Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Cleaning up after smss-DoOoMs virus attack

Started by Markmarkmarm , May 30 2018 07:38 AM
smss-DoOoM Smss-doooms Smss-dooom.vbs Dooom script error

  • Please log in to reply

#1
Markmarkmarm
Posted 30 May 2018 - 07:38 AM

Markmarkmarm

    New Member

  • Member
  • Pip
  • 5 posts
So what I'm assuming is my computer was infected with the smss-dooom malware, a pretty big virus and threat. I never noticed any change in performance, or any odd behavior... i think my anti virus just removed it as soon as it saw it... however. It left some garbage behind. Ive completely removed any traces of it. And so did my computer. But i still get the script error "cannot find script file. ... ... local/temp/system/smss-doooms.vbs"

How can i remove this. Ive gone into regedit and removed any trace of it in any script. But what registry key is calling for that script. Ive done complete searches with the "search everything" program. I even created a blank text document. Titled it smss-doooms.txt and switched the txt to vbs and threw that in the folder. That worked for a few days. Its driving me nuts. Dooom isnt starting up. Its not in process or services. I think its just a leftover script trying to call a virus that isnt there. But how can i fix the script.

Ive tried avira. Avg. Regedit pro. Malwarebytes. I just need to fix that script. Any help would be nice. I can live with the error if the only alternative is reinstall windows. But yeah. Its not causing no harm. Its just something im missing and i need someone smarter to help. Please. And thank you. Kindly. -mark
  • 0

Advertisements

#2
RKinner
Posted 30 May 2018 - 07:13 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Get FRST from
http://www.bleepingc...very-scan-tool/
You need to download the appropriate tool for your PC.  If you don't know if you have a 32 or 64 bit system get them both.  Only one will work and that's the right one.

Right click to run as administrator - When the tool opens click Yes to disclaimer.
Check the Addition.txt box
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.  
Please copy and paste log back here.
It will generate another log Addition.txt - (also located in the same directory as FRST.exe/FRST64.exe). Please  paste that along with the FRST.txt into your reply.
 


  • 0

#3
Markmarkmarm
Posted 30 May 2018 - 08:27 PM

Markmarkmarm

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

here are the two logs... first. thank you so much for your help. i really appreciate it and thanks for being patient with my low knowledge of this stuff...

 

 

HERE IS THE FIRST LOG (FRST)

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.05.2018 01
Ran by markw (administrator) on DESKTOP-6UG26UV (30-05-2018 19:19:07)
Running from C:\Users\markw\Downloads
Loaded Profiles: markw (Available Profiles: markw & OVRLibraryService)
Platform: Windows 10 Home Version 1709 16299.431 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki125173.inf_amd64_6f141e257f4fffee\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki125173.inf_amd64_6f141e257f4fffee\IntelCpHDCPSvc.exe
(McAfee, LLC) C:\Program Files\Common Files\mcafee\SystemCore\mfemms.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\modulecore\ModuleCoreService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Program Files\Cyberlink\Shared files\RichVideo64.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
() C:\Program Files (x86)\Razer\Razer_Ripsaw_Driver\RipsawUSBPortChecker.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(Rivet Networks) C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\PEF\CORE\PEFService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Oculus VR) D:\Oculus\Support\oculus-runtime\OVRServiceLauncher.exe
(VMware, Inc.) D:\vmware\vmware-authd.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki125173.inf_amd64_6f141e257f4fffee\IntelCpHeciSvc.exe
(McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\MMSSHost\MMSSHOST.exe
() D:\vmware\vmware-hostd.exe
(McAfee, LLC) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(McAfee, Inc.) C:\Program Files\mcafee\mfeav\MfeAVSvc.exe
(McAfee, LLC) C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\VSCore_15_8\mcapexe.exe
(McAfee LLC.) C:\Program Files\Common Files\mcafee\amcore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\csp\2.9.175.0\McCSPServiceHost.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1111\DSAPI.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1111\Phobos.exe
(Dell Inc.) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(DELL) C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(CloudBees, Inc.) C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe
(Rivet Networks LLC) C:\Program Files\Rivet Networks\SmartByte\RNDBWM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Oculus VR) D:\Oculus\Support\oculus-runtime\OVRServer_x64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(ALCPU) C:\Program Files\Core Temp\Core Temp.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki125173.inf_amd64_6f141e257f4fffee\igfxEM.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
() D:\Oculus\Support\oculus-runtime\OVRRedir.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(VMware, Inc.) D:\vmware\vmware-tray.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\modulecore\ModuleCoreService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1111\SystemIdleCheck.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9229280 2017-05-25] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1489376 2017-05-25] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [321096 2017-06-09] (Intel Corporation)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [1189744 2017-06-27] (Waves Audio Ltd.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2017-08-13] (IvoSoft)
HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [3465608 2017-10-01] (Paramount Software UK Ltd)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2786768 2016-11-29] (Malwarebytes)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2904984 2011-09-05] (Adobe Systems Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [465544 2016-02-10] (Power Software Ltd)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596664 2018-01-15] (Razer Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2015-01-29] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4517376 2014-11-11] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [1939968 2014-10-22] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [vmware-tray.exe] => D:\vmware\vmware-tray.exe [115688 2017-09-18] (VMware, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => D:\d installs\quicktime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Winlogon: [Userinit] 
HKLM\...\Winlogon: [Shell]  [ ] () <=== ATTENTION
HKLM-x32\...\Winlogon: [Shell] explorer.exe,  [ ] () <=== ATTENTION
HKU\S-1-5-21-2714088590-1301673537-3438479818-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3199776 2018-04-02] (Valve Corporation)
HKU\S-1-5-21-2714088590-1301673537-3438479818-1001\...\MountPoints2: E - "E:\Install.exe" 
GroupPolicy: Restriction ? <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{645a0bc4-5ec2-4eda-854b-fa70321b2fbc}: [DhcpNameServer] 192.168.1.101
Tcpip\..\Interfaces\{84393f1a-06c9-4305-a5ba-83bfdbfa5179}: [DhcpNameServer] 192.168.0.1 192.168.1.1 192.168.0.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-2714088590-1301673537-3438479818-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell17win10.msn.com/?pc=DCTE
HKU\S-1-5-21-2714088590-1301673537-3438479818-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE
SearchScopes: HKU\S-1-5-21-2714088590-1301673537-3438479818-1001 -> {518b33ae-375d-712d-6742-d1fe0400268d} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=bgy_anvsft_18_17_05&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3Dwingy%26cd%3D2XzuyEtN2Y1L1Qzu0AyEyE0C0CzzyCyC0CyC0AyD0CtCyDtBtN0D0Tzu0StBtAtDyEtN1L2XzuyEtFtByEtFtDtFyBtBtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StCyCyByByBtAzztBtGyDyDyCzytG0ByD0E0AtGtByEtCtCtG0ByD0C0FtDyEzyyB0C0DtCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzyCyEyCyCzzzzyEtG0Bzy0EtDtGyEtAzy0CtGzztAtBtBtGtD0Czy0DyE0DyCtCyEyBtDyC2QtN0A0LzutDtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDtByEyDtBzzzyyEzz%26cr%3D1832678998%26a%3Dbgy_anvsft_18_17_05%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-05-17] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-12-13] (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13] (IvoSoft)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-12-13] (McAfee, Inc.)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13] (IvoSoft)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-29] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-29] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-29] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-29] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-12-13] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-12-13] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2018-04-11] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2018-04-11] (McAfee, Inc.)
 
FireFox:
========
FF DefaultProfile: 3td00dj4.default
FF ProfilePath: C:\Users\markw\AppData\Roaming\Mozilla\Firefox\Profiles\3td00dj4.default [2018-05-01]
FF Homepage: Mozilla\Firefox\Profiles\3td00dj4.default -> hxxps://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=bgy_anvsft_18_17_05&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dca%26pa%3Dwingy%26cd%3D2XzuyEtN2Y1L1Qzu0AyEyE0C0CzzyCyC0CyC0AyD0CtCyDtBtN0D0Tzu0StBtAtDyEtN1L2XzuyEtFtByEtFtDtFyBtBtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StCyCyByByBtAzztBtGyDyDyCzytG0ByD0E0AtGtByEtCtCtG0ByD0C0FtDyEzyyB0C0DtCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzyCyEyCyCzzzzyEtG0Bzy0EtDtGyEtAzy0CtGzztAtBtBtGtD0Czy0DyE0DyCtCyEyBtDyC2QtN0A0LzutDtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDtByEyDtBzzzyyEzz%26cr%3D1832678998%26a%3Dbgy_anvsft_18_17_05%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
FF Extension: (Tab Auto Refresh) - C:\Users\markw\AppData\Roaming\Mozilla\Firefox\Profiles\3td00dj4.default\Extensions\{7fee47a1-8299-4576-90bf-5fd88d756926}.xpi [2018-04-13]
FF SearchPlugin: C:\Users\markw\AppData\Roaming\Mozilla\Firefox\Profiles\3td00dj4.default\searchplugins\yahoo! powered search.xml [2018-04-23]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2018-04-19]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2017-12-16] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2018-05-19] [Legacy] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2018-04-11] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2018-04-11] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-04] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-30] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-30] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2011-09-05] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
 
Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxp://srchbar.com/?q={searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\markw\AppData\Local\Google\Chrome\User Data\Default [2018-05-30]
CHR Extension: (Docs) - C:\Users\markw\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-15]
CHR Extension: (Session Buddy) - C:\Users\markw\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2018-05-02]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\markw\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2018-05-07]
CHR Extension: (AdBlock) - C:\Users\markw\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-05-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\markw\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-02]
CHR Extension: (Gmail) - C:\Users\markw\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-12-15]
CHR Extension: (Chrome Media Router) - C:\Users\markw\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-23]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2714088590-1301673537-3438479818-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2714088590-1301673537-3438479818-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [289792 2014-10-23] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8566448 2018-05-12] (Microsoft Corporation)
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1511728 2017-09-21] (McAfee, Inc.)
S3 dcpm-notify; C:\Program Files\Dell\CommandPowerManager\NotifyService.exe [312864 2017-07-20] (Dell Inc.)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [208792 2018-02-10] (Dell Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3346320 2018-02-10] (Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217488 2018-02-10] (Dell Inc.)
R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1111\DSAPI.exe [930112 2018-05-17] (PC-Doctor, Inc.)
R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [124568 2018-04-20] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237016 2018-03-27] (Dell Inc.)
R2 esifsvc; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [1700968 2017-05-10] (Intel Corporation)
S4 Everything; C:\Program Files\Everything\Everything.exe [2197608 2017-06-06] ()
S3 iaStorAfsService; C:\WINDOWS\IAStorAfsService\iaStorAfsService.exe [2413720 2017-06-09] (Intel Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [17992 2017-06-09] (Intel Corporation)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [542392 2017-10-18] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [732448 2017-02-24] (Intel® Corporation)
S2 Intel® TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [548648 2017-02-24] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [197264 2017-06-06] (Intel Corporation)
S4 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [4091112 2017-11-09] (Paramount Software UK Ltd)
S4 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-11-29] (Malwarebytes)
S4 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604312 2017-12-13] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_8\McApExe.exe [728808 2018-04-09] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\Common Files\mcafee\actwiz\McAWFwk.exe [454560 2017-01-17] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.9.175.0\\McCSPServiceHost.exe [2141912 2018-04-06] (McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [359888 2018-02-23] (McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [512976 2018-02-23] (McAfee, LLC)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [473040 2018-02-23] (McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1669328 2018-04-02] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268968 2017-10-24] ()
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-10] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-10] (NVIDIA Corporation)
S3 OVRLibraryService; D:\Oculus\Support\oculus-librarian\OVRLibraryService.exe [141752 2018-05-18] (Oculus VR, LLC)
R2 OVRService; D:\Oculus\Support\oculus-runtime\OVRServiceLauncher.exe [480696 2018-05-18] (Oculus VR)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1061528 2018-03-06] (McAfee, Inc.)
R2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [147792 2017-08-11] (Razer Inc)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2017-07-19] ()
R2 RichVideo64; C:\Program Files\Cyberlink\Shared files\RichVideo64.exe [390672 2012-08-08] ()
R2 RipsawUSBPortChecker; C:\Program Files (x86)\Razer\Razer_Ripsaw_Driver\RipsawUSBPortChecker.exe [186904 2016-06-23] ()
R2 RNDBWM; C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe [64184 2017-08-01] (CloudBees, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324576 2017-05-25] (Realtek Semiconductor)
R2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [532352 2017-11-06] (Razer Inc.)
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [502144 2017-11-13] (Razer Inc.)
R2 SmartByte Network Service x64; C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe [2011848 2018-03-20] (Rivet Networks)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [43480 2018-05-11] (Dell Inc.)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [268376 2018-01-15] (Synaptics Incorporated)
S3 ThunderboltService; c:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [2150120 2017-03-16] (Intel Corporation)
R2 VMAuthdService; D:\vmware\vmware-authd.exe [95208 2017-09-18] (VMware, Inc.)
R2 VMwareHostd; D:\vmware\vmware-hostd.exe [14344168 2017-09-18] ()
R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [828792 2017-06-27] (Waves Audio Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3758760 2017-10-24] (Intel® Corporation)
S3 Dell.CommandPowerManager.Service; C:\Windows\system32\dllhost.exe /Processid:{E9F1A11C-ED51-4E48-8D5F-79FE8D4256C6}
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
R2 PaceLicenseDServices; "C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe" -u https://activation.p...tiateActivation[X] <==== ATTENTION
S2 pgt_svc; C:\Program Files (x86)\ProxyGate\MainService.exe [X] <==== ATTENTION
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ALSysIO; C:\Users\markw\AppData\Local\Temp\ALSysIO64.sys [46384 2018-05-30] (Arthur Liberman) <==== ATTENTION
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [77216 2018-02-28] (McAfee, LLC)
S3 DAdderFltr; C:\WINDOWS\system32\drivers\dadder.sys [12672 2007-08-02] (Razer (Asia-Pacific) Pte Ltd)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [41608 2017-12-14] (Dell Inc.)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2017-12-14] (Dell Computer Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [74168 2017-05-10] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [69560 2017-05-10] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [382392 2017-05-10] (Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77408 2016-11-29] ()
R3 ETDSMBus; C:\WINDOWS\system32\DRIVERS\ETDSMBus.sys [33320 2017-12-25] (ELAN Microelectronic Corp.)
S3 ffusb2audio; C:\WINDOWS\system32\DRIVERS\ffusb2audio.sys [127280 2014-03-17] (Focusrite Audio Engineering Limited.)
R3 FocusriteUSBSwRoot; C:\WINDOWS\System32\drivers\FocusriteUSBSwRoot.sys [97960 2017-06-08] (Focusrite Audio Engineering Ltd.)
R3 HidEventFilter; C:\WINDOWS\System32\drivers\HidEventFilter.sys [54816 2017-06-12] (Intel Corporation)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [218336 2017-10-09] (McAfee, Inc.)
R0 hotcore3; C:\WINDOWS\System32\DRIVERS\hotcore3.sys [33968 2015-11-10] (Paragon Software Group)
S3 iaLPSS2_GPIO2; C:\WINDOWS\System32\drivers\iaLPSS2_GPIO2.sys [97912 2017-05-09] (Intel Corporation)
S3 iaStorAfs; C:\WINDOWS\System32\drivers\iaStorAfs.sys [70632 2017-06-09] (Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [132104 2017-10-18] (Intel Corporation)
R3 ManyCam; C:\WINDOWS\system32\DRIVERS\mcvidrv.sys [49312 2014-11-10] (Visicom Media Inc.)
R1 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176064 2018-04-19] (Malwarebytes)
S3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [102856 2018-04-24] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2018-04-24] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [250816 2018-04-24] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2018-04-19] (Malwarebytes)
R3 mcaudrv_simple; C:\WINDOWS\system32\drivers\mcaudrv_x64.sys [36000 2014-11-10] (Visicom Media Inc.)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [497568 2018-02-28] (McAfee, LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [360352 2018-02-28] (McAfee, LLC)
U3 mfeavfk02; no ImagePath
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [83952 2018-02-28] (McAfee, LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [529312 2018-02-28] (McAfee, LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [953248 2018-02-28] (McAfee, LLC)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [543632 2018-01-22] (McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [108432 2018-01-22] (McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [115616 2018-02-28] (McAfee, LLC)
S3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252832 2018-02-28] (McAfee, LLC)
S3 mt7612US; C:\WINDOWS\System32\drivers\mt7612US.sys [377864 2015-12-09] (MediaTek Inc.)
S3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7689728 2017-09-29] (Intel Corporation)
R3 Netwtw06; C:\WINDOWS\system32\DRIVERS\Netwtw06.sys [7737344 2017-11-22] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvdm.inf_amd64_51a64609261c1be4\nvlddmkm.sys [16936560 2017-11-28] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-10-10] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50624 2017-10-10] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-10-10] (NVIDIA Corporation)
S3 OCULUSVRHEADSET; C:\WINDOWS\system32\DRIVERS\OCULUS119B.sys [1887232 2017-12-19] (OCULUS)
R3 Oculus_ViGEmBus; C:\WINDOWS\System32\drivers\Oculus_ViGEmBus.sys [32856 2017-12-19] (Facebook Inc.)
S3 OCUSBVID; C:\WINDOWS\System32\drivers\ocusbvid111.sys [69176 2017-12-19] (Oculus VR, LLC)
S3 RIPSAWHC64; C:\WINDOWS\system32\drivers\Ripsawx64.sys [698960 2017-05-16] (Razer Inc)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [984040 2017-06-19] (Realtek )
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [420832 2017-04-27] (Realsil Semiconductor Corporation)
S3 rzdaendpt; C:\WINDOWS\System32\drivers\rzdaendpt.sys [43720 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [45752 2017-07-19] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [139704 2017-08-19] (Razer, Inc.)
S3 rzvkeyboard; C:\WINDOWS\System32\drivers\rzvkeyboard.sys [44232 2015-08-13] (Razer Inc)
R2 SmbCoSvc; C:\WINDOWS\system32\DRIVERS\SmbCo10X64.sys [119528 2018-03-20] (Rivet Networks, LLC.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R1 UimBus; C:\WINDOWS\System32\drivers\UimBus.sys [102576 2015-11-10] ()
R1 Uim_DEVIM; C:\WINDOWS\System32\drivers\uim_devim.sys [25904 2015-11-10] ()
R1 Uim_IM; C:\WINDOWS\System32\drivers\uim_im.sys [701360 2015-11-10] ()
S3 usbaudio2; C:\WINDOWS\system32\DRIVERS\usbaudio2.sys [239616 2017-09-29] (Microsoft Corporation)
R1 vmkbd3; C:\WINDOWS\system32\DRIVERS\vmkbd.sys [52288 2017-09-18] (VMware, Inc.)
R0 vsock; C:\WINDOWS\system32\DRIVERS\vsock.sys [91712 2017-09-05] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [38376 2017-05-05] (VMware, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-05-30 19:19 - 2018-05-30 19:19 - 000037097 _____ C:\Users\markw\Downloads\FRST.txt
2018-05-30 19:18 - 2018-05-30 19:19 - 000000000 ____D C:\FRST
2018-05-30 19:17 - 2018-05-30 19:18 - 002413056 _____ (Farbar) C:\Users\markw\Downloads\FRST64.exe
2018-05-30 18:22 - 2018-05-30 18:22 - 000933066 _____ C:\Users\markw\Downloads\JoyToKey_en.zip
2018-05-30 18:22 - 2018-05-30 18:22 - 000000000 ____D C:\Users\markw\Downloads\JoyToKey_en
2018-05-30 17:18 - 2018-05-30 17:18 - 000000000 ____D C:\Users\markw\Documents\SkidRow
2018-05-30 17:18 - 2018-05-30 17:18 - 000000000 ____D C:\Users\markw\AppData\Roaming\Street Fighter 30th Anniversary Collection
2018-05-30 17:18 - 2018-05-30 17:18 - 000000000 ____D C:\Users\markw\AppData\Roaming\mutekicorp
2018-05-30 17:18 - 2018-05-30 17:18 - 000000000 ____D C:\Users\markw\AppData\Roaming\Eclipse
2018-05-30 17:08 - 2018-05-30 17:17 - 000000869 _____ C:\Users\markw\Desktop\Street Fighter 30th Anniversary Collection (x64).lnk
2018-05-30 17:07 - 2018-05-30 17:07 - 000000869 _____ C:\Users\markw\Desktop\Street Fighter 30th Anniversary Collection (x86).lnk
2018-05-30 17:07 - 2018-05-30 17:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\sf30
2018-05-30 17:03 - 2018-05-30 18:17 - 000000000 ____D C:\Program Files\Opera
2018-05-30 17:03 - 2018-05-30 17:03 - 001354880 _____ (Opera Software) C:\Users\markw\Downloads\OperaSetup.exe
2018-05-30 17:03 - 2018-05-30 17:03 - 000003948 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1527725030
2018-05-30 17:03 - 2018-05-30 17:03 - 000001168 _____ C:\Users\Public\Desktop\Opera Browser.lnk
2018-05-30 17:03 - 2018-05-30 17:03 - 000001168 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2018-05-30 17:03 - 2018-05-30 17:03 - 000000000 ____D C:\Users\markw\AppData\Roaming\Opera Software
2018-05-30 17:03 - 2018-05-30 17:03 - 000000000 ____D C:\Users\markw\AppData\Local\Opera Software
2018-05-30 17:01 - 2018-05-30 17:01 - 002763734 _____ C:\Users\markw\Downloads\Street-Fighter-30th-Anniversary-Collection-Cracked.zip
2018-05-30 17:01 - 2018-05-30 17:01 - 000000000 ____D C:\Users\markw\Downloads\Street-Fighter-30th-Anniversary-Collection-Cracked
2018-05-30 16:35 - 2018-05-30 16:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2018-05-30 16:35 - 2018-05-30 16:35 - 000000000 ____D C:\Program Files (x86)\Windows Kits
2018-05-30 16:31 - 2018-05-30 16:31 - 001353240 _____ (Microsoft Corporation) C:\Users\markw\Downloads\winsdksetup.exe
2018-05-30 16:15 - 2018-05-30 16:15 - 002616472 _____ C:\Users\markw\Documents\system bsod.nfo
2018-05-30 16:13 - 2018-05-30 16:37 - 000000000 ____D C:\Users\markw\Desktop\bsod
2018-05-30 16:07 - 2018-05-30 16:08 - 002234836 _____ C:\WINDOWS\Minidump\053018-8062-01.dmp
2018-05-30 16:07 - 2018-05-30 16:07 - 000000000 ____D C:\WINDOWS\Minidump
2018-05-30 15:26 - 2018-05-30 15:27 - 000001481 _____ C:\Users\markw\Desktop\VBS FIX.lnk
2018-05-30 15:26 - 2018-05-30 15:26 - 000001381 _____ C:\Users\markw\AppData\Local\Temp - Shortcut (3).lnk
2018-05-30 15:26 - 2018-05-30 15:26 - 000001381 _____ C:\Users\markw\AppData\Local\Temp - Shortcut (2).lnk
2018-05-29 20:28 - 2018-05-29 20:28 - 000000000 ____D C:\Users\markw\Downloads\lansbury_fg
2018-05-29 20:27 - 2018-05-29 20:27 - 000031552 _____ C:\Users\markw\Downloads\lansbury_fg.zip
2018-05-29 18:37 - 2018-05-30 18:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-05-26 14:08 - 2018-05-26 14:08 - 000001325 _____ C:\Users\markw\Desktop\Netflix - Shortcut.lnk
2018-05-25 10:48 - 2018-05-25 10:48 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_ETDSMBus_01011.Wdf
2018-05-25 10:48 - 2018-05-25 10:48 - 000000000 ____D C:\WINDOWS\LastGood
2018-05-25 10:48 - 2018-05-25 10:48 - 000000000 ____D C:\Program Files\Elantech
2018-05-25 10:48 - 2017-12-25 02:11 - 000033320 _____ (ELAN Microelectronic Corp.) C:\WINDOWS\system32\Drivers\ETDSMBus.sys
2018-05-25 10:47 - 2018-05-25 10:47 - 013015488 _____ (Lenovo Group Limited ) C:\Users\markw\Downloads\elan.exe
2018-05-25 10:45 - 2018-05-25 10:45 - 029892704 _____ (Lenovo Group Limited ) C:\Users\markw\Downloads\SYNAPTICS DRIVER USE.exe
2018-05-25 10:42 - 2018-05-25 10:42 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2018-05-25 10:42 - 2018-05-25 10:42 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2018-05-25 10:42 - 2018-05-25 10:42 - 000000000 ____D C:\Program Files\Synaptics
2018-05-25 10:39 - 2018-05-25 10:39 - 013015488 _____ (Lenovo Group Limited ) C:\Users\markw\Downloads\r0hgf09w.exe
2018-05-25 10:39 - 2018-05-25 10:39 - 013015488 _____ (Lenovo Group Limited ) C:\Users\markw\Desktop\r0hgf09w.exe
2018-05-25 10:36 - 2018-05-25 10:36 - 029892704 _____ (Lenovo Group Limited ) C:\Users\markw\Downloads\jbg215ww.exe
2018-05-25 10:36 - 2018-01-15 20:46 - 000805976 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynCOM.dll
2018-05-25 10:36 - 2018-01-15 20:46 - 000428632 _____ (Synaptics Incorporated) C:\WINDOWS\SysWOW64\SynCom.dll
2018-05-25 10:36 - 2018-01-15 20:46 - 000344664 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPCo50-10.dll
2018-05-25 10:36 - 2018-01-15 20:46 - 000280664 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPAPI.dll
2018-05-25 10:36 - 2018-01-15 20:45 - 000712280 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynTP.sys
2018-05-25 10:36 - 2018-01-15 20:45 - 000057432 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynRMIHID_Aux.sys
2018-05-25 10:36 - 2018-01-15 20:45 - 000046168 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel_Aux.sys
2018-05-25 10:36 - 2018-01-15 20:45 - 000045144 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_AMDASF_Aux.sys
2018-05-25 10:36 - 2014-01-30 18:17 - 001795952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01011.dll
2018-05-24 01:48 - 2018-05-30 15:18 - 000003606 _____ C:\WINDOWS\System32\Tasks\McAfee DAT Built in test
2018-05-23 23:46 - 2018-05-23 23:46 - 000001404 _____ C:\Users\markw\Desktop\Adobe Premiere Pro.exe - Shortcut.lnk
2018-05-18 18:58 - 2018-05-18 18:58 - 000003752 _____ C:\WINDOWS\System32\Tasks\Red Giant Link
2018-05-18 18:58 - 2018-05-18 18:58 - 000000000 ____D C:\Users\markw\AppData\Roaming\Red Giant
2018-05-18 18:58 - 2018-05-18 18:58 - 000000000 ____D C:\ProgramData\Red Giant
2018-05-18 18:57 - 2018-05-18 18:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Giant
2018-05-18 18:57 - 2018-05-18 18:57 - 000000000 ____D C:\ProgramData\Sony
2018-05-18 18:57 - 2018-05-18 18:57 - 000000000 ____D C:\Program Files (x86)\Red Giant
2018-05-18 18:55 - 2018-05-18 18:55 - 000000000 ____D C:\ProgramData\RedGiant
2018-05-18 18:29 - 2018-05-18 18:29 - 000011024 _____ C:\Users\markw\Downloads\RedGiantShooterSuite13.1.1x64SerialKeys_archive.torrent
2018-05-18 00:24 - 2018-05-18 00:25 - 000000016 _____ C:\WINDOWS\system32\w3data.vss
2018-05-18 00:24 - 2018-05-18 00:25 - 000000016 _____ C:\WINDOWS\system32\msvcsv60.dll
2018-05-18 00:24 - 2018-05-18 00:25 - 000000016 _____ C:\WINDOWS\msocreg32.dat
2018-05-18 00:17 - 2018-05-18 00:17 - 000000855 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro CC 2015.lnk
2018-05-18 00:17 - 2018-05-18 00:17 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2018-05-18 00:13 - 2018-05-18 00:13 - 000001621 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2018-05-18 00:13 - 2018-05-18 00:13 - 000001609 _____ C:\Users\Public\Desktop\Adobe Application Manager.lnk
2018-05-17 23:50 - 2018-05-17 23:50 - 000002237 _____ C:\Users\Public\Desktop\SupportAssist.lnk
2018-05-17 23:46 - 2018-05-23 23:10 - 000004244 _____ C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2018-05-17 23:45 - 2018-05-04 02:37 - 000278448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Notifier.exe
2018-05-11 19:39 - 2018-05-11 19:39 - 000000000 ____D C:\Users\markw\AppData\Local\InvasionEp01
2018-05-11 19:01 - 2018-05-11 19:01 - 000000000 ____D C:\WINDOWS\Panther
2018-05-09 11:53 - 2018-05-03 00:57 - 000599448 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-05-09 11:53 - 2018-05-03 00:56 - 001092016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-05-09 11:53 - 2018-05-03 00:56 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-05-09 11:53 - 2018-05-03 00:54 - 000748448 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-05-09 11:53 - 2018-05-03 00:54 - 000608160 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-05-09 11:53 - 2018-05-03 00:53 - 000461216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-05-09 11:53 - 2018-05-03 00:53 - 000300448 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-05-09 11:53 - 2018-05-03 00:52 - 001568160 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-05-09 11:53 - 2018-05-03 00:52 - 001415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-05-09 11:53 - 2018-05-03 00:52 - 000137112 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-05-09 11:53 - 2018-05-03 00:51 - 001056152 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-05-09 11:53 - 2018-05-03 00:50 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-05-09 11:53 - 2018-05-03 00:50 - 000664992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-05-09 11:53 - 2018-05-03 00:50 - 000423328 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-05-09 11:53 - 2018-05-03 00:50 - 000069536 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-05-09 11:53 - 2018-05-03 00:49 - 000035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-05-09 11:53 - 2018-05-03 00:48 - 002002336 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-05-09 11:53 - 2018-05-03 00:48 - 000793960 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2018-05-09 11:53 - 2018-05-03 00:48 - 000272288 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-05-09 11:53 - 2018-05-03 00:48 - 000077216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-05-09 11:53 - 2018-05-03 00:47 - 008600472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-05-09 11:53 - 2018-05-03 00:47 - 001209760 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-05-09 11:53 - 2018-05-03 00:45 - 002395040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-05-09 11:53 - 2018-05-03 00:45 - 000711936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-05-09 11:53 - 2018-05-03 00:43 - 000702568 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2018-05-09 11:53 - 2018-05-03 00:43 - 000373664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2018-05-09 11:53 - 2018-05-03 00:41 - 000540064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-05-09 11:53 - 2018-05-03 00:38 - 002574240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-05-09 11:53 - 2018-05-03 00:37 - 000749984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-05-09 11:53 - 2018-05-03 00:37 - 000408992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-05-09 11:53 - 2018-05-03 00:36 - 007675792 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-05-09 11:53 - 2018-05-03 00:36 - 002710736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-05-09 11:53 - 2018-05-03 00:36 - 000437664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2018-05-09 11:53 - 2018-05-03 00:36 - 000247200 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-05-09 11:53 - 2018-05-03 00:35 - 002472864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-05-09 11:53 - 2018-05-03 00:35 - 000358496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-05-09 11:53 - 2018-05-03 00:34 - 021356824 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-05-09 11:53 - 2018-05-03 00:34 - 000070864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2018-05-09 11:53 - 2018-05-03 00:32 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-05-09 11:53 - 2018-05-02 23:44 - 000595448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2018-05-09 11:53 - 2018-05-02 23:43 - 000594056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2018-05-09 11:53 - 2018-05-02 23:39 - 000212896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-05-09 11:53 - 2018-05-02 23:36 - 025254400 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-05-09 11:53 - 2018-05-02 23:31 - 006092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-05-09 11:53 - 2018-05-02 23:31 - 002193688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-05-09 11:53 - 2018-05-02 23:29 - 000285144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-05-09 11:53 - 2018-05-02 23:28 - 000061024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2018-05-09 11:53 - 2018-05-02 23:26 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-05-09 11:53 - 2018-05-02 23:25 - 020290248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-05-09 11:53 - 2018-05-02 23:19 - 003663360 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-05-09 11:53 - 2018-05-02 23:19 - 001300992 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-05-09 11:53 - 2018-05-02 23:19 - 000496640 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-05-09 11:53 - 2018-05-02 23:18 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2018-05-09 11:53 - 2018-05-02 23:18 - 000400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-05-09 11:53 - 2018-05-02 23:18 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-05-09 11:53 - 2018-05-02 23:18 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2018-05-09 11:53 - 2018-05-02 23:17 - 007545344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-05-09 11:53 - 2018-05-02 23:16 - 023674880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-05-09 11:53 - 2018-05-02 23:16 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2018-05-09 11:53 - 2018-05-02 23:16 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadauthhelper.dll
2018-05-09 11:53 - 2018-05-02 23:16 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-05-09 11:53 - 2018-05-02 23:16 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2018-05-09 11:53 - 2018-05-02 23:16 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-05-09 11:53 - 2018-05-02 23:16 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-05-09 11:53 - 2018-05-02 23:16 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2018-05-09 11:53 - 2018-05-02 23:16 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2018-05-09 11:53 - 2018-05-02 23:16 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-05-09 11:53 - 2018-05-02 23:15 - 000194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\itircl.dll
2018-05-09 11:53 - 2018-05-02 23:15 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-05-09 11:53 - 2018-05-02 23:15 - 000055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
2018-05-09 11:53 - 2018-05-02 23:14 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-05-09 11:53 - 2018-05-02 23:14 - 000623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2018-05-09 11:53 - 2018-05-02 23:14 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2018-05-09 11:53 - 2018-05-02 23:13 - 000276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2018-05-09 11:53 - 2018-05-02 23:13 - 000253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2018-05-09 11:53 - 2018-05-02 23:12 - 000816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-05-09 11:53 - 2018-05-02 23:12 - 000672768 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-05-09 11:53 - 2018-05-02 23:12 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2018-05-09 11:53 - 2018-05-02 23:12 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2018-05-09 11:53 - 2018-05-02 23:11 - 000595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-05-09 11:53 - 2018-05-02 23:09 - 008432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-05-09 11:53 - 2018-05-02 23:09 - 008068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-05-09 11:53 - 2018-05-02 23:09 - 004723712 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-05-09 11:53 - 2018-05-02 23:09 - 003405824 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-05-09 11:53 - 2018-05-02 23:09 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-05-09 11:53 - 2018-05-02 23:09 - 002784256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-05-09 11:53 - 2018-05-02 23:09 - 002086400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-05-09 11:53 - 2018-05-02 23:09 - 001856000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-05-09 11:53 - 2018-05-02 23:09 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-05-09 11:53 - 2018-05-02 23:09 - 001344000 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2018-05-09 11:53 - 2018-05-02 23:08 - 001597952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-05-09 11:53 - 2018-05-02 23:08 - 000808960 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-05-09 11:53 - 2018-05-02 23:07 - 001822720 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-05-09 11:53 - 2018-05-02 23:06 - 003630080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2018-05-09 11:53 - 2018-05-02 23:05 - 001717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2018-05-09 11:53 - 2018-05-02 23:05 - 000483840 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2018-05-09 11:53 - 2018-05-02 23:05 - 000389120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll
2018-05-09 11:53 - 2018-05-02 23:04 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-05-09 11:53 - 2018-05-02 23:03 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll
2018-05-09 11:53 - 2018-05-02 23:03 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-05-09 11:53 - 2018-05-02 23:03 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaevts.dll
2018-05-09 11:53 - 2018-05-02 23:02 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2018-05-09 11:53 - 2018-05-02 23:00 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-05-09 11:53 - 2018-05-02 23:00 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2018-05-09 11:53 - 2018-05-02 23:00 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2018-05-09 11:53 - 2018-05-02 22:59 - 018924544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-05-09 11:53 - 2018-05-02 22:58 - 006467072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-05-09 11:53 - 2018-05-02 22:58 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-05-09 11:53 - 2018-05-02 22:57 - 019354624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-05-09 11:53 - 2018-05-02 22:57 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itircl.dll
2018-05-09 11:53 - 2018-05-02 22:57 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadauthhelper.dll
2018-05-09 11:53 - 2018-05-02 22:57 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2018-05-09 11:53 - 2018-05-02 22:57 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-05-09 11:53 - 2018-05-02 22:57 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-05-09 11:53 - 2018-05-02 22:57 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-05-09 11:53 - 2018-05-02 22:56 - 002677248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-05-09 11:53 - 2018-05-02 22:56 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2018-05-09 11:53 - 2018-05-02 22:56 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2018-05-09 11:53 - 2018-05-02 22:55 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-05-09 11:53 - 2018-05-02 22:54 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-05-09 11:53 - 2018-05-02 22:53 - 007813120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-05-09 11:53 - 2018-05-02 22:53 - 006060544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-05-09 11:53 - 2018-05-02 22:53 - 000540672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2018-05-09 11:53 - 2018-05-02 22:53 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-05-09 11:53 - 2018-05-02 22:52 - 003662848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-05-09 11:53 - 2018-05-02 22:52 - 000664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-05-09 11:53 - 2018-05-02 22:52 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-05-09 11:53 - 2018-05-02 22:51 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-05-09 11:53 - 2018-05-02 22:51 - 001560064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-05-09 11:53 - 2018-05-02 22:50 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-05-09 11:53 - 2018-05-02 22:50 - 001474560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-05-09 11:53 - 2018-05-02 22:49 - 003430400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2018-05-09 11:53 - 2018-05-02 22:48 - 001353728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2018-05-09 11:53 - 2018-05-02 22:48 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2018-05-09 11:53 - 2018-05-02 22:48 - 000328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll
2018-05-09 11:53 - 2018-05-02 22:47 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-05-09 11:53 - 2018-04-15 15:07 - 001463344 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-05-09 11:53 - 2018-04-15 15:04 - 000779952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-05-09 11:53 - 2018-04-15 15:03 - 000128408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2018-05-09 11:53 - 2018-04-15 14:57 - 000279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-05-09 11:53 - 2018-04-15 14:51 - 002513920 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-05-09 11:53 - 2018-04-15 14:50 - 001925760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2018-05-09 11:53 - 2018-04-15 14:49 - 001954056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-05-09 11:53 - 2018-04-15 14:49 - 000563632 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2018-05-09 11:53 - 2018-04-15 14:49 - 000382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-05-09 11:53 - 2018-04-15 14:48 - 005859248 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-05-09 11:53 - 2018-04-15 14:48 - 001638424 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-05-09 11:53 - 2018-04-15 14:47 - 000398744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2018-05-09 11:53 - 2018-04-15 14:38 - 003180720 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-05-09 11:53 - 2018-04-15 14:38 - 000979360 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2018-05-09 11:53 - 2018-04-15 14:34 - 000230304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2018-05-09 11:53 - 2018-04-15 14:33 - 001269616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2018-05-09 11:53 - 2018-04-15 14:33 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-05-09 11:53 - 2018-04-15 14:32 - 003904296 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-05-09 11:53 - 2018-04-15 14:32 - 001416392 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2018-05-09 11:53 - 2018-04-15 14:30 - 002268024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2018-05-09 11:53 - 2018-04-15 14:29 - 001873944 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2018-05-09 11:53 - 2018-04-15 14:29 - 001779936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-05-09 11:53 - 2018-04-15 14:29 - 000198440 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudStorageWizard.exe
2018-05-09 11:53 - 2018-04-15 14:28 - 000688064 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2018-05-09 11:53 - 2018-04-15 14:26 - 007384576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-05-09 11:53 - 2018-04-15 14:26 - 002711176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-05-09 11:53 - 2018-04-15 14:26 - 001506200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-05-09 11:53 - 2018-04-15 14:25 - 001430768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2018-05-09 11:53 - 2018-04-15 14:25 - 000661920 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2018-05-09 11:53 - 2018-04-15 14:25 - 000327008 _____ (Microsoft Corporation) C:\WINDOWS\system32\shlwapi.dll
2018-05-09 11:53 - 2018-04-15 14:25 - 000092032 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudNotifications.exe
2018-05-09 11:53 - 2018-04-15 14:24 - 000063656 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2018-05-09 11:53 - 2018-04-15 14:23 - 001101208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-05-09 11:53 - 2018-04-15 13:47 - 001929712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-05-09 11:53 - 2018-04-15 13:47 - 001615712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-05-09 11:53 - 2018-04-15 13:47 - 001490856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2018-05-09 11:53 - 2018-04-15 13:47 - 001433360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-05-09 11:53 - 2018-04-15 13:47 - 001323336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-05-09 11:53 - 2018-04-15 13:47 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-05-09 11:53 - 2018-04-15 13:47 - 000311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2018-05-09 11:53 - 2018-04-15 13:38 - 003485392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-05-09 11:53 - 2018-04-15 13:38 - 001123464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2018-05-09 11:53 - 2018-04-15 13:38 - 000444280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2018-05-09 11:53 - 2018-04-15 13:37 - 000747416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2018-05-09 11:53 - 2018-04-15 13:36 - 002386832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2018-05-09 11:53 - 2018-04-15 13:36 - 001575896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2018-05-09 11:53 - 2018-04-15 13:36 - 000832648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2018-05-09 11:53 - 2018-04-15 13:36 - 000543920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2018-05-09 11:53 - 2018-04-15 13:35 - 002462704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2018-05-09 11:53 - 2018-04-15 13:34 - 006482664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-05-09 11:53 - 2018-04-15 13:34 - 001524776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-05-09 11:53 - 2018-04-15 13:34 - 001456104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2018-05-09 11:53 - 2018-04-15 13:34 - 001017048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-05-09 11:53 - 2018-04-15 13:34 - 000572312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2018-05-09 11:53 - 2018-04-15 13:34 - 000279472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shlwapi.dll
2018-05-09 11:53 - 2018-04-15 13:34 - 000166408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudStorageWizard.exe
2018-05-09 11:53 - 2018-04-15 13:34 - 000077552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudNotifications.exe
2018-05-09 11:53 - 2018-04-15 13:34 - 000052248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2018-05-09 11:53 - 2018-04-15 13:16 - 003995136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2018-05-09 11:53 - 2018-04-15 13:15 - 003490816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2018-05-09 11:53 - 2018-04-15 13:15 - 000674304 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockController.dll
2018-05-09 11:53 - 2018-04-15 13:14 - 000436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2018-05-09 11:53 - 2018-04-15 13:14 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2018-05-09 11:53 - 2018-04-15 13:14 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2018-05-09 11:53 - 2018-04-15 13:14 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-05-09 11:53 - 2018-04-15 13:14 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-05-09 11:53 - 2018-04-15 13:14 - 000121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-05-09 11:53 - 2018-04-15 13:14 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProv2faHelper.dll
2018-05-09 11:53 - 2018-04-15 13:14 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-05-09 11:53 - 2018-04-15 13:14 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceUpdateAgent.dll
2018-05-09 11:53 - 2018-04-15 13:14 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProv2faHelper.dll
2018-05-09 11:53 - 2018-04-15 13:13 - 002890240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2018-05-09 11:53 - 2018-04-15 13:13 - 000084992 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2018-05-09 11:53 - 2018-04-15 13:12 - 017160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-05-09 11:53 - 2018-04-15 13:12 - 013704704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2018-05-09 11:53 - 2018-04-15 13:12 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2018-05-09 11:53 - 2018-04-15 13:12 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2018-05-09 11:53 - 2018-04-15 13:12 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssitlb.dll
2018-05-09 11:53 - 2018-04-15 13:11 - 000531456 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-05-09 11:53 - 2018-04-15 13:11 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountWAMExtension.dll
2018-05-09 11:53 - 2018-04-15 13:11 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll
2018-05-09 11:53 - 2018-04-15 13:11 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2018-05-09 11:53 - 2018-04-15 13:11 - 000129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2018-05-09 11:53 - 2018-04-15 13:11 - 000125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2018-05-09 11:53 - 2018-04-15 13:11 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BitLockerCsp.dll
2018-05-09 11:53 - 2018-04-15 13:11 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll
2018-05-09 11:53 - 2018-04-15 13:10 - 001576960 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2018-05-09 11:53 - 2018-04-15 13:10 - 001498112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-05-09 11:53 - 2018-04-15 13:10 - 000571904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2018-05-09 11:53 - 2018-04-15 13:10 - 000371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-05-09 11:53 - 2018-04-15 13:10 - 000363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2018-05-09 11:53 - 2018-04-15 13:10 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2018-05-09 11:53 - 2018-04-15 13:10 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2018-05-09 11:53 - 2018-04-15 13:10 - 000225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovs.dll
2018-05-09 11:53 - 2018-04-15 13:10 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountWAMExtension.dll
2018-05-09 11:53 - 2018-04-15 13:10 - 000218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2018-05-09 11:53 - 2018-04-15 13:10 - 000192000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovs.dll
2018-05-09 11:53 - 2018-04-15 13:10 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2018-05-09 11:53 - 2018-04-15 13:10 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncPolicy.dll
2018-05-09 11:53 - 2018-04-15 13:09 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_User.dll
2018-05-09 11:53 - 2018-04-15 13:09 - 000408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2018-05-09 11:53 - 2018-04-15 13:09 - 000153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2018-05-09 11:53 - 2018-04-15 13:09 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2018-05-09 11:53 - 2018-04-15 13:09 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncPolicy.dll
