24 - 2018-01-01 04:36 - 000057752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbios.sys
2018-01-11 21:24 - 2018-01-01 04:35 - 001170008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-01-11 21:24 - 2018-01-01 04:35 - 000075160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-01-11 21:24 - 2018-01-01 04:34 - 007385088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-01-11 21:24 - 2018-01-01 04:34 - 001336344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-01-11 21:24 - 2018-01-01 04:34 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-01-11 21:24 - 2018-01-01 04:34 - 000087384 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2018-01-11 21:24 - 2018-01-01 04:33 - 002773400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-01-11 21:24 - 2018-01-01 04:33 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-01-11 21:24 - 2018-01-01 04:32 - 004481240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-01-11 21:24 - 2018-01-01 04:32 - 000617304 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-01-11 21:24 - 2018-01-01 04:27 - 000713624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-01-11 21:24 - 2018-01-01 04:27 - 000163736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2018-01-11 21:24 - 2018-01-01 04:26 - 000428952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-01-11 21:24 - 2018-01-01 04:26 - 000081304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2018-01-11 21:24 - 2018-01-01 04:25 - 000615768 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2018-01-11 21:24 - 2018-01-01 04:25 - 000147864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-01-11 21:24 - 2018-01-01 04:23 - 021352144 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-01-11 21:24 - 2018-01-01 04:21 - 001103768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-01-11 21:24 - 2018-01-01 04:21 - 000614296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2018-01-11 21:24 - 2018-01-01 04:06 - 000311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2018-01-11 21:24 - 2018-01-01 04:03 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-01-11 21:24 - 2018-01-01 04:03 - 000650328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-01-11 21:24 - 2018-01-01 04:03 - 000566664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-01-11 21:24 - 2018-01-01 04:03 - 000123512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2018-01-11 21:24 - 2018-01-01 03:53 - 001615712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-01-11 21:24 - 2018-01-01 03:49 - 000481464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2018-01-11 21:24 - 2018-01-01 03:49 - 000258808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2018-01-11 21:24 - 2018-01-01 03:46 - 003485392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-01-11 21:24 - 2018-01-01 03:46 - 000289816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2018-01-11 21:24 - 2018-01-01 03:45 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-01-11 21:24 - 2018-01-01 03:45 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-01-11 21:24 - 2018-01-01 03:45 - 002192624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-01-11 21:24 - 2018-01-01 03:45 - 000450928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2018-01-11 21:24 - 2018-01-01 03:43 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-01-11 21:24 - 2018-01-01 03:42 - 006479552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-01-11 21:24 - 2018-01-01 03:42 - 004644912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-01-11 21:24 - 2018-01-01 03:42 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-01-11 21:24 - 2018-01-01 03:42 - 001003152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-01-11 21:24 - 2018-01-01 03:42 - 000982528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-01-11 21:24 - 2018-01-01 03:42 - 000386424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2018-01-11 21:24 - 2018-01-01 03:42 - 000129184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-01-11 21:24 - 2018-01-01 03:42 - 000074992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2018-01-11 21:24 - 2018-01-01 03:37 - 025247232 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-01-11 21:24 - 2018-01-01 03:34 - 000703568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-01-11 21:24 - 2018-01-01 03:32 - 015047168 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmms.exe
2018-01-11 21:24 - 2018-01-01 03:27 - 004150784 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmchipset.dll
2018-01-11 21:24 - 2018-01-01 03:26 - 004576768 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvgm.exe
2018-01-11 21:24 - 2018-01-01 03:25 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-01-11 21:24 - 2018-01-01 03:25 - 002542592 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmcompute.exe
2018-01-11 21:24 - 2018-01-01 03:25 - 001412096 _____ (Microsoft Corporation) C:\WINDOWS\system32\HostNetSvc.dll
2018-01-11 21:24 - 2018-01-01 03:25 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-01-11 21:24 - 2018-01-01 03:25 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2018-01-11 21:24 - 2018-01-01 03:25 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-01-11 21:24 - 2018-01-01 03:25 - 000097792 _____ C:\WINDOWS\system32\runexehelper.exe
2018-01-11 21:24 - 2018-01-01 03:24 - 003668480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-01-11 21:24 - 2018-01-01 03:24 - 001677824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmswitch.sys
2018-01-11 21:24 - 2018-01-01 03:24 - 001411584 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmuidevices.dll
2018-01-11 21:24 - 2018-01-01 03:24 - 001282560 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmemulateddevices.dll
2018-01-11 21:24 - 2018-01-01 03:24 - 001207808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vfpext.sys
2018-01-11 21:24 - 2018-01-01 03:24 - 000523264 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmEmulatedStorage.dll
2018-01-11 21:24 - 2018-01-01 03:24 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmcompute.dll
2018-01-11 21:24 - 2018-01-01 03:24 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmDataStore.dll
2018-01-11 21:24 - 2018-01-01 03:24 - 000406016 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmicvdev.dll
2018-01-11 21:24 - 2018-01-01 03:24 - 000378368 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmEmulatedNic.dll
2018-01-11 21:24 - 2018-01-01 03:24 - 000376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsynthstor.dll
2018-01-11 21:24 - 2018-01-01 03:24 - 000363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmSynthNic.dll
2018-01-11 21:24 - 2018-01-01 03:24 - 000349696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Vid.sys
2018-01-11 21:24 - 2018-01-01 03:24 - 000319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsynth3dvideo.dll
2018-01-11 21:24 - 2018-01-01 03:24 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsmb.dll
2018-01-11 21:24 - 2018-01-01 03:24 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboutSettingsHandlers.dll
2018-01-11 21:24 - 2018-01-01 03:24 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2018-01-11 21:24 - 2018-01-01 03:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-01-11 21:24 - 2018-01-01 03:23 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-01-11 21:24 - 2018-01-01 03:23 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2018-01-11 21:24 - 2018-01-01 03:23 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-01-11 21:24 - 2018-01-01 03:23 - 000399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmpmem.dll
2018-01-11 21:24 - 2018-01-01 03:23 - 000385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2018-01-11 21:24 - 2018-01-01 03:23 - 000298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmusrv.dll
2018-01-11 21:24 - 2018-01-01 03:23 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2018-01-11 21:24 - 2018-01-01 03:23 - 000247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmdynmem.dll
2018-01-11 21:24 - 2018-01-01 03:23 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrivateCloudHNSPlugin.dll
2018-01-11 21:24 - 2018-01-01 03:23 - 000217600 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmserial.dll
2018-01-11 21:24 - 2018-01-01 03:23 - 000213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsynthfcvdev.dll
2018-01-11 21:24 - 2018-01-01 03:23 - 000193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpupvdev.dll
2018-01-11 21:24 - 2018-01-01 03:23 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpcievdev.dll
2018-01-11 21:24 - 2018-01-01 03:23 - 000184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmicrdv.dll
2018-01-11 21:24 - 2018-01-01 03:23 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbusr.sys
2018-01-11 21:24 - 2018-01-01 03:23 - 000121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-01-11 21:24 - 2018-01-01 03:23 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\CCGLaunchPad.dll
2018-01-11 21:24 - 2018-01-01 03:23 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\CCG.exe
2018-01-11 21:24 - 2018-01-01 03:23 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2018-01-11 21:24 - 2018-01-01 03:23 - 000020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RdvgmProxy.dll
2018-01-11 21:24 - 2018-01-01 03:22 - 000027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdvgmProxy.dll
2018-01-11 21:24 - 2018-01-01 03:22 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2018-01-11 21:24 - 2018-01-01 03:21 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-01-11 21:24 - 2018-01-01 03:21 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
2018-01-11 21:24 - 2018-01-01 03:21 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2018-01-11 21:24 - 2018-01-01 03:21 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2018-01-11 21:24 - 2018-01-01 03:21 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspptp.sys
2018-01-11 21:24 - 2018-01-01 03:21 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2018-01-11 21:24 - 2018-01-01 03:21 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2018-01-11 21:24 - 2018-01-01 03:20 - 019337216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-01-11 21:24 - 2018-01-01 03:20 - 018917888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-01-11 21:24 - 2018-01-01 03:20 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-01-11 21:24 - 2018-01-01 03:20 - 000397824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2018-01-11 21:24 - 2018-01-01 03:20 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-01-11 21:24 - 2018-01-01 03:20 - 000212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2018-01-11 21:24 - 2018-01-01 03:20 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2018-01-11 21:24 - 2018-01-01 03:20 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2018-01-11 21:24 - 2018-01-01 03:20 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2018-01-11 21:24 - 2018-01-01 03:20 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardDlg.dll
2018-01-11 21:24 - 2018-01-01 03:20 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshhttp.dll
2018-01-11 21:24 - 2018-01-01 03:19 - 008014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-01-11 21:24 - 2018-01-01 03:19 - 000795136 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalAuth.dll
2018-01-11 21:24 - 2018-01-01 03:19 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-01-11 21:24 - 2018-01-01 03:19 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2018-01-11 21:24 - 2018-01-01 03:19 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2018-01-11 21:24 - 2018-01-01 03:19 - 000416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2018-01-11 21:24 - 2018-01-01 03:19 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-01-11 21:24 - 2018-01-01 03:19 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-01-11 21:24 - 2018-01-01 03:19 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-01-11 21:24 - 2018-01-01 03:19 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2018-01-11 21:24 - 2018-01-01 03:19 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-01-11 21:24 - 2018-01-01 03:19 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2018-01-11 21:24 - 2018-01-01 03:19 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll
2018-01-11 21:24 - 2018-01-01 03:19 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2018-01-11 21:24 - 2018-01-01 03:19 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2018-01-11 21:24 - 2018-01-01 03:19 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2018-01-11 21:24 - 2018-01-01 03:19 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2018-01-11 21:24 - 2018-01-01 03:19 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshhttp.dll
2018-01-11 21:24 - 2018-01-01 03:18 - 000748032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2018-01-11 21:24 - 2018-01-01 03:18 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-01-11 21:24 - 2018-01-01 03:18 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcncsvc.dll
2018-01-11 21:24 - 2018-01-01 03:18 - 000436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-01-11 21:24 - 2018-01-01 03:18 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2018-01-11 21:24 - 2018-01-01 03:18 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-01-11 21:24 - 2018-01-01 03:18 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2018-01-11 21:24 - 2018-01-01 03:18 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-01-11 21:24 - 2018-01-01 03:18 - 000380928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EncDec.dll
2018-01-11 21:24 - 2018-01-01 03:18 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-01-11 21:24 - 2018-01-01 03:18 - 000369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\APHostService.dll
2018-01-11 21:24 - 2018-01-01 03:18 - 000343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-01-11 21:24 - 2018-01-01 03:18 - 000276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2018-01-11 21:24 - 2018-01-01 03:18 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2018-01-11 21:24 - 2018-01-01 03:18 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2018-01-11 21:24 - 2018-01-01 03:18 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll
2018-01-11 21:24 - 2018-01-01 03:17 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-01-11 21:24 - 2018-01-01 03:17 - 006564864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-01-11 21:24 - 2018-01-01 03:17 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2018-01-11 21:24 - 2018-01-01 03:17 - 000791552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-01-11 21:24 - 2018-01-01 03:17 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-01-11 21:24 - 2018-01-01 03:17 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2018-01-11 21:24 - 2018-01-01 03:17 - 000594432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-01-11 21:24 - 2018-01-01 03:17 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-01-11 21:24 - 2018-01-01 03:17 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-01-11 21:24 - 2018-01-01 03:17 - 000555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2018-01-11 21:24 - 2018-01-01 03:17 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2018-01-11 21:24 - 2018-01-01 03:17 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2018-01-11 21:24 - 2018-01-01 03:17 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2018-01-11 21:24 - 2018-01-01 03:17 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2018-01-11 21:24 - 2018-01-01 03:17 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msoert2.dll
2018-01-11 21:24 - 2018-01-01 03:16 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-01-11 21:24 - 2018-01-01 03:16 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-01-11 21:24 - 2018-01-01 03:16 - 003676672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-01-11 21:24 - 2018-01-01 03:16 - 000956928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2018-01-11 21:24 - 2018-01-01 03:16 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-01-11 21:24 - 2018-01-01 03:16 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-01-11 21:24 - 2018-01-01 03:16 - 000812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-01-11 21:24 - 2018-01-01 03:16 - 000720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-01-11 21:24 - 2018-01-01 03:16 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-01-11 21:24 - 2018-01-01 03:16 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-01-11 21:24 - 2018-01-01 03:16 - 000624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2018-01-11 21:24 - 2018-01-01 03:16 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-01-11 21:24 - 2018-01-01 03:16 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-01-11 21:24 - 2018-01-01 03:16 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2018-01-11 21:24 - 2018-01-01 03:16 - 000235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2018-01-11 21:24 - 2018-01-01 03:16 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-01-11 21:24 - 2018-01-01 03:16 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-01-11 21:24 - 2018-01-01 03:15 - 012687872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-01-11 21:24 - 2018-01-01 03:15 - 006029312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-01-11 21:24 - 2018-01-01 03:15 - 002349568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2018-01-11 21:24 - 2018-01-01 03:15 - 001657856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-01-11 21:24 - 2018-01-01 03:15 - 001381888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2018-01-11 21:24 - 2018-01-01 03:15 - 001245184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2018-01-11 21:24 - 2018-01-01 03:15 - 000970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2018-01-11 21:24 - 2018-01-01 03:15 - 000951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2018-01-11 21:24 - 2018-01-01 03:15 - 000756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-01-11 21:24 - 2018-01-01 03:15 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2018-01-11 21:24 - 2018-01-01 03:15 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2018-01-11 21:24 - 2018-01-01 03:15 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2018-01-11 21:24 - 2018-01-01 03:15 - 000258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2018-01-11 21:24 - 2018-01-01 03:14 - 023655936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-01-11 21:24 - 2018-01-01 03:14 - 002465280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-01-11 21:24 - 2018-01-01 03:14 - 001495040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-01-11 21:24 - 2018-01-01 03:14 - 001097728 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2018-01-11 21:24 - 2018-01-01 03:14 - 001003008 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-01-11 21:24 - 2018-01-01 03:14 - 000985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-01-11 21:24 - 2018-01-01 03:14 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-01-11 21:24 - 2018-01-01 03:14 - 000870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-01-11 21:24 - 2018-01-01 03:13 - 013657600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-01-11 21:24 - 2018-01-01 03:13 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-01-11 21:24 - 2018-01-01 03:13 - 003121664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2018-01-11 21:24 - 2018-01-01 03:13 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-01-11 21:24 - 2018-01-01 03:13 - 002013184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-01-11 21:24 - 2018-01-01 03:13 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-01-11 21:24 - 2018-01-01 03:13 - 001474560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-01-11 21:24 - 2018-01-01 03:13 - 000897024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-01-11 21:24 - 2018-01-01 03:12 - 002633216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-01-11 21:24 - 2018-01-01 03:12 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-01-11 21:24 - 2018-01-01 03:12 - 001573376 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2018-01-11 21:24 - 2018-01-01 03:12 - 001547776 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-01-11 21:24 - 2018-01-01 03:12 - 001424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-01-11 21:24 - 2018-01-01 03:12 - 000760320 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2018-01-11 21:24 - 2018-01-01 03:12 - 000464384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2018-01-11 21:24 - 2018-01-01 03:11 - 008108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-01-11 21:24 - 2018-01-01 03:11 - 004748288 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-01-11 21:24 - 2018-01-01 03:11 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-01-11 21:24 - 2018-01-01 03:11 - 003165696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-01-11 21:24 - 2018-01-01 03:11 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-01-11 21:24 - 2018-01-01 03:11 - 002082304 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-01-11 21:24 - 2018-01-01 03:11 - 001955328 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistSvc.dll
2018-01-11 21:24 - 2018-01-01 03:11 - 001822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-01-11 21:24 - 2018-01-01 03:11 - 001816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-01-11 21:24 - 2018-01-01 03:11 - 001597952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-01-11 21:24 - 2018-01-01 03:11 - 001343488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2018-01-11 21:24 - 2018-01-01 03:11 - 001231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-01-11 21:24 - 2018-01-01 03:11 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-01-11 21:24 - 2018-01-01 03:11 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-01-11 21:24 - 2018-01-01 03:11 - 000715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-01-11 21:24 - 2018-01-01 03:10 - 003126272 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-01-11 21:24 - 2018-01-01 03:10 - 002528256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-01-11 21:24 - 2018-01-01 03:09 - 001487872 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-01-11 21:24 - 2018-01-01 03:09 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-01-11 21:24 - 2018-01-01 03:09 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-01-11 21:24 - 2018-01-01 03:09 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2018-01-11 21:24 - 2018-01-01 03:08 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-01-11 21:24 - 2018-01-01 03:08 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-01-11 21:24 - 2018-01-01 03:08 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-01-11 21:24 - 2018-01-01 03:08 - 000424448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2018-01-11 21:24 - 2018-01-01 03:06 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscproxystub.dll
2018-01-11 21:24 - 2018-01-01 03:05 - 002510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2018-01-11 21:24 - 2018-01-01 03:05 - 001160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2018-01-11 21:23 - 2018-01-01 03:24 - 000038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2018-01-11 21:23 - 2018-01-01 03:24 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\synth3dvideoproxy.dll
2018-01-11 21:23 - 2018-01-01 03:23 - 000260096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vfpctrl.exe
2018-01-11 21:23 - 2018-01-01 03:23 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\convertvhd.exe
2018-01-11 21:23 - 2018-01-01 03:23 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsif.dll
2018-01-11 21:23 - 2018-01-01 03:23 - 000047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2018-01-11 21:23 - 2018-01-01 03:23 - 000023040 _____ C:\WINDOWS\system32\hnsproxy.dll
2018-01-11 21:23 - 2018-01-01 03:23 - 000015872 _____ C:\WINDOWS\system32\hgclientserviceps.dll
2018-01-11 21:23 - 2018-01-01 03:22 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rfxvmt.dll
2018-01-11 21:23 - 2018-01-01 03:22 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2018-01-11 21:23 - 2018-01-01 03:22 - 000017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll
2018-01-11 21:23 - 2018-01-01 03:21 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2018-01-11 21:23 - 2018-01-01 03:21 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppLockerCSP.dll
2018-01-11 21:23 - 2018-01-01 03:21 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2018-01-11 21:23 - 2018-01-01 03:20 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-01-11 21:23 - 2018-01-01 03:20 - 000215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2018-01-11 21:23 - 2018-01-01 03:20 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2018-01-11 21:23 - 2018-01-01 03:20 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2018-01-11 21:23 - 2018-01-01 03:20 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2018-01-11 21:23 - 2018-01-01 03:20 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-01-11 21:23 - 2018-01-01 03:19 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-01-11 21:23 - 2018-01-01 03:19 - 000188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2018-01-11 21:23 - 2018-01-01 03:19 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2018-01-11 21:23 - 2018-01-01 03:19 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msoert2.dll
2018-01-11 21:23 - 2018-01-01 03:19 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2018-01-11 21:23 - 2018-01-01 03:18 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2018-01-11 21:23 - 2018-01-01 03:18 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll
2018-01-11 21:23 - 2018-01-01 03:18 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
2018-01-11 21:23 - 2018-01-01 03:18 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2018-01-11 21:23 - 2018-01-01 03:18 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2018-01-11 21:23 - 2018-01-01 03:17 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-01-11 21:23 - 2018-01-01 03:16 - 000966656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2018-01-11 21:23 - 2018-01-01 03:10 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscproxystub.dll
2018-01-11 21:23 - 2018-01-01 03:08 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
2018-01-11 21:23 - 2018-01-01 03:05 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-01-10 19:17 - 2018-01-10 19:17 - 000000000 ____D C:\WINDOWS\PCHEALTH

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-30 18:21 - 2017-12-11 09:11 - 000000000 ____D C:\Users\Thomas\AppData\Local\Packages
2018-01-30 18:21 - 2017-09-29 05:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-01-30 18:21 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-01-30 18:17 - 2017-09-29 05:44 - 000000000 ____D C:\WINDOWS\INF
2018-01-30 18:11 - 2015-05-18 18:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-01-30 18:11 - 2015-05-18 18:01 - 000000000 ____D C:\Program Files (x86)\Java
2018-01-30 18:06 - 2015-07-10 21:52 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-01-30 17:55 - 2017-12-11 09:57 - 000000446 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2018-01-30 17:55 - 2017-12-11 09:57 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-01-30 17:55 - 2017-12-11 09:00 - 000514960 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-01-30 17:55 - 2012-02-18 16:35 - 000000000 ____D C:\Program Files (x86)\epson
2018-01-30 17:54 - 2017-09-29 00:45 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2018-01-30 17:53 - 2012-02-18 16:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2018-01-30 17:53 - 2012-02-18 16:35 - 000000000 ____D C:\ProgramData\EPSON
2018-01-30 17:52 - 2015-05-11 17:20 - 000000000 ____D C:\Users\Thomas\AppData\Local\DIRECTV
2018-01-30 17:42 - 2012-06-16 20:32 - 000000000 ____D C:\Program Files\WinRAR
2018-01-30 17:38 - 2017-12-12 04:29 - 000000000 ____D C:\Program Files (x86)\Lazesoft Recovery Suite
2018-01-30 17:36 - 2017-12-11 09:09 - 000000000 ____D C:\Users\Thomas
2018-01-30 17:36 - 2017-04-09 07:46 - 000000000 ____D C:\Program Files (x86)\NetTime
2018-01-30 17:36 - 2014-12-16 11:00 - 000000000 ____D C:\Program Files (x86)\Outlook Password Unlocker
2018-01-30 17:35 - 2015-08-11 21:54 - 000000000 ____D C:\Users\Thomas\AppData\Roaming\Samsung
2018-01-30 17:35 - 2015-08-11 21:54 - 000000000 ____D C:\Users\Thomas\AppData\Local\Samsung
2018-01-30 17:35 - 2015-08-11 15:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2018-01-30 17:35 - 2015-08-11 15:38 - 000000000 ____D C:\ProgramData\Samsung
2018-01-30 17:35 - 2015-08-11 15:38 - 000000000 ____D C:\Program Files (x86)\Samsung
2018-01-30 17:33 - 2016-03-14 18:06 - 000000000 ____D C:\Users\Thomas\AppData\Roaming\Dvrsoft
2018-01-30 17:30 - 2016-01-28 15:59 - 000000000 ____D C:\Program Files (x86)\Video Enhancer
2018-01-30 17:30 - 2013-08-20 14:51 - 000000000 ____D C:\Program Files (x86)\Tensons
2018-01-30 17:30 - 2012-02-24 23:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Applian Technologies
2018-01-30 17:21 - 2016-05-30 16:25 - 000000000 ____D C:\Users\Thomas\AppData\Roaming\Add-in Express
2018-01-30 17:17 - 2017-12-11 09:57 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3514051097-1430166055-719602415-1001
2018-01-30 17:17 - 2015-11-12 20:26 - 000002410 _____ C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-01-30 17:17 - 2015-11-12 20:26 - 000000000 ___RD C:\Users\Thomas\OneDrive
2018-01-30 17:16 - 2016-11-15 18:51 - 000000000 ____D C:\Users\Thomas\AppData\LocalLow\Mozilla
2018-01-30 16:56 - 2017-12-11 09:57 - 000004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FE021765-4DFF-4C6A-8755-7383173B03F0}
2018-01-30 16:51 - 2014-02-03 23:32 - 000000000 ____D C:\Users\Thomas\AppData\Roaming\IDM
2018-01-30 16:34 - 2017-12-11 09:00 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-01-30 12:54 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-01-30 09:19 - 2012-02-21 14:58 - 000000000 ____D C:\ProgramData\LogMeIn
2018-01-30 00:01 - 2016-10-29 15:31 - 000000000 ____D C:\Users\Thomas\AppData\Local\LogMeInIgnition
2018-01-29 23:57 - 2017-10-16 06:47 - 000000225 _____ C:\WINDOWS\SysWOW64\pchw2Log.txt
2018-01-29 17:20 - 2016-11-21 08:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-01-29 17:18 - 2012-04-21 11:42 - 000000000 ____D C:\Users\Thomas\AppData\LocalLow\Temp
2018-01-29 17:17 - 2015-10-04 13:10 - 000000000 ____D C:\Program Files\Common Files\AV
2018-01-29 11:10 - 2012-06-24 19:53 - 000000000 ____D C:\Users\Thomas\AppData\Roaming\Roxio
2018-01-29 11:10 - 2012-06-24 19:43 - 000000000 ____D C:\ProgramData\Roxio
2018-01-29 11:00 - 2016-11-21 08:19 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-01-28 20:50 - 2016-01-27 14:10 - 000001181 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Remote Desktop Connection Manager.lnk
2018-01-28 20:34 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2018-01-28 17:13 - 2012-06-14 11:07 - 000000000 ____D C:\Temp
2018-01-28 16:53 - 2017-08-19 20:53 - 000000000 ____D C:\Users\Thomas\Desktop\New folder
2018-01-28 14:51 - 2012-03-08 12:11 - 000000000 ____D C:\Users\Thomas\AppData\Local\ElevatedDiagnostics
2018-01-28 10:24 - 2016-05-16 06:23 - 000000000 ____D C:\AdwCleaner
2018-01-28 10:23 - 2017-11-15 14:16 - 000000366 _____ C:\WINDOWS\Tasks\HPCeeScheduleForThomas.job
2018-01-28 01:28 - 2017-12-11 09:57 - 000003262 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForThomas
2018-01-27 18:10 - 2012-06-03 16:15 - 000000000 ____D C:\Users\Thomas\AppData\Roaming\DMCache
2018-01-27 17:15 - 2017-05-31 09:21 - 000000000 ____D C:\Users\Thomas\AppData\Roaming\Pulse Secure
2018-01-21 15:21 - 2017-09-29 05:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-01-20 20:44 - 2015-11-20 11:06 - 000000000 ____D C:\Users\Ralph\AppData\Local\Packages
2018-01-20 20:42 - 2017-12-11 09:09 - 000000000 ____D C:\Users\Ralph
2018-01-20 20:42 - 2015-11-20 11:06 - 000000000 ____D C:\Users\Ralph\AppData\Local\TileDataLayer
2018-01-20 20:42 - 2015-11-12 20:21 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-01-20 20:42 - 2013-04-12 21:02 - 000002332 _____ C:\Users\Ralph\Desktop\Google Chrome.lnk
2018-01-20 19:15 - 2017-12-11 10:22 - 000000000 ____D C:\Users\Thomas\AppData\Local\PackageStaging
2018-01-20 18:59 - 2015-05-18 18:02 - 000097344 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2018-01-20 18:57 - 2013-03-17 09:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2018-01-20 18:51 - 2014-07-05 08:53 - 000000000 ____D C:\Users\Thomas\AppData\Local\Adobe
2018-01-20 18:51 - 2012-02-18 09:29 - 000000000 ____D C:\WINDOWS\SysWOW64\Adobe
2018-01-20 18:35 - 2017-12-11 09:09 - 000000000 ____D C:\Users\DefaultAppPool
2018-01-20 18:22 - 2017-02-06 19:53 - 000000000 ____D C:\Users\Thomas\AppData\Roaming\CoreFTP
2018-01-20 18:21 - 2017-12-10 21:33 - 000000000 ___DC C:\WINDOWS\Panther
2018-01-20 18:21 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-01-20 18:20 - 2017-05-30 08:16 - 000000000 ____D C:\Program Files\CCleaner
2018-01-20 18:19 - 2017-05-30 08:16 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-01-20 13:12 - 2015-07-18 20:32 - 000000008 __RSH C:\ProgramData\ntuser.pol
2018-01-20 13:11 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2018-01-20 09:20 - 2016-10-29 15:31 - 000000000 ____D C:\Users\Thomas\AppData\Local\LogMeIn Client
2018-01-19 22:38 - 2016-05-19 16:32 - 000000000 ____D C:\Users\Thomas\AppData\Roaming\AVG
2018-01-19 22:38 - 2016-05-19 16:26 - 000000000 ____D C:\Program Files (x86)\AVG
2018-01-19 22:38 - 2016-05-19 16:25 - 000000000 ____D C:\ProgramData\Avg
2018-01-19 22:38 - 2016-05-19 16:24 - 000000000 ____D C:\Users\Thomas\AppData\Local\Avg
2018-01-19 22:38 - 2012-02-19 10:28 - 000000000 ____D C:\ProgramData\Sonic
2018-01-19 10:16 - 2016-05-19 16:24 - 000000000 ____D C:\Users\Thomas\AppData\Local\AvgSetupLog
2018-01-19 08:50 - 2015-07-10 21:52 - 000000000 ____D C:\ProgramData\Fast Track Software Suite
2018-01-19 05:10 - 2017-08-15 11:03 - 000000666 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3514051097-1430166055-719602415-1001.job
2018-01-19 05:10 - 2017-08-15 11:03 - 000000570 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3514051097-1430166055-719602415-1001.job
2018-01-19 02:33 - 2017-12-11 09:57 - 000003834 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-3514051097-1430166055-719602415-1001
2018-01-19 02:33 - 2017-12-11 09:57 - 000003738 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-3514051097-1430166055-719602415-1001
2018-01-19 02:33 - 2017-08-15 11:03 - 000000000 ____D C:\Users\Thomas\AppData\Local\GoToMeeting
2018-01-18 20:37 - 2015-06-20 21:45 - 000000000 ____D C:\Users\Thomas\AppData\Roaming\spotmau
2018-01-18 20:37 - 2015-05-16 15:20 - 000000000 ____D C:\ProgramData\Spotmau
2018-01-18 10:14 - 2017-12-11 09:04 - 001202026 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-01-18 10:10 - 2017-09-29 00:45 - 019660800 _____ C:\WINDOWS\system32\config\HARDWARE
2018-01-14 06:09 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\rescache
2018-01-11 22:11 - 2015-12-13 07:37 - 000000000 ___RD C:\Users\Thomas\3D Objects
2018-01-11 22:06 - 2017-09-29 05:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-01-11 22:06 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-01-11 22:06 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-01-11 22:05 - 2017-09-29 05:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-01-11 22:05 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-01-11 22:05 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\system32\migwiz
2018-01-11 22:05 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-01-11 22:05 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\Provisioning
2018-01-11 22:05 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-01-11 22:05 - 2017-09-29 00:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-01-11 21:27 - 2017-09-29 05:41 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2018-01-11 21:27 - 2017-09-29 05:41 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-01-11 21:27 - 2017-09-29 05:41 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-01-10 19:27 - 2013-08-15 02:02 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-01-10 19:19 - 2017-10-12 17:01 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-01-10 19:19 - 2012-02-17 02:11 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-01-10 19:18 - 2015-06-20 22:23 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2018-01-10 19:16 - 2009-07-13 18:34 - 000000601 _____ C:\WINDOWS\win.ini
2018-01-09 20:11 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-01-09 20:11 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-01-06 10:24 - 2017-11-18 14:39 - 000000000 ____D C:\Program Files (x86)\imPcRemote
2018-01-06 10:24 - 2017-01-27 16:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\imPcRemote
2018-01-05 09:38 - 2016-11-21 08:20 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2018-01-04 13:07 - 2015-09-13 08:07 - 000002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

==================== Files in the root of some directories =======

Some files in TEMP:
====================
2018-01-30 17:31 - 2017-08-01 13:47 - 000501044 _____ () C:\Users\Thomas\AppData\Local\Temp\Uninstall.exe
2018-01-30 17:37 - 2017-06-07 13:31 - 002638048 _____ (Paramount Software UK Ltd) C:\Users\Thomas\AppData\Local\Temp\xReflect.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

LastRegBack: 2018-01-20 17:13

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018
Ran by Thomas (30-01-2018 18:39:38)
Running from C:\Users\Thomas\Desktop
Windows 10 Pro Version 1709 16299.192 (X64) (2017-12-11 17:58:32)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{3138F992-045B-4F55-825C-53B231E647CA}) (Version: 13.2.1 - Hewlett-Packard) Hidden
Able Duplicate Finder 2.1 (HKLM-x32\...\Able Duplicate Finder_is1) (Version: - )
Able2Extract Professional v6.0 (HKLM-x32\...\Able2Extract Professional v6.0) (Version: - )
AcuRite Connect (HKLM-x32\...\{6E613C42-AC6D-457D-BE81-88811AD84473}) (Version: 1.1.9 - Chaney Instrument Co.)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 28.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.1.201 - Adobe Systems, Inc.)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: - Amazon)
Any Video Converter Ultimate 5.8.0 (HKLM-x32\...\Any Video Converter Ultimate_is1) (Version: - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Applian Director (HKLM-x32\...\Applian Director2.12) (Version: 2.12 - Applian Technologies Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.9.2322 - AVAST Software)
Bluetooth by hp (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9600 - Broadcom Corporation)
bpd_scan_Carrier (HKLM-x32\...\{05DC79C6-4213-45D3-BE8A-50B8B7C1F0E1}) (Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (HKLM-x32\...\{048DDE77-66D5-4335-8497-903856759B58}) (Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (HKLM-x32\...\{ED3D79A6-B3BB-4482-B226-0B620F97258A}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (HKLM-x32\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.213.000 - Hewlett-Packard) Hidden
Bulk Rename Utility 2.7.1.2 (HKLM\...\Bulk Rename Utility_is1) (Version: - TGRMN Software)
Bullzip PDF Printer 10.1.0.1871 (HKLM\...\Bullzip PDF Printer_is1) (Version: 10.1.0.1871 - Bullzip)
Buttons & OSDs control application gen2 (HKLM-x32\...\{5A627DFB-EA4C-4FFA-B711-69E849FB40D8}) (Version: 1.0.0.21 - Hewlett-Packard)
CCleaner (HKLM\...\CCleaner) (Version: 5.39 - Piriform)
CinEx HD Utility (HKLM-x32\...\CinEx HD Utility) (Version: - )
Cisco WebEx Meetings (HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version: - DownloadHelper)
ConvertXtoDVD 4.1.19.365 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.19.365 - )
Core FTP LE x64 (HKLM\...\{FEBD6FB7-F7A1-49D7-8348-0320D4E534A3}) (Version: 2.1.1887 - CoreFTP)
Cw75_InterNational_x64 (HKLM-x32\...\{FA39E17B-D2A8-4457-9D53-FC2889E5AC09}) (Version: 1.00.0000 - 会社名)
Dell System Detect (HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\d24084d039586cae) (Version: 8.5.0.4 - Dell)
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.213.000 - Hewlett-Packard) Hidden
DirectX for Managed Code Update (Summer 2004) (HKLM-x32\...\{E9E34215-82EF-4909-BE2F-F581F0DC9062}) (Version: 9.02.2904 - Microsoft) Hidden
DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 140.0.100.000 - Hewlett-Packard) Hidden
Duplicate File Cleaner v2.6 (HKLM-x32\...\Duplicate File Cleaner_is1) (Version: - Cheese Software Ltd.)
DVD Menu Pack for HP TouchSmart Video (HKLM-x32\...\{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.1.4412 - Hewlett-Packard) Hidden
DVDFab 8.1.6.1 (04/02/2012) Qt (HKLM-x32\...\DVDFab 8 Qt_is1) (Version: - Fengtao Software Inc.)
EMCO MoveOnBoot 2.2 (HKLM\...\{9951DB6D-E55F-4A24-9EEB-BC8747AADBD3}) (Version: 2.2.10.3469 - EMCO Software)
Excel Password Recovery Lastic 1.2 (HKLM-x32\...\Excel Password Recovery Lastic_is1) (Version: - )
Extended Asian Language font pack for Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-A00000000004}) (Version: 11.0.0 - Adobe Systems Incorporated)
Facebook for HP TouchSmart (HKLM-x32\...\{8AE50893-3A87-4439-9A57-942ED43F7189}) (Version: 1.1.0004 - Hewlett-Packard)
Fast Track Software Suite (HKLM-x32\...\{B9684050-0BCF-44D0-9A8E-79D8DE309F21}) (Version: 2.27.20 - Phase Research) Hidden
FastStone Capture 8.1 (HKLM-x32\...\FastStone Capture) (Version: 8.1 - FastStone Soft)
FastStone Photo Resizer 3.5 (HKLM-x32\...\FastStone Photo Resizer) (Version: 3.5 - FastStone Soft.)
Fax (HKLM-x32\...\{9294F169-72EE-4D74-AE92-CA25F64B4FF8}) (Version: 140.0.213.000 - Hewlett-Packard) Hidden
FREE Word and Excel password recovery Wizard version 2.1.15 (HKLM-x32\...\{BEE8AFD4-907F-4BD5-B2E9-6606291415E8}_is1) (Version: 2.1.15 - FREE Password Recovery Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
GoTo Opener (HKLM-x32\...\{8B2D47CC-1558-4939-B27F-41E30530072A}) (Version: 1.0.467 - LogMeIn, Inc.)
GoToMeeting 8.20.0.8199 (HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\GoToMeeting) (Version: 8.20.0.8199 - LogMeIn, Inc.)
GPBaseService2 (HKLM-x32\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.1.0.0 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP KEYBOARD (HKLM-x32\...\HP KEYBOARD_is1) (Version: 1.5.4.23 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{C5B6133F-8943-44F2-AF72-778E2701481A}) (Version: 1.0.8.0 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP OfficeJet L7300/L7500/7600/7700 (HKLM\...\{9D6C64CC-EA60-47A6-9C97-82C38231EDAE}) (Version: 14.0 - HP)
HP Officejet Pro K850 Series Toolbox (HKLM-x32\...\{4281A68E-F4D1-4E0F-B144-D7149630BFA1}) (Version: 1.00.0000 - Hewlett-Packard)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.5.37.19 - HP)
HP Support Solutions Framework (HKLM-x32\...\{CE7447C2-EF12-4EF3-BE51-BFC3B049C0F6}) (Version: 12.8.47.1 - HP)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP TouchSmart (HKLM-x32\...\{6839961F-1F33-404C-9478-DF85A20CF131}) (Version: 4.0.39.0 - Hewlett-Packard)
HP TouchSmart Calendar (HKLM-x32\...\{297FA7DE-08E5-44A6-8F66-9E26F61F4810}) (Version: 4.1.3869.29064 - Hewlett-Packard)
HP TouchSmart Canvas (HKLM-x32\...\{909CE9B4-76A7-4C3D-A9AC-CE231B3E4B40}) (Version: 2.0.3917.26233 - Hewlett-Packard)
HP TouchSmart Notes (HKLM-x32\...\{1F40643A-3489-4262-B7BA-F2EC6FA0A1C8}) (Version: 4.1.3916.21107 - Hewlett-Packard)
HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)
HP TouchSmart Twitter (HKLM-x32\...\{631705A2-6152-4879-A1F0-6EFBF12CD247}) (Version: 3.0.3910.29600 - Hewlett-Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
HPProductAssistant (HKLM-x32\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.213.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
imPcRemote Client (HKLM-x32\...\imPcRemote_is1) (Version: - imPcRemote LLC)
imPcRemote Manager (HKLM-x32\...\imPcRemote Manager_is1) (Version: - imPcRemote LLC)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
iVMS-4200(v2.03) (HKLM-x32\...\{7697245D-2E00-4B83-AD27-C051DE314D1F}) (Version: 2.3.1.3 - hikvision)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Karen's Directory Printer (HKLM-x32\...\Karen's Directory Printer) (Version: 5.3.0.2 - Karen Kenworthy)
Learn ReportBuilder (HKLM-x32\...\{5A0FB92C-26DF-4E13-958D-509F3926A44B}) (Version: - Digital Metaphors) Hidden
Learn ReportBuilder (HKLM-x32\...\Learn ReportBuilder) (Version: - Digital Metaphors)
Learn ReportBuilder RAP (HKLM-x32\...\{0053271F-949A-41D7-B4CF-415B10CC10B7}) (Version: - Digital Metaphors) Hidden
Learn ReportBuilder RAP (HKLM-x32\...\Learn ReportBuilder RAP) (Version: - Digital Metaphors)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
MarketResearch (HKLM-x32\...\{D360FA88-17C8-4F14-B67F-13AAF9607B12}) (Version: 140.0.214.000 - Hewlett-Packard) Hidden
MediaInfo 0.7.73 (HKLM\...\MediaInfo) (Version: 0.7.73 - MediaArea.net)
MediaTab (HKLM\...\MediaTab) (Version: 1.4 - ShalafiSoft)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\OneDriveSetup.exe) (Version: 17.3.7294.0108 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Report Builder 2.0 (HKLM-x32\...\{91CB3AD8-DFA7-4BA5-86F7-4DA10724CF5F}) (Version: 10.0.1600.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Theme Pack for HP TouchSmart Video (HKLM-x32\...\{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.1.4412 - Hewlett-Packard) Hidden
Mozilla Firefox 52.0.1 ESR (x64 en-US) (HKLM\...\Mozilla Firefox 52.0.1 ESR (x64 en-US)) (Version: 52.0.1 - Mozilla)
Mozilla Firefox 58.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 58.0.1 (x64 en-US)) (Version: 58.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 58.0.1.6602 - Mozilla)
MPM (HKLM-x32\...\{B5A4C902-1636-48DB-8E38-F0DB102DDB59}) (Version: 1.00.0000 - Hewlett-Packard)
Network64 (HKLM\...\{48C0866E-57EB-444C-8371-8E4321066BC3}) (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (HKLM\...\{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}) (Version: 140.0.221.000 - Hewlett-Packard) Hidden
No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.0.1 - Vitalwerks Internet Solutions LLC)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.2.2 - Notepad++ Team)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Pavtube Video DVD Converter Ultimate Ver 4.8.6.0 (HKLM-x32\...\Pavtube Video DVD Converter Ultimate Pre-Activat~CDA04184_is1) (Version: - )
PCHelpWareV2 (HKLM-x32\...\{384FCC24-4F6C-4CE7-A629-002BD6350915}) (Version: 1.0.0 - uvnc bvba)
PCHelpWareV2Server (HKLM-x32\...\{B7EA9D5D-82CB-4B82-BAB7-3ACFDD210D2D}) (Version: 1.0.0 - uvnc bvba)
Pulse Secure Setup Client 64-bit Activex Control (HKLM\...\Pulse_Setup_Client Activex Control) (Version: 2.1.1.1 - Pulse Secure, LLC)
PuTTY (HKLM-x32\...\{ED9EF59B-0799-428E-823D-6D2B7B4FE2E0}) (Version: 0.67.0.0 - Simon Tatham)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RBVirtualFolder64Inst (HKLM\...\{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}) (Version: 1.00.0000 - Roxio, Inc.) Hidden
Remote Desktop Connection Manager (HKLM-x32\...\{0240359E-6A4C-4884-9E94-B397A02D893C}) (Version: 2.7.14060 - Microsoft Corporation)
Replay Converter 4 (HKLM-x32\...\Replay Converter 4) (Version: 4.20 - Applian Technologies Inc.)
Replay Media Catcher 4 (4.4.3) (HKLM-x32\...\Replay Media Catcher 4) (Version: 4.4.3 - Applian Technologies)
Replay Media Splitter 1.10.1106.26 (HKLM-x32\...\Replay_Media_Splitter_1.2) (Version: 1.10.1106.26 - Applian Technologies Inc.)
Replay Music (HKLM-x32\...\Replay Music4.40B) (Version: 4.40B - Applian Technologies Inc.)
Replay Video Capture 5 (HKLM-x32\...\Replay Video Capture5.4.2) (Version: 5.4.2 - Applian Technologies Inc.)
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
Roxio CinePlayer (HKLM-x32\...\{C03F3D5B-0D83-4F81-A324-32F4E7F1BF6A}) (Version: 5.6 - Roxio)
Roxio Creator 2011 Content (HKLM-x32\...\{9F717571-FEE8-45CD-8B03-5B2D06AD28F7}) (Version: 13.0.098 - Roxio)
Roxio Creator 2011 Pro (HKLM-x32\...\{4433FF9E-AF21-4E41-B296-4E13BF4D52F5}) (Version: 13.0 - Roxio)
Roxio PhotoShow (HKLM-x32\...\Roxio PhotoShow) (Version: 6.0 - Sonic Solutions)
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.102 - RoxioNow)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.167.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.0.15064.11 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.0.15064.11 - Samsung Electronics Co., Ltd.)
SmartSound Common Data (HKLM-x32\...\{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Quicktracks 5 (HKLM-x32\...\{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.7 - SmartSound Software Inc.) Hidden
SmartWebPrinting (HKLM-x32\...\{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}) (Version: 140.0.213.000 - Hewlett-Packard) Hidden
SolutionCenter (HKLM-x32\...\{BC5DD87B-0143-4D14-AAE6-97109614DC6B}) (Version: 140.0.214.000 - Hewlett-Packard) Hidden
Status (HKLM-x32\...\{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}) (Version: 140.0.256.000 - Hewlett-Packard) Hidden
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolbox (HKLM-x32\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (HKLM-x32\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.213.000 - Hewlett-Packard) Hidden
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
UltraVnc (HKLM\...\Ultravnc2_is1) (Version: 1.2.1.2 - uvnc bvba)
Update for Skype for Business 2015 (KB4011638) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8B0F5A1C-5EFC-423D-91C5-EAB7F8CEC9E7}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4011638) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8B0F5A1C-5EFC-423D-91C5-EAB7F8CEC9E7}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4011638) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{8B0F5A1C-5EFC-423D-91C5-EAB7F8CEC9E7}) (Version: - Microsoft)
USSC Web Components (HKLM-x32\...\{4AD000A7-A6AD-46B1-95DC-11912B026D37}_is1) (Version: - )
VD64Inst (HKLM\...\{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}) (Version: 1.00.0000 - Roxio, Inc.) Hidden
VersaCheck Platinum 2010 (HKLM-x32\...\{086026D0-B765-4C19-8654-43D0E110F5E5}) (Version: 10.0.1.0 - G7 Productivity Systems, Inc.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN)
WD Access (HKLM-x32\...\{046643f7-6206-46bb-8968-92c37fee39e0}) (Version: 1.4.5949.29996 - Western Digital Technologies, Inc.)
WD Access (HKLM-x32\...\{C0624809-D60D-4AFF-8AF3-9452125AF4C1}) (Version: 1.4.5949.29996 - Western Digital Technologies, Inc) Hidden
WebReg (HKLM-x32\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.213.017 - Hewlett-Packard) Hidden
WinDirStat 1.1.2 (HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\WinDirStat) (Version: - )
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Workspace Desktop (HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\workspacedesktop) (Version: - Starfield Technologies)
Zoom (HKU\S-1-5-21-3514051097-1430166055-719602415-1001\...\ZoomUMX) (Version: 4.0 - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3514051097-1430166055-719602415-1001_Classes\CLSID\{1BFB1268-6353-495A-AB78-97BF7CAB4D59}\InprocServer32 -> C:\Users\Thomas\AppData\Local\Workspace\gdeditwrapperax64.dll (Starfield Technologies)
CustomCLSID: HKU\S-1-5-21-3514051097-1430166055-719602415-1001_Classes\CLSID\{4D766FD3-B880-49D3-B7BD-6CF925221E04}\InprocServer32 -> C:\Program Files\Roxio 2011\Virtual Drive 10\DC_ShellExt64.dll (Sonic Solutions)
CustomCLSID: HKU\S-1-5-21-3514051097-1430166055-719602415-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Thomas\AppData\Local\GoToMeeting\8034\G2MOutlookAddin64.dll (LogMeIn, Inc.)
CustomCLSID: HKU\S-1-5-21-3514051097-1430166055-719602415-1001_Classes\CLSID\{869C14C8-1830-491F-B575-5F9AB40D2B42}\InprocServer32 -> C:\Program Files\MediaInfo\MediaInfo_InfoTip.dll (hxxp://MediaArea.net/MediaInfo)
CustomCLSID: HKU\S-1-5-21-3514051097-1430166055-719602415-1001_Classes\CLSID\{B5B8593C-89BC-44a7-BCE3-32FE4FED7C5C}\InprocServer32 -> C:\Users\Thomas\AppData\Local\Workspace\wbetoolsax64.dll (Starfield Technology, LLC)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-20] (AVAST Software)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-20] (AVAST Software)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2014-04-21] (Tonec Inc.)
ShellIconOverlayIdentifiers: [off0] -> {8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll [2012-05-30] (Starfield Technologies, LLC)
ShellIconOverlayIdentifiers: [off1] -> {8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll [2012-05-30] (Starfield Technologies, LLC)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2015-04-15] ()
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-20] (AVAST Software)
ContextMenuHandlers1: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files\Bulk Rename Utility\BRUhere64.dll [2010-06-20] (Bulk Rename Utility)
ContextMenuHandlers1: [ShellConverter] -> {30A4E07E-068A-4d91-8F05-691283A1336B} => C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSShellConverter64.dll [2012-12-25] (Online Media Technologies Ltd.)
ContextMenuHandlers2: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files\Bulk Rename Utility\BRUhere64.dll [2010-06-20] (Bulk Rename Utility)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-20] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files\Bulk Rename Utility\BRUhere64.dll [2010-06-20] (Bulk Rename Utility)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-20] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group)
ContextMenuHandlers1_S-1-5-21-3514051097-1430166055-719602415-1001: [RXDCExtSvr] -> {4D766FD3-B880-49D3-B7BD-6CF925221E04} => C:\Program Files\Roxio 2011\Virtual Drive 10\DC_ShellExt64.dll [2010-07-14] (Sonic Solutions)
ContextMenuHandlers2_S-1-5-21-3514051097-1430166055-719602415-1001: [RXDCExtSvr] -> {4D766FD3-B880-49D3-B7BD-6CF925221E04} => C:\Program Files\Roxio 2011\Virtual Drive 10\DC_ShellExt64.dll [2010-07-14] (Sonic Solutions)
ContextMenuHandlers6_S-1-5-21-3514051097-1430166055-719602415-1001: [RXDCExtSvr] -> {4D766FD3-B880-49D3-B7BD-6CF925221E04} => C:\Program Files\Roxio 2011\Virtual Drive 10\DC_ShellExt64.dll [2010-07-14] (Sonic Solutions)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {008BBC4D-6825-43C6-ACF1-79D5EFA9A5DA} - System32\Tasks\{EDC0046F-07AC-4EB7-A048-B8D294F4E726} => C:\Windows\system32\pcalua.exe -a "C:\Users\Thomas\Downloads\SP3_R2-2014-02-03\SP3 R2\Infusion_Launcher.exe" -d "C:\Users\Thomas\Downloads\SP3_R2-2014-02-03\SP3 R2"
Task: {030DDA47-46EF-4A63-B957-8505D0701A67} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {04890AA9-DA0B-4BBA-8241-E7F02DA98AA9} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0E4C5AB2-3A48-41AB-9163-CFF702CBACB1} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0F6691F1-1628-4CBD-A482-5DD014D8E152} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {0F9F7D2D-CF3D-4632-8F81-DF8A37A8E70F} - System32\Tasks\HPCeeScheduleForThomas => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-01-22] (Hewlett-Packard)
Task: {122A19F7-BBD3-4EAF-A15A-EFD9320456AF} - System32\Tasks\{B90920B0-DFF1-432E-87A9-9A2857CC0E4E} => C:\Windows\system32\pcalua.exe -a C:\Users\Thomas\Desktop\setup.exe -d C:\Users\Thomas\AppData\Roaming\IDM
Task: {12CDDE32-B11A-4B67-957D-5548A641293A} - System32\Tasks\{8B318B25-29AC-42AD-9866-9B53ABC9039F} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Microsoft Security Client\Setup.exe" -c /x
Task: {14D5C998-CA68-4657-A500-216F7086B006} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-13] (Google Inc.)
Task: {1797E4F5-AE4F-4AA3-A2F1-60D44CDF1920} - System32\Tasks\{4081608E-4DB7-40B1-B6F7-8D7B6E30ABBF} => C:\Windows\system32\pcalua.exe -a "C:\Users\Thomas\Documents\Packager\Deployment\GBV Full Product Install.exe" -d C:\Users\Thomas\Documents\Packager\Deployment
Task: {264AF36B-DADC-4336-BDAC-60E00255AA2B} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {29E0B605-CA0A-49AD-9BCB-26F999ABF9C7} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2A2DED0D-20C4-411A-B32A-F73F70F738CB} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-01-20] (AVAST Software)
Task: {2AE401A3-6485-4C34-BE86-C1595C3A98AF} - System32\Tasks\{8445013A-CFD5-4908-922B-6F77D945F298} => C:\Windows\system32\pcalua.exe -a D:\PCA\pcAnywhere_12.5_SP3.exe -d D:\PCA
Task: {2C494C68-E2E6-46ED-B6C4-F0FB6C3B2CAB} - System32\Tasks\G2MUpdateTask-S-1-5-21-3514051097-1430166055-719602415-1001 => C:\Users\Thomas\AppData\Local\GoToMeeting\8199\g2mupdate.exe [2018-01-19] (LogMeIn, Inc.)
Task: {3037B933-A577-4055-88C0-DD08A3F869FC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-01-09] (Adobe Systems Incorporated)
Task: {332097DD-8AE0-4B75-9B5F-DE69D978D9A7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-11-08] (HP Inc.)
Task: {34B580A9-D14B-4212-897A-ABF8EF5BCCA9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {3912F321-3865-49E6-8087-86955C43BD07} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {3CBEE0E4-3D3A-42BD-8D6A-36D28A37280F} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-01-20] (AVAST Software)
Task: {43056485-495E-41A6-9D27-DED2DADA3B72} - System32\Tasks\{FFEC5F09-0DF5-4126-A6FC-F4BF05E8FD85} => C:\Windows\system32\pcalua.exe -a C:\Users\Thomas\Desktop\OutlookPRSetup(1).exe -d C:\Users\Thomas\Desktop
Task: {46F36D64-6EB4-43C2-8A82-E290142A8B77} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {5096B642-394E-4D7D-B7EB-98F5D75828AE} - System32\Tasks\{D6FA7412-DCE1-442E-9E19-F44058C2B5BC} => C:\Windows\system32\pcalua.exe -a D:\LearnRB.exe -d D:\
Task: {5115AD79-DBE3-4577-BBC1-422311B52188} - System32\Tasks\G2MUploadTask-S-1-5-21-3514051097-1430166055-719602415-1001 => C:\Users\Thomas\AppData\Local\GoToMeeting\8199\g2mupload.exe [2018-01-19] (LogMeIn, Inc.)
Task: {51D46654-CD42-4136-B504-272A75F53BFB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {566A691E-E3C5-4C5C-B544-71B3F776241D} - System32\Tasks\{54A4AC75-5255-4D6B-8FA7-EBC4F3D099D2} => C:\Windows\system32\pcalua.exe -a D:\cpm.exe -d D:\
Task: {597BFC34-0203-4DF9-8B98-4B64790ADD18} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-01-05] (Adobe Systems, Incorporated)
Task: {5AEC4DF5-974A-441E-8DE6-A8C57DBB8173} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {65AF57AD-19BE-47E8-8564-BC6631B1A715} - System32\Tasks\{1F0906E6-3884-4B00-8DB5-0891C045E471} => C:\Program Files (x86)\Top Password\Outlook Password Recovery.exe
Task: {6684EF42-3C8E-4AB2-A33D-2C494B7B046D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6A4D9D5F-2BB3-4371-9656-451DE1C6EF5A} - System32\Tasks\{C4CC8763-35AE-42C8-9B21-9F77C821F41C} => C:\Windows\system32\pcalua.exe -a D:\LearnRAP.exe -d D:\
Task: {6DAFCF23-5C88-4E71-A42E-0EF55D3109A3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {7071A30C-7CFC-439D-95B5-1AB29AA3B01B} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {71C4DF35-C899-43BA-9392-8126B84B3AF7} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {7A2DFC50-15EC-4AB8-9F18-4923BDDFDFD7} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {7B4AD7B8-B12E-4096-947B-A747A41CAA2F} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7BFF6038-B0B8-4BA3-86DA-9814865B29BE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {7D642250-8688-4151-94F8-38CEE1AEEACB} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {818C5F64-92C0-446D-A31D-F4DA85656851} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {82A43266-BE09-4B38-B5C4-D1786C10A6B2} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {8307689F-C4DC-4877-95FD-977C1D6E1CCF} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-12-19] (Oracle Corporation)
Task: {86E5D015-1DBF-48F1-A766-9F5E7ABEA972} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-01-09] (Piriform Ltd)
Task: {9368EEA1-6B56-4720-A2BA-015A6E6A4300} - System32\Tasks\{082414D4-DECD-45ED-8D36-70DF77CE578F} => C:\Program Files (x86)\Top Password\Outlook Password Recovery.exe
Task: {9CA895BA-7BE1-4726-9F3C-7DB0723062F2} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9DD50FE8-7894-4645-962F-313094279460} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9FA2A439-FE1F-4E51-8E33-32CE3FDA3525} - System32\Tasks\{A229EEF0-259B-45AF-AA6E-DFC19D4A916A} => C:\Windows\system32\pcalua.exe -a "C:\Users\Thomas\Desktop\Work\CARL'S JR\Fast Track PC Software Setup 2.27.exe" -d "C:\Users\Thomas\Desktop\Work\CARL'S JR"
Task: {A33BF2D0-40E1-4D0D-9F3C-EE88239E0931} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {A5EF40D9-72FF-4377-BC13-E2B53F7046DB} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-01-09] (Piriform Ltd)
Task: {A8B3540E-8C75-4FFB-B27B-CEC266D2822C} - System32\Tasks\{5ED44850-6D51-465C-8E64-4FA514C44DF3} => C:\Users\Thomas\Desktop\setup.exe
Task: {B4DE15FC-0B6E-42A7-9F4B-DAEFDB189B1E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-13] (Google Inc.)
Task: {BCDC45A7-7F35-4A39-B052-B5F6E82F26CA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-01-10] (HP Inc.)
Task: {BE5A1B82-5B7A-4E4C-997C-FC6FEACFB3BF} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {C3E0DCF7-D117-4BC7-8649-6DF4E56A07FE} - System32\Tasks\{A0654F33-9C7E-47BF-BE0F-BC02A70FB926} => C:\Windows\system32\pcalua.exe -a C:\Users\Thomas\Downloads\Compressed\DD\DrDeleteExeandSourceRARSFX.exe -d C:\Users\Thomas\Downloads\Compressed\DD
Task: {C5B7DC36-AE41-418D-9515-8590AD0D931D} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C90D64E8-E228-4811-990C-51863402BEA5} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {CEDB01A5-51D2-463E-8419-D0E3F1DBF5DE} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-15] ()
Task: {CF43E065-6E44-47BC-8BE7-5DABF931489B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-11-08] (HP Inc.)
Task: {DA662B32-FAEA-4097-ACFE-51959443F98B} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DE5A407F-A215-4E6C-AC97-3FBDE647B7CA} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E2CA905C-54D6-4686-8F67-D94A67767374} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {EBF20C53-E485-4222-ABB2-A0F13E523B5A} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {ED7CE213-8779-43D3-A45F-E0BCDC328D3A} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe [2010-09-03] (CyberLink)
Task: {F0C37CE5-92C2-46FF-8C53-433F366D579C} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
Task: {F41F2ECA-E036-438F-B258-8B5ACD8A1321} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F52339C6-1F63-4096-A9A8-5B1D1D5E1357} - System32\Tasks\{C0D4C62C-4077-4080-9968-FB1B5F838CE2} => C:\Program Files (x86)\Top Password\Outlook Password Recovery.exe
Task: {FAEFCD16-5B5B-4628-BFD0-44264F09D384} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-09-29 05:41 - 2017-09-29 05:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2013-04-08 22:23 - 2012-09-18 14:27 - 000192512 _____ () C:\WINDOWS\System32\zlhp1020.dll
2013-02-15 10:14 - 2012-09-18 14:27 - 000065024 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\pphp1020.dll
2010-08-30 19:14 - 2010-09-13 09:02 - 000039408 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
2017-10-14 08:55 - 2017-12-08 09:40 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-01-11 21:23 - 2018-01-01 03:23 - 000023040 _____ () C:\Windows\System32\hnsproxy.dll
2017-02-23 07:29 - 2017-02-23 07:29 - 008909512 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-04-15 12:13 - 2015-04-15 12:13 - 000222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2017-12-11 01:56 - 2017-12-11 01:56 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-11 01:56 - 2017-12-11 01:56 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2010-08-30 19:14 - 2010-09-13 09:02 - 003153904 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BEngine.dll
2010-08-30 19:14 - 2010-09-13 09:02 - 000107504 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\Logging.dll
2010-08-30 19:14 - 2010-09-13 09:02 - 000523248 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\TRREngine.dll
2018-01-20 18:21 - 2018-01-20 18:21 - 000206152 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2018-01-20 18:21 - 2018-01-20 18:21 - 000058016 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2018-01-20 18:21 - 2018-01-20 18:21 - 000057504 _____ () C:\Program Files\AVAST Software\Avast\dll_loader.dll
2018-01-20 18:22 - 2018-01-20 18:22 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-01-20 18:21 - 2018-01-20 18:21 - 000289272 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2018-01-20 18:21 - 2018-01-20 18:21 - 000282560 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll