Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Constant Sound Coming From Computer Like It's Running a Scan, Even

Started by [email protected] , Feb 28 2018 04:02 PM

Please log in to reply

#1
[email protected]

Posted 28 February 2018 - 04:02 PM

New Member

Member
6 posts

Hello there, and thanks for the help

I've had my desktop for about 6 years and I use things like spybot, malwarebyte, and tweaknow to keep it running smooth. Recently it began to constantly make a very loud sound. It used to only make this sound during high processing, like a virus scan or downloading large files or writing large files to an external drive, and then it would stop. But now, even when the computer is sitting idle with all programs off and the internet disconnected, there is a loud sound coming from it, a sound which I've only heard while my computer was being pushed to process a lot of data.

At first I assumed it was some sort of virus that was constantly using my computer as a server, but after cleaning extensively and removing the internet connection, the sound continued. Now I'm starting to think that the hard drive is dying and any data processing causes it to be loud. I've noticed that if I turn the computer off for a while, when I turn it back on the loud noise isn't there at first, but it slowly builds up again, until I can hear it constantly purring away from across the house.

I've attached a file with a video of my computer so you can hear the sound. The sound is clearest at the end of the video once I move the camera near the ventilation holes. The sound is separate from the fan, and has a stutter-like, Star Wars droid language vibe to it. I've also included the FRST text below.

I'm not sure what's wrong so please walk me through whatever steps y'all think are necessary to diagnose this problem. If this is a sign my harddrive is about to die, can someone help me figure out how to make a full copy of my current setup and put it on a new drive so that I can install it and boot straight to what I experience right now (minus the sound of course, hehe)?

Many thanks for any help,

-Brett

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28.02.2018

Ran by Tony (administrator) on TONY-PC (28-02-2018 14:47:32)

Running from C:\Users\Tony\Desktop

Loaded Profiles: Tony (Available Profiles: Tony)

Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Spotify Ltd) C:\Users\Tony\AppData\Roaming\Spotify\SpotifyWebHelper.exe

() C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Google Inc.) C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe

(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe

(Google Inc.) C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe

(Dropbox, Inc.) C:\Users\Tony\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Google Inc.) C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

(Google Inc.) C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11905128 2011-06-28] (Realtek Semiconductor)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)

HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

HKU\S-1-5-21-1102455636-970572162-2684302250-1001\...\Run: [AdobeBridge] => [X]

HKU\S-1-5-21-1102455636-970572162-2684302250-1001\...\Run: [Spotify Web Helper] => C:\Users\Tony\AppData\Roaming\Spotify\SpotifyWebHelper.exe [777840 2017-10-29] (Spotify Ltd)

HKU\S-1-5-21-1102455636-970572162-2684302250-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [41100328 2018-01-29] ()

HKU\S-1-5-21-1102455636-970572162-2684302250-1001\...\MountPoints2: {bf264a75-ba56-11e7-bfff-c860006e989e} - E:\LG_PC_Programs.exe

HKU\S-1-5-21-1102455636-970572162-2684302250-1001\...\MountPoints2: {e9ab700c-d19f-11e5-80da-c860006e989e} - E:\LG_PC_Programs.exe

HKU\S-1-5-21-1102455636-970572162-2684302250-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\es.scr [4136960 2011-12-13] ()

Startup: C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2018-02-28]

ShortcutTarget: Dropbox.lnk -> C:\Users\Tony\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

BootExecute: autocheck autochk * sdnclean64.exe

CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{83CC380F-0EFD-4577-8436-4FDC05C6D927}: [DhcpNameServer] 192.168.0.1 205.171.2.25

Tcpip\..\Interfaces\{893935B8-2CF8-4197-963C-594FB1F592F3}: [DhcpNameServer] 10.200.0.1

Tcpip\..\Interfaces\{F28A17E5-ABBD-49A3-AC39-7BE762094AD4}: [DhcpNameServer] 192.168.1.1

Internet Explorer:

==================

HKU\S-1-5-21-1102455636-970572162-2684302250-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://23.31.83.214/onlinebooking/

SearchScopes: HKLM -> DefaultScope {69088CDD-C0D1-4C45-8902-80A286C71C74} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM -> {69088CDD-C0D1-4C45-8902-80A286C71C74} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox

SearchScopes: HKLM-x32 -> DefaultScope {69088CDD-C0D1-4C45-8902-80A286C71C74} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 -> {69088CDD-C0D1-4C45-8902-80A286C71C74} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-1102455636-970572162-2684302250-1001 -> {69088CDD-C0D1-4C45-8902-80A286C71C74} URL =

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll [2011-03-19] (Adobe Systems, Inc.)

BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)

BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)

Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll [2011-03-19] (Adobe Systems, Inc.)

Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)

Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)

Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)

FireFox:

========

FF DefaultProfile: o91mghwi.default-1420154049689

FF ProfilePath: C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\o91mghwi.default-1420154049689 [2018-02-27]

FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}

FF Extension: (Adobe Contribute Toolbar) - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012-04-27] [Legacy] [not signed]

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn

FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2016-11-28] [Legacy] [not signed]

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-13] ()

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-13] ()

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)

FF Plugin-x32: shipin7 -> C:\Program Files (x86)\hicloud\PCPlayer\npSP7WebVideoPlugin.dll [2016-05-09] ()

FF Plugin-x32: shipin7safebox -> C:\Program Files (x86)\hicloud\PCPlayer\npSafePlugin.dll [2016-05-09] ()

FF Plugin-x32: shipin7update -> C:\Program Files (x86)\hicloud\PCPlayer\npUpdataPlugin.dll [2016-05-09] ()

FF Plugin HKU\S-1-5-21-1102455636-970572162-2684302250-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Tony\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)

FF Plugin HKU\S-1-5-21-1102455636-970572162-2684302250-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Tony\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)

FF Plugin HKU\S-1-5-21-1102455636-970572162-2684302250-1001: anvisoft.com/AdblockPlugin -> [No File]

FF Plugin HKU\S-1-5-21-1102455636-970572162-2684302250-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2017-05-30] ()

Chrome:

=======

CHR DefaultProfile: Default

CHR StartupUrls: Default -> "hxxps://www.google.com/calendar/render?tab=mc#main_7","hxxps://mail.google.com/mail/u/0/#inbox","hxxps://www.wunderlist.com/#/lists/starred"

CHR Profile: C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default [2018-02-28]

CHR Extension: (Google Drive) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20]

CHR Extension: (YouTube) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]

CHR Extension: (Spotify - Music for every moment) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2017-07-15]

CHR Extension: (Google Search) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]

CHR Extension: (History Limiter) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdjaigdefdamkfcgjhbmpjbhiejjkph [2012-06-29]

CHR Extension: (Adobe Acrobat) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-05]

CHR Extension: (Google Calendar) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-01-07]

CHR Extension: (HTTPS Everywhere) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2018-02-27]

CHR Extension: (Google Docs Offline) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]

CHR Extension: (Telegram) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\hadgilakbfohcfcgfbioeeehgpkopaga [2017-02-20]

CHR Extension: (LastPass: Free Password Manager) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2018-02-13]

CHR Extension: (Greenhouse) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifomhmgandipmpnelclcmbefppopfklc [2016-03-19]

CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2018-02-26]

CHR Extension: (Poppit!) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2015-11-01]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-02-26]

CHR Extension: (Click&Clean App) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2018-02-24]

CHR Extension: (Gmail) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]

CHR Extension: (Chrome Media Router) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-27]

CHR Profile: C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Guest Profile [2015-05-22]

CHR Profile: C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1 [2018-02-28]

CHR Extension: (Google Drive) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]

CHR Extension: (YouTube) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-30]

CHR Extension: (Google Search) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]

CHR Extension: (Adobe Acrobat) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-08]

CHR Extension: (Google Docs Offline) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]

CHR Extension: (Zoom) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hmbjbjdpkobdjplfobhljndfdfdipjhg [2018-02-22]

CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2018-02-26]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-02-26]

CHR Extension: (Gmail) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-05]

CHR Extension: (Chrome Media Router) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-28]

CHR Profile: C:\Users\Tony\AppData\Local\Google\Chrome\User Data\System Profile [2017-08-03]

CHR Extension: (Google Slides) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-01]

CHR Extension: (Google Docs) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-01]

CHR Extension: (YouTube) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-01]

CHR Extension: (Google Search) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-01]

CHR Extension: (Google Sheets) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-01]

CHR Extension: (Gmail) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-01]

CHR HKU\S-1-5-21-1102455636-970572162-2684302250-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Tony\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-01]

CHR HKU\S-1-5-21-1102455636-970572162-2684302250-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [lhmiofmipcpmhgihiecmpiekcacigpgb] - <not found>

StartMenuInternet: Google Chrome - C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Bonjour Service; C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe [390504 2017-07-16] (Apple Inc.)

S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-04-20] (CyberLink)

S4 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-03-02] ()

S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)

S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed]

S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed]

S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

S4 VPNUnlimitedService; C:\Program Files (x86)\VPN Unlimited\vpn-unlimited-daemon.exe [285696 2017-11-24] (KeepSolid Inc.) [File not signed]

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

R2 NvContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -a -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000

S3 NvContainerNetworkService; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000

R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AndnetBus; C:\Windows\System32\DRIVERS\lgandnetbus64.sys [29184 2015-05-12] (LG Electronics Inc.)

S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [30720 2015-05-12] (LG Electronics Inc.)

S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [37376 2015-05-12] (LG Electronics Inc.)

R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77432 2017-11-29] ()

R3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE2500w764.sys [1254464 2011-03-28] (Broadcom Corporation)

R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193968 2018-02-25] (Malwarebytes)

S3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [110016 2018-02-26] (Malwarebytes)

S3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [46008 2018-02-26] (Malwarebytes)

R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-02-25] (Malwarebytes)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)

R1 MpKsldfb53773; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7F3442BE-4B26-43F5-AC8B-9B8CB5E166F9}\MpKsldfb53773.sys [58120 2018-02-28] (Microsoft Corporation)

R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)

R2 NPF; C:\Program Files (x86)\hicloud\PCPlayer\npf64.sys [36600 2016-05-04] (Riverbed Technology, Inc.)

S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2017-03-16] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47672 2017-03-16] (NVIDIA Corporation)

R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [59448 2017-03-16] (NVIDIA Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-28 14:47 - 2018-02-28 14:48 - 000025649 _____ C:\Users\Tony\Desktop\FRST.txt

2018-02-28 14:46 - 2018-02-28 14:47 - 000000000 ____D C:\FRST

2018-02-28 14:46 - 2018-02-28 14:46 - 002403840 _____ (Farbar) C:\Users\Tony\Desktop\FRST64.exe

2018-02-28 11:59 - 2018-02-28 11:59 - 000000000 ____D C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2018-02-26 15:26 - 2018-02-26 15:26 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys

2018-02-25 20:43 - 2018-02-25 20:43 - 000193968 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys

2018-02-25 20:42 - 2018-02-26 15:26 - 000046008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys

2018-02-25 20:42 - 2018-02-25 20:42 - 067755792 _____ (Malwarebytes ) C:\Users\Tony\Desktop\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.4092.exe

2018-02-25 20:42 - 2018-02-25 20:42 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys

2018-02-25 20:42 - 2018-02-25 20:42 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk

2018-02-25 20:42 - 2018-02-25 20:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes

2018-02-25 20:42 - 2018-02-25 20:42 - 000000000 ____D C:\Program Files\Malwarebytes

2018-02-25 20:42 - 2017-11-29 09:11 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys

2018-02-25 15:16 - 2018-02-25 15:16 - 000354987 _____ C:\Users\Tony\Desktop\i-129instr.pdf

2018-02-25 15:03 - 2018-02-25 15:03 - 001983279 _____ C:\Users\Tony\Desktop\i-129.pdf

2018-02-22 20:57 - 2018-02-26 16:26 - 000007602 _____ C:\Users\Tony\AppData\Local\Resmon.ResmonCfg

2018-02-22 15:30 - 2018-02-22 15:30 - 000075521 _____ C:\Users\Tony\Desktop\Inbox and Documents - Nelnet.pdf

2018-02-21 12:37 - 2018-02-21 12:37 - 002168540 _____ C:\Users\Tony\Desktop\2018 Sponsorship Deck_v6.pdf

2018-02-21 12:36 - 2018-02-21 12:36 - 002600051 _____ C:\Users\Tony\Desktop\Betty Williams Contagious Courage Press Kit.pdf

2018-02-21 12:36 - 2018-02-21 12:36 - 002415371 _____ C:\Users\Tony\Desktop\2018 Dream Team Sponsorship Deck v3.pdf

2018-02-21 12:36 - 2018-02-21 12:36 - 002415371 _____ C:\Users\Tony\Desktop\2018 Dream Team Sponsorship Deck v3 (1).pdf

2018-02-21 12:36 - 2018-02-21 12:36 - 000098448 _____ C:\Users\Tony\Desktop\Special Jury.pdf

2018-02-21 12:36 - 2018-02-21 12:36 - 000096580 _____ C:\Users\Tony\Desktop\Film Producer.pdf

2018-02-21 12:35 - 2018-02-21 12:35 - 002692635 _____ C:\Users\Tony\Desktop\Permanent file H. Peacejamleaseagreemt Arvada office.pdf

2018-02-21 12:35 - 2018-02-21 12:35 - 000667344 _____ C:\Users\Tony\Desktop\2018 Juror Package_ With Benefits.pdf

2018-02-21 12:35 - 2018-02-21 12:35 - 000299308 _____ C:\Users\Tony\Desktop\Permanent file C. PeaceJam Articles of incorporation.pdf

2018-02-21 12:35 - 2018-02-21 12:35 - 000091778 _____ C:\Users\Tony\Desktop\PeaceJam Bylaws Updated 2017.pdf

2018-02-21 12:31 - 2018-02-21 12:31 - 016935455 _____ C:\Users\Tony\Desktop\PeaceJam Sponsor Deck - 12.17.pptx

2018-02-21 12:31 - 2018-02-21 12:31 - 000991446 _____ C:\Users\Tony\Desktop\PeaceJam Sponsor Deck - 12.17.pdf

2018-02-21 12:30 - 2018-02-21 12:30 - 003542573 _____ C:\Users\Tony\Desktop\2018 Sponsorship Deck_v3.pdf

2018-02-21 12:30 - 2018-02-21 12:30 - 002953597 _____ C:\Users\Tony\Desktop\2018 Dream Team Sponsorship Deck_v3.pdf

2018-02-21 09:02 - 2018-02-10 12:52 - 000395928 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2018-02-21 09:02 - 2018-02-10 12:03 - 000347296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2018-02-21 09:02 - 2018-02-10 01:44 - 025740288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2018-02-21 09:02 - 2018-02-10 00:30 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2018-02-21 09:02 - 2018-02-10 00:29 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2018-02-21 09:02 - 2018-02-10 00:19 - 002900480 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2018-02-21 09:02 - 2018-02-10 00:17 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2018-02-21 09:02 - 2018-02-10 00:17 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2018-02-21 09:02 - 2018-02-10 00:17 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2018-02-21 09:02 - 2018-02-10 00:16 - 000577536 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2018-02-21 09:02 - 2018-02-10 00:16 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2018-02-21 09:02 - 2018-02-10 00:10 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2018-02-21 09:02 - 2018-02-10 00:10 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2018-02-21 09:02 - 2018-02-10 00:09 - 005782016 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2018-02-21 09:02 - 2018-02-10 00:07 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2018-02-21 09:02 - 2018-02-10 00:06 - 000816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2018-02-21 09:02 - 2018-02-10 00:06 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2018-02-21 09:02 - 2018-02-10 00:06 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2018-02-21 09:02 - 2018-02-10 00:06 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2018-02-21 09:02 - 2018-02-10 00:01 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2018-02-21 09:02 - 2018-02-09 23:58 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2018-02-21 09:02 - 2018-02-09 23:52 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx

2018-02-21 09:02 - 2018-02-09 23:52 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2018-02-21 09:02 - 2018-02-09 23:51 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll

2018-02-21 09:02 - 2018-02-09 23:49 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2018-02-21 09:02 - 2018-02-09 23:48 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2018-02-21 09:02 - 2018-02-09 23:46 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2018-02-21 09:02 - 2018-02-09 23:45 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

2018-02-21 09:02 - 2018-02-09 23:36 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2018-02-21 09:02 - 2018-02-09 23:36 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2018-02-21 09:02 - 2018-02-09 23:34 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2018-02-21 09:02 - 2018-02-09 23:34 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2018-02-21 09:02 - 2018-02-09 23:33 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2018-02-21 09:02 - 2018-02-09 23:32 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2018-02-21 09:02 - 2018-02-09 23:27 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2018-02-21 09:02 - 2018-02-09 23:20 - 020274176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2018-02-21 09:02 - 2018-02-09 23:14 - 001546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2018-02-21 09:02 - 2018-02-09 23:08 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2018-02-21 09:02 - 2018-02-09 23:02 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2018-02-21 09:02 - 2018-02-09 22:57 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2018-02-21 09:02 - 2018-02-09 22:57 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2018-02-21 09:02 - 2018-02-09 22:57 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2018-02-21 09:02 - 2018-02-09 22:57 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2018-02-21 09:02 - 2018-02-09 22:56 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2018-02-21 09:02 - 2018-02-09 22:54 - 002294272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2018-02-21 09:02 - 2018-02-09 22:52 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2018-02-21 09:02 - 2018-02-09 22:51 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2018-02-21 09:02 - 2018-02-09 22:50 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2018-02-21 09:02 - 2018-02-09 22:49 - 000662528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2018-02-21 09:02 - 2018-02-09 22:49 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2018-02-21 09:02 - 2018-02-09 22:49 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2018-02-21 09:02 - 2018-02-09 22:42 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2018-02-21 09:02 - 2018-02-09 22:39 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2018-02-21 09:02 - 2018-02-09 22:38 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll

2018-02-21 09:02 - 2018-02-09 22:38 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx

2018-02-21 09:02 - 2018-02-09 22:36 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2018-02-21 09:02 - 2018-02-09 22:35 - 004498944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2018-02-21 09:02 - 2018-02-09 22:35 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2018-02-21 09:02 - 2018-02-09 22:35 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2018-02-21 09:02 - 2018-02-09 22:34 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

2018-02-21 09:02 - 2018-02-09 22:33 - 013680640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2018-02-21 09:02 - 2018-02-09 22:29 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2018-02-21 09:02 - 2018-02-09 22:27 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2018-02-21 09:02 - 2018-02-09 22:27 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2018-02-21 09:02 - 2018-02-09 22:26 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2018-02-21 09:02 - 2018-02-09 22:14 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2018-02-21 09:02 - 2018-02-09 22:10 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2018-02-21 09:02 - 2018-02-09 22:08 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2018-02-21 09:02 - 2018-01-12 09:46 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi

2018-02-21 09:02 - 2018-01-12 09:44 - 005581544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2018-02-21 09:02 - 2018-01-12 09:44 - 001894120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2018-02-21 09:02 - 2018-01-12 09:44 - 000708328 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi

2018-02-21 09:02 - 2018-01-12 09:44 - 000377064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys

2018-02-21 09:02 - 2018-01-12 09:44 - 000371432 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys

2018-02-21 09:02 - 2018-01-12 09:44 - 000287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS

2018-02-21 09:02 - 2018-01-12 09:44 - 000262376 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll

2018-02-21 09:02 - 2018-01-12 09:44 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2018-02-21 09:02 - 2018-01-12 09:44 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2018-02-21 09:02 - 2018-01-12 09:40 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2018-02-21 09:02 - 2018-01-12 09:40 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2018-02-21 09:02 - 2018-01-12 09:40 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2018-02-21 09:02 - 2018-01-12 09:40 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2018-02-21 09:02 - 2018-01-12 09:40 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2018-02-21 09:02 - 2018-01-12 09:40 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2018-02-21 09:02 - 2018-01-12 09:40 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2018-02-21 09:02 - 2018-01-12 09:40 - 000484864 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll

2018-02-21 09:02 - 2018-01-12 09:40 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll

2018-02-21 09:02 - 2018-01-12 09:40 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2018-02-21 09:02 - 2018-01-12 09:40 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2018-02-21 09:02 - 2018-01-12 09:40 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2018-02-21 09:02 - 2018-01-12 09:40 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2018-02-21 09:02 - 2018-01-12 09:40 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2018-02-21 09:02 - 2018-01-12 09:40 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2018-02-21 09:02 - 2018-01-12 09:40 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll

2018-02-21 09:02 - 2018-01-12 09:40 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2018-02-21 09:02 - 2018-01-12 09:40 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll

2018-02-21 09:02 - 2018-01-12 09:40 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2018-02-21 09:02 - 2018-01-12 09:40 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2018-02-21 09:02 - 2018-01-12 09:40 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll

2018-02-21 09:02 - 2018-01-12 09:40 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2018-02-21 09:02 - 2018-01-12 09:40 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll

2018-02-21 09:02 - 2018-01-12 09:40 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

2018-02-21 09:02 - 2018-01-12 09:40 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll

2018-02-21 09:02 - 2018-01-12 09:40 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2018-02-21 09:02 - 2018-01-12 09:40 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2018-02-21 09:02 - 2018-01-12 09:40 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll

2018-02-21 09:02 - 2018-01-12 09:40 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll

2018-02-21 09:02 - 2018-01-12 09:40 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2018-02-21 09:02 - 2018-01-12 09:40 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2018-02-21 09:02 - 2018-01-12 09:40 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2018-02-21 09:02 - 2018-01-12 09:40 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2018-02-21 09:02 - 2018-01-12 09:40 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2018-02-21 09:02 - 2018-01-12 09:40 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2018-02-21 09:02 - 2018-01-12 09:40 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

2018-02-21 09:02 - 2018-01-12 09:40 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

2018-02-21 09:02 - 2018-01-12 09:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2018-02-21 09:02 - 2018-01-12 09:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2018-02-21 09:02 - 2018-01-12 09:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2018-02-21 09:02 - 2018-01-12 09:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

2018-02-21 09:02 - 2018-01-12 09:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2018-02-21 09:02 - 2018-01-12 09:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

2018-02-21 09:02 - 2018-01-12 09:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2018-02-21 09:02 - 2018-01-12 09:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2018-02-21 09:02 - 2018-01-12 09:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2018-02-21 09:02 - 2018-01-12 09:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

2018-02-21 09:02 - 2018-01-12 09:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

2018-02-21 09:02 - 2018-01-12 09:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2018-02-21 09:02 - 2018-01-12 09:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

2018-02-21 09:02 - 2018-01-12 09:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2018-02-21 09:02 - 2018-01-12 09:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

2018-02-21 09:02 - 2018-01-12 09:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

2018-02-21 09:02 - 2018-01-12 09:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

2018-02-21 09:02 - 2018-01-12 09:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

2018-02-21 09:02 - 2018-01-12 09:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2018-02-21 09:02 - 2018-01-12 09:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

2018-02-21 09:02 - 2018-01-12 09:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2018-02-21 09:02 - 2018-01-12 09:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2018-02-21 09:02 - 2018-01-12 09:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2018-02-21 09:02 - 2018-01-12 09:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

2018-02-21 09:02 - 2018-01-12 09:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2018-02-21 09:02 - 2018-01-12 09:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

2018-02-21 09:02 - 2018-01-12 09:33 - 001665384 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2018-02-21 09:02 - 2018-01-12 09:29 - 004014312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2018-02-21 09:02 - 2018-01-12 09:29 - 003959016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2018-02-21 09:02 - 2018-01-12 09:27 - 004834816 _____ (Microsoft Corporation) C:\Windows\system32\xpsrchvw.exe

2018-02-21 09:02 - 2018-01-12 09:27 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2018-02-21 09:02 - 2018-01-12 09:26 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2018-02-21 09:02 - 2018-01-12 09:26 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

2018-02-21 09:02 - 2018-01-12 09:26 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2018-02-21 09:02 - 2018-01-12 09:26 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll

2018-02-21 09:02 - 2018-01-12 09:26 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2018-02-21 09:02 - 2018-01-12 09:26 - 000363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll

2018-02-21 09:02 - 2018-01-12 09:26 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll

2018-02-21 09:02 - 2018-01-12 09:26 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2018-02-21 09:02 - 2018-01-12 09:26 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2018-02-21 09:02 - 2018-01-12 09:26 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2018-02-21 09:02 - 2018-01-12 09:26 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2018-02-21 09:02 - 2018-01-12 09:26 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2018-02-21 09:02 - 2018-01-12 09:26 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

2018-02-21 09:02 - 2018-01-12 09:26 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll

2018-02-21 09:02 - 2018-01-12 09:26 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2018-02-21 09:02 - 2018-01-12 09:26 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll

2018-02-21 09:02 - 2018-01-12 09:26 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2018-02-21 09:02 - 2018-01-12 09:26 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll

2018-02-21 09:02 - 2018-01-12 09:26 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll

2018-02-21 09:02 - 2018-01-12 09:26 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2018-02-21 09:02 - 2018-01-12 09:26 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2018-02-21 09:02 - 2018-01-12 09:26 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2018-02-21 09:02 - 2018-01-12 09:26 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2018-02-21 09:02 - 2018-01-12 09:26 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2018-02-21 09:02 - 2018-01-12 09:26 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2018-02-21 09:02 - 2018-01-12 09:26 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2018-02-21 09:02 - 2018-01-12 09:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2018-02-21 09:02 - 2018-01-12 09:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2018-02-21 09:02 - 2018-01-12 09:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2018-02-21 09:02 - 2018-01-12 09:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2018-02-21 09:02 - 2018-01-12 09:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2018-02-21 09:02 - 2018-01-12 09:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2018-02-21 09:02 - 2018-01-12 09:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2018-02-21 09:02 - 2018-01-12 09:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2018-02-21 09:02 - 2018-01-12 09:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2018-02-21 09:02 - 2018-01-12 09:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2018-02-21 09:02 - 2018-01-12 09:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2018-02-21 09:02 - 2018-01-12 09:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2018-02-21 09:02 - 2018-01-12 09:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2018-02-21 09:02 - 2018-01-12 09:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2018-02-21 09:02 - 2018-01-12 09:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2018-02-21 09:02 - 2018-01-12 09:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2018-02-21 09:02 - 2018-01-12 09:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2018-02-21 09:02 - 2018-01-12 09:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2018-02-21 09:02 - 2018-01-12 09:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2018-02-21 09:02 - 2018-01-12 09:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2018-02-21 09:02 - 2018-01-12 09:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2018-02-21 09:02 - 2018-01-12 09:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2018-02-21 09:02 - 2018-01-12 09:16 - 003405824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsrchvw.exe

2018-02-21 09:02 - 2018-01-12 09:16 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys

2018-02-21 09:02 - 2018-01-12 09:16 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys

2018-02-21 09:02 - 2018-01-12 09:15 - 000032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys

2018-02-21 09:02 - 2018-01-12 09:11 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe

2018-02-21 09:02 - 2018-01-12 09:11 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys

2018-02-21 09:02 - 2018-01-12 09:11 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe

2018-02-21 09:02 - 2018-01-12 09:10 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

2018-02-21 09:02 - 2018-01-12 09:07 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe

2018-02-21 09:02 - 2018-01-12 09:06 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2018-02-21 09:02 - 2018-01-12 09:03 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys

2018-02-21 09:02 - 2018-01-12 09:02 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys

2018-02-21 09:02 - 2018-01-12 09:02 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys

2018-02-21 09:02 - 2018-01-12 09:02 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe

2018-02-21 09:02 - 2018-01-12 09:01 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2018-02-21 09:02 - 2018-01-12 09:01 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2018-02-21 09:02 - 2018-01-12 08:57 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll

2018-02-21 09:02 - 2018-01-12 08:57 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2018-02-21 09:02 - 2018-01-12 08:57 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2018-02-21 09:02 - 2018-01-12 08:57 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2018-02-21 09:02 - 2018-01-12 08:57 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2018-02-21 09:02 - 2018-01-12 08:56 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2018-02-21 09:02 - 2018-01-12 08:56 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2018-02-21 09:02 - 2018-01-12 08:56 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2018-02-21 09:02 - 2018-01-12 08:56 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2018-02-21 09:02 - 2018-01-11 09:41 - 001133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll

2018-02-21 09:02 - 2018-01-11 09:22 - 000805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll

2018-02-21 09:02 - 2018-01-11 09:09 - 003224064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2018-02-21 09:02 - 2018-01-05 09:31 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll

2018-02-21 09:02 - 2018-01-05 09:31 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll

2018-02-21 09:02 - 2018-01-05 09:30 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll

2018-02-21 09:02 - 2018-01-05 09:30 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2018-02-21 09:02 - 2018-01-05 09:30 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll

2018-02-21 09:02 - 2018-01-05 09:25 - 000383720 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2018-02-21 09:02 - 2018-01-05 09:14 - 000309480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

2018-02-21 09:02 - 2018-01-05 09:11 - 000111104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll

2018-02-21 09:02 - 2018-01-05 09:11 - 000071168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll

2018-02-21 09:02 - 2018-01-05 09:11 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll

2018-02-21 09:02 - 2018-01-05 09:11 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll

2018-02-21 09:02 - 2018-01-05 08:50 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

2018-02-21 08:49 - 2018-01-21 16:50 - 000136424 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe

2018-02-21 08:49 - 2018-01-21 16:40 - 000654336 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2018-02-21 08:49 - 2018-01-19 07:05 - 001994752 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe

2018-02-21 08:49 - 2018-01-19 07:05 - 001569280 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2018-02-21 08:49 - 2018-01-19 07:05 - 000749568 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2018-02-21 08:49 - 2018-01-19 07:05 - 000604672 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2018-02-21 08:49 - 2018-01-19 07:05 - 000450048 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll

2018-02-21 08:49 - 2018-01-19 07:05 - 000378880 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2018-02-21 08:49 - 2018-01-19 07:05 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll

2018-02-21 08:49 - 2018-01-19 07:05 - 000236544 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2018-02-20 23:34 - 2018-02-20 23:34 - 004234749 _____ C:\Users\Tony\Desktop\Eval Reporting Conf PJ 2017.pdf

2018-02-20 15:20 - 2018-02-20 15:20 - 000908729 _____ C:\Users\Tony\Desktop\PJ GREECE CONFERENCE - Announcement Flyer.pdf

2018-02-20 14:49 - 2018-02-20 14:49 - 005124088 _____ C:\Users\Tony\Desktop\BrightVibes - This elementary school replaced detention.mp4

2018-02-20 14:45 - 2018-02-20 14:46 - 016010543 _____ C:\Users\Tony\Desktop\FOX8 - Norway has a brilliant way to get people to recycle.mp4

2018-02-20 14:37 - 2018-02-20 14:37 - 000080079 _____ C:\Users\Tony\Desktop\Service Project Template 2018.pdf

2018-02-20 13:03 - 2018-02-20 13:03 - 000182971 _____ C:\Users\Tony\Desktop\Belgium Slam Flyer 2018 DUTCH.pdf

2018-02-19 14:05 - 2018-02-19 14:05 - 000182945 _____ C:\Users\Tony\Desktop\Belgium Slam Flyer 2018 FRENCH.pdf

2018-02-15 07:56 - 2018-02-15 07:56 - 000775248 _____ C:\Users\Tony\Desktop\Belgium Slam Flyer 2018.pdf

2018-02-07 00:05 - 2018-02-07 00:05 - 000002210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk

2018-02-01 11:20 - 2018-02-01 11:20 - 000000000 ____D C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-28 14:45 - 2015-11-01 12:59 - 000000000 ____D C:\Users\Tony\Desktop\Cleaning

2018-02-28 14:05 - 2016-11-05 09:47 - 000000914 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1102455636-970572162-2684302250-1001UA1d2378447b6aa01.job

2018-02-28 14:03 - 2012-04-17 10:11 - 000000000 ____D C:\Users\Tony\AppData\Local\VirtualStore

2018-02-28 12:25 - 2012-04-11 18:44 - 000000000 ____D C:\ProgramData\NVIDIA

2018-02-28 12:00 - 2012-04-26 13:01 - 000000000 ____D C:\Users\Tony\AppData\Roaming\Dropbox

2018-02-28 10:04 - 2009-07-13 21:45 - 000021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2018-02-28 10:04 - 2009-07-13 21:45 - 000021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2018-02-28 10:03 - 2012-05-06 16:19 - 000000000 ___RD C:\Users\Tony\Google Drive

2018-02-28 09:56 - 2009-07-13 22:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT

2018-02-27 08:54 - 2012-04-26 12:15 - 000002411 _____ C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2018-02-26 20:09 - 2015-10-30 19:38 - 000000000 ____D C:\Users\Tony\AppData\Local\Battle.net

2018-02-26 19:40 - 2015-10-30 19:49 - 000000000 ____D C:\Program Files (x86)\StarCraft II

2018-02-26 19:39 - 2015-10-30 19:32 - 000000000 ____D C:\Program Files (x86)\Battle.net

2018-02-26 19:05 - 2016-11-05 09:47 - 000000862 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1102455636-970572162-2684302250-1001Core1d237844736f0d3.job

2018-02-26 16:28 - 2013-09-03 10:08 - 000000000 ____D C:\Users\Tony\AppData\Roaming\Spotify

2018-02-26 16:28 - 2013-09-03 10:08 - 000000000 ____D C:\Users\Tony\AppData\Local\Spotify

2018-02-26 16:21 - 2017-11-04 00:45 - 000000000 ____D C:\Users\Tony\AppData\Roaming\vlc

2018-02-26 16:16 - 2017-08-06 08:44 - 000000000 ____D C:\Windows\pss

2018-02-25 20:42 - 2014-12-30 17:38 - 000000000 ____D C:\ProgramData\Malwarebytes

2018-02-25 20:41 - 2014-12-30 17:33 - 000000000 ____D C:\AdwCleaner

2018-02-25 12:57 - 2016-08-22 21:37 - 000000000 ___RD C:\Users\Tony\Dropbox (Peace Jam)

2018-02-24 11:31 - 2017-02-03 20:35 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

2018-02-23 19:07 - 2014-07-18 19:23 - 000000000 ____D C:\Users\Tony\AppData\Roaming\KeePass

2018-02-22 20:38 - 2012-04-26 12:01 - 000110584 _____ C:\Users\Tony\AppData\Local\GDIPFONTCACHEV1.DAT

2018-02-22 20:36 - 2009-07-13 21:45 - 004968272 _____ C:\Windows\system32\FNTCACHE.DAT

2018-02-22 20:02 - 2013-09-24 06:38 - 000000000 ____D C:\Windows\Minidump

2018-02-22 18:08 - 2012-04-26 13:03 - 000000000 ___RD C:\Users\Tony\Dropbox (Personal)

2018-02-22 10:42 - 2009-07-13 22:13 - 000006466 _____ C:\Windows\system32\PerfStringBackup.INI

2018-02-21 17:35 - 2015-06-23 09:23 - 000000000 ____D C:\Windows\system32\appraiser

2018-02-21 09:13 - 2013-07-26 11:15 - 000000000 ____D C:\Windows\system32\MRT

2018-02-21 09:08 - 2017-10-11 18:03 - 130067560 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe

2018-02-21 09:08 - 2012-04-26 12:19 - 130067560 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe

2018-02-15 15:00 - 2016-02-12 00:24 - 000000000 ____D C:\Users\Tony\Desktop\Penpa Files

2018-02-15 14:40 - 2014-12-29 08:15 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task

2018-02-13 09:24 - 2018-01-24 15:37 - 000000161 _____ C:\Users\Tony\BullseyeCoverageError.txt

2018-02-10 20:07 - 2017-10-16 06:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google

2018-02-07 00:05 - 2012-05-06 15:31 - 000000000 ____D C:\Program Files (x86)\Google

==================== Files in the root of some directories =======

2017-11-10 19:15 - 2017-11-10 19:15 - 000000132 _____ () C:\Users\Tony\AppData\Roaming\Adobe AIFF Format CS5 Prefs

2012-06-27 10:42 - 2012-06-27 10:42 - 000000132 _____ () C:\Users\Tony\AppData\Roaming\Adobe GIF Format CS5 Prefs

2017-01-04 14:22 - 2017-11-28 18:10 - 000000132 _____ () C:\Users\Tony\AppData\Roaming\Adobe PNG Format CS5 Prefs

2012-05-06 13:46 - 2012-05-06 13:48 - 000001456 _____ () C:\Users\Tony\AppData\Local\Adobe Save for Web 12.0 Prefs

2018-02-22 20:57 - 2018-02-26 16:26 - 000007602 _____ () C:\Users\Tony\AppData\Local\Resmon.ResmonCfg

2013-06-06 00:04 - 2013-06-06 00:04 - 000022105 _____ () C:\Users\Tony\AppData\Local\soulseek-client.dat.1370502285295

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-01-09 13:43

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28.02.2018

Ran by Tony (28-02-2018 14:49:07)

Running from C:\Users\Tony\Desktop

Windows 7 Home Premium Service Pack 1 (X64) (2012-04-17 17:11:01)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1102455636-970572162-2684302250-500 - Administrator - Disabled)

Guest (S-1-5-21-1102455636-970572162-2684302250-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-1102455636-970572162-2684302250-1004 - Limited - Enabled)

Tony (S-1-5-21-1102455636-970572162-2684302250-1001 - Administrator - Enabled) => C:\Users\Tony

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}

AS: Spybot - Search and Destroy (Disabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}

AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1102455636-970572162-2684302250-1001\...\uTorrent) (Version: 3.5.0.44294 - BitTorrent Inc.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)

Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.16 - Adobe Systems)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)

Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)

Adobe Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated)

Adobe Creative Suite 5.5 Master Collection (HKLM-x32\...\{D57FC112-312E-4D70-860F-2DB8FB6858F0}) (Version: 5.5 - Adobe Systems Incorporated)

Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)

Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.171 - Adobe Systems Incorporated)

Adobe Story (HKLM-x32\...\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.0.571 - Adobe Systems Incorporated)

Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)

Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.12.5.0 - Asmedia Technology)

Backup and Sync from Google (HKLM-x32\...\{AC62F3F2-61A2-4357-93EC-C308E3FEDF4E}) (Version: 3.39.8370.7843 - Google, Inc.)

Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)

BitTorrent Sync (HKLM-x32\...\BitTorrent Sync) (Version: 1.4.75 - )

BovadaPoker (HKLM-x32\...\{D7CA2DF8-95CE-4C80-9296-98E21219A1E5}}_is1) (Version: - )

ComicRack v0.9.176 (HKLM\...\ComicRack) (Version: v0.9.176 - cYo Soft)

ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version: - DownloadHelper)

Dropbox (HKU\S-1-5-21-1102455636-970572162-2684302250-1001\...\Dropbox) (Version: 44.4.58 - Dropbox, Inc.)

Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)

Electric Sheep 2.7b34 (HKLM-x32\...\Electric Sheep) (Version: 2.7b34 - Electricsheep)

Ezviz Studio (HKLM-x32\...\{49DF99D3-BC81-439A-8F40-A0529159024C}_is1) (Version: - EZVIZ Inc.)

Google Chrome (HKU\S-1-5-21-1102455636-970572162-2684302250-1001\...\Google Chrome) (Version: 64.0.3282.186 - Google Inc.)

Google Earth Pro (HKLM-x32\...\{FA1BBF34-E994-4310-95D7-BE93092B8E61}) (Version: 7.3.1.4507 - Google)

Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden

Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)

iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)

Jawbone Updater (HKLM-x32\...\Jawbone Updater) (Version: 0.1 - Jawbone)

join.me (HKU\S-1-5-21-1102455636-970572162-2684302250-1001\...\JoinMe) (Version: 3.4.0.5369 - LogMeIn, Inc.)

Junk Mail filter update (HKLM-x32\...\{8E5233E1-7495-44FB-8DEB-4BE906D59619}) (Version: 14.0.8117.416 - Microsoft Corporation) Hidden

KeePass Password Safe 2.30 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.30 - Dominik Reichl)

LG CyberLink BD Advisor (HKLM-x32\...\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}) (Version: 2.0.4606 - CyberLink Corp.)

LG CyberLink Media Suite (HKLM-x32\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2820 - CyberLink Corp.) Hidden

LG CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2820 - CyberLink Corp.)

LG CyberLink PowerDVD (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.3424.52 - CyberLink Corp.) Hidden

LG CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.3424.52 - CyberLink Corp.)

LG Mobile Drivers (HKLM-x32\...\{D8D0327A-72B4-4C79-9883-1B6B6C20ED2B}) (Version: 4.0.3 - LG Electronics)

Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)

Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)

Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)

Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)

Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)

Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.5.166.0 - Microsoft Corporation)

Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)

Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Mozilla Firefox 32.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.1 (x86 en-US)) (Version: 32.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)

NVIDIA 3D Vision Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.13 - NVIDIA Corporation)

NVIDIA GeForce Experience 3.4.0.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.4.0.70 - NVIDIA Corporation)

NVIDIA Graphics Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.13 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)

NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.4.0.70 - NVIDIA Corporation) Hidden

NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.3.16.0 - NVIDIA Corporation) Hidden

NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden

PCPlayer (HKLM-x32\...\{B54CE443-35EF-4776-A0CD-6D961B983097}_is1) (Version: 3.18.11.0 - EZVIZ Inc.)

PDF Settings CS5 (HKLM-x32\...\{A78FE97A-C0C8-49CE-89D0-EDD524A17392}) (Version: 10.0 - Adobe Systems Incorporated) Hidden

Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)

PxMergeModule (HKLM-x32\...\{024521CF-C07E-4F8E-8481-0D75695E03AF}) (Version: 1.00.0000 - Your Company Name) Hidden

Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.10.9 - Intuit)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6402 - Realtek Semiconductor Corp.)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)

SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0351 - NVIDIA Corporation) Hidden

SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.4.0.70 - NVIDIA Corporation) Hidden

Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)

SoulseekQt (HKLM-x32\...\SoulseekQt) (Version: - )

Spotify (HKU\S-1-5-21-1102455636-970572162-2684302250-1001\...\Spotify) (Version: 1.0.65.320.gac7a8e02 - Spotify AB)

Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)

StarCraft (HKLM-x32\...\StarCraft) (Version: - Blizzard Entertainment)

StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)

Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)

TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )

TweakNow RegCleaner (HKLM-x32\...\TweakNow RegCleaner_is1) (Version: 7.3.6 - TweakNow.com)

update_server (HKLM-x32\...\{1D08522D-308D-4615-AEA9-44021FD7445A}_is1) (Version: - )

Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)

VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: - Elaborate Bytes)

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)

VPN Unlimited 4.16 (HKLM-x32\...\{DC24521E-872B-41AF-93EA-FE477902D6FB}_is1) (Version: 4.16 - KeepSolid Inc.)

Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)

Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)

Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)

Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

YouTubeByClick (HKLM-x32\...\{AB74E85A-DDDE-4DE5-BB0B-8954FACB6D2E}) (Version: 2.2.48 - YouTubeByClick.com)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKU\S-1-5-21-1102455636-970572162-2684302250-1001\...\ChromeHTML: -> C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1102455636-970572162-2684302250-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Tony\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1102455636-970572162-2684302250-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Tony\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-1102455636-970572162-2684302250-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Tony\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-1102455636-970572162-2684302250-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Tony\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-1102455636-970572162-2684302250-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Tony\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-1102455636-970572162-2684302250-1001_Classes\CLSID\{38216570-5DB1-45F8-A344-B0C4E252B14B}\InprocServer32 -> C:\Users\Tony\AppData\Local\Google\Update\1.3.26.7\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-1102455636-970572162-2684302250-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Tony\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-1102455636-970572162-2684302250-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Tony\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-1102455636-970572162-2684302250-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Tony\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-1102455636-970572162-2684302250-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Tony\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-1102455636-970572162-2684302250-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Tony\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-1102455636-970572162-2684302250-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Tony\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-1102455636-970572162-2684302250-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Tony\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-1102455636-970572162-2684302250-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Tony\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1102455636-970572162-2684302250-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Tony\AppData\Local\Google\Update\1.3.32.8\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-1102455636-970572162-2684302250-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Tony\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-1102455636-970572162-2684302250-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Tony\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-1102455636-970572162-2684302250-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Tony\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-1102455636-970572162-2684302250-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Tony\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1102455636-970572162-2684302250-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1102455636-970572162-2684302250-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1102455636-970572162-2684302250-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1102455636-970572162-2684302250-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1102455636-970572162-2684302250-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1102455636-970572162-2684302250-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1102455636-970572162-2684302250-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1102455636-970572162-2684302250-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1102455636-970572162-2684302250-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1102455636-970572162-2684302250-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1102455636-970572162-2684302250-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1102455636-970572162-2684302250-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1102455636-970572162-2684302250-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Tony\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File

ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-01-29] (Google)

ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-01-29] (Google)

ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-01-29] (Google)

ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => -> No File

ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)

ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2015-09-24] (Adobe Systems Inc.)

ContextMenuHandlers1: [BTSync] -> {581FFA63-FC33-4622-A77B-95003A5CDE89} => C:\Users\Tony\AppData\Roaming\BitTorrent Sync\SyncShellContextMenu.dll [2014-09-14] ()

ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)

ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-01-29] (Google)

ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)

ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)

ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)

ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)

ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)

ContextMenuHandlers4: [BTSync] -> {581FFA63-FC33-4622-A77B-95003A5CDE89} => C:\Users\Tony\AppData\Roaming\BitTorrent Sync\SyncShellContextMenu.dll [2014-09-14] ()

ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)

ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-01-29] (Google)

ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation)

ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2015-09-24] (Adobe Systems Inc.)

ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)

ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)

ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)

ContextMenuHandlers1_S-1-5-21-1102455636-970572162-2684302250-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)

ContextMenuHandlers4_S-1-5-21-1102455636-970572162-2684302250-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)

ContextMenuHandlers5_S-1-5-21-1102455636-970572162-2684302250-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)

FolderExtensions: [] -> {F6BF8414-962C-40FE-90F1-B80A7E72DB9A} =>

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0673DDF5-2E03-466F-ADB2-5080982C2DAE} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1102455636-970572162-2684302250-1001UA1d2378447b6aa01 => C:\Users\Tony\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)

Task: {15D7AD47-8CFE-4226-8EE9-6A8084B5F69C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-03-16] (NVIDIA Corporation)

Task: {19F8A4AD-B9BB-4E74-909A-0F5D604E6B8D} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-03-16] (NVIDIA Corporation)

Task: {28EA23E1-44D0-4B09-A828-4C2A38A4B003} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-02] (Google Inc.)

Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION

Task: {2FADFAB9-F988-4874-813E-758EF9D54DAD} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1102455636-970572162-2684302250-1001Core1d237844736f0d3 => C:\Users\Tony\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)

Task: {3690DB9B-BF80-4122-B7A6-6DA6CF55B50B} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION

Task: {383E93A7-1432-4B80-9E36-58EC16361023} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation)

Task: {508CAA6B-1705-4115-93DF-BFE313836229} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1102455636-970572162-2684302250-1001Core1d0e10c47009057 => C:\Users\Tony\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)

Task: {5928D882-01B0-4B0A-9599-AD43F413E324} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-02] (Google Inc.)

Task: {65DC6440-5103-4663-A2BE-DEF7C053C9F6} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-03-16] (NVIDIA Corporation)

Task: {6BE90D85-012C-4B11-9E3D-397AB50494E2} - System32\Tasks\AdobeAAMUpdater-1.0-Tony-PC-Tony => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-30] (Adobe Systems Incorporated)

Task: {6BFDCBBC-70DF-445D-8E20-19C5F4C14149} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-03-16] (NVIDIA Corporation)

Task: {6F137257-7E4D-4CA8-9B13-511AD1B4749C} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-03-16] (NVIDIA Corporation)

Task: {74FBB584-3512-49D5-ADDC-FC16D51C4E0B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1102455636-970572162-2684302250-1001UA => C:\Users\Tony\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)

Task: {7AAA285E-1893-447A-B030-7303AC5D2952} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2015-07-08] (Microsoft)

Task: {7DB42BE8-CB52-4EFE-99B0-B518C89284C6} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe

Task: {85F719B8-C8CA-43C2-849D-905BBA4D32B0} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION

Task: {969E29FA-2CE9-4220-A1D8-2C014A69E708} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation)

Task: {9E71EFB4-5D50-48C0-90ED-8FC0B1855744} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)

Task: {9FD97BA8-60D0-488B-A77A-18872DB286D1} - System32\Tasks\GoogleUpdateTaskMachineUA1d1ecd8493363f0 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-02] (Google Inc.)

Task: {A553D406-E62F-46F1-888D-C4A3A2BEBB92} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1102455636-970572162-2684302250-1001UA1d0e10c475d6602 => C:\Users\Tony\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)

Task: {A6D14B58-1B85-4FD4-854B-114170084323} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-03-16] (NVIDIA Corporation)

Task: {A7A52E6D-DBE7-47CB-A0FE-21A3FC50ACA5} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-03-16] (NVIDIA Corporation)

Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION

Task: {BB05E85A-6941-427A-AFB6-1BBC8E93A675} - System32\Tasks\GoogleUpdateTaskMachineCore1d1ecd848a6085c => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-02] (Google Inc.)

Task: {C25FF519-5F61-44BB-8564-2BEF2A3049E3} - System32\Tasks\elbyExecuteWithUAC => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ExecuteWithUAC.exe [2008-06-27] ()

Task: {C3915108-885E-4D76-8F95-7D6839B6D97E} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1102455636-970572162-2684302250-1001

Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION

Task: {D35D5454-2C61-49DF-8BE3-5BB8F9A7A9EA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-01-17] (Adobe Systems Incorporated)

Task: {E7388B02-914C-48A5-81F7-CA614B87CA85} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation)

Task: {EF894200-1F4B-4DCB-B8C9-51CAC4EE1355} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-12] (Adobe Systems Incorporated)

Task: {F756EC7C-E3B2-496E-8EE5-17EA5797851B} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2016-05-17] ()

Task: {F99AFCD9-43B6-49CB-9EF5-34CE3CBEB578} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation)

Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION

Task: {FFE74BB5-59F7-454D-83F5-AB2123CC29E0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1102455636-970572162-2684302250-1001Core => C:\Users\Tony\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1102455636-970572162-2684302250-1001Core1d237844736f0d3.job => C:\Users\Tony\AppData\Local\Dropbox\Update\DropboxUpdate.exe

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1102455636-970572162-2684302250-1001UA1d2378447b6aa01.job => C:\Users\Tony\AppData\Local\Dropbox\Update\DropboxUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1102455636-970572162-2684302250-1001Core.job => C:\Users\Tony\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1102455636-970572162-2684302250-1001UA.job => C:\Users\Tony\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Zoom.lnk -> C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" --app-id=hmbjbjdpkobdjplfobhljndfdfdipjhg

ShortcutWithArgument: C:\Users\Tony\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\c858f8848722416a\Zara - Chrome.lnk -> C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) ==============

2017-04-14 19:28 - 2017-03-16 17:59 - 001148984 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll

2017-04-14 19:28 - 2017-03-16 17:59 - 004490808 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll

2012-04-27 07:07 - 2014-03-02 18:27 - 000076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe

2010-10-20 15:23 - 2010-10-20 15:23 - 008801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2014-09-14 12:19 - 2014-09-14 12:19 - 000101888 _____ () C:\Users\Tony\AppData\Roaming\BitTorrent Sync\SyncShellContextMenu.dll

2018-01-29 12:42 - 2018-01-29 12:42 - 041100328 _____ () C:\Program Files (x86)\Google\Drive\googledrivesync.exe

2018-02-27 08:54 - 2018-02-21 20:57 - 004433752 _____ () C:\Users\Tony\AppData\Local\Google\Chrome\Application\64.0.3282.186\libglesv2.dll

2018-02-27 08:54 - 2018-02-21 20:57 - 000099672 _____ () C:\Users\Tony\AppData\Local\Google\Chrome\Application\64.0.3282.186\libegl.dll

2017-04-14 19:28 - 2017-03-16 17:59 - 000020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll

2017-04-14 19:28 - 2017-03-16 17:59 - 000901688 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll

2017-04-14 19:28 - 2017-03-16 17:59 - 003776056 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll

2018-02-28 10:03 - 2018-02-28 10:03 - 000088064 _____ () C:\Users\Tony\AppData\Local\Temp\_MEI32722\_ctypes.pyd

2018-02-28 10:03 - 2018-02-28 10:03 - 000069120 _____ () C:\Users\Tony\AppData\Local\Temp\_MEI32722\bz2.pyd

2018-02-28 10:03 - 2018-02-28 10:03 - 000920064 _____ () C:\Users\Tony\AppData\Local\Temp\_MEI32722\_hashlib.pyd

2018-02-28 10:03 - 2018-02-28 10:03 - 000098816 _____ () C:\Users\Tony\AppData\Local\Temp\_MEI32722\win32api.pyd

2018-02-28 10:03 - 2018-02-28 10:03 - 000110080 _____ () C:\Users\Tony\AppData\Local\Temp\_MEI32722\pywintypes27.dll

2018-02-28 10:03 - 2018-02-28 10:03 - 000364544 _____ () C:\Users\Tony\AppData\Local\Temp\_MEI32722\pythoncom27.dll

2018-02-28 10:03 - 2018-02-28 10:03 - 000686080 _____ () C:\Users\Tony\AppData\Local\Temp\_MEI32722\unicodedata.pyd

2018-02-28 10:03 - 2018-02-28 10:03 - 000320512 _____ () C:\Users\Tony\AppData\Local\Temp\_MEI32722\win32com.shell.shell.pyd

2018-02-28 10:03 - 2018-02-28 10:03 - 001177088 _____ () C:\Users\Tony\AppData\Local\Temp\_MEI32722\wx._core_.pyd

2018-02-28 10:03 - 2018-02-28 10:03 - 000806912 _____ () C:\Users\Tony\AppData\Local\Temp\_MEI32722\wx._gdi_.pyd

2018-02-28 10:03 - 2018-02-28 10:03 - 000816640 _____ () C:\Users\Tony\AppData\Local\Temp\_MEI32722\wx._windows_.pyd

2018-02-28 10:03 - 2018-02-28 10:03 - 001067520 _____ () C:\Users\Tony\AppData\Local\Temp\_MEI32722\wx._controls_.pyd

2018-02-28 10:03 - 2018-02-28 10:03 - 000733696 _____ () C:\Users\Tony\AppData\Local\Temp\_MEI32722\wx._misc_.pyd

2018-02-28 10:03 - 2018-02-28 10:03 - 000736256 _____ () C:\Users\Tony\AppData\Local\Temp\_MEI32722\pysqlite2._sqlite.pyd

2018-02-28 10:03 - 2018-02-28 10:03 - 000119808 _____ () C:\Users\Tony\AppData\Local\Temp\_MEI32722\win32file.pyd

2018-02-28 10:03 - 2018-02-28 10:03 - 000108544 _____ () C:\Users\Tony\AppData\Local\Temp\_MEI32722\win32security.pyd

2018-02-28 10:03 - 2018-02-28 10:03 - 000007168 _____ () C:\Users\Tony\AppData\Local\Temp\_MEI32722\hashobjs_ext.pyd

2018-02-28 10:03 - 2018-02-28 10:03 - 000017920 _____ () C:\Users\Tony\AppData\Local\Temp\_MEI32722\thumbnails_ext.pyd

2018-02-28 10:03 - 2018-02-28 10:03 - 000082432 _____ () C:\Users\Tony\AppData\Local\Temp\_MEI32722\usb_ext.pyd

2018-02-28 10:03 - 2018-02-28 10:03 - 000013824 _____ () C:\Users\Tony\AppData\Local\Temp\_MEI32722\common.time34.pyd

2018-02-28 10:03 - 2018-02-28 10:03 - 000018432 _____ () C:\Users\Tony\AppData\Local\Temp\_MEI32722\win32event.pyd

2018-02-28 10:03 - 2018-02-28 10:03 - 000027648 _____ () C:\Users\Tony\AppData\Local\Temp\_MEI32722\windows.conditional.pyd

2018-02-28 10:03 - 2018-02-28 10:03 - 000017408 _____ () C:\Users\Tony\AppData\Local\Temp\_MEI32722\windows.winwrap.pyd

2018-02-28 10:03 - 2018-02-28 10:03 - 000089088 _____ () C:\Users\Tony\AppData\Local\Temp\_MEI32722\windows.volumes.pyd

2018-02-28 10:03 - 2018-02-28 10:03 - 000167936 _____ () C:\Users\Tony\AppData\Local\Temp\_MEI32722\win32gui.pyd

2018-02-28 10:03 - 2018-02-28 10:03 - 000046080 _____ () C:\Users\Tony\AppData\Local\Temp\_MEI32722\_socket.pyd

2018-02-28 10:03 - 2018-02-28 10:03 - 001311232 _____ () C:\Users\Tony\AppData\Local\Temp\_MEI32722\_ssl.pyd

2018-02-28 10:03 - 2018-02-28 10:03 - 000135680 _____ () C:\Users\Tony\AppData\Local\Temp\_MEI32722\_elementtree.pyd

2018-02-28 10:03 - 2018-02-28 10:03 - 000133632 _____ () C:\Users\Tony\AppData\Local\Temp\_MEI32722\pyexpat.pyd

2018-02-28 10:03 - 2018-02-28 10:03 - 000038912 _____ () C:\Users\Tony\AppData\Local\Temp\_MEI32722\win32inet.pyd

2018-02-28 10:03 - 2018-02-28 10:03 - 000077824 _____ () C:\Users\Tony\AppData\Local\Temp\_MEI32722\wx._html2.pyd

2018-02-28 10:03 - 2018-02-28 10:03 - 000036864 _____ () C:\Users\Tony\AppData\Local\Temp\_MEI32722\_psutil_windows.pyd

2018-02-28 10:03 - 2018-02-28 10:03 - 000524248 _____ () C:\Users\Tony\AppData\Local\Temp\_MEI32722\windows._lib_cacheinvalidation.pyd

2018-02-28 10:03 - 2018-02-28 10:03 - 000010240 _____ () C:\Users\Tony\AppData\Local\Temp\_MEI32722\select.pyd

2018-02-28 10:03 - 2018-02-28 10:03 - 000011264 _____ () C:\Users\Tony\AppData\Local\Temp\_MEI32722\win32crypt.pyd

2018-02-28 10:03 - 2018-02-28 10:03 - 000218624 _____ () C:\Users\Tony\AppData\Local\Temp\_MEI32722\PIL._imaging.pyd

2018-02-28 10:03 - 2018-02-28 10:03 - 000027648 _____ () C:\Users\Tony\AppData\Local\Temp\_MEI32722\_multiprocessing.pyd

2018-02-28 10:03 - 2018-02-28 10:03 - 000020480 _____ () C:\Users\Tony\AppData\Local\Temp\_MEI32722\_yappi.pyd

2018-02-28 10:03 - 2018-02-28 10:03 - 000035840 _____ () C:\Users\Tony\AppData\Local\Temp\_MEI32722\win32process.pyd

2018-02-28 10:03 - 2018-02-28 10:03 - 000024064 _____ () C:\Users\Tony\AppData\Local\Temp\_MEI32722\win32pipe.pyd

2018-02-28 10:03 - 2018-02-28 10:03 - 000025600 _____ () C:\Users\Tony\AppData\Local\Temp\_MEI32722\win32pdh.pyd

2018-02-28 10:03 - 2018-02-28 10:03 - 000059392 _____ () C:\Users\Tony\AppData\Local\Temp\_MEI32722\windows.device_monitor.pyd

2018-02-28 10:03 - 2018-02-28 10:03 - 000017408 _____ () C:\Users\Tony\AppData\Local\Temp\_MEI32722\win32profile.pyd

2018-02-28 10:03 - 2018-02-28 10:03 - 000022528 _____ () C:\Users\Tony\AppData\Local\Temp\_MEI32722\win32ts.pyd

2017-04-14 19:28 - 2017-03-16 17:59 - 000338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node

2017-04-14 19:28 - 2017-03-16 17:59 - 000252352 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node

2017-04-14 19:28 - 2017-03-16 17:59 - 002443320 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node

2017-04-14 19:28 - 2017-03-16 17:59 - 000385592 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node

2017-04-14 19:28 - 2017-03-16 17:59 - 000543288 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node

2017-04-14 19:28 - 2017-03-16 17:59 - 000468536 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node

2018-02-28 11:59 - 2018-02-26 04:24 - 000746312 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll

2018-02-28 11:59 - 2018-02-26 04:24 - 002079048 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\dropbox_crashpad.dll

2017-11-02 15:20 - 2018-02-26 04:24 - 000100312 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\_ctypes.pyd

2017-10-19 12:28 - 2018-02-26 04:24 - 000018896 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\select.pyd

2017-10-19 12:28 - 2018-02-26 04:26 - 000020808 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd

2017-11-02 15:20 - 2018-02-26 04:24 - 000035808 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd

2017-11-02 15:20 - 2018-02-26 04:24 - 000694232 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\unicodedata.pyd

2018-02-28 11:59 - 2018-02-26 04:26 - 000021856 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd

2017-11-02 15:20 - 2018-02-26 04:24 - 000130520 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd

2018-02-28 11:59 - 2018-02-26 04:26 - 001856864 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd

2018-02-28 11:59 - 2018-02-26 04:26 - 000022880 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd

2018-02-28 11:59 - 2018-02-26 04:24 - 000145880 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\pyexpat.pyd

2018-02-28 11:59 - 2018-02-26 04:24 - 000116696 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\pywintypes27.dll

2017-11-02 15:20 - 2018-02-26 04:24 - 000105944 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\win32api.pyd

2017-11-02 15:20 - 2018-02-26 04:26 - 000022872 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd

2018-02-28 11:59 - 2018-02-26 04:26 - 000063312 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd

2017-11-02 15:20 - 2018-02-26 04:24 - 000024536 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\win32event.pyd

2018-02-28 11:59 - 2018-02-26 04:26 - 000077120 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\fastpath.pyd

2018-02-28 11:59 - 2018-02-26 04:24 - 000020952 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\mmapfile.pyd

2017-11-02 15:20 - 2018-02-26 04:24 - 000124888 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\win32file.pyd

2017-11-02 15:20 - 2018-02-26 04:24 - 000116184 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\win32security.pyd

2018-02-28 11:59 - 2018-02-26 04:24 - 000392664 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\pythoncom27.dll

2017-11-02 15:20 - 2018-02-26 04:26 - 000392520 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd

2017-11-02 15:20 - 2018-02-26 04:26 - 000026464 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd

2017-11-02 15:20 - 2018-02-26 04:24 - 000024024 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\win32clipboard.pyd

2017-11-02 15:20 - 2018-02-26 04:24 - 000175576 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\win32gui.pyd

2017-11-02 15:20 - 2018-02-26 04:24 - 000030168 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\win32pipe.pyd

2017-11-02 15:20 - 2018-02-26 04:24 - 000043480 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\win32process.pyd

2017-11-02 15:20 - 2018-02-26 04:24 - 000026072 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\win32job.pyd

2017-11-02 15:20 - 2018-02-26 04:24 - 000048600 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\win32service.pyd

2017-11-02 15:20 - 2018-02-26 04:24 - 000057816 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\win32evtlog.pyd

2018-02-28 11:59 - 2018-02-26 04:26 - 000021840 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd

2017-11-02 15:20 - 2018-02-26 04:27 - 000023376 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\winshell.compiled._winshell.pyd

2018-02-28 11:59 - 2018-02-26 04:26 - 000022864 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\crashpad.compiled._Crashpad.pyd

2017-11-02 15:20 - 2018-02-26 04:26 - 000066400 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\winenumhandles.compiled._WinEnumHandles.pyd

2018-02-28 11:59 - 2018-02-26 04:26 - 001798464 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd

2017-10-19 12:28 - 2018-02-26 04:24 - 000084944 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\sip.pyd

2018-02-28 11:59 - 2018-02-26 04:26 - 001959232 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd

2018-02-28 11:59 - 2018-02-26 04:26 - 003863880 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd

2018-02-28 11:59 - 2018-02-26 04:26 - 000155472 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd

2018-02-28 11:59 - 2018-02-26 04:26 - 000521544 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd

2018-02-28 11:59 - 2018-02-26 04:26 - 000051024 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineCore.pyd

2018-02-28 11:59 - 2018-02-26 04:26 - 000043336 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd

2018-02-28 11:59 - 2018-02-26 04:26 - 000131400 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd

2018-02-28 11:59 - 2018-02-26 04:26 - 000219984 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd

2018-02-28 11:59 - 2018-02-26 04:26 - 000204104 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd

2017-11-02 15:20 - 2018-02-26 04:27 - 000025440 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd

2017-11-02 15:20 - 2018-02-26 04:24 - 000060888 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\win32print.pyd

2017-11-02 15:20 - 2018-02-26 04:27 - 000054616 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.pyd

2017-11-02 15:20 - 2018-02-26 04:24 - 000024024 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\win32profile.pyd

2017-11-02 15:20 - 2018-02-26 04:26 - 000022880 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.pyd

2017-11-02 15:20 - 2018-02-26 04:24 - 000028632 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\win32ts.pyd

2017-11-02 15:20 - 2018-02-26 04:26 - 000022368 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd

2017-11-02 15:20 - 2018-02-26 04:26 - 000021856 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.pyd

2017-11-02 15:20 - 2018-02-26 04:27 - 000022368 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.pyd

2018-02-28 11:59 - 2018-02-26 04:26 - 000027496 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd

2017-11-02 15:20 - 2018-02-26 04:24 - 000349144 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\winxpgui.pyd

2017-11-02 15:20 - 2018-02-26 04:27 - 000023904 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd

2018-02-28 11:59 - 2018-02-26 04:26 - 000025432 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd

2018-02-28 11:59 - 2018-02-26 04:24 - 000036312 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\librsync.dll

2018-01-11 13:23 - 2018-02-26 04:26 - 000021856 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\winffi.advapi32.compiled._winffi_advapi32.pyd

2018-02-28 11:59 - 2018-02-26 04:26 - 000181064 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL

2017-11-02 15:20 - 2018-02-26 04:26 - 000030544 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\wind3d11.compiled._wind3d11.pyd

2018-02-28 11:59 - 2018-02-26 04:26 - 000024384 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\libEGL.DLL

2018-02-28 11:59 - 2018-02-26 04:26 - 001638208 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\libGLESv2.dll

2017-11-02 15:20 - 2018-02-26 04:26 - 000026464 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd

2018-02-28 11:59 - 2018-02-26 04:26 - 000546632 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd

2018-02-28 11:59 - 2018-02-26 04:26 - 000359744 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd

2018-02-28 11:59 - 2018-02-26 04:26 - 000038216 _____ () C:\Users\Tony\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngine.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Program Files\Common Files\System:g2iileUKu9DvDX0fYTlpeSCqT [2210]

AlternateDataStreams: C:\ProgramData\Microsoft:VssScbIji3c67OfLqb2CNS2 [2276]

AlternateDataStreams: C:\ProgramData\Microsoft:yqRnPwY6mHlzbSwNQRBRe5nSqS0 [2166]

AlternateDataStreams: C:\Users\Tony\Cookies:bCFZvAvxQkkGxzHRivPI5cR2d [2230]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com

IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com

IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com

IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com

IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com

IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com

IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com

IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com

IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com

IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com

IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com

IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com

IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com

IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com

IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net

IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net

IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info

IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com

IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com

IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7937 more sites.

IE restricted site: HKU\S-1-5-21-1102455636-970572162-2684302250-1001\...\007guard.com -> install.007guard.com

IE restricted site: HKU\S-1-5-21-1102455636-970572162-2684302250-1001\...\008i.com -> 008i.com

IE restricted site: HKU\S-1-5-21-1102455636-970572162-2684302250-1001\...\008k.com -> www.008k.com

IE restricted site: HKU\S-1-5-21-1102455636-970572162-2684302250-1001\...\00hq.com -> www.00hq.com

IE restricted site: HKU\S-1-5-21-1102455636-970572162-2684302250-1001\...\010402.com -> 010402.com

IE restricted site: HKU\S-1-5-21-1102455636-970572162-2684302250-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com

IE restricted site: HKU\S-1-5-21-1102455636-970572162-2684302250-1001\...\0scan.com -> www.0scan.com

IE restricted site: HKU\S-1-5-21-1102455636-970572162-2684302250-1001\...\1-2005-search.com -> www.1-2005-search.com

IE restricted site: HKU\S-1-5-21-1102455636-970572162-2684302250-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com

IE restricted site: HKU\S-1-5-21-1102455636-970572162-2684302250-1001\...\1000gratisproben.com -> www.1000gratisproben.com

IE restricted site: HKU\S-1-5-21-1102455636-970572162-2684302250-1001\...\1001namen.com -> www.1001namen.com

IE restricted site: HKU\S-1-5-21-1102455636-970572162-2684302250-1001\...\100888290cs.com -> mir.100888290cs.com

IE restricted site: HKU\S-1-5-21-1102455636-970572162-2684302250-1001\...\100sexlinks.com -> www.100sexlinks.com

IE restricted site: HKU\S-1-5-21-1102455636-970572162-2684302250-1001\...\10sek.com -> www.10sek.com

IE restricted site: HKU\S-1-5-21-1102455636-970572162-2684302250-1001\...\12-26.net -> user1.12-26.net

IE restricted site: HKU\S-1-5-21-1102455636-970572162-2684302250-1001\...\12-27.net -> user1.12-27.net

IE restricted site: HKU\S-1-5-21-1102455636-970572162-2684302250-1001\...\123fporn.info -> www.123fporn.info

IE restricted site: HKU\S-1-5-21-1102455636-970572162-2684302250-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com

IE restricted site: HKU\S-1-5-21-1102455636-970572162-2684302250-1001\...\123moviedownload.com -> www.123moviedownload.com

IE restricted site: HKU\S-1-5-21-1102455636-970572162-2684302250-1001\...\123simsen.com -> www.123simsen.com

There are 7937 more sites.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2018-02-22 19:09 - 000456004 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 crl.verisign.net CRL.VERISIGN.NET ood.opsource.net

127.0.0.1 activate.adobe.com

127.0.0.1 activate-sea.adobe.com

127.0.0.1 practivate.adobe

127.0.0.1 practivate.adobe.com

127.0.0.1 practivate.adobe.newoa

127.0.0.1 practivate.adobe.ntp

127.0.0.1 practivate.adobe.ipp

127.0.0.1 adobeereg.com

127.0.0.1 activate.wip1.adobe.com

127.0.0.1 activate.wip2.adobe.com

127.0.0.1 activate.wip3.adobe.com

127.0.0.1 activate.wip4.adobe.com

127.0.0.1 www.adobeereg.com

127.0.0.1 hl2rcv.adobe.com

127.0.0.1 wip.adobe.com

127.0.0.1 wip1.aobe.com

127.0.0.1 wip2.adobe.com

127.0.0.1 wip3.adobe.com

127.0.0.1 wip4.adobe.com

127.0.0.1 www.wip.adobe.com

127.0.0.1 www.wip1.adobe.com

127.0.0.1 www.wip2.adobe.com

127.0.0.1 www.wip3.adobe.com

127.0.0.1 www.wip4.adobe.com

127.0.0.1 3dns.adobe.com

127.0.0.1 3dns-1.adobe.com

127.0.0.1 3dns-2.adobe.com

127.0.0.1 3dns-3.adobe.com

127.0.0.1 3dns-4.adobe.com

There are 15645 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1102455636-970572162-2684302250-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 192.168.1.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeARMservice => 2

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3

MSCONFIG\Services: Bonjour Service => 2

MSCONFIG\Services: gupdate => 2

MSCONFIG\Services: gupdatem => 3

MSCONFIG\Services: MBAMService => 2

MSCONFIG\Services: MozillaMaintenance => 3

MSCONFIG\Services: SDScannerService => 2

MSCONFIG\Services: SDUpdateService => 2

MSCONFIG\Services: SDWSCService => 2

MSCONFIG\Services: SkypeUpdate => 2

MSCONFIG\Services: Steam Client Service => 3

MSCONFIG\Services: SwitchBoard => 3

MSCONFIG\Services: VPNUnlimitedService => 2

MSCONFIG\startupfolder: C:^Users^Tony^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup

MSCONFIG\startupfolder: C:^Users^Tony^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Launch Jawbone Updater.lnk => C:\Windows\pss\Launch Jawbone Updater.lnk.Startup

MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

MSCONFIG\startupreg: BDRegion => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe

MSCONFIG\startupreg: Dropbox Update => "C:\Users\Tony\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c

MSCONFIG\startupreg: Google Update => C:\Users\Tony\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe

MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart

MSCONFIG\startupreg: KeePass 2 PreLoad => "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload

MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"

MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"

MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"

MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

MSCONFIG\startupreg: Spotify => "C:\Users\Tony\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized

MSCONFIG\startupreg: Spotify Web Helper => C:\Users\Tony\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart

MSCONFIG\startupreg: SPUpDateServerrun => C:\Program Files (x86)\hicloud\update_server\startUp.exe

MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"

MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent

MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

MSCONFIG\startupreg: VPN Unlimited => "C:\Program Files (x86)\VPN Unlimited\vpn-unlimited-launcher.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C94B7BBA-7528-4065-A327-32837718CFBA}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe

FirewallRules: [{FEBDE4F8-1509-448A-AD50-B7E09C433AF3}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

FirewallRules: [{D780D2D3-2C6E-4A4B-808C-291839ED713A}] => (Allow) svchost.exe

FirewallRules: [{C35302F7-0F1C-4ED8-AB13-F999E2E89E74}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe

FirewallRules: [{50A14BA8-ADCA-4CC6-B56B-F208468AA670}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

FirewallRules: [{58AD8B65-40F5-401F-9294-1463887A38E4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

FirewallRules: [{1F1EB59A-B902-4718-960A-F7DFA940034B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe

FirewallRules: [{1D6C89FD-1FE5-4572-B0B3-9AA31B60DDBD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE

FirewallRules: [{27621D25-8363-469A-A55A-405CCD1EE34C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{0CAE9E8D-E3C4-4EB2-A413-D8BE189D3355}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{A7583A5E-3962-49DE-97AE-733BEDFB7979}] => (Allow) C:\Users\Tony\AppData\Roaming\Dropbox\bin\Dropbox.exe

FirewallRules: [{BB43B410-9DD0-460F-9F6D-5D54B98FB2DD}] => (Allow) C:\Users\Tony\AppData\Roaming\Dropbox\bin\Dropbox.exe

FirewallRules: [TCP Query User{2316BD9B-C573-4309-B9E1-22AE5BD764E0}C:\users\tony\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\tony\appdata\roaming\dropbox\bin\dropbox.exe

FirewallRules: [UDP Query User{CA2DE3B7-3BA9-4789-89E9-7EF688ACF1E4}C:\users\tony\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\tony\appdata\roaming\dropbox\bin\dropbox.exe

FirewallRules: [TCP Query User{22FCBB10-E887-44AC-9E9A-FEF38494E654}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe

FirewallRules: [UDP Query User{820CA7FC-8CEE-44F5-9D51-2B19336FC755}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe

FirewallRules: [{55DF7993-1990-44F3-A1D8-12BC5C870009}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\far cry 2\bin\FarCry2.exe

FirewallRules: [{FA973FBE-1749-4DD1-A3FE-8CDBFC918DF7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\far cry 2\bin\FarCry2.exe

FirewallRules: [{A2569AE1-7502-461C-AB09-4B355BDE37BC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\far cry 2\bin\FC2Editor.exe

FirewallRules: [{C0C2D631-3B82-48A1-A167-E9F85C08C75E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\far cry 2\bin\FC2Editor.exe

FirewallRules: [{23C246E8-F7ED-4FB9-BD86-65E982492D94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\far cry 2\bin\FC2BenchmarkTool.exe

FirewallRules: [{D968DC83-A818-4F15-9036-31113EADB362}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\far cry 2\bin\FC2BenchmarkTool.exe

FirewallRules: [{3ED7F80D-F835-4EEA-AADE-B33F9BF00E38}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\far cry 2\bin\FC2ServerLauncher.exe

FirewallRules: [{FE0E5019-8C2D-41EF-9231-2C74A29F9AD0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\far cry 2\bin\FC2ServerLauncher.exe

FirewallRules: [{91044E54-F13B-4A4C-8249-F41263587D96}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.5\FlashBuilder.exe

FirewallRules: [{F9AA042C-32C2-446F-996F-27A7D18BC4B6}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.5\FlashBuilder.exe

FirewallRules: [{A9D52C2B-FABC-4AA7-BAC7-8FEDEEABB966}] => (Allow) LPort=7935

FirewallRules: [{B3B1CD70-416E-41A5-A8EC-3ACFCD074196}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\deus ex - human revolution\dxhr.exe

FirewallRules: [{D6A9BBAE-0185-448C-B077-CDE9ACC5CFD3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\deus ex - human revolution\dxhr.exe

FirewallRules: [{595C43A2-DF86-4F5E-8499-BC329E817444}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\batman arkham asylum\Batman_Revoker.exe

FirewallRules: [{F2AD82F0-D740-4D11-8822-A4C847038776}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\batman arkham asylum\Batman_Revoker.exe

FirewallRules: [{E8CE9104-293C-4425-96E6-2EBA7A98E2ED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\batman arkham asylum\Binaries\BmLauncher.exe

FirewallRules: [{D7D31D45-0C11-47DC-B56F-8001C1E5A824}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\batman arkham asylum\Binaries\BmLauncher.exe

FirewallRules: [{EE4F8369-AFA6-4C6E-9795-64001F41EDFA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mass Effect\Binaries\MassEffect.exe

FirewallRules: [{7D67C039-DC27-4D73-BD9E-072FF2765A51}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mass Effect\Binaries\MassEffect.exe

FirewallRules: [{833FB474-6C2B-4CDC-B1FB-771DB35E1FEC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mass Effect\docs\EA Help\Electronic_Arts_Technical_Support.htm

FirewallRules: [{145884B9-FA73-4E23-9C95-594FE41E2892}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mass Effect\docs\EA Help\Electronic_Arts_Technical_Support.htm

FirewallRules: [{29283C7E-7160-4B7F-8DFF-F102F3498540}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe

FirewallRules: [{566A7F5A-9C52-48F6-8B2A-3D16F511AB1B}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe

FirewallRules: [{5936E222-B2B7-4DF9-A647-67F36BD584C6}] => (Allow) C:\Program Files (x86)\StarCraft II\Versions\Base23260\SC2.exe

FirewallRules: [{43AA3C86-78E6-47F8-B5F8-EF479DAD5C9A}] => (Allow) C:\Program Files (x86)\StarCraft II\Versions\Base23260\SC2.exe

FirewallRules: [{295D6561-BD4E-4FEA-96C1-823F26BC9AB1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\bioshock\Builds\Release\Bioshock.exe

FirewallRules: [{21E6802C-07CD-43E0-994F-026BEE8613D4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\bioshock\Builds\Release\Bioshock.exe

FirewallRules: [{6D043871-189B-42A2-8DF0-2F5B62035A41}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Operation Flashpoint Red River\RedRiverLauncher.exe

FirewallRules: [{7CF7B59B-BAF1-41F3-A500-52A1D02A48E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Operation Flashpoint Red River\RedRiverLauncher.exe

FirewallRules: [TCP Query User{3D5903BA-A9E4-4C3D-98FD-D729172B86F1}C:\program files (x86)\steam\steamapps\common\operation flashpoint red river\redriver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\operation flashpoint red river\redriver.exe

FirewallRules: [UDP Query User{8D0D78F3-180F-4340-96B1-66D9AAA2BA9D}C:\program files (x86)\steam\steamapps\common\operation flashpoint red river\redriver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\operation flashpoint red river\redriver.exe

FirewallRules: [TCP Query User{93D54BE7-278D-4100-A37B-19F6B9D00212}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe

FirewallRules: [UDP Query User{67287190-27D2-4F22-95E6-F165F7907330}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe

FirewallRules: [{980A7706-DC85-47B0-AE46-1060364562D3}] => (Allow) C:\Program Files (x86)\StarCraft II\Versions\Base23260\SC2.exe

FirewallRules: [{D891CF18-B259-45E3-9A08-008C8BE4D384}] => (Allow) C:\Program Files (x86)\StarCraft II\Versions\Base23260\SC2.exe

FirewallRules: [TCP Query User{730458B9-C37D-4A78-A7FC-3B6B12B96FB7}C:\program files (x86)\steam\steamapps\k2o4\counter-strike source\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\k2o4\counter-strike source\hl2.exe

FirewallRules: [UDP Query User{2409B414-35DB-4E71-9FD5-CCB413877DC9}C:\program files (x86)\steam\steamapps\k2o4\counter-strike source\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\k2o4\counter-strike source\hl2.exe

FirewallRules: [TCP Query User{DA7F12F1-9843-406D-BA2D-C6E138AF33E9}C:\program files (x86)\steam\steamapps\common\batman arkham asylum\binaries\shippingpc-bmgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\batman arkham asylum\binaries\shippingpc-bmgame.exe

FirewallRules: [UDP Query User{70ABE535-AA49-4781-B50F-5B1F690101F1}C:\program files (x86)\steam\steamapps\common\batman arkham asylum\binaries\shippingpc-bmgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\batman arkham asylum\binaries\shippingpc-bmgame.exe

FirewallRules: [{D3A21772-8751-4842-921B-E4FC17264215}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\sniper ghost warrior\Sniper_x86.exe

FirewallRules: [{B8A21AD6-3B7B-402C-923F-267BDE0004F2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\sniper ghost warrior\Sniper_x86.exe

FirewallRules: [{FFCC9C62-6DC2-40AC-8541-ADE755BA730C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\skyrim\SkyrimLauncher.exe

FirewallRules: [{6D01B1DE-17E0-4C94-B5D9-4D56202BDAA0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\skyrim\SkyrimLauncher.exe

FirewallRules: [{FA72446A-6AEA-4DFC-9CA6-8CCD18B6FA6F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\the witcher 2\Launcher.exe

FirewallRules: [{42F24E93-8D36-4632-B52A-5A13A6E5834E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\the witcher 2\Launcher.exe

FirewallRules: [{5FE39FA7-E9C2-4136-A4CB-05FA021A2821}] => (Allow) C:\Program Files (x86)\StarCraft II\Versions\Base24944\SC2.exe

FirewallRules: [{8D17D197-EDD5-4FF7-81C5-18DB99DF6550}] => (Allow) C:\Program Files (x86)\StarCraft II\Versions\Base24944\SC2.exe

FirewallRules: [TCP Query User{C0F52063-B14D-406C-BF25-6605465BB970}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe

FirewallRules: [UDP Query User{E14C4857-6C0C-4710-807C-4909810C9479}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe

FirewallRules: [{B4B51B01-6CCB-48C1-B111-9FF738624089}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe

FirewallRules: [{3C2BDA58-5126-483E-982C-AA680C6BAFE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe

FirewallRules: [{B1AFC845-8006-4DB3-A4AD-5003C6DD0949}] => (Allow) C:\Users\Tony\AppData\Roaming\Spotify\spotify.exe

FirewallRules: [{463A718C-299A-44DE-8D55-71FDF529B708}] => (Allow) C:\Users\Tony\AppData\Roaming\Spotify\spotify.exe

FirewallRules: [{9EAD787C-E81E-431F-B740-5E7BB0660B10}] => (Allow) C:\Users\Tony\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{0E9CD0D0-BD16-458F-96C6-EA1CE3A4A3FB}] => (Allow) C:\Users\Tony\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{72DA5740-D28B-479D-9A77-55123D3C835B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe

FirewallRules: [{654A3215-0E47-4153-A848-21C5676CBE33}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe

FirewallRules: [{D140B750-D28D-4AB1-BC60-4A34C7ADD316}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Batman Arkham City GOTY\Binaries\Win32\BatmanAC.exe

FirewallRules: [{D70FF6E1-E9C5-4BD7-83FC-99A2195DF0B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Batman Arkham City GOTY\Binaries\Win32\BatmanAC.exe

FirewallRules: [{D0427322-583C-4839-8222-45B4B0678EAC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Batman Arkham City GOTY\RunLauncher.bat

FirewallRules: [{73F3E47C-2B69-419A-8AC9-A2C6AC917BEA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Batman Arkham City GOTY\RunLauncher.bat

FirewallRules: [{A58ACA2D-8708-47B0-AB00-9FACDD6B545A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ArmA Armed Assault\arma.exe

FirewallRules: [{0A88817B-52E6-48F0-8E99-0DD5D2BDAEFF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ArmA Armed Assault\arma.exe

FirewallRules: [{E67CAF2B-6A16-4124-BC9C-64D4E2AE444E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ArmA Armed Assault\arma_server.exe

FirewallRules: [{14895B41-8D2E-4D1E-BBD1-33D5F41118A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ArmA Armed Assault\arma_server.exe

FirewallRules: [{95B56A3A-7EC8-447B-9FE9-ADA59EC88E54}] => (Allow) C:\Program Files (x86)\Steam\steamapps\k2o4\half-life source\hl2.exe

FirewallRules: [{757DED74-77FD-4AAB-A19B-D1C711444C29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\k2o4\half-life source\hl2.exe

FirewallRules: [{6F46221F-6D84-418B-BB93-11E5B26EDC9F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe

FirewallRules: [{2224ED4C-C4B2-4099-BF97-46476A2F1586}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe

FirewallRules: [{0FA96B23-4E19-4A28-B615-88E910142C6C}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe

FirewallRules: [{1CAB844F-9461-441F-BD85-6FBC6531F7D9}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe

FirewallRules: [{DC54BBB6-8679-4084-A9C3-92BC2DECB015}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe

FirewallRules: [{40BE571D-699B-4694-B8FC-4F75A8D91572}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe

FirewallRules: [{7ABAFA1E-BD4D-4E47-8F66-F120A8527E2E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\farcry3.exe

FirewallRules: [{843CFA62-789B-45B0-949B-EA2C80E9F5ED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\farcry3.exe

FirewallRules: [{7A2B1FEB-260B-4833-8A8B-E749AB1509FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\farcry3_d3d11.exe

FirewallRules: [{B5E2345A-5A44-4543-936D-5F8E5B001E00}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\farcry3_d3d11.exe

FirewallRules: [{FE242D0B-62A8-4468-AD51-D5EA3287A0BC}] => (Allow) C:\Program Files (x86)\StarCraft II\Versions\Base28667\SC2.exe

FirewallRules: [{3112BD5E-B84E-47C2-A13A-2A9A2695172B}] => (Allow) C:\Program Files (x86)\StarCraft II\Versions\Base28667\SC2.exe

FirewallRules: [{8A9C3534-04E8-48B8-A93F-F943315F0ABA}] => (Allow) C:\Users\Tony\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{0C2CB363-3EEB-46E8-B932-5FF218035381}] => (Allow) C:\Users\Tony\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{AD01599C-56DA-4091-B7C9-7332AC0983B8}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

FirewallRules: [{0D103B16-B666-458A-8F88-E5C43091C854}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

FirewallRules: [{75180442-838E-4598-AD04-5F90F1C46CE5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Batman Arkham Origins\SinglePlayer\Binaries\Win32\BatmanOrigins.exe

FirewallRules: [{EA6A3B73-0091-4FE4-BD0D-A54B0A530481}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Batman Arkham Origins\SinglePlayer\Binaries\Win32\BatmanOrigins.exe

FirewallRules: [{EE3711E7-8925-4EAD-A5F9-58FF110F0890}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Batman Arkham Origins\Online\Binaries\Win32\BatmanOriginsOnline.exe

FirewallRules: [{5076828A-E978-4C2A-9D5B-87C9EAED8765}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Batman Arkham Origins\Online\Binaries\Win32\BatmanOriginsOnline.exe

FirewallRules: [TCP Query User{787422F0-DCFC-4C30-9967-CC30D36292F3}C:\program files\comicrack\comicrack.exe] => (Allow) C:\program files\comicrack\comicrack.exe

FirewallRules: [UDP Query User{28F2EC35-E815-479D-B5B0-88A716919B4E}C:\program files\comicrack\comicrack.exe] => (Allow) C:\program files\comicrack\comicrack.exe

FirewallRules: [{7FE5707E-DA61-42FB-A847-D0E2B8E4723D}] => (Allow) C:\Program Files (x86)\BitTorrent Sync\BTSync.exe

FirewallRules: [{8B4D8705-F675-47C6-B159-6DE184055E35}] => (Allow) C:\Program Files (x86)\BitTorrent Sync\BTSync.exe

FirewallRules: [{304A4303-B574-4369-811B-A0BC53B36644}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\System\witcher.exe

FirewallRules: [{CFBF4CB7-7C62-45E8-A094-690BC9421604}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\System\witcher.exe

FirewallRules: [{1E455F01-2230-4523-8B31-E731C404E657}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\System\djinni!.exe

FirewallRules: [{6942D3E2-80A5-4C13-A4FC-8B67CD02AD8B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\System\djinni!.exe

FirewallRules: [{C42B5ABA-86B4-47CE-BAB3-123F587F32FA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe

FirewallRules: [{5C6E041C-0244-45CC-B1D2-A64C6FC584D2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe

FirewallRules: [{0179A596-CE66-4F1E-A6FA-7A02B9942FEF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\How to Survive\HowToSurvive.exe

FirewallRules: [{02CACBFA-DB8A-4A40-8841-13F9A34B7C94}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\How to Survive\HowToSurvive.exe

FirewallRules: [{5ECE6AE2-3975-4A65-83C1-315BDB4D9ED0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\How to Survive\Detect.exe

FirewallRules: [{9A31FE80-4312-4748-88E1-BFDA808AC319}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\How to Survive\Detect.exe

FirewallRules: [{1EAB5B9F-D77E-4B4E-80D9-BBDB3AA7ACB9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life 2\hl2.exe

FirewallRules: [{EC541598-DF82-4E62-95F3-BD97898D5992}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life 2\hl2.exe

FirewallRules: [{92E65FE7-C300-40D9-8049-3CEFDCB32577}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [{D2B5FC28-9E58-4C33-8EAF-A2BCC2099EC9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\FC3UpdaterSteam.exe

FirewallRules: [{9176C9EF-4AB5-4CC2-9AD1-93BE46583375}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\FC3UpdaterSteam.exe

FirewallRules: [TCP Query User{DDDA03D4-D43B-41EF-AF9D-4F4EAF41DDD9}C:\program files (x86)\starcraft ii\versions\base38749\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base38749\sc2_x64.exe

FirewallRules: [UDP Query User{3F56A0CC-672D-4379-9B1A-A1EBF9B322C6}C:\program files (x86)\starcraft ii\versions\base38749\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base38749\sc2_x64.exe

FirewallRules: [{727A4383-4781-46BA-AAD5-BEF338D8AD84}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe

FirewallRules: [{BB219E4D-A349-4496-8A68-5CF28C5959CD}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe

FirewallRules: [{FAC5160A-8271-41BC-9CF9-C190F859969D}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe

FirewallRules: [{11E1560D-7786-44B4-A937-373149B6368A}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe

FirewallRules: [TCP Query User{86DC95B3-2305-4E9D-A4E3-F8DDA873D132}C:\program files (x86)\starcraft ii\versions\base38996\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base38996\sc2_x64.exe

FirewallRules: [UDP Query User{4BA5C3E7-16B9-432E-8A45-FACC94FE9AAB}C:\program files (x86)\starcraft ii\versions\base38996\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base38996\sc2_x64.exe

FirewallRules: [TCP Query User{F203F71C-B647-4DB4-8705-9A2D2DCCC4BF}C:\program files (x86)\starcraft ii\versions\base38996\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base38996\sc2_x64.exe

FirewallRules: [UDP Query User{4ABADC62-8451-44E2-AB49-7DFAA9E1D880}C:\program files (x86)\starcraft ii\versions\base38996\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base38996\sc2_x64.exe

FirewallRules: [TCP Query User{C14B42BB-892F-4439-9D23-F356092ACB59}C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe

FirewallRules: [UDP Query User{53B05269-CED8-4873-9BDE-767BC1E3D7F3}C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe

FirewallRules: [TCP Query User{274BCB66-77C7-4B32-8C76-2562184B2F7B}C:\program files (x86)\starcraft ii\versions\base41743\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base41743\sc2_x64.exe

FirewallRules: [UDP Query User{A4855539-E298-4371-90EA-5AE54C71E0E3}C:\program files (x86)\starcraft ii\versions\base41743\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base41743\sc2_x64.exe

FirewallRules: [TCP Query User{F1EC5057-1BFE-4363-A03D-4C74ED092118}C:\users\tony\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tony\appdata\roaming\spotify\spotify.exe

FirewallRules: [UDP Query User{9ACBCC16-212B-4F10-BD06-88CAE3A76A3E}C:\users\tony\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tony\appdata\roaming\spotify\spotify.exe

FirewallRules: [TCP Query User{99DEFCAB-8880-4910-A411-12C629DFEA97}C:\program files (x86)\starcraft ii\versions\base42253\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base42253\sc2_x64.exe

FirewallRules: [UDP Query User{8F56C318-E395-41F5-BAD6-9EC52F300933}C:\program files (x86)\starcraft ii\versions\base42253\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base42253\sc2_x64.exe

FirewallRules: [{433A6DFD-BBF8-4902-8699-F51EA2DAFFF6}] => (Allow) C:\Program Files\pia_manager\pia_manager.exe

FirewallRules: [{0EC7F383-986D-4046-961A-489E7A463801}] => (Allow) C:\Program Files\pia_manager\pia_manager.exe

FirewallRules: [{C0C05FB5-FF8A-4BAD-84AD-02412C610334}] => (Allow) C:\Program Files\pia_manager\pia_manager.exe

FirewallRules: [{38827AF6-90E0-433E-AFD3-3E292E083EFF}] => (Allow) C:\Program Files\pia_manager\pia_manager.exe

FirewallRules: [TCP Query User{47C2AEE1-9AC4-4CBF-A23C-21BD20C53CD7}C:\program files (x86)\starcraft ii\versions\base42932\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base42932\sc2_x64.exe

FirewallRules: [UDP Query User{219E2389-4B86-488B-88C6-B2597AA1B0EC}C:\program files (x86)\starcraft ii\versions\base42932\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base42932\sc2_x64.exe

FirewallRules: [TCP Query User{70119917-546B-4262-B2F8-E3861CFB024A}C:\program files (x86)\starcraft ii\versions\base43478\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base43478\sc2_x64.exe

FirewallRules: [UDP Query User{A3F646BF-0C59-4441-A763-7E42F6E14291}C:\program files (x86)\starcraft ii\versions\base43478\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base43478\sc2_x64.exe

FirewallRules: [TCP Query User{7B3BC547-386D-44DA-B856-6688220DCE42}C:\program files (x86)\starcraft ii\versions\base44401\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base44401\sc2_x64.exe

FirewallRules: [UDP Query User{2F2B7EF2-5BEC-411E-9D85-0F96D156AF0A}C:\program files (x86)\starcraft ii\versions\base44401\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base44401\sc2_x64.exe

FirewallRules: [TCP Query User{921920D5-6270-4BC1-BEFA-DFC14BB99493}C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe

FirewallRules: [UDP Query User{905ACA9D-DF61-4413-B976-5D833199DD12}C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe

FirewallRules: [TCP Query User{B2D44B2C-0FF6-44E6-867C-2D559AE571FC}C:\program files (x86)\starcraft ii\versions\base46154\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base46154\sc2_x64.exe

FirewallRules: [UDP Query User{AC875072-0264-4BC2-8B3C-FFE6E713F76F}C:\program files (x86)\starcraft ii\versions\base46154\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base46154\sc2_x64.exe

FirewallRules: [TCP Query User{977BB100-0188-4341-A2AF-7FEA48EBBA8C}C:\program files (x86)\starcraft ii\versions\base47185\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base47185\sc2_x64.exe

FirewallRules: [UDP Query User{A44668C6-9C64-4F0E-BA0E-7A0C0D747763}C:\program files (x86)\starcraft ii\versions\base47185\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base47185\sc2_x64.exe

FirewallRules: [TCP Query User{ABC0251F-84FC-40A3-A371-CA243B6962A8}C:\program files (x86)\starcraft ii\versions\base48258\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base48258\sc2_x64.exe

FirewallRules: [UDP Query User{193A2525-DF7A-400C-956B-D9081E38A099}C:\program files (x86)\starcraft ii\versions\base48258\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base48258\sc2_x64.exe

FirewallRules: [{C3282C1E-7659-4B8F-9257-8C4065A4CF85}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Metro 2033\metro2033.exe

FirewallRules: [{4094DA89-A5D7-41B7-9979-87027D6B63E2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Metro 2033\metro2033.exe

FirewallRules: [{7F34928B-E98C-4557-B9FD-C43C8F454E36}] => (Allow) C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe

FirewallRules: [{A8C5F1F1-0632-4501-858B-8F4EAF28BC27}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe

FirewallRules: [{F8A01D9A-62FA-414E-8633-0A428C33D8AB}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe

FirewallRules: [TCP Query User{0737BDB7-CC86-4823-8569-F384F0DE07C1}C:\program files (x86)\starcraft ii\versions\base48645\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base48645\sc2_x64.exe

FirewallRules: [UDP Query User{2E47101F-B9EE-40A1-B0DD-673A3513FB63}C:\program files (x86)\starcraft ii\versions\base48645\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base48645\sc2_x64.exe

FirewallRules: [TCP Query User{BF700088-C7C9-4C29-9796-9DF866768570}C:\program files (x86)\starcraft ii\versions\base49716\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base49716\sc2_x64.exe

FirewallRules: [UDP Query User{B28CBEFB-E374-4ABF-ABBE-CF46F5AF6C1E}C:\program files (x86)\starcraft ii\versions\base49716\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base49716\sc2_x64.exe

FirewallRules: [TCP Query User{6CBF9D88-9686-4BFD-9827-3CCF443319D6}C:\program files (x86)\starcraft ii\versions\base51702\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base51702\sc2_x64.exe

FirewallRules: [UDP Query User{E8209BB7-F5C4-4039-9AE1-B6CD618221B5}C:\program files (x86)\starcraft ii\versions\base51702\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base51702\sc2_x64.exe

FirewallRules: [{ECBD7FF9-EB66-49B7-AD00-6118637642F2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe

FirewallRules: [{50BDC76C-4F77-4EC5-8C07-A3256BE456A2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe

FirewallRules: [{E1B890BD-27C8-4C69-B3BB-84C5833D4D6E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe

FirewallRules: [{02EE5E72-33B7-460B-A97E-922588FE8852}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{0E8C7CCB-7755-44D2-9E98-2A5168A96828}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{20C0F152-3640-4F0F-A452-A4DEC8622503}] => (Allow) C:\Program Files (x86)\VPN Unlimited\openvpn.exe

FirewallRules: [{11098611-6E18-47D7-8435-0C5423760E9E}] => (Allow) C:\Program Files (x86)\VPN Unlimited\openvpn.exe

FirewallRules: [TCP Query User{3E9152C0-E8D0-4AA3-A38F-F78C4A9282A4}C:\program files (x86)\starcraft ii\versions\base52910\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base52910\sc2_x64.exe

FirewallRules: [UDP Query User{604F7706-5B5E-4B33-9893-92F6E8A5FA7B}C:\program files (x86)\starcraft ii\versions\base52910\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base52910\sc2_x64.exe

FirewallRules: [TCP Query User{3946D6DD-7A22-4266-9003-AF26D1C384E2}C:\program files (x86)\starcraft ii\versions\base53644\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base53644\sc2_x64.exe

FirewallRules: [UDP Query User{6C56C954-B03F-4194-A1D0-8EA475446390}C:\program files (x86)\starcraft ii\versions\base53644\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base53644\sc2_x64.exe

FirewallRules: [{12C97139-C211-4F6E-95F3-C3D9E6901900}] => (Allow) C:\Program Files (x86)\Jawbone\JawboneUpdater.exe

FirewallRules: [{77FEE69C-518C-4419-8912-95F81EC0A9E2}] => (Allow) C:\Program Files (x86)\Jawbone\JawboneUpdater.exe

FirewallRules: [TCP Query User{2384408E-E408-4892-8816-FB3F44A08F00}C:\program files (x86)\starcraft ii\versions\base54518\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base54518\sc2_x64.exe

FirewallRules: [UDP Query User{3B254439-68CD-4B2B-A94F-B166D57F65C9}C:\program files (x86)\starcraft ii\versions\base54518\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base54518\sc2_x64.exe

FirewallRules: [TCP Query User{24682025-692D-4C09-9F00-13D4AA6DE9F0}C:\program files (x86)\starcraft\starcraft.exe] => (Allow) C:\program files (x86)\starcraft\starcraft.exe

FirewallRules: [UDP Query User{80B44FDE-CE38-4CEF-8E91-63FAF9FF8A96}C:\program files (x86)\starcraft\starcraft.exe] => (Allow) C:\program files (x86)\starcraft\starcraft.exe

FirewallRules: [TCP Query User{741F52C2-3AFD-4475-8B2D-ADF77AF3DBEE}C:\program files (x86)\starcraft ii\versions\base55505\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base55505\sc2_x64.exe

FirewallRules: [UDP Query User{7ABAC158-CC3D-43A7-B6F2-D5A5F9CF6D3C}C:\program files (x86)\starcraft ii\versions\base55505\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base55505\sc2_x64.exe

FirewallRules: [TCP Query User{0DCCC732-7C2E-4CE4-BD23-BF4B5E507B9A}C:\program files (x86)\starcraft ii\versions\base55958\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base55958\sc2_x64.exe

FirewallRules: [UDP Query User{C9FE52E3-6FF9-46AB-9514-7D11BC31E127}C:\program files (x86)\starcraft ii\versions\base55958\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base55958\sc2_x64.exe

FirewallRules: [TCP Query User{8D50237F-A830-47F6-AB45-DB2DD645F77B}C:\program files (x86)\starcraft ii\versions\base56787\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base56787\sc2_x64.exe

FirewallRules: [UDP Query User{8D5BAE24-9EE4-4DAD-9CC8-17554736AB1C}C:\program files (x86)\starcraft ii\versions\base56787\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base56787\sc2_x64.exe

FirewallRules: [TCP Query User{4ED4F737-EDBA-475C-B76B-2774F1591639}C:\program files (x86)\starcraft ii\versions\base57507\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base57507\sc2_x64.exe

FirewallRules: [UDP Query User{75E7EB89-7D4A-4CCB-A121-62ECB1ED26CB}C:\program files (x86)\starcraft ii\versions\base57507\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base57507\sc2_x64.exe

FirewallRules: [TCP Query User{825AE80E-4AFF-47FA-92B2-2254992342E5}C:\program files (x86)\ezviz studio\ezvizstudio.exe] => (Allow) C:\program files (x86)\ezviz studio\ezvizstudio.exe

FirewallRules: [UDP Query User{6F44D33C-7988-4F7F-AE66-AAA2D17B88FF}C:\program files (x86)\ezviz studio\ezvizstudio.exe] => (Allow) C:\program files (x86)\ezviz studio\ezvizstudio.exe

FirewallRules: [TCP Query User{8AE1EB9B-C2F8-459C-8830-CDE7AC11E9E3}C:\program files (x86)\starcraft ii\versions\base58400\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base58400\sc2_x64.exe

FirewallRules: [UDP Query User{38EA4E55-A324-4615-A47E-54C7B6DC6A10}C:\program files (x86)\starcraft ii\versions\base58400\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base58400\sc2_x64.exe

FirewallRules: [TCP Query User{7FCBD95E-A233-437C-8572-D0497269ED75}C:\program files (x86)\ezviz studio\ezvizstudio.exe] => (Allow) C:\program files (x86)\ezviz studio\ezvizstudio.exe

FirewallRules: [UDP Query User{142F4EC7-9381-4169-A17F-E56D51C53B0C}C:\program files (x86)\ezviz studio\ezvizstudio.exe] => (Allow) C:\program files (x86)\ezviz studio\ezvizstudio.exe

FirewallRules: [{D4BDB173-1DDB-4C75-94BD-1C5E53003866}] => (Allow) C:\Program Files (x86)\VPN Unlimited\vpn-unlimited.exe

FirewallRules: [{C9E9B489-8780-40D6-8E08-80019DC3F3BB}] => (Allow) C:\Program Files (x86)\VPN Unlimited\vpn-unlimited.exe

FirewallRules: [TCP Query User{E9A99166-3BC4-4456-8D92-49A9C67C4D0D}C:\program files (x86)\starcraft ii\versions\base60196\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base60196\sc2_x64.exe

FirewallRules: [UDP Query User{B013799B-13C4-4902-8942-140F42C9D53A}C:\program files (x86)\starcraft ii\versions\base60196\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base60196\sc2_x64.exe

FirewallRules: [TCP Query User{64E0CEF2-11AF-430F-81F7-842FEACB38A7}C:\program files (x86)\starcraft ii\versions\base60321\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base60321\sc2_x64.exe

FirewallRules: [UDP Query User{89AE2755-5EA1-471C-AA8E-70B4C7F09E0D}C:\program files (x86)\starcraft ii\versions\base60321\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base60321\sc2_x64.exe

FirewallRules: [TCP Query User{0DF09FFA-699E-4ECF-8FEA-CD7D6BE6FB8C}C:\program files (x86)\vpn unlimited\vpn-unlimited.exe] => (Allow) C:\program files (x86)\vpn unlimited\vpn-unlimited.exe

FirewallRules: [UDP Query User{BEAF2393-563D-4E11-85A1-85C9B210F20F}C:\program files (x86)\vpn unlimited\vpn-unlimited.exe] => (Allow) C:\program files (x86)\vpn unlimited\vpn-unlimited.exe

FirewallRules: [TCP Query User{B00BBDB5-C940-41BA-BE6A-CF31FCA26E7A}C:\program files (x86)\starcraft ii\versions\base60321\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base60321\sc2_x64.exe

FirewallRules: [UDP Query User{70ACFB73-2993-459D-924A-F78EC4F052FE}C:\program files (x86)\starcraft ii\versions\base60321\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base60321\sc2_x64.exe

FirewallRules: [TCP Query User{7346EE59-2327-41BB-8AB9-1BE1C71B485F}C:\program files (x86)\starcraft ii\versions\base62347\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base62347\sc2_x64.exe

FirewallRules: [UDP Query User{05644EEC-524D-4E48-8A24-57281BD861E9}C:\program files (x86)\starcraft ii\versions\base62347\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base62347\sc2_x64.exe

FirewallRules: [TCP Query User{28AD80B6-7A5C-4F58-9C04-64165FEC23E1}C:\program files (x86)\starcraft ii\versions\base62347\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base62347\sc2_x64.exe

FirewallRules: [UDP Query User{DB86D642-0EB3-48F8-867A-A596E9EA8C13}C:\program files (x86)\starcraft ii\versions\base62347\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base62347\sc2_x64.exe

StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access

StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service

StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater

StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

24-02-2018 21:24:15 Windows Update

28-02-2018 10:08:05 Windows Update

==================== Faulty Device Manager Devices =============

Name: Microsoft Virtual WiFi Miniport Adapter

Description: Microsoft Virtual WiFi Miniport Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: vwifimp

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Could not start eventlog service, could not read events.

The Windows Event Log service is starting.

The Windows Event Log service could not be started.

A system error has occurred.

The system cannot find message text for message number 0x1069 in the message file for (null).

More help is available by typing NET HELPMSG 4201.

==================== Memory info ===========================

Processor: Intel® Core™ i5-2550K CPU @ 3.40GHz

Percentage of memory in use: 31%

Total physical RAM: 8173.21 MB

Available physical RAM: 5569.36 MB

Total Virtual: 16344.59 MB

Available Virtual: 13005.7 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:278.67 GB) NTFS

\\?\Volume{6e3c938c-843e-11e1-8978-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: E0D240D5)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

#2
RKinner

Posted 01 March 2018 - 06:20 AM

Malware Expert

Expert
24,625 posts

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures

Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a full minute then:

File, Save As, Save. Note the file name. Open the file on your desktop and copy and paste the text to a reply.

Copy the next 2 lines:

TASKLIST /SVC > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open. Copy and paste the text from notepad into a reply.

Get the free version of Speccy:

http://www.filehippo...ownload_speccy/

(Look in the upper right for the Download
Latest Version button - Do NOT press the large Start Download button on the upper left!)
Download, Save and Install it. Tell it you do not need CCLEANER. Run Speccy. When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System.
(It will be near the top, 10-20 lines down.) Save the file. Attach the file to your next post. Attaching the log is the best option as it is too big for the forum. Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it. Point it at the file and hit Open.
Now click on Attach this file.

#3
[email protected]

Posted 03 March 2018 - 07:59 PM

New Member

Topic Starter
Member
6 posts

Thank you! Sorry for the slow reply, here's the first data you asked for:

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer

System Idle Process 95.81 0 K 24 K 0

procexp64.exe 1.35 28,072 K 46,816 K 3696 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation

chrome.exe 1.26 241,392 K 278,500 K 5840 Google Chrome Google Inc. (Verified) Google Inc

Interrupts 0.28 0 K 0 K n/a Hardware Interrupts and DPCs

chrome.exe 0.27 237,072 K 336,760 K 5188 Google Chrome Google Inc. (Verified) Google Inc

googledrivesync.exe 0.23 111,040 K 50,736 K 740 (Verified) Google Inc

MsMpEng.exe 0.16 157,680 K 123,284 K 128 Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Corporation

System 0.15 252 K 1,324 K 4

svchost.exe 0.13 5,012 K 5,048 K 812 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows

chrome.exe 0.06 210,124 K 238,564 K 5368 Google Chrome Google Inc. (Verified) Google Inc

dwm.exe 0.05 73,300 K 61,868 K 3048 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows

chrome.exe 0.05 6,368 K 12,112 K 5352 Google Chrome Google Inc. (Verified) Google Inc

chrome.exe 0.04 56,988 K 74,468 K 4836 Google Chrome Google Inc. (Verified) Google Inc

csrss.exe 0.03 4,160 K 23,224 K 604 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows

nvcontainer.exe 0.02 9,068 K 6,108 K 2028 NVIDIA Container NVIDIA Corporation (Verified) NVIDIA Corporation

explorer.exe 0.02 68,676 K 76,248 K 1196 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows

Dropbox.exe 0.01 176,016 K 81,052 K 3608 Dropbox Dropbox, Inc. (Verified) Dropbox

chrome.exe 0.01 47,596 K 62,152 K 2344 Google Chrome Google Inc. (Verified) Google Inc

svchost.exe 0.01 8,484 K 8,716 K 2928 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows

svchost.exe 0.01 15,848 K 12,232 K 3732 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows

chrome.exe 0.01 99,608 K 128,288 K 7924 Google Chrome Google Inc. (Verified) Google Inc

NVIDIA Web Helper.exe 0.01 32,140 K 1,416 K 5116 NVIDIA Web Helper Service Node.js (Verified) NVIDIA Corporation

nvcontainer.exe 0.01 35,152 K 11,716 K 1404 NVIDIA Container NVIDIA Corporation (Verified) NVIDIA Corporation

svchost.exe 0.01 18,228 K 8,608 K 496 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows

PnkBstrA.exe < 0.01 1,236 K 516 K 704 (Verified) Even Balance

SearchIndexer.exe < 0.01 41,056 K 20,692 K 2444 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows

taskhost.exe < 0.01 8,348 K 6,564 K 1140 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows

svchost.exe < 0.01 11,096 K 12,252 K 1028 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows

svchost.exe < 0.01 40,280 K 19,180 K 1432 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows

svchost.exe < 0.01 57,588 K 49,784 K 1060 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows

NVDisplay.Container.exe < 0.01 24,136 K 12,096 K 1272 NVIDIA Container NVIDIA Corporation (Verified) NVIDIA Corporation

chrome.exe < 0.01 226,816 K 194,060 K 5992 Google Chrome Google Inc. (Verified) Google Inc

csrss.exe < 0.01 2,268 K 1,980 K 536 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows

wmpnetwk.exe < 0.01 14,288 K 12,168 K 2412 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows

ipoint.exe < 0.01 5,664 K 2,592 K 3140 IPoint.exe Microsoft Corporation (Verified) Microsoft Corporation

svchost.exe < 0.01 12,700 K 9,880 K 792 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows

WmiPrvSE.exe 3,652 K 7,548 K 6084 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows

WmiPrvSE.exe 2,948 K 7,264 K 3080 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows

WLIDSVCM.EXE 1,436 K 396 K 2268 Microsoft® Windows Live ID Service Monitor Microsoft Corporation (Verified) Microsoft Corporation

WLIDSVC.EXE 4,952 K 2,896 K 1328 Microsoft® Windows Live ID Service Microsoft Corporation (Verified) Microsoft Corporation

wlanext.exe 1,984 K 2,104 K 1620 Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation (Verified) Microsoft Windows

winlogon.exe 3,168 K 2,416 K 664 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows

wininit.exe 1,684 K 236 K 576 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows

taskeng.exe 2,656 K 3,048 K 2888 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows

svchost.exe 198,864 K 190,100 K 1312 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows

svchost.exe 5,400 K 5,332 K 932 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows

svchost.exe 17,104 K 15,180 K 1740 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows

svchost.exe 3,536 K 2,000 K 1976 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows

svchost.exe 2,996 K 2,008 K 1160 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows

SpotifyWebHelper.exe 1,572 K 724 K 3636 SpotifyWebHelper Spotify Ltd (Verified) Spotify AB

spoolsv.exe 9,140 K 5,108 K 1712 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows

smss.exe 548 K 376 K 296 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows

services.exe 4,060 K 4,356 K 676 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows

RAVCpl64.exe 9,612 K 2,420 K 3356 Realtek HD Audio Manager Realtek Semiconductor (Verified) Realtek Semiconductor Corp

procexp.exe 3,740 K 7,936 K 5404 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation

NVDisplay.Container.exe 4,848 K 4,560 K 880 NVIDIA Container NVIDIA Corporation (Verified) NVIDIA Corporation

notepad.exe 2,000 K 6,884 K 4884 Notepad Microsoft Corporation (Verified) Microsoft Windows

NisSrv.exe 17,424 K 9,196 K 2468 Microsoft Network Realtime Inspection Service Microsoft Corporation (Verified) Microsoft Corporation

msseces.exe 6,432 K 1,380 K 3532 Microsoft Security Client User Interface Microsoft Corporation (Verified) Microsoft Corporation

lsm.exe 3,024 K 1,984 K 708 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows

lsass.exe 7,944 K 7,692 K 700 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows

itype.exe 8,548 K 1,816 K 3124 IType.exe Microsoft Corporation (Verified) Microsoft Corporation

googledrivesync.exe 2,952 K 144 K 3684 (Verified) Google Inc

GoogleCrashHandler64.exe 1,668 K 656 K 3248 Google Crash Handler Google Inc. (Verified) Google Inc

GoogleCrashHandler.exe 1,524 K 528 K 3100 Google Crash Handler Google Inc. (Verified) Google Inc

Dropbox.exe 2,140 K 1,236 K 3476 Dropbox Dropbox, Inc. (Verified) Dropbox

Dropbox.exe 1,360 K 348 K 3752 Dropbox Dropbox, Inc. (Verified) Dropbox

dllhost.exe 2,804 K 1,936 K 4776 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows

conhost.exe 1,916 K 6,100 K 4664 Console Window Host Microsoft Corporation (Verified) Microsoft Windows

conhost.exe 1,092 K 432 K 1684 Console Window Host Microsoft Corporation (Verified) Microsoft Windows

conhost.exe 1,484 K 460 K 3224 Console Window Host Microsoft Corporation (Verified) Microsoft Windows

cmd.exe 2,520 K 3,420 K 8024 Windows Command Processor Microsoft Corporation (Verified) Microsoft Windows

chrome.exe 118,112 K 127,292 K 7888 Google Chrome Google Inc. (Verified) Google Inc

chrome.exe 2,556 K 6,184 K 6220 Google Chrome Google Inc. (Verified) Google Inc

chrome.exe 24,924 K 37,072 K 6816 Google Chrome Google Inc. (Verified) Google Inc

chrome.exe 32,928 K 44,224 K 6632 Google Chrome Google Inc. (Verified) Google Inc

chrome.exe 2,708 K 6,864 K 2040 Google Chrome Google Inc. (Verified) Google Inc

audiodg.exe 19,036 K 18,236 K 5496 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows

#4
[email protected]

Posted 03 March 2018 - 08:00 PM

New Member

Topic Starter
Member
6 posts

Image Name PID Services

========================= ======== ============================================

System Idle Process 0 N/A

System 4 N/A

smss.exe 296 N/A

csrss.exe 536 N/A

wininit.exe 576 N/A

csrss.exe 604 N/A

winlogon.exe 664 N/A

services.exe 676 N/A

lsass.exe 700 EFS, KeyIso, SamSs

lsm.exe 708 N/A

svchost.exe 812 DcomLaunch, PlugPlay, Power

NVDisplay.Container.exe 880 NVDisplay.ContainerLocalSystem

svchost.exe 932 RpcEptMapper, RpcSs

MsMpEng.exe 128 MsMpSvc

svchost.exe 496 AudioSrv, Dhcp, HomeGroupProvider, lmhosts,

wscsvc

svchost.exe 792 AudioEndpointBuilder, HomeGroupListener,

Netman, PcaSvc, TrkWks, UxSms, Wlansvc

svchost.exe 1028 EventSystem, fdPHost, FontCache, netprofm,

nsi, WdiServiceHost

svchost.exe 1060 Appinfo, BITS, EapHost, iphlpsvc,

LanmanServer, MMCSS, ProfSvc, Schedule,

SENS, ShellHWDetection, Themes, Winmgmt,

wuauserv

svchost.exe 1160 gpsvc

NVDisplay.Container.exe 1272 N/A

svchost.exe 1432 CryptSvc, Dnscache, LanmanWorkstation,

NlaSvc

wlanext.exe 1620 N/A

conhost.exe 1684 N/A

spoolsv.exe 1712 Spooler

svchost.exe 1740 BFE, DPS, MpsSvc

svchost.exe 1976 DiagTrack

nvcontainer.exe 2028 NvContainerLocalSystem

PnkBstrA.exe 704 PnkBstrA

svchost.exe 1312 SysMain

WLIDSVC.EXE 1328 wlidsvc

WLIDSVCM.EXE 2268 N/A

SearchIndexer.exe 2444 WSearch

NisSrv.exe 2468 NisSrv

svchost.exe 2928 FDResPub, QWAVE, SSDPSRV, upnphost

wmpnetwk.exe 2412 WMPNetworkSvc

taskhost.exe 1140 N/A

nvcontainer.exe 1404 N/A

dwm.exe 3048 N/A

taskeng.exe 2888 N/A

explorer.exe 1196 N/A

GoogleCrashHandler.exe 3100 N/A

itype.exe 3124 N/A

ipoint.exe 3140 N/A

GoogleCrashHandler64.exe 3248 N/A

RAVCpl64.exe 3356 N/A

msseces.exe 3532 N/A

SpotifyWebHelper.exe 3636 N/A

googledrivesync.exe 3684 N/A

Dropbox.exe 3608 N/A

Dropbox.exe 3476 N/A

Dropbox.exe 3752 N/A

svchost.exe 3732 p2pimsvc, p2psvc, PNRPsvc

googledrivesync.exe 740 N/A

dllhost.exe 4776 N/A

NVIDIA Web Helper.exe 5116 N/A

conhost.exe 3224 N/A

chrome.exe 5188 N/A

chrome.exe 6220 N/A

chrome.exe 2040 N/A

chrome.exe 5992 N/A

chrome.exe 6816 N/A

chrome.exe 6632 N/A

chrome.exe 7888 N/A

chrome.exe 4836 N/A

chrome.exe 7924 N/A

chrome.exe 5368 N/A

chrome.exe 2344 N/A

chrome.exe 5840 N/A

audiodg.exe 5496 N/A

procexp.exe 5404 N/A

procexp64.exe 3696 N/A

WmiPrvSE.exe 3080 N/A

chrome.exe 7760 N/A

dllhost.exe 5552 N/A

dllhost.exe 7984 N/A

cmd.exe 8024 N/A

conhost.exe 4664 N/A

tasklist.exe 5464 N/A

WmiPrvSE.exe 6084 N/A

#5
[email protected]

Posted 03 March 2018 - 08:17 PM

New Member

Topic Starter
Member
6 posts

And here's the Speccy file

Thanks!

Attached Files

TONY-PC.txt 902.01KB 298 downloads

Edited by [email protected], 03 March 2018 - 08:18 PM.

#6
RKinner

Posted 03 March 2018 - 09:59 PM

Malware Expert

Expert
24,625 posts

FRST doesn't show any malware and Process Explorer doesn't show any problems with something using the CPU. The Hard drive is very old and it's a Seagate so it's a miracle that it still runs. They generally don't last more than a year or two.

There was no attachment to listen to but the forum software only allows certain file types - otherwise you have to zip them up and there is a limit to the size of the file. Perhaps you can put it on dropbox or google drive and give me a link to it. Remember to make sure that I can read it as the default is usually private mode.

If you are sure it is not the CPU fan (which you might also want to replace since it's so old) and it's not the fan in the power supply or the graphics card then that only leaves the hard drive. ( I assume you ruled out the audio by putting it on mute). Replacing the hard drive is not difficult especially with a desktop.

You just need a replacement drive as big or bigger than your current drive.

Something like this:

WD Black 1TB Performance Desktop Hard Disk Drive - 7200 RPM SATA 6 Gb/s 64MB Cache 3.5 Inch - WD1003FZEX
Amazon $71.99

They also have a 2TB version for $109

I recommend the WD Blacks since they seem to last forever and have a better warranty than the Blue but if cost is a problem a Blue is:

WD Blue 1TB SATA 6 Gb/s 7200 RPM 64MB Cache 3.5 Inch Desktop Hard Drive (WD10EZEX)

for $47.49

Other brands are probably OK just don't get another Seagate.

Then you will need some cloning software.

You can use the software from your new drive maker's website or even from Seagate's site or some free software like Macrium

https://www.macrium.com/reflectfree

Download and install the software then shut down the PC.

You need to install the new drive. You probably have a spare SATA connection - most motherboards have 4 total but sometimes these are turned off in the BIOS setup and need to be turned on and you would need a spare power connection and a SATA cable. The simplest thing to do is to just unplug the SATA and power cables from your DVD drive and plug them in to the new drive. You don't need to even mount the new drive - just make sure it can't accidentally short something out.

Fire it up and it should recognize the drive in disk management but you won't see it in explorer tho Speccy will probably see it.

Start up your cloning sofware and tell it to clone from your old drive (Source) to the new (Destination). Once it's done (may take hours) then you just shut down, disconnect the old drive and mount the new in its place, reconnect the DVD and reboot. If your drive is larger than 1 TB then go in and extend the partition to use up the remaining space. Don't go higher than 2TB on a Win 7.

#7
[email protected]

Posted 03 March 2018 - 11:48 PM

New Member

Topic Starter
Member
6 posts

Ok thanks for all that info! Here is a dropbox link to the video file with the sound:

https://www.dropbox....231150.mp4?dl=0

Let me know if listening to the sound specifies your diagnosis in anyway. Otherwise I think I'll be trying to replace the HD. (btw I'm happy to hear that I got that HD to last a long time, didn't realize the risk I took, hehe).