2018-05-09 11:53 - 2018-04-15 13:09 - 000037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2018-05-09 11:53 - 2018-04-15 13:08 - 006576128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-05-09 11:53 - 2018-04-15 13:08 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-05-09 11:53 - 2018-04-15 13:08 - 000859648 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2018-05-09 11:53 - 2018-04-15 13:08 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2018-05-09 11:53 - 2018-04-15 13:08 - 000627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2018-05-09 11:53 - 2018-04-15 13:08 - 000583680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.Schema.Shell.dll
2018-05-09 11:53 - 2018-04-15 13:08 - 000535552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2018-05-09 11:53 - 2018-04-15 13:08 - 000490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2018-05-09 11:53 - 2018-04-15 13:08 - 000448000 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2018-05-09 11:53 - 2018-04-15 13:08 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2018-05-09 11:53 - 2018-04-15 13:08 - 000262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2018-05-09 11:53 - 2018-04-15 13:08 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2018-05-09 11:53 - 2018-04-15 13:08 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\twext.dll
2018-05-09 11:53 - 2018-04-15 13:08 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingMonitor.dll
2018-05-09 11:53 - 2018-04-15 13:08 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2018-05-09 11:53 - 2018-04-15 13:07 - 012689920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-05-09 11:53 - 2018-04-15 13:07 - 008031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-05-09 11:53 - 2018-04-15 13:07 - 005195776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-05-09 11:53 - 2018-04-15 13:07 - 003367936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2018-05-09 11:53 - 2018-04-15 13:07 - 001495552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-05-09 11:53 - 2018-04-15 13:07 - 001425408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-05-09 11:53 - 2018-04-15 13:07 - 000837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-05-09 11:53 - 2018-04-15 13:07 - 000792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-05-09 11:53 - 2018-04-15 13:07 - 000702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2018-05-09 11:53 - 2018-04-15 13:07 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2018-05-09 11:53 - 2018-04-15 13:07 - 000598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-05-09 11:53 - 2018-04-15 13:07 - 000477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2018-05-09 11:53 - 2018-04-15 13:07 - 000406016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2018-05-09 11:53 - 2018-04-15 13:07 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-05-09 11:53 - 2018-04-15 13:07 - 000319488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2018-05-09 11:53 - 2018-04-15 13:07 - 000312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2018-05-09 11:53 - 2018-04-15 13:07 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2018-05-09 11:53 - 2018-04-15 13:07 - 000252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2018-05-09 11:53 - 2018-04-15 13:07 - 000225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2018-05-09 11:53 - 2018-04-15 13:07 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2018-05-09 11:53 - 2018-04-15 13:07 - 000158208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twext.dll
2018-05-09 11:53 - 2018-04-15 13:07 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2018-05-09 11:53 - 2018-04-15 13:07 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2018-05-09 11:53 - 2018-04-15 13:07 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2018-05-09 11:53 - 2018-04-15 13:07 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2018-05-09 11:53 - 2018-04-15 13:06 - 013660672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-05-09 11:53 - 2018-04-15 13:06 - 011924480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-05-09 11:53 - 2018-04-15 13:06 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2018-05-09 11:53 - 2018-04-15 13:06 - 000820224 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2018-05-09 11:53 - 2018-04-15 13:06 - 000721920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-05-09 11:53 - 2018-04-15 13:06 - 000421376 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2018-05-09 11:53 - 2018-04-15 13:06 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2018-05-09 11:53 - 2018-04-15 13:06 - 000377856 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-05-09 11:53 - 2018-04-15 13:06 - 000139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2018-05-09 11:53 - 2018-04-15 13:05 - 004113408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2018-05-09 11:53 - 2018-04-15 13:05 - 000863744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2018-05-09 11:53 - 2018-04-15 13:05 - 000626176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2018-05-09 11:53 - 2018-04-15 13:05 - 000526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2018-05-09 11:53 - 2018-04-15 13:05 - 000516608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2018-05-09 11:53 - 2018-04-15 13:05 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2018-05-09 11:53 - 2018-04-15 13:05 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2018-05-09 11:53 - 2018-04-15 13:04 - 012833280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-05-09 11:53 - 2018-04-15 13:04 - 002523136 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2018-05-09 11:53 - 2018-04-15 13:04 - 002490880 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2018-05-09 11:53 - 2018-04-15 13:04 - 002464768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-05-09 11:53 - 2018-04-15 13:04 - 002209280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-05-09 11:53 - 2018-04-15 13:04 - 001342464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2018-05-09 11:53 - 2018-04-15 13:04 - 001236480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-05-09 11:53 - 2018-04-15 13:04 - 001230848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2018-05-09 11:53 - 2018-04-15 13:04 - 001057792 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2018-05-09 11:53 - 2018-04-15 13:04 - 000997376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2018-05-09 11:53 - 2018-04-15 13:04 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-05-09 11:53 - 2018-04-15 13:04 - 000976896 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2018-05-09 11:53 - 2018-04-15 13:04 - 000965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll
2018-05-09 11:53 - 2018-04-15 13:04 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2018-05-09 11:53 - 2018-04-15 13:04 - 000648704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserLanguagesCpl.dll
2018-05-09 11:53 - 2018-04-15 13:04 - 000621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2018-05-09 11:53 - 2018-04-15 13:04 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2018-05-09 11:53 - 2018-04-15 13:04 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll
2018-05-09 11:53 - 2018-04-15 13:04 - 000556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2018-05-09 11:53 - 2018-04-15 13:04 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2018-05-09 11:53 - 2018-04-15 13:03 - 004772352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2018-05-09 11:53 - 2018-04-15 13:03 - 004385280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2018-05-09 11:53 - 2018-04-15 13:03 - 004248064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-05-09 11:53 - 2018-04-15 13:03 - 003287040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncCenter.dll
2018-05-09 11:53 - 2018-04-15 13:03 - 003177472 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-05-09 11:53 - 2018-04-15 13:03 - 002976256 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2018-05-09 11:53 - 2018-04-15 13:03 - 002857984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-05-09 11:53 - 2018-04-15 13:03 - 002814976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2018-05-09 11:53 - 2018-04-15 13:03 - 002741248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-05-09 11:53 - 2018-04-15 13:03 - 002628608 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-05-09 11:53 - 2018-04-15 13:03 - 002462208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2018-05-09 11:53 - 2018-04-15 13:03 - 002413568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2018-05-09 11:53 - 2018-04-15 13:03 - 001353728 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2018-05-09 11:53 - 2018-04-15 13:03 - 001224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2018-05-09 11:53 - 2018-04-15 13:03 - 000920064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-05-09 11:53 - 2018-04-15 13:03 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2018-05-09 11:53 - 2018-04-15 13:03 - 000826880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2018-05-09 11:53 - 2018-04-15 13:03 - 000825856 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2018-05-09 11:53 - 2018-04-15 13:03 - 000697344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2018-05-09 11:53 - 2018-04-15 13:03 - 000695296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2018-05-09 11:53 - 2018-04-15 13:03 - 000508928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2018-05-09 11:53 - 2018-04-15 13:03 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2018-05-09 11:53 - 2018-04-15 13:03 - 000402432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2018-05-09 11:53 - 2018-04-15 13:03 - 000383488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2018-05-09 11:53 - 2018-04-15 13:03 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2018-05-09 11:53 - 2018-04-15 13:03 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingMonitor.dll
2018-05-09 11:53 - 2018-04-15 13:02 - 004814336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-05-09 11:53 - 2018-04-15 13:02 - 001669120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2018-05-09 11:53 - 2018-04-15 13:02 - 000842240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2018-05-09 11:53 - 2018-04-15 13:02 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-05-09 11:53 - 2018-04-15 13:02 - 000440832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2018-05-09 11:53 - 2018-04-15 13:01 - 001509888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2018-05-09 11:53 - 2018-04-15 13:01 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2018-05-09 11:53 - 2018-04-15 13:01 - 000518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2018-05-09 11:53 - 2018-04-15 13:01 - 000366592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Geolocation.dll
2018-05-09 11:53 - 2018-04-15 13:01 - 000194560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2018-05-09 11:53 - 2018-04-15 13:01 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe
2018-05-09 11:53 - 2018-04-15 13:00 - 002223616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-05-09 11:53 - 2018-04-15 13:00 - 001739264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2018-05-09 11:53 - 2018-04-15 13:00 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-05-09 11:53 - 2018-04-15 13:00 - 000682496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2018-05-09 11:53 - 2018-04-15 13:00 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2018-05-09 11:53 - 2018-04-15 13:00 - 000496640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll
2018-05-09 11:53 - 2018-04-15 13:00 - 000424448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2018-05-09 11:53 - 2018-04-15 13:00 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2018-05-09 11:53 - 2018-04-15 13:00 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2018-05-09 11:53 - 2018-04-15 13:00 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2018-05-09 11:53 - 2018-04-15 13:00 - 000215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2018-05-09 11:53 - 2018-04-15 13:00 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe
2018-05-09 11:53 - 2018-04-15 12:59 - 001332736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2018-05-09 11:53 - 2018-04-15 12:59 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2018-05-09 11:53 - 2018-04-15 12:58 - 001472000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2018-05-09 11:53 - 2018-04-15 12:58 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2018-05-09 11:53 - 2017-11-26 06:26 - 000048112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2018-05-01 01:52 - 2018-05-01 01:53 - 000357184 _____ C:\TDSSKiller.2.8.16.0_01.05.2018_01.52.36_log.txt
2018-05-01 01:52 - 2018-05-01 01:52 - 002237968 _____ (Kaspersky Lab ZAO) C:\Users\markw\Downloads\tdsskiller (1).exe
2018-05-01 01:52 - 2018-05-01 01:52 - 000208216 _____ (Kaspersky Lab, GERT) C:\WINDOWS\system32\Drivers\04084556.sys
2018-05-01 01:34 - 2018-05-01 01:34 - 000001307 _____ C:\Users\markw\Desktop\Auslogics BoostSpeed 10.lnk
2018-05-01 01:34 - 2018-05-01 01:34 - 000000000 ____D C:\WINDOWS\System32\Tasks\Auslogics
2018-05-01 01:33 - 2018-05-01 01:34 - 000000000 ____D C:\ProgramData\Auslogics
2018-05-01 01:30 - 2018-05-01 01:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2018-05-01 01:30 - 2018-05-01 01:34 - 000000000 ____D C:\Program Files (x86)\Auslogics
2018-05-01 01:30 - 2018-05-01 01:30 - 012325568 _____ (Auslogics ) C:\Users\markw\Downloads\registry-cleaner-setup.exe
2018-05-01 01:30 - 2018-05-01 01:30 - 000001416 _____ C:\Users\markw\Desktop\Auslogics Registry Cleaner.lnk
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-05-30 19:18 - 2017-12-15 22:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2018-05-30 19:17 - 2017-12-16 06:42 - 000000000 ____D C:\Users\markw\AppData\Local\ClassicShell
2018-05-30 19:16 - 2017-12-19 20:33 - 000000000 ____D C:\Users\markw\AppData\Local\Oculus
2018-05-30 19:16 - 2017-12-15 21:55 - 000000000 __SHD C:\Users\markw\IntelGraphicsProfiles
2018-05-30 19:16 - 2017-11-23 07:32 - 000000000 ____D C:\ProgramData\NVIDIA
2018-05-30 18:16 - 2017-12-15 23:36 - 002649390 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-05-30 18:14 - 2017-12-22 08:15 - 000000000 ____D C:\Users\markw\AppData\Local\CrashDumps
2018-05-30 18:12 - 2018-04-03 02:13 - 000000000 ____D C:\ProgramData\VMware
2018-05-30 18:11 - 2017-12-16 05:43 - 000000000 ____D C:\Users\markw\AppData\Local\Everything
2018-05-30 18:11 - 2017-12-16 05:20 - 000000000 ____D C:\Users\markw\AppData\Roaming\Everything
2018-05-30 18:11 - 2017-12-15 23:33 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-05-30 18:11 - 2017-09-29 01:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-05-30 17:02 - 2017-12-16 00:20 - 000000000 ____D C:\Users\markw\AppData\LocalLow\uTorrent
2018-05-30 17:02 - 2017-12-16 00:14 - 000000000 ____D C:\Users\markw\AppData\Roaming\uTorrent
2018-05-30 16:39 - 2017-12-16 04:20 - 000000000 ____D C:\Users\markw\AppData\Local\DBG
2018-05-30 16:35 - 2017-11-23 07:29 - 000000000 ____D C:\ProgramData\Package Cache
2018-05-30 16:08 - 2017-09-29 06:44 - 000000000 ____D C:\WINDOWS\INF
2018-05-30 16:07 - 2017-12-15 23:30 - 000000000 ____D C:\Users\markw
2018-05-30 16:07 - 2017-12-15 23:28 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-05-30 15:24 - 2017-12-15 23:28 - 005096056 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-05-30 15:23 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-05-30 15:22 - 2017-09-29 06:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-05-30 15:21 - 2017-12-16 04:32 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{648358B6-5AA7-40E8-9BA9-CEA6BFA537E2}
2018-05-26 15:19 - 2017-12-23 17:56 - 000000000 ____D C:\Users\markw\AppData\Roaming\vlc
2018-05-25 23:17 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\Registration
2018-05-25 07:07 - 2017-09-29 01:45 - 000008192 _____ C:\WINDOWS\system32\config\ELAM
2018-05-24 01:01 - 2018-02-09 02:55 - 000000000 ____D C:\ProgramData\boost_interprocess
2018-05-24 00:32 - 2017-12-16 00:58 - 000000000 ____D C:\ProgramData\Adobe
2018-05-19 11:09 - 2017-11-23 07:34 - 000000000 ____D C:\Program Files (x86)\McAfee
2018-05-19 06:24 - 2017-12-15 23:33 - 000003126 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2018-05-19 06:24 - 2017-11-23 07:34 - 000000000 ____D C:\Program Files\Common Files\mcafee
2018-05-19 06:23 - 2017-12-15 23:33 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2018-05-19 06:23 - 2017-09-29 06:46 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-05-18 20:53 - 2017-12-15 23:48 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-18 20:53 - 2017-12-15 23:48 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-18 18:58 - 2018-04-26 01:42 - 000000000 ____D C:\Program Files (x86)\Red Giant Link
2018-05-18 18:58 - 2017-12-15 21:55 - 000000000 ____D C:\Users\markw\AppData\Roaming\Adobe
2018-05-18 18:57 - 2018-04-26 01:42 - 000000000 ____D C:\Program Files\Red Giant
2018-05-18 18:57 - 2017-12-16 01:04 - 000000000 ____D C:\Program Files\Adobe
2018-05-18 14:19 - 2017-11-23 07:28 - 000000000 ____D C:\ProgramData\PCDr
2018-05-18 13:32 - 2017-12-16 00:58 - 000000000 ____D C:\Users\markw\AppData\Local\Adobe
2018-05-18 00:25 - 2017-12-16 06:19 - 000000016 _____ C:\Users\markw\AppData\Roaming\msregsvv.dll
2018-05-18 00:25 - 2017-12-16 06:19 - 000000016 _____ C:\ProgramData\autobk.inc
2018-05-18 00:24 - 2017-12-16 01:47 - 000000000 ____D C:\Users\markw\Documents\Adobe
2018-05-18 00:17 - 2017-12-16 01:04 - 000000000 ____D C:\Program Files\Common Files\Adobe
2018-05-18 00:04 - 2018-04-19 18:52 - 000000000 ____D C:\WINDOWS\system32\Drivers\etc\to change host
2018-05-17 23:58 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\rescache
2018-05-17 23:52 - 2017-09-29 06:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-05-17 23:51 - 2017-12-15 23:30 - 000000000 ____D C:\Users\markw\AppData\Local\Packages
2018-05-17 23:51 - 2017-11-23 07:28 - 000000000 ____D C:\Program Files\Dell
2018-05-17 23:50 - 2017-11-23 07:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2018-05-17 23:49 - 2017-11-23 07:38 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-05-17 23:46 - 2017-12-15 23:33 - 000003442 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)
2018-05-17 23:41 - 2017-12-15 23:48 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-11 19:49 - 2017-12-19 21:51 - 000000000 ____D C:\Users\markw\AppData\LocalLow\Unity
2018-05-11 19:39 - 2017-12-19 21:41 - 000000000 ____D C:\Users\markw\AppData\Local\UnrealEngine
2018-05-11 19:03 - 2017-12-19 20:38 - 000000000 ____D C:\Users\markw\AppData\Roaming\OculusClient
2018-05-11 19:01 - 2017-12-15 23:37 - 000000000 ___RD C:\Users\markw\3D Objects
2018-05-11 19:01 - 2017-11-23 07:35 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-05-09 13:23 - 2017-09-29 06:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2018-05-09 13:23 - 2017-09-29 06:46 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2018-05-09 13:23 - 2017-09-29 06:46 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-05-09 13:23 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-05-09 13:23 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-05-09 13:23 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-05-09 13:23 - 2017-09-29 01:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-05-09 13:23 - 2017-09-29 01:45 - 000000000 ____D C:\WINDOWS\servicing
2018-05-09 12:03 - 2017-12-16 02:17 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-05-09 11:59 - 2017-12-16 02:17 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-05-09 11:59 - 2017-12-16 02:17 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-05-09 11:55 - 2017-09-29 06:42 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2018-05-09 11:54 - 2017-09-29 06:41 - 000073112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-05-09 11:54 - 2017-09-29 06:41 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2018-05-09 11:54 - 2017-09-29 06:41 - 000020888 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2018-05-01 14:25 - 2017-09-29 06:49 - 000835064 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-05-01 14:25 - 2017-09-29 06:49 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-05-01 02:50 - 2018-04-17 18:07 - 000000000 ____D C:\Users\markw\Documents\ACID Music Studio 10.0 Projects
2018-05-01 01:46 - 2017-12-22 17:32 - 000000000 ____D C:\Program Files (x86)\Steam
2018-05-01 01:43 - 2017-09-29 06:46 - 000000000 __RSD C:\WINDOWS\media
2018-05-01 01:43 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\security
2018-05-01 01:43 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\Help
2018-04-30 23:28 - 2017-12-22 17:45 - 000000000 ____D C:\Users\markw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2018-04-30 23:18 - 2017-12-19 20:37 - 000000000 ____D C:\Users\markw\AppData\Roaming\Oculus
2018-04-30 22:33 - 2017-12-15 23:33 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2714088590-1301673537-3438479818-1001
2018-04-30 22:33 - 2017-12-15 21:57 - 000002369 _____ C:\Users\markw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-04-30 22:33 - 2017-12-15 21:57 - 000000000 ___RD C:\Users\markw\OneDrive
 
==================== Files in the root of some directories =======
 
2018-01-28 23:59 - 2018-01-28 23:59 - 000135723 _____ () C:\Users\markw\AppData\Roaming\BodyProfileImage.png
2017-12-16 06:19 - 2018-05-18 00:25 - 000000016 _____ () C:\Users\markw\AppData\Roaming\msregsvv.dll
2018-01-28 23:59 - 2018-01-28 23:59 - 000165758 _____ () C:\Users\markw\AppData\Roaming\ProfileImage.png
2017-12-15 23:45 - 2017-12-15 23:45 - 000000017 _____ () C:\Users\markw\AppData\Local\resmon.resmoncfg
2018-05-30 15:26 - 2018-05-30 15:26 - 000001381 _____ () C:\Users\markw\AppData\Local\Temp - Shortcut (2).lnk
2018-05-30 15:26 - 2018-05-30 15:26 - 000001381 _____ () C:\Users\markw\AppData\Local\Temp - Shortcut (3).lnk
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-05-29 19:08
 
==================== End of FRST.txt ============================
 
 
 
AND HERE IS THE SECOND LOG (ADDITION)
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by markw (30-05-2018 19:19:44)
Running from C:\Users\markw\Downloads
Windows 10 Home Version 1709 16299.431 (X64) (2017-12-16 06:34:20)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2714088590-1301673537-3438479818-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2714088590-1301673537-3438479818-503 - Limited - Disabled)
Guest (S-1-5-21-2714088590-1301673537-3438479818-501 - Limited - Disabled)
markw (S-1-5-21-2714088590-1301673537-3438479818-1001 - Administrator - Enabled) => C:\Users\markw
WDAGUtilityAccount (S-1-5-21-2714088590-1301673537-3438479818-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2714088590-1301673537-3438479818-1001\...\uTorrent) (Version: 3.5.0.44294 - BitTorrent Inc.)
4K Video Downloader 4.4 (HKLM-x32\...\{17CEAB50-0275-4D5E-9C11-CF2963C59FA1}) (Version: 4.4.6.2295 - Open Media LLC)
Ableton Live 9 Lite (HKLM\...\{82620B58-854D-4B82-9A69-1F8BE62F7B6B}) (Version: 9.0.0.0 - Ableton)
ACID Music Studio 10.0 (HKLM-x32\...\{BC20AFAE-667E-11E6-8CBA-BB95F5A309BD}) (Version: 10.0.134 - MAGIX)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.1 - Adobe Systems)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated)
AIR Music Tech Xpand2.v2.2.7 (HKLM-x32\...\AIR Music Tech Xpand2.v2.2.7) (Version: Xpand2.v2.2.7 - avid)
AmpliTube 3 version 3.9.0 (HKLM\...\{DA5202AC-12BF-4330-B8EA-BC77F991FA1C}_is1) (Version: 3.9.0 - IK Multimedia)
Any Video Converter 6.2.3 (HKLM-x32\...\Any Video Converter) (Version: 6.2.3 - Anvsoft)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.13 - Michael Tippach)
Auslogics BoostSpeed 10 (HKLM-x32\...\{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1) (Version: 10.0.9.0 - Auslogics Labs Pty Ltd)
Auslogics Registry Cleaner (HKLM-x32\...\{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1) (Version: 7.0.9.0 - Auslogics Labs Pty Ltd)
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BrLauncher (HKLM-x32\...\{C661197A-6B93-4E37-9E3F-2A1DFCD64234}) (Version: 1.1.15.0 - Brother Industries Ltd.) Hidden
BrLogRx (HKLM-x32\...\{B556F816-FF4D-4BB6-9339-ED28639E2EF3}) (Version: 1.0.2.1 - Brother Industries Ltd.) Hidden
Brother PCFax Driver (HKLM-x32\...\{56BA05BD-7A67-4EF8-85A7-8C6528AEE2AC}) (Version: 1.4.0.0 - Brother Industries Ltd.) Hidden
Brother Printer Driver (HKLM-x32\...\{0648F446-BAE9-402F-9BEC-8B333959D8FB}) (Version: 1.2.0.0 - Brother Industries Ltd.) Hidden
Brother Scanner Driver (HKLM-x32\...\{48F75879-6C29-4149-AFC4-B9F1CBA8528D}) (Version: 1.0.6.2 - Brother Industries Ltd.) Hidden
BrotherHelpInstaller (HKLM-x32\...\{4E461C2A-EC1C-46D1-AF5B-7FEFD0054AF8}) (Version: 1.0.0.0 - Brother) Hidden
BrSupportTools (HKLM-x32\...\{F8F9EB58-33BA-4FF8-80E7-66D87D2E0C3C}) (Version: 1.0.9.0 - Brother Industries Ltd.) Hidden
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC) (Version: 8.10.9.40 - Canon Inc.)
Classic Shell (HKLM\...\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 - IvoSoft)
ControlCenter4 (HKLM-x32\...\{9ADB625A-7F6D-4C48-9058-4767A55D5424}) (Version: 4.2.438.1 - Brother Insutries Ltd.) Hidden
ControlCenter4 CSDK (HKLM-x32\...\{1BAE50D4-5F2A-4E34-BD81-B4555109F7C2}) (Version: 4.2.3.1 - Brother Insutries Ltd.) Hidden
Core Temp 1.11 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.11 - ALCPU)
Cuphead.Deluxe.Edition.Repack version 1.0 (HKLM-x32\...\{E3F8A050-2758-492A-B14B-DD3DC0FFCBA5}}_is1) (Version: 1.0 - Ali213.net)
CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.2109.0 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.2109.0 - CyberLink Corp.)
Dell Digital Delivery (HKLM-x32\...\{1B706C33-57B3-411B-BB6E-C4A2CF38AF35}) (Version: 3.4.1002.0 - Dell Products, LP)
Dell Power Manager Service (HKLM\...\{18469ED8-8C36-4CF7-BD43-0FC9B1931AF8}) (Version: 3.0.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\{122666A9-2995-4E47-A75E-6423A827B7AF}) (Version: 2.2.0.253 - Dell Inc.)
Dell SupportAssist Remediation (HKLM\...\{2B2C47D2-F037-4C03-B599-07D7AFE8DD54}) (Version: 3.3.0.4943 - Dell Inc.) Hidden
Dell SupportAssist Remediation (HKLM-x32\...\{8ce1a5ae-856e-4b8e-a0e8-27dd7a209276}) (Version: 3.3.0.4943 - Dell Inc.)
Dell Update - SupportAssist Update Plugin (HKLM\...\{B16CC15E-08D8-4FA8-AE36-4DC5C197ED92}) (Version: 3.3.0.4941 - Dell Inc.) Hidden
Dell Update - SupportAssist Update Plugin (HKLM-x32\...\{74d58082-09be-4059-afb8-50334cde261d}) (Version: 3.3.0.4941 - Dell Inc.)
Dell Update (HKLM-x32\...\{D8AE5F9D-647C-49B4-A666-1C20B44EC0E1}) (Version: 2.1.3.0 - Dell Inc.)
DeviceDetect (HKLM-x32\...\{CEF07BDC-47F1-4477-8F3C-0E7132AF88C5}) (Version: 1.0.4.5 - Brother Industries Ltd.) Hidden
Drumagog 5 Retail (HKLM\...\Drumagog 5 Demo 64-Bit5.21b) (Version: 5.21b - WaveMachine Labs, Inc.)
Everything 1.4.1.877 (x64) (HKLM\...\Everything) (Version: 1.4.1.877 (x64) - David Carpenter)
Focusrite USB 2.0 Audio Driver 2.5.1 (HKLM\...\Focusrite USB 2.0 Audio Driver_is1) (Version: 2.5.1 - Focusrite Audio Engineering Limited.)
Focusrite USB 4.36.0.484 (HKLM\...\Focusrite USB_is1) (Version: 4.36.0.484 - Focusrite Audio Engineering Ltd.)
Goodix Fingerprint Driver (HKLM\...\{60FAB781-18F2-4D2B-A8E7-B3AADD327955}_is1) (Version: 1.0.33.300 - Goodix, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
HowToGuide (HKLM-x32\...\{36580EEB-4EDF-4880-BBD4-097E2C645ECD}) (Version: 1.0.1.0 - Brother Industries Ltd.) Hidden
Ignite (HKLM-x32\...\{9A731246-E02E-44DC-940D-0F8110C1789D}) (Version: 1.3.1 - AIR Music Technology)
Ignite (HKLM-x32\...\{9C3723A2-E8F3-4F55-8655-8176E50E2D19}) (Version: 1.3.1 - AIR Music Technology) Hidden
IK Multimedia Authorization Manager version 1.0.8 (HKLM\...\{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1) (Version: 1.0.8 - IK Multimedia)
Intel® Chipset Device Software (HKLM-x32\...\{17408817-d415-4768-a160-ae6d46d6bdb0}) (Version: 10.1.1.44 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.3.10203.4295 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1028 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4836 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.7.0.1014 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{559FA847-377D-4926-80A3-ED9E014D363A}) (Version: 19.60.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{0e6a18a2-ea36-4041-9f69-0b2cc3f04f88}) (Version: 20.10.1 - Intel Corporation)
Kits Configuration Installer (HKLM-x32\...\{6F502640-B753-C101-FFA5-B38C3FA5B29A}) (Version: 10.1.17134.12 - Microsoft) Hidden
Macrium Reflect Free Edition (HKLM\...\{365E7C01-6CD6-4BB6-BD91-B7CFB131EAB3}) (Version: 7.1.2885 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 7.1 - Paramount Software (UK) Ltd.)
Malwarebytes version 3.0.4.1269 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.4.1269 - Malwarebytes)
ManyCam 4.1.0 (HKLM-x32\...\ManyCam) (Version: 4.1.0 - Visicom Media Inc.)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.9233.1 - Waves Audio Ltd.) Hidden
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 16.0 R11 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.148 - McAfee, Inc.)
MediaPlayerLite 0.5.4.0 (HKLM-x32\...\MediaPlayerLite) (Version: 0.5.4.0 - MediaPlayerLite)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.9226.2156 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2714088590-1301673537-3438479818-1001\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Mozilla Firefox 59.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.2 (x64 en-US)) (Version: 59.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.2 - Mozilla)
Nero 12 (HKLM-x32\...\{560FC78C-A4B2-461D-9B47-820C1EEF87B8}) (Version: 12.0.02000 - Nero AG)
NetworkRepairTool (HKLM-x32\...\{4694AD3E-D4A2-4D98-9848-662A0475E872}) (Version: 1.2.11.0 - Brother Insutries Ltd.) Hidden
NewBlue Video Essentials for PowerDirector (HKLM\...\NewBlue Video Essentials for Cyberlink) (Version: 3.0 - NewBlue)
NVIDIA 3D Vision Driver 388.16 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.16 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.10.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.10.0.95 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.16 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.16 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.27 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 20.1.3 - OBS Project)
Oculus (HKLM\...\Oculus) (Version: <3 - Oculus VR, LLC)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9226.2156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9226.2156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9226.2156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9226.2156 - Microsoft Corporation) Hidden
Opera Stable 53.0.2907.68 (HKLM-x32\...\Opera 53.0.2907.68) (Version: 53.0.2907.68 - Opera Software)
PACE License Support Win64 (HKLM\...\{83E92696-D92D-4c7e-B094-0BE853B191FE}) (Version: 2.5.2.1034 - PACE Anti-Piracy, Inc.) Hidden
PACE License Support Win64 (HKLM-x32\...\InstallShield_{83E92696-D92D-4c7e-B094-0BE853B191FE}) (Version: 2.5.2.1034 - PACE Anti-Piracy, Inc.)
Paragon Hard Disk Manager™ 15 Suite (HKLM\...\{29258311-EA49-11DE-967C-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PC-FAXReceive (HKLM-x32\...\{DD40894F-7575-4905-90AB-695FD827E358}) (Version: 1.4.24.0 - Brother Insutries Ltd.) Hidden
PCFaxTx (HKLM-x32\...\{63530B2D-3A34-4D79-A52D-F3EB5D99A7C1}) (Version: 1.1.1.1 - Brother Industries Ltd.) Hidden
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.5 - Power Software Ltd)
ProxyGate version 3.0.0.1180 (HKLM-x32\...\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1) (Version: 3.0.0.1180 - Gold Click Ltd) <==== ATTENTION
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 8.4.17.561 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.21.18.115 - Razer Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.15063.31236 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8166 - Realtek Semiconductor Corp.)
Red Giant Link (HKLM-x32\...\{10F82E5B-B611-4C65-8F29-666A9EC5680A}_is1) (Version: 1.9.8.1 - Red Giant, LLC)
RemoteSetup (HKLM-x32\...\{B6CE4633-EA3F-4856-9BCC-9B8702E076FE}) (Version: 3.8.0.2 - Brother Industries Ltd.) Hidden
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
ScannerUtilityInstaller (HKLM-x32\...\{5B645FE2-19E9-4B15-B5B2-3D8766F6FA27}) (Version: 1.0.0.0 - Brother) Hidden
Scarlett MixControl 1.8 (HKLM-x32\...\Saffire USB 26_is1) (Version: 1.8 - Focusrite Audio Engineering Limited)
SDK Debuggers (HKLM-x32\...\{8238CD59-617A-FE41-8AB4-A88AF3160849}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
Shooter Suite v13.0.4 (HKLM-x32\...\{7DFC5E36-8CC9-4EC5-9C24-A3770A669E3F}_is1) (Version: 13.0.4 - Red Giant, LLC)
SmartByte (HKLM\...\{6B8F24C5-68BD-4169-94A4-133AF60A5606}) (Version: 1.1.511 - Rivet Networks)
SmartByte Drivers and Services (HKLM\...\{EC62F71A-6CFA-4918-9EBC-99BFF86DB3C9}) (Version: 1.2.600 - Rivet Networks)
StatusMonitor (HKLM-x32\...\{86D16055-3C14-44C6-BCD7-5514B83BAD34}) (Version: 1.12.4.0 - Brother Insutries Ltd.) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Street Fighter 30th Anniversary Collection (HKLM\...\SKIDROW - Street Fighter 30th Anniversary Collection) (Version:  - SKIDROW)
Thunderbolt™ Software (HKLM-x32\...\{87A31923-8F18-4943-8093-17DBEE0101B7}) (Version: 16.3.61.275 - Intel Corporation)
Twitch (HKU\S-1-5-21-2714088590-1301673537-3438479818-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.)
Universe (HKLM\...\Universe_is1) (Version: 1.2.0 CE - Red Giant, LLC)
Uplay (HKLM-x32\...\Uplay) (Version: 54.0 - Ubisoft)
UsbRepairTool (HKLM-x32\...\{523276A4-5779-4105-9163-CA1CF94EC533}) (Version: 1.4.0.0 - Brother Insutries Ltd.) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN)
VMware Workstation (HKLM\...\{E374BA09-9CD0-4F58-90EE-F8C1488BC81E}) (Version: 14.0.0 - VMware, Inc.)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - Intel Corporation Inc.) Hidden
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1-2) (Version: 1.0.54.1 - Intel Corporation Inc.)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-3) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
WaveMachine Labs Drumagog Platinum v5.11 (HKLM-x32\...\WaveMachine Labs Drumagog Platinum_is1) (Version:  - )
WinDirStat 1.1.2 (HKU\S-1-5-21-2714088590-1301673537-3438479818-1001\...\WinDirStat) (Version:  - )
Windows Driver Package - Focusrite USB 2.0 Audio Driver (03/17/2014 2.5.128.1) (HKLM\...\D86E353566ECB4A7ADA159C02FE46D0BACC4FA6B) (Version: 03/17/2014 2.5.128.1 - Focusrite)
Windows Driver Package - Focusrite USB 2.0 Audio Driver (09/25/2013 2.5.128.1) (HKLM\...\CF1FC201D237269A9CD51A3A6B14ADBF67175C32) (Version: 09/25/2013 2.5.128.1 - Focusrite)
Windows Software Development Kit - Windows 10.0.17134.12 (HKLM-x32\...\{5f83ccda-0498-4b97-a298-16a642bf49f2}) (Version: 10.1.17134.12 - Microsoft Corporation)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
Xpand!2 (HKLM-x32\...\{dadbcc76-2a7e-4f53-a77a-3868c51bdd80}) (Version: 2.2.7.19000 - AIR Music Tech GmbH)
Xpand!2 Content (HKLM-x32\...\{AEB475C2-FC86-4082-87D7-352DFB075B2C}) (Version: 2.2.7.19000 - AIR Music Tech GmbH) Hidden
Xpand!2 Factory Content (HKLM-x32\...\{C1149DC5-F5B9-455E-B6B3-B81D9B5C80A0}) (Version: 2.2.7.19000 - AIR Music Tech GmbH) Hidden
Xpand!2 VST32 (HKLM-x32\...\{87716891-1EC0-46CC-8821-5A4DC75EEFD7}) (Version: 2.2.7.19000 - AIR Music Tech GmbH) Hidden
Xpand!2 VST64 (HKLM\...\{B9802F00-659C-4C21-9BA5-0958BAC6EFEF}) (Version: 2.2.7.19000 - AIR Music Tech GmbH) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2714088590-1301673537-3438479818-1001_Classes\CLSID\{a9872fee-5a55-4ecb-9b0f-b06fedcf14d1}\localserver32 -> C:\Program Files\Waves\MaxxAudio\MaxxAudioPro.exe (Waves Audio Ltd)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2011-09-05] (Adobe Systems Inc.)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2018-04-11] (McAfee, Inc.)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-02-10] (Power Software Ltd)
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2017-10-01] (Paramount Software UK Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-03-02] ()
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2011-03-02] ()
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2017-10-01] (Paramount Software UK Ltd)
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => D:\vmware\vmdkShellExt.dll [2017-09-18] (VMware, Inc.)
ContextMenuHandlers2-x32: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => D:\vmware\x64\vmdkShellExt64.dll [2017-09-18] (VMware, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2016-11-29] (Malwarebytes)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-02-10] (Power Software Ltd)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-03-02] ()
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2011-03-02] ()
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki125173.inf_amd64_6f141e257f4fffee\igfxDTCM.dll [2017-11-07] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-30] (NVIDIA Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2011-09-05] (Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2016-11-29] (Malwarebytes)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2018-04-11] (McAfee, Inc.)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-02-10] (Power Software Ltd)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\system32\StartMenuHelper64.dll [2017-08-13] (IvoSoft)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-03-02] ()
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2011-03-02] ()
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {01C3ED1D-FA46-4017-A3DD-E97088CA313C} - System32\Tasks\Update\archicom => cmd /c type "C:\Users\markw\AppData\Local\Temp\archicom.txt" | cmd <==== ATTENTION
Task: {05C0CD2A-630F-40FA-937A-78E2AE764635} - System32\Tasks\Update\udate => cmd /c type "C:\Users\markw\AppData\Local\Temp\udate.txt" | cmd <==== ATTENTION
Task: {070BD228-C973-408E-A392-FE9DDC5B34C1} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-10] (NVIDIA Corporation)
Task: {0d214996-b88c-4f05-8997-220915ac2904} - no filepath
Task: {0f45f50d-f550-4a5e-8cb7-477a5c5c3396} - no filepath
Task: {125DF3AE-A703-471D-A138-D52908FEFA30} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe [2018-05-04] (Microsoft Corporation)
Task: {15B9DEAC-993F-4C22-ADF8-9A918ECB9E08} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\mcafee\platform\McUICnt.exe [2018-02-28] (McAfee, Inc.)
Task: {18DA945A-49F1-4097-B706-6E8DFD49C2A8} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2018-03-13] (McAfee, Inc.)
Task: {1B7E4961-1E79-4B39-97D0-4999FFEDF7C9} - System32\Tasks\Red Giant Link => C:\Program Files\Red Giant Link\Red Giant Link.exe
Task: {397F3CDC-AE9F-40D7-939D-432D26B3A579} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-05-12] (Microsoft Corporation)
Task: {3D867F9D-E9B1-4E3D-8857-371C07164A5E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-15] (Google Inc.)
Task: {42523A53-C133-4AE8-B524-3FC981721DED} - System32\Tasks\SmartByte Telemetry => C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe [2018-03-20] (DELL)
Task: {4F2994DA-FE77-418D-A69B-2CD2DE79128A} - System32\Tasks\Cyberlink Plus => C:\Program Files (x86)\Cyberlink Update\Cyberlink Plus.exe
Task: {59C1ADEA-DE88-4A48-8D75-65BDD3DD72A6} - System32\Tasks\Auslogics\BoostSpeed\Scan and Repair => rundll32.exe TaskSchedulerHelper.dll,RunTask "Main.exe" "/UseTray /Schedule"
Task: {63DEA1DC-5E46-4164-841D-90306144C0B1} - System32\Tasks\Core Temp Autostart markw => C:\Program Files\Core Temp\Core Temp.exe [2017-11-04] (ALCPU)
Task: {65FD847B-A37C-4940-A74B-A1566084A0FA} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {69B7DC85-092F-4820-AE26-349772166FFB} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => tbtsvc.exe
Task: {6B9B40EB-7AAD-4CA7-AE7F-326C7E89993A} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-10-10] (NVIDIA Corporation)
Task: {74A39AF9-5E6B-4BA6-B4E5-F466D3DBAF8D} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => ConditionalAppStarter.exe
Task: {7729AA21-F62F-4D6E-A55E-85CEA1C1B84F} - \smss-DoOoM.vbe -> No File <==== ATTENTION
Task: {78BEDA89-3409-407A-B10D-3EA93599FECC} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe [2018-03-27] (McAfee, Inc.)
Task: {7CE14AFB-B319-4557-A0AF-E31F6CDD3C34} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [2018-05-11] (Dell Inc.)
Task: {7D543702-5402-4545-934F-A15E946528D6} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => ConditionalAppStarter.exe
Task: {84BCAD73-EB40-4BB6-82D8-1F9771227637} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-05-17] (Microsoft Corporation)
Task: {87A12E00-1036-4CD3-84C0-369A60AB817C} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-10] (NVIDIA Corporation)
Task: {89496285-7377-4F1F-89FA-70A9F113CFAE} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-10-10] (NVIDIA Corporation)
Task: {91D71EE0-AA33-46A1-B3A0-8095C1C88AFE} - System32\Tasks\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.5.243\mcdatrep.exe [2018-01-12] (McAfee, LLC.)
Task: {9875BDB8-7CB1-4A06-89B3-E22F29D3346A} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-10-10] (NVIDIA Corporation)
Task: {9AA60203-BF4C-4551-86BD-A7D93B807F52} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on switch user if service is up => ConditionalAppStarter.exe
Task: {A126F29C-4DFF-4C8B-AF97-E2D5D5100941} - System32\Tasks\Update\AirBundle => cmd /c type "C:\Users\markw\AppData\Local\Temp\AirBundle.txt" | cmd <==== ATTENTION
Task: {A5D039AE-98EB-4D54-8E43-DEAB9161C365} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => sc.exe start ThunderboltService
Task: {A942D533-E5DC-4ACF-A3C7-3A36599495D9} - System32\Tasks\Opera scheduled Autoupdate 1527725030 => C:\Program Files\Opera\launcher.exe [2018-05-22] (Opera Software)
Task: {AD39EDFB-EC2A-4195-8F36-8E95B2EAFB9B} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-05-12] (Microsoft Corporation)
Task: {AF8C8AB3-3682-4453-AA78-99BC7E45FF02} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-15] (Google Inc.)
Task: {b6dfa16e-b559-4b7d-b269-6272fccdb14f} - no filepath
Task: {cb306783-0f44-403a-8a6f-0b25b518d985} - no filepath
Task: {CD381A9C-7798-417F-9242-3913A1F39220} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-10] (NVIDIA Corporation)
Task: {D0151932-72E9-486C-B95B-226EF18DA689} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {D10E5B5A-E24F-4EE6-9F50-ADBF13319065} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-05-17] (Microsoft Corporation)
Task: {D3CB2987-EC33-4EF7-B8E2-B8F19F6DE679} - System32\Tasks\WindowsMediaSharing => C:\windows\wndsvr.exe
Task: {d628b78e-9a56-4eba-9d97-ab76f377513a} - no filepath
Task: {DD2B3BB7-E095-45F2-8BF8-2E0C2C4FB880} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2017-02-24] (Intel® Corporation)
Task: {E2099128-0941-4A53-BB83-F6CF4F7E66A2} - System32\Tasks\Cyberlink Respawner => C:\Program Files (x86)\Cyberlink Update\Cyberlink Plus.exe
Task: {E4BDCEED-CE7F-4F78-84E8-467205C34F7A} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-10] (NVIDIA Corporation)
Task: {F341F4F1-6405-452E-9C4D-08D583AFB55C} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-10-10] (NVIDIA Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
WMI_ActiveScriptEventConsumer_DellCommandPowerManagerAlertEventConsumer: 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-11-23 07:30 - 2017-11-23 07:30 - 000237600 _____ () C:\Windows\System32\drivers\UMDF\milanFusb.dll
2017-11-23 07:32 - 2017-10-10 18:05 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-04-27 13:47 - 2012-08-08 21:36 - 000390672 _____ () C:\Program Files\Cyberlink\Shared files\RichVideo64.exe
2017-07-19 16:09 - 2017-07-19 16:09 - 000189264 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2016-06-23 15:07 - 2016-06-23 15:07 - 000186904 _____ () C:\Program Files (x86)\Razer\Razer_Ripsaw_Driver\RipsawUSBPortChecker.exe
2018-02-02 14:06 - 2005-04-22 14:36 - 000143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll
2017-09-18 06:33 - 2017-09-18 06:33 - 014344168 _____ () D:\vmware\vmware-hostd.exe
2018-04-06 04:05 - 2018-04-06 04:05 - 000896136 _____ () C:\Program Files\Common Files\McAfee\CSP\2.9.175.0\McCSPMsgBusDLL.dll
2018-05-17 23:51 - 2018-05-17 23:51 - 002587976 _____ () C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1111\libprotobuf.dll
2017-09-29 06:41 - 2017-09-29 06:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-11-23 07:32 - 2017-10-30 13:24 - 000133752 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2018-05-18 00:41 - 2018-05-18 00:41 - 000349112 _____ () D:\Oculus\Support\oculus-runtime\OVRRedir.exe
2017-12-16 00:39 - 2011-03-02 13:40 - 000164864 _____ () C:\Program Files\WinRAR\rarext.dll
2018-03-22 00:12 - 2018-02-21 17:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-22 00:12 - 2018-02-21 17:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-05-17 23:41 - 2018-05-14 20:13 - 004443992 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181\libglesv2.dll
2018-05-17 23:41 - 2018-05-14 20:13 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181\libegl.dll
2018-05-18 22:43 - 2018-05-18 22:43 - 000062464 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.10.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
2018-05-18 22:43 - 2018-05-18 22:43 - 000084992 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.10.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2017-09-18 06:24 - 2017-09-18 06:24 - 000084456 _____ () D:\vmware\zlib1.dll
2017-09-18 06:33 - 2017-09-18 06:33 - 000126952 _____ () D:\vmware\expat.dll
2017-09-22 16:28 - 2017-09-22 16:28 - 000140664 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2018-03-27 13:41 - 2018-03-27 13:41 - 000134616 _____ () C:\Program Files (x86)\Dell Update\ServiceTagPlusPlus.dll
2017-06-06 01:23 - 2017-06-06 01:23 - 001244304 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2017-11-23 07:32 - 2017-10-10 18:05 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-11-23 07:32 - 2017-10-10 18:05 - 070805952 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2017-09-18 06:16 - 2017-09-18 06:16 - 000360424 _____ () D:\vmware\pcre.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\markw\AppData\Local\HzPdPr70:NnLM7N2sQaHlZoKExakZ0 [1982]
AlternateDataStreams: C:\Users\markw\AppData\Local\Temp:svNUXmIdUYxxBsbddC [1950]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2018-05-18 00:06 - 2018-05-18 00:28 - 000007580 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 192.150.14.69
127.0.0.1 192.150.18.101
127.0.0.1 192.150.18.108
127.0.0.1 192.150.22.40
127.0.0.1 192.150.8.100
127.0.0.1 192.150.8.118
127.0.0.1 199.7.52.190
127.0.0.1 199.7.52.190:80
127.0.0.1 199.7.54.72
127.0.0.1 199.7.54.72:80
127.0.0.1 209-34-83-73.ood.opsource.net
127.0.0.1 209.34.83.67
127.0.0.1 209.34.83.67:43
127.0.0.1 209.34.83.67:443
127.0.0.1 209.34.83.73
127.0.0.1 209.34.83.73:43
127.0.0.1 209.34.83.73:443
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 3dns-5.adobe.com
127.0.0.1 3dns.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sea.adobe.de
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 activate-sjc0.adobe.de
127.0.0.1 activate.adobe.com
127.0.0.1 activate.adobe.de
127.0.0.1 activate.wip.adobe.com
 
There are 168 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2714088590-1301673537-3438479818-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\markw\Downloads\cammy background.jpg
DNS Servers: 192.168.1.101
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BrYNSvc => 3
MSCONFIG\Services: Everything => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MacriumService => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: McAfee SiteAdvisor Service => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SwitchBoard => 3
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Reflect UI"
HKLM\...\StartupApproved\Run: => "XboxStat"
HKLM\...\StartupApproved\Run: => "smss-DoOoMs"
HKLM\...\StartupApproved\Run: => "smss-DoOoM"
HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "BrHelp"
HKLM\...\StartupApproved\Run32: => "BrStsMon00"
HKLM\...\StartupApproved\Run32: => "ControlCenter4"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE"
HKLM\...\StartupApproved\Run32: => "smss-DoOoMs"
HKLM\...\StartupApproved\Run32: => "smss-DoOoM"
HKU\S-1-5-21-2714088590-1301673537-3438479818-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2714088590-1301673537-3438479818-1001\...\StartupApproved\Run: => "Skype"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{7385071C-C573-472B-8E47-0AFA62329580}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{F5ABBE25-25A2-49B3-9145-9B057F47B571}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{59B1A00B-4B39-4F09-8CF8-F68E9EAD97FC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A500D61F-70EA-4523-9EDC-E16AB8EE43EF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{CF012326-ABFC-4F19-814C-660FE7024511}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{069870AF-46B3-49B3-BD4A-9C558FAAF304}] => (Allow) C:\Users\markw\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E80FFE02-1611-4BB1-ABD9-12E5ED4B216C}] => (Allow) C:\Users\markw\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CA066496-4A83-4826-913A-FD9D4F5FAC83}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{0C960168-76B1-4991-96FC-23612DCF16BB}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{07322221-31CA-4CBF-8EB1-4DC358E42912}] => (Allow) LPort=7935
FirewallRules: [{38496DD4-ECAF-4086-9AB4-AA73C712E6E5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1E3E5239-72F2-47BB-AAAE-DC73EE7F06B4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7E378D46-1A8B-4214-802D-0C79AB30ACCD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C8FE8DE4-4088-4C30-ADA2-5BFF4E98E051}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6996D102-5BE3-4393-B87D-90FFB3A46801}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{9B61F6BD-7DD8-44DB-8635-499D3BB0EC2C}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
FirewallRules: [{115276E8-17AB-4206-83BE-1FF05DB4EB7E}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
FirewallRules: [{65D66399-C279-480C-B5F0-B3369E3D2BFC}] => (Allow) D:\Oculus Apps\Software\sanzaru-games-inc-recoil\RipcoilVRPackage\RipcoilVRClient\RipcoilVR.exe
FirewallRules: [{52A6BDC4-329E-408E-A611-188110BC5847}] => (Allow) D:\Oculus Apps\Software\sanzaru-games-inc-recoil\RipcoilVRPackage\RipcoilVRClient\RipcoilVR.exe
FirewallRules: [{80945BAE-DA8F-4B79-9D46-095CC5FCDD2C}] => (Allow) D:\Oculus Apps\Software\sanzaru-games-inc-recoil\RipcoilVRPackage\RipcoilVRClient\RipcoilVR\Binaries\Win64\RipcoilVR-Win64-Shipping.exe
FirewallRules: [{81CF6D2F-3416-4B65-B0F6-57FAB0A9A6A4}] => (Allow) D:\Oculus Apps\Software\sanzaru-games-inc-recoil\RipcoilVRPackage\RipcoilVRClient\RipcoilVR\Binaries\Win64\RipcoilVR-Win64-Shipping.exe
FirewallRules: [{A35EE575-FBAC-44FB-9E47-A8FA19E2D9D6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1B59AC5C-47E4-4397-AFA0-7984CC627010}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{968937F2-A9CE-44E2-8D1A-BCBF846E0ABA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{2E6BBE90-34C0-4BD9-8A45-20DCC368C837}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{CAD1AE8B-6BDA-4AA8-AFA0-53B083C642B4}] => (Allow) D:\SteamLibrary\steamapps\common\StreetFighterV\StreetFighterV.exe
FirewallRules: [{9E17671E-929F-48EA-A643-3B71F166B18F}] => (Allow) D:\SteamLibrary\steamapps\common\StreetFighterV\StreetFighterV.exe
FirewallRules: [{19740BC0-0812-4E62-B8D9-1D9C59F5F2DE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{067A22CD-CFD1-4DFD-8648-1D24BACF4680}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{B2A0F3F4-675A-4775-B5C4-1FC6BF6CDE41}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\bin\win32\vrstartup.exe
FirewallRules: [{763360ED-AF6B-435D-96DF-4B81F6013CE7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\bin\win32\vrstartup.exe
FirewallRules: [{0E4B7759-0A38-4CA3-A58A-7AD155B95E57}] => (Allow) D:\SteamLibrary\steamapps\common\BlazBlue Calamity Trigger\BBCT.exe
FirewallRules: [{849CC852-3E1E-4AF6-83E6-DAB1BD4F547B}] => (Allow) D:\SteamLibrary\steamapps\common\BlazBlue Calamity Trigger\BBCT.exe
FirewallRules: [{95F529AA-2C42-42F3-A1E6-7D323B1102B9}] => (Allow) D:\SteamLibrary\steamapps\common\Guilty Gear XX Accent Core Plus R\GGXXACPR_Win.exe
FirewallRules: [{62E66DBE-DD4D-4235-8D1A-61647FA3645C}] => (Allow) D:\SteamLibrary\steamapps\common\Guilty Gear XX Accent Core Plus R\GGXXACPR_Win.exe
FirewallRules: [{82B9C197-1FAB-4BD1-BFA6-3410E775803D}] => (Allow) D:\SteamLibrary\steamapps\common\Castlevania Lords of Shadow - Mirror of Fate HD\CMOF.exe
FirewallRules: [{FBADE344-60A4-46F6-831D-65AFBC7E682C}] => (Allow) D:\SteamLibrary\steamapps\common\Castlevania Lords of Shadow - Mirror of Fate HD\CMOF.exe
FirewallRules: [{639CA6FB-CC3F-4263-AA75-2F8DBFC1593F}] => (Allow) D:\SteamLibrary\steamapps\common\Skullgirls\SkullGirls.exe
FirewallRules: [{BDA5B914-C6D9-48BE-8CB5-D23798D3C140}] => (Allow) D:\SteamLibrary\steamapps\common\Skullgirls\SkullGirls.exe
FirewallRules: [{0DAF0664-6005-4313-9D9C-1B4C2623D04D}] => (Allow) D:\SteamLibrary\steamapps\common\FrightShow Fighter\FrightShowFighter.exe
FirewallRules: [{54ADFB16-4897-4B42-BA31-02ABD7D5D073}] => (Allow) D:\SteamLibrary\steamapps\common\FrightShow Fighter\FrightShowFighter.exe
FirewallRules: [{8AE5A23B-D3B6-4365-9BEB-9D63F3556352}] => (Allow) D:\SteamLibrary\steamapps\common\StickFightTheGame\StickFight.exe
FirewallRules: [{32FC899C-C617-4724-9B39-52838E047852}] => (Allow) D:\SteamLibrary\steamapps\common\StickFightTheGame\StickFight.exe
FirewallRules: [{AB1792CB-ED65-46BC-B826-907587478D55}] => (Allow) D:\SteamLibrary\steamapps\common\Deep Space Waifu\Deep Space Waifu.exe
FirewallRules: [{829A3A8A-DBAB-4C75-AC48-53256A8AF0D2}] => (Allow) D:\SteamLibrary\steamapps\common\Deep Space Waifu\Deep Space Waifu.exe
FirewallRules: [{4284A872-3D30-4E43-9F12-63C52936F9C5}] => (Allow) D:\SteamLibrary\steamapps\common\NiGHTS Into Dreams\Launcher.exe
FirewallRules: [{567727A5-C3D4-4A80-A399-42282662AB3D}] => (Allow) D:\SteamLibrary\steamapps\common\NiGHTS Into Dreams\Launcher.exe
FirewallRules: [{4A4757DF-CF9C-40C8-9C54-48CBF136C5EB}] => (Allow) D:\SteamLibrary\steamapps\common\Skullgirls Beta\SkullGirls.exe
FirewallRules: [{8BA368AA-536C-49EA-A85A-AA289F5E677A}] => (Allow) D:\SteamLibrary\steamapps\common\Skullgirls Beta\SkullGirls.exe
FirewallRules: [{18803518-5B38-4AE4-AD89-1EB068887FA1}] => (Allow) D:\Oculus Apps\Software\bandai-namco-entertainment-project-cars\AwesomiumProcess.exe
FirewallRules: [{228F72DF-464B-4710-8AE2-B63C88D9D899}] => (Allow) D:\Oculus Apps\Software\bandai-namco-entertainment-project-cars\AwesomiumProcess.exe
FirewallRules: [{0DD02FB9-21C2-43E3-85CA-0369FCFAF269}] => (Allow) D:\Oculus Apps\Software\bandai-namco-entertainment-project-cars\NVShaderPerf.exe
FirewallRules: [{EC8E3DA1-9CD4-4224-B453-5F723C241D40}] => (Allow) D:\Oculus Apps\Software\bandai-namco-entertainment-project-cars\NVShaderPerf.exe
FirewallRules: [{192EA698-91CC-4861-B086-B7C20408EB89}] => (Allow) D:\Oculus Apps\Software\bandai-namco-entertainment-project-cars\pCARSOculus64.exe
FirewallRules: [{7A1C16CE-976C-49A0-AB48-E617DD5A845B}] => (Allow) D:\Oculus Apps\Software\bandai-namco-entertainment-project-cars\pCARSOculus64.exe
FirewallRules: [{BB2F712A-74EE-4B37-9159-3EA37F1A4C8B}] => (Allow) D:\Oculus Apps\Software\bandai-namco-entertainment-project-cars\Tools\TweakIt\TweakIt.exe
FirewallRules: [{D089D1AB-5D12-4B8E-97BF-DC614A826600}] => (Allow) D:\Oculus Apps\Software\bandai-namco-entertainment-project-cars\Tools\TweakIt\TweakIt.exe
FirewallRules: [{05928191-F03E-4838-9156-3CA4B9595382}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{655D804B-E698-4642-991A-B3662EA72BD3}] => (Allow) LPort=54925
FirewallRules: [{6D9D3393-599B-497C-9EC7-67C14E2A6229}] => (Allow) c:\program files (x86)\pc-faxreceive\brengineprocess.exe
FirewallRules: [{C2D93FC6-9FCD-424E-A97F-9541F00E3478}] => (Allow) c:\program files (x86)\pc-faxreceive\brengineprocess.exe
FirewallRules: [{0CFB9A49-BCBF-457A-8DEB-5E5E43E63DDC}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{A7D68D40-81DD-4AB3-9438-BE60F5B058A9}] => (Allow) D:\Oculus\Support\oculus-runtime\OVRRedir.exe
FirewallRules: [{C71C4B05-CA8C-4849-B77E-801A5F1E1E9D}] => (Allow) D:\Oculus\Support\oculus-runtime\OVRRedir.exe
FirewallRules: [{9182C421-393D-4166-931B-D3A3D777844F}] => (Allow) D:\Oculus\Support\oculus-runtime\OVRServiceLauncher.exe
FirewallRules: [{F4BF71EA-1093-4A19-8A0B-4D17A75F1394}] => (Allow) D:\Oculus\Support\oculus-runtime\OVRServiceLauncher.exe
FirewallRules: [{515C551F-928E-43A4-B15F-8DEA5724A726}] => (Allow) D:\Oculus\Support\oculus-runtime\OVRServer_x64.exe
FirewallRules: [{A6B2F573-34F2-4C6E-86EF-7F54D7DCF91A}] => (Allow) D:\Oculus\Support\oculus-runtime\OVRServer_x64.exe
FirewallRules: [{AE2F016B-A73E-4CE9-9710-4616FCCFDB31}] => (Allow) D:\Oculus\Support\oculus-home\OculusVR.exe
FirewallRules: [{94045FF4-0B78-4CD6-8B6B-46BA6A346FAA}] => (Allow) D:\Oculus\Support\oculus-home\OculusVR.exe
FirewallRules: [{8A7DEE67-7E8C-48BA-9F65-B0F9E5110DC2}] => (Allow) D:\Oculus\Support\oculus-client\OculusClient.exe
FirewallRules: [{D3A9A67A-5214-45F6-A78B-1FA1C7B6009D}] => (Allow) D:\Oculus\Support\oculus-client\OculusClient.exe
FirewallRules: [{7F9D88D6-E956-4DD8-BC00-FA56DBBFB98D}] => (Allow) D:\Oculus\Support\oculus-dash\bin\OculusDash.exe
FirewallRules: [{A60CB8E4-F0F7-47E2-9D5C-C4B13AA682B4}] => (Allow) D:\Oculus\Support\oculus-dash\bin\OculusDash.exe
FirewallRules: [{E920DFD8-0D21-4039-A0C2-CE90B73B723D}] => (Allow) D:\Oculus\Support\oculus-worlds\Home2.exe
FirewallRules: [{6C9F0488-BC7E-46B7-9B11-F824E18D25F9}] => (Allow) D:\Oculus\Support\oculus-worlds\Home2.exe
FirewallRules: [{6FF01B15-3090-4291-AC37-D5DE03DB743B}] => (Allow) D:\Oculus\Support\oculus-worlds\Home2\Binaries\Win64\Home2-Win64-Shipping.exe
FirewallRules: [{92904AE3-5DBF-4E71-A904-064CF51AF66F}] => (Allow) D:\Oculus\Support\oculus-worlds\Home2\Binaries\Win64\Home2-Win64-Shipping.exe
FirewallRules: [{2A31BEAA-48A5-45EB-9862-58FC51E6A041}] => (Allow) D:\Oculus\Software\Software\ready-at-dawn-echo-arena\bin\win7\EchoArena.exe
FirewallRules: [{59FCE7FD-0F9A-4A5A-B4F6-39882F85E83D}] => (Allow) D:\Oculus\Software\Software\ready-at-dawn-echo-arena\bin\win7\EchoArena.exe
FirewallRules: [{5095080C-621F-45FE-AFAA-736C964807FF}] => (Allow) D:\Oculus\Software\Software\ready-at-dawn-echo-arena\bin\win7\BsSndRpt64.exe
FirewallRules: [{98A282DF-F0AD-40DF-9549-B692B51DE476}] => (Allow) D:\Oculus\Software\Software\ready-at-dawn-echo-arena\bin\win7\BsSndRpt64.exe
FirewallRules: [{F975A82F-5472-459B-BF40-6EA18D00F3CE}] => (Allow) D:\Oculus\Software\Software\playful-luckys-tale\LT.exe
FirewallRules: [{390A92AD-26B4-400A-BC91-E2AFB14DA2FA}] => (Allow) D:\Oculus\Software\Software\playful-luckys-tale\LT.exe
FirewallRules: [{A9548866-1EBA-4E20-8BA7-CD30537F8B1F}] => (Allow) D:\Oculus\Software\Software\oculus-dead-and-buried\DeadAndBuried\DeadAndBuried.exe
FirewallRules: [{9906E576-C08A-4156-A762-C252AE433949}] => (Allow) D:\Oculus\Software\Software\oculus-dead-and-buried\DeadAndBuried\DeadAndBuried.exe
FirewallRules: [{13172E11-4D07-408B-921B-83CB2723A2C7}] => (Allow) D:\vmware\vmware-authd.exe
FirewallRules: [{C8E3E525-CE73-4586-9A32-65816579AFCD}] => (Allow) D:\vmware\vmware-authd.exe
FirewallRules: [{01E52F5D-1DAD-44F9-9265-B301F8AB3093}] => (Allow) D:\vmware\vmware-hostd.exe
FirewallRules: [{A9F0968C-8EF2-413F-802F-17D95EC772C1}] => (Allow) D:\vmware\vmware-hostd.exe
FirewallRules: [{FA6824CA-A957-4263-A722-AA2BF008B94F}] => (Allow) D:\Oculus\Software\Software\epic-games-bullet-train-gdc\BulletTrain-GDC-1.8SDK\showup.exe
FirewallRules: [{5FE7B688-9BD9-4130-9CB1-C014DC163EAC}] => (Allow) D:\Oculus\Software\Software\epic-games-bullet-train-gdc\BulletTrain-GDC-1.8SDK\showup.exe
FirewallRules: [{7C7A562E-D218-4549-BD12-D5585D9D91CA}] => (Allow) D:\Oculus\Software\Software\epic-games-bullet-train-gdc\BulletTrain-GDC-1.8SDK\Engine\Binaries\Win64\UE4Game-Win64-Test.exe
FirewallRules: [{85E9F197-E29B-4B35-A30A-0138D5CB2D94}] => (Allow) D:\Oculus\Software\Software\epic-games-bullet-train-gdc\BulletTrain-GDC-1.8SDK\Engine\Binaries\Win64\UE4Game-Win64-Test.exe
FirewallRules: [{3AEC0468-D6CC-4C58-BD73-297D270D2EED}] => (Allow) D:\Oculus Apps\Software\epic-games-odin\RoboRecall\Binaries\Win64\RoboRecallModInstaller.exe
FirewallRules: [{BA75E611-A484-4880-A59C-078ED2A34FCC}] => (Allow) D:\Oculus Apps\Software\epic-games-odin\RoboRecall\Binaries\Win64\RoboRecallModInstaller.exe
FirewallRules: [{5FB50F1E-6494-4357-BFCD-CFCB23CAB688}] => (Allow) D:\Oculus Apps\Software\epic-games-odin\RoboRecall\Binaries\Win64\RoboRecall-Win64-Shipping.exe
FirewallRules: [{5BE2C04F-A93A-4D07-AEDB-F14308EC35B1}] => (Allow) D:\Oculus Apps\Software\epic-games-odin\RoboRecall\Binaries\Win64\RoboRecall-Win64-Shipping.exe
FirewallRules: [{85AE04CD-8D65-4ED8-8755-A915C8C3034D}] => (Allow) D:\Oculus Apps\Software\epic-games-odin\Engine\Binaries\Win64\CrashReportClient.exe
FirewallRules: [{EE0B398F-9001-4FC5-9DCE-6BC665C3C1FC}] => (Allow) D:\Oculus Apps\Software\epic-games-odin\Engine\Binaries\Win64\CrashReportClient.exe
FirewallRules: [{A978D640-DB73-4AAC-AD09-8FAC6B12BD7D}] => (Allow) D:\Oculus\Software\Software\baobab-studios-invasion-for-rift\Invasion\InvasionEp01.exe
FirewallRules: [{1A7F13FD-2098-4F38-BDB1-E5FD7833DE5F}] => (Allow) D:\Oculus\Software\Software\baobab-studios-invasion-for-rift\Invasion\InvasionEp01.exe
FirewallRules: [{3F22357F-E309-4C18-B7DB-B4AF110FED5B}] => (Allow) D:\Oculus\Software\Software\baobab-studios-invasion-for-rift\Invasion\Engine\Extras\Redist\en-us\UE4PrereqSetup_x64.exe
FirewallRules: [{39FBA96D-D577-4674-8436-C1E63510391E}] => (Allow) D:\Oculus\Software\Software\baobab-studios-invasion-for-rift\Invasion\Engine\Extras\Redist\en-us\UE4PrereqSetup_x64.exe
FirewallRules: [{918729D5-5D1C-423D-97EF-0838DC72D16D}] => (Allow) D:\Oculus\Software\Software\baobab-studios-invasion-for-rift\Invasion\Engine\Binaries\Win64\CrashReportClient.exe
FirewallRules: [{55FCE2EA-F822-4482-8E19-CB1A09BD89B5}] => (Allow) D:\Oculus\Software\Software\baobab-studios-invasion-for-rift\Invasion\Engine\Binaries\Win64\CrashReportClient.exe
FirewallRules: [{07AFDF01-D49F-42A9-A927-78CC77DD2762}] => (Allow) D:\Oculus\Software\Software\baobab-studios-invasion-for-rift\Invasion\InvasionEp01\Binaries\Win64\InvasionEp01-Win64-Shipping.exe
FirewallRules: [{525F9B07-53F4-41C0-BAD6-954FAB06938A}] => (Allow) D:\Oculus\Software\Software\baobab-studios-invasion-for-rift\Invasion\InvasionEp01\Binaries\Win64\InvasionEp01-Win64-Shipping.exe
FirewallRules: [{CDB40D9E-0A55-4523-A5C7-AFCD080703A6}] => (Allow) D:\Oculus\Software\Software\cloudgine-toybox1\Toybox.exe
FirewallRules: [{E51D9548-1CE1-4FE0-B7EF-A59C8CBE4CF6}] => (Allow) D:\Oculus\Software\Software\cloudgine-toybox1\Toybox.exe
FirewallRules: [{79AA62FE-4FA7-496B-9485-9CE22B32435D}] => (Allow) D:\Oculus\Software\Software\cloudgine-toybox1\Toybox\Binaries\Win64\Toybox-Win64-Shipping.exe
FirewallRules: [{F3419F36-6FF5-439D-856F-F1A40D860D10}] => (Allow) D:\Oculus\Software\Software\cloudgine-toybox1\Toybox\Binaries\Win64\Toybox-Win64-Shipping.exe
FirewallRules: [{5949FE93-F67D-4725-9134-36223717493D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{43205077-9524-4E0E-9B17-0514B26BCF54}] => (Allow) D:\Oculus Apps\Software\red-storm-entertainment-nova\Nova_NovaTNG_57621_Win64_Final_Uplay_Oculus\stbc.exe
FirewallRules: [{B4DDF506-043A-4248-A866-D1946BA0AE8C}] => (Allow) D:\Oculus Apps\Software\red-storm-entertainment-nova\Nova_NovaTNG_57621_Win64_Final_Uplay_Oculus\stbc.exe
FirewallRules: [{5284AE98-8638-42B6-9F62-8C3F45A6DC64}] => (Block) C:\Program Files\Red Giant\PluralEyes 4\PluralEyes 4.exe
FirewallRules: [{30B543B4-BA93-4FA9-A542-17326310F2F3}] => (Block) C:\Program Files\Red Giant\PluralEyes 4\PEServer.exe
FirewallRules: [{A5E1284E-D519-482F-9C8C-CAB4EAF0CFFC}] => (Block) %ProgramFiles% (x86)\Red Giant Link\tools\install_update.exe
FirewallRules: [{80E9D1FA-0ABD-4306-BD91-6CB4C6022F3C}] => (Block) %ProgramFiles% (x86)\Red Giant Link\tools\rgfx_win_installertest.exe
FirewallRules: [{B7C1CBAB-9E3D-4A0C-8AA2-54746D0C1AD6}] => (Block) %ProgramFiles% (x86)\Red Giant Link\tools\RGLicenseCheck.exe
FirewallRules: [{C886B379-A21E-49E2-9834-21D9EEE3472E}] => (Block) %ProgramFiles% (x86)\Red Giant Link\tools\update_installer\install_update.exe
FirewallRules: [{07CB977B-6B7D-4BDA-B43B-12BEBA854190}] => (Block) %ProgramFiles% (x86)\Red Giant Link\tools\vc2012\vcredist_x64.exe
FirewallRules: [{8BA5644F-2206-4C66-98A3-B00C866722A2}] => (Allow) C:\Program Files\Opera\53.0.2907.68\opera.exe
FirewallRules: [{71CB28A2-AEAD-44BB-8762-54611F13A4A8}] => (Block) %ProgramFiles%\Red Giant\PluralEyes 4\PEServer.exe
FirewallRules: [{B1DB9B9A-4899-431D-ACAF-B963F822A608}] => (Block) %ProgramFiles%\Red Giant\PluralEyes 4\FFMpeg.exe
FirewallRules: [{C0F6E8EC-A537-4F58-B83E-4C29749035EC}] => (Block) %ProgramFiles%\Red Giant\PluralEyes 4\Grinder64.exe
FirewallRules: [{3B99DC23-DE94-4DFC-9226-862A6A91CE7E}] => (Block) %ProgramFiles%\Red Giant\PluralEyes 4\PluralEyes 4.exe
FirewallRules: [{99AB0368-41C6-4968-A33A-42B4202E0168}] => (Block) %ProgramFiles%\Red Giant\PluralEyes 4\PluralEyesPlayer.exe
FirewallRules: [{93450B56-8D5B-4811-9F40-4D6D82BFD8B6}] => (Block) %ProgramFiles%\Red Giant\Offload\Offload.exe
FirewallRules: [{F7E5A4C9-071D-4C1F-A558-D34F05C9BA7D}] => (Block) D:\d installs\sf30\Street Fighter 30th Anniversary Collection\win64\SF30thAnniversaryCollection.exe
FirewallRules: [{596355D2-D71F-4422-A6AD-EA56142014EC}] => (Block) D:\d installs\sf30\Street Fighter 30th Anniversary Collection\win32\SF30thAnniversaryCollection.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
Name: Synaptics Pointing Device
Description: Synaptics Pointing Device
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Lenovo
Service: i8042prt
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Integrated Webcam
Description: USB Video Device
Class Guid: {ca3e7ab9-b4c3-4ae6-8251-579ef933890f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/30/2018 07:16:16 PM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: Object reference not set to an instance of an object.
 
Error: (05/30/2018 06:51:37 PM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: Object reference not set to an instance of an object.
 
Error: (05/30/2018 06:51:37 PM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: Object reference not set to an instance of an object.
 
Error: (05/30/2018 06:14:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.16299.15, time stamp: 0x290d9f78
Faulting module name: twinapi.appcore.dll, version: 10.0.16299.19, time stamp: 0x63553d36
Exception code: 0xc000027b
Fault offset: 0x0000000000094ef5
Faulting process id: 0x3a08
Faulting application start time: 0x01d3f87cc7038487
Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe
Faulting module path: C:\Windows\System32\twinapi.appcore.dll
Report Id: c5f146f4-349d-46f1-a44f-9f0372dc651f
Faulting package full name: DellInc.DellSupportAssistforPCs_3.0.0.0_x64__htrsf667h5kn2
Faulting package-relative application ID: App
 
Error: (05/30/2018 06:14:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.16299.15, time stamp: 0x290d9f78
Faulting module name: twinapi.appcore.dll, version: 10.0.16299.19, time stamp: 0x63553d36
Exception code: 0xc000027b
Fault offset: 0x0000000000094ef5
Faulting process id: 0x21c0
Faulting application start time: 0x01d3f87cc516eaca
Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe
Faulting module path: C:\Windows\System32\twinapi.appcore.dll
Report Id: ed7460f5-ef9c-4fb0-b3df-9879ec2515df
Faulting package full name: DellInc.DellSupportAssistforPCs_3.0.0.0_x64__htrsf667h5kn2
Faulting package-relative application ID: App
 
Error: (05/30/2018 06:12:02 PM) (Source: OVRServiceLauncher) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (05/30/2018 04:10:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.16299.15, time stamp: 0x290d9f78
Faulting module name: twinapi.appcore.dll, version: 10.0.16299.19, time stamp: 0x63553d36
Exception code: 0xc000027b
Fault offset: 0x0000000000094ef5
Faulting process id: 0x40f8
Faulting application start time: 0x01d3f86b6bf36ca8
Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe
Faulting module path: C:\Windows\System32\twinapi.appcore.dll
Report Id: b555eee1-7e46-440f-8a92-9e44891cdf23
Faulting package full name: DellInc.DellSupportAssistforPCs_3.0.0.0_x64__htrsf667h5kn2
Faulting package-relative application ID: App
 
Error: (05/30/2018 04:10:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.16299.15, time stamp: 0x290d9f78
Faulting module name: twinapi.appcore.dll, version: 10.0.16299.19, time stamp: 0x63553d36
Exception code: 0xc000027b
Fault offset: 0x0000000000094ef5
Faulting process id: 0x1e50
Faulting application start time: 0x01d3f86b6961c005
Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe
Faulting module path: C:\Windows\System32\twinapi.appcore.dll
Report Id: d812a135-70b4-4e91-9984-1d3ed5d86559
Faulting package full name: DellInc.DellSupportAssistforPCs_3.0.0.0_x64__htrsf667h5kn2
Faulting package-relative application ID: App
 
 
System errors:
=============
Error: (05/30/2018 07:17:25 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-6UG26UV)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-6UG26UV\markw SID (S-1-5-21-2714088590-1301673537-3438479818-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (05/30/2018 07:16:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (05/30/2018 07:16:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (05/30/2018 06:40:57 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (05/30/2018 06:21:23 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-6UG26UV)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-6UG26UV\markw SID (S-1-5-21-2714088590-1301673537-3438479818-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (05/30/2018 06:14:02 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {C41B1461-3F8C-4666-B512-6DF24DE566D1} did not register with DCOM within the required timeout.
 
Error: (05/30/2018 06:12:06 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (05/30/2018 06:12:06 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
CodeIntegrity:
===================================
 
Date: 2018-05-30 19:16:30.058
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-05-30 19:16:30.056
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-05-30 19:16:17.649
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-05-30 19:16:17.648
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-05-30 19:16:17.167
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-05-30 19:16:17.165
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-05-30 19:16:17.107
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-05-30 19:16:17.106
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-7700HQ CPU @ 2.80GHz
Percentage of memory in use: 29%
Total physical RAM: 16249.25 MB
Available physical RAM: 11479.57 MB
Total Virtual: 18681.25 MB
Available Virtual: 13344.63 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:102.7 GB) (Free:10.24 GB) NTFS
Drive d: (DATA) (Fixed) (Total:931.39 GB) (Free:97.54 GB) NTFS
 
\\?\Volume{5a11d0b8-e57f-40f0-b19c-7994161491a0}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.43 GB) FAT32
\\?\Volume{a7b3087a-8ee9-4741-8d56-7a127a7148e5}\ () (Fixed) (Total:0.82 GB) (Free:0.36 GB) NTFS
\\?\Volume{cb8983af-98fd-4190-b1fe-607f26c90384}\ (Image) (Fixed) (Total:13.58 GB) (Free:0.17 GB) NTFS
\\?\Volume{54d01063-7747-476b-9957-4f1c2dee8693}\ (DELLSUPPORT) (Fixed) (Total:1.07 GB) (Free:0.49 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: DD18CFC8)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: DD18C7F0)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

  • 0

#4
RKinner
Posted 30 May 2018 - 09:41 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Looks like it was a task that was causing your error but there were several other suspicious things going on.

 

Download the attached fixlist.txt to the same location as FRST

[attachment=87334:fixlist.txt]

Run FRST and press Fix (FRST will reboot the PC)
A fix log will be generated please post that


Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
 

 

Going to bed now.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP