Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Generally crappy performance [Solved]

Started by dcrookston , Feb 21 2019 02:22 AM

  • This topic is locked This topic is locked

#1
dcrookston
Posted 21 February 2019 - 02:22 AM

dcrookston

    Member

  • Member
  • PipPip
  • 32 posts

The two main symptoms I have are (I know, I know, I'm sorry) that my system is running slowly and that it regularly hangs when I try to reboot.  There's nothing specific that leads me to believe I have some kind of malware but I figured since I've tried everything else I can think of and it hasn't helped I'll give this a shot as well.  I really appreciate the services you guys offer here, it's top notch in every way.  Here's my logs.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.02.2019
Ran by Dan (administrator) on DAN-DESKTOP (21-02-2019 03:10:22)
Running from C:\Users\Dan\Desktop
Loaded Profiles: Dan (Available Profiles: Dan & Dan_2 & Admin)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Users\Dan\AppData\Local\Google\Chrome\User Data\SwReporter\38.190.200\software_reporter_tool.exe
(Google) C:\Users\Dan\AppData\Local\Google\Chrome\User Data\SwReporter\38.190.200\software_reporter_tool.exe
(Google) C:\Users\Dan\AppData\Local\Google\Chrome\User Data\SwReporter\38.190.200\software_reporter_tool.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Google) C:\Users\Dan\AppData\Local\Google\Chrome\User Data\SwReporter\38.190.200\software_reporter_tool.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\livecomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-04-11] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7573208 2014-11-03] (Realtek Semiconductor Corp -> Realtek Semiconductor)
...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc. -> Apple Inc.)
...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17305208 2016-12-08] (Logitech Inc -> Logitech Inc.)
...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2292912 2015-09-17] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle America, Inc. -> Oracle Corporation)
...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech, Inc. -> Logitech Inc.)
...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [4810224 2019-01-31] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation -> Microsoft Corporation)
...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1226240 2017-09-20] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [112104 2018-01-08] (VMware, Inc. -> VMware, Inc.)
HKU\S-1-5-21-2555180676-4011908201-2030567858-1001\...\Run: [Amazon Music] => C:\Users\Dan\AppData\Local\Amazon Music\Amazon Music Helper.exe [5908968 2016-06-16] (Amazon Services LLC -> )
HKU\S-1-5-21-2555180676-4011908201-2030567858-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2555180676-4011908201-2030567858-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [5933552 2019-01-31] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKU\S-1-5-21-2555180676-4011908201-2030567858-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25638872 2018-04-23] (Google Inc -> Google)
HKU\S-1-5-21-2555180676-4011908201-2030567858-1001\...\Run: [Discord] => C:\Users\Dan\AppData\Local\Discord\app-0.0.301\Discord.exe [57816920 2018-04-30] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-2555180676-4011908201-2030567858-1001\...\Run: [igfxTray.exe] => H:\onion..Hteen-W0e8rq4534yt_vmcklwxodck039qv4ycuqXGVFGJ_I\onion..Hteen-W0e8rq4534yt vmcklwxodck039qv4ycuqXGVFGJ I\HteensRIP\Hteens\Preteens.exe
HKU\S-1-5-21-2555180676-4011908201-2030567858-1001\...\Run: [Voobly] => C:\Program Files (x86)\Voobly\voobly.exe [172032 2018-06-23] (Voobly)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\system32\lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [MSVideo] => C:\Windows\system32\vfwwdm32.dll [66048 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\system32\frapsv64.dll [105984 2015-09-05] (Beepa P/L)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [94208 2015-09-05] (Beepa P/L)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\Installer\chrmstp.exe [2019-02-13] (Google LLC -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-05-17]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-05-17]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D03D6C7B-A17F-4165-816A-4EC958B71010}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D5A4DE3F-EEB4-499D-9918-B4780A3896D6}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-18] (Oracle America, Inc. -> Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-18] (Oracle America, Inc. -> Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-16] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-16] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2018-09-20]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-18] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-09-17] (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-16] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-09-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-09-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2019-01-31] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-09-17] (Adobe Systems)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://lib.harvard.edu/
CHR StartupUrls: Default -> "hxxp://lab.dce.harvard.edu/"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default [2019-02-21]
CHR Extension: (Google Translate) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-10-20]
CHR Extension: (Slides) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-20]
CHR Extension: (Docs) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-20]
CHR Extension: (Google Drive) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-09]
CHR Extension: (YouTube) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-06]
CHR Extension: (Google Search) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-09]
CHR Extension: (hxxps://wrc.intersystems.com/wrc/login.csp) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cophpmjihimdjicamdainfhcifcnbecd [2014-11-01]
CHR Extension: (Tampermonkey) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-12-21]
CHR Extension: (Adobe Acrobat) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-14]
CHR Extension: (Google Play Music) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2018-11-30]
CHR Extension: (Sheets) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-20]
CHR Extension: (LibX for Google Chrome ™) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffkfoaiikoedjcjlpnnaidojhfchiafk [2016-07-20]
CHR Extension: (Google Docs Offline) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-06]
CHR Extension: (VNC® Viewer for Google Chrome™) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabmpiboiopbgfabjmgeedhcmjenhbla [2016-01-01]
CHR Extension: (Cisco Webex Extension) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2018-07-18]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2019-02-21]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-01-16]
CHR Extension: (Lazarus: Form Recovery) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\loljledaigphbcpfhfmgopdkppkifgno [2014-11-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-07]
CHR Extension: (Gmail) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-18]
CHR Extension: (Chrome Media Router) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-21]
CHR Profile: C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-02-21]
CHR HKU\S-1-5-21-2555180676-4011908201-2030567858-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [669872 2015-09-15] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2917864 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2709480 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc. -> Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2013-07-04] (ASUSTeK Computer Inc. -> )
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-04-11] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Trusted Connect Service -> Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-12-08] (Logitech Inc -> Logitech Inc.)
S3 MsMpiLaunchSvc; C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe [27760 2016-06-13] (AzureEngBuildCodeSign -> ) [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [523152 2018-03-14] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [523152 2018-03-14] (NVIDIA Corporation -> NVIDIA Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12443624 2018-01-08] (VMware, Inc. -> )
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation -> Microsoft Corporation)
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [157480 2018-08-02] (Microsoft Corporation -> Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] (ASUSTeK Computer Inc. -> )
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d62x64.sys [534512 2017-04-25] (Intel® INTELND1617 -> Intel Corporation)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech -> Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [67736 2016-12-08] (Logitech Inc -> Logitech Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R1 MpKsl81d96e6f; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{46110EFA-202A-43FD-B669-FA6F69A02615}\MpKsl81d96e6f.sys [58120 2019-01-28] (Microsoft Corporation -> Microsoft Corporation)
S3 netr28ux; C:\Windows\system32\DRIVERS\netr28ux.sys [2576072 2014-03-28] (Mediatek Inc. -> Ralink Technology Corp.)
S3 netr28x; C:\Windows\system32\DRIVERS\netr28x.sys [2582704 2013-10-09] (Mediatek Inc. -> Ralink Technology, Corp.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31632 2018-03-14] (NVIDIA Corporation -> NVIDIA Corporation)
R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [56280 2018-09-06] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [59240 2017-12-14] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [65792 2018-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation -> Corel Corporation)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Windows -> Microsoft Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52592 2017-09-20] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
R0 vsock; C:\Windows\system32\DRIVERS\vsock.sys [91712 2016-09-30] (VMware, Inc. -> VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [38376 2017-05-05] (VMware, Inc. -> VMware, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X]
S3 iwdbus; \SystemRoot\System32\drivers\iwdbus.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-02-21 03:10 - 2019-02-21 03:11 - 000028546 _____ C:\Users\Dan\Desktop\FRST.txt
2019-02-21 03:09 - 2019-02-21 03:09 - 002435072 _____ (Farbar) C:\Users\Dan\Desktop\FRST64.exe
2019-02-05 13:54 - 2019-02-05 13:54 - 000662524 _____ C:\Users\Dan\Desktop\1Afu.pdf
2019-02-02 18:45 - 2019-02-02 18:45 - 000000000 ____D C:\Users\Dan\SimUText 2018-2019
2019-02-02 18:45 - 2019-02-02 18:45 - 000000000 ____D C:\Users\Dan\AppData\Local\Simbio
2019-02-02 18:45 - 2019-02-02 18:45 - 000000000 ____D C:\ProgramData\SimBio
2019-02-02 18:44 - 2019-02-02 18:44 - 000001188 _____ C:\Users\Public\Desktop\SimUText 2018-2019.lnk
2019-02-02 18:44 - 2019-02-02 18:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimUText 2018-2019
2019-02-02 18:44 - 2019-02-02 18:44 - 000000000 ____D C:\Program Files (x86)\SimBio
2019-02-02 18:43 - 2019-02-02 18:44 - 068371968 _____ C:\Users\Dan\Downloads\SimUText_2018-2019_Win_Setup_20181203.msi
 
==================== One month (modified) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-02-21 03:10 - 2017-03-30 19:17 - 000000000 ____D C:\FRST
2019-02-21 03:05 - 2014-11-02 16:25 - 000000000 ____D C:\ProgramData\NVIDIA
2019-02-21 03:00 - 2014-11-01 15:02 - 000003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2555180676-4011908201-2030567858-1001
2019-02-21 03:00 - 2014-03-18 05:03 - 000871096 _____ C:\Windows\system32\PerfStringBackup.INI
2019-02-21 03:00 - 2013-08-22 08:36 - 000000000 ____D C:\Windows\Inf
2019-02-21 02:55 - 2014-12-05 16:30 - 000000000 ___RD C:\Users\Dan\OneDrive
2019-02-21 02:54 - 2015-11-27 22:42 - 000000000 ____D C:\ProgramData\VMware
2019-02-21 02:54 - 2014-11-01 14:36 - 000000000 ____D C:\Users\Dan
2019-02-21 02:54 - 2013-08-22 09:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-02-17 00:25 - 2014-11-03 03:54 - 000000000 ____D C:\Program Files (x86)\Steam
2019-02-16 03:02 - 2015-07-22 18:03 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2019-02-16 03:02 - 2015-07-22 18:02 - 000002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2019-02-16 03:02 - 2015-07-22 18:02 - 000002057 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2019-02-13 18:29 - 2014-11-01 15:00 - 000002244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-02-13 01:17 - 2015-02-27 01:47 - 000000000 ____D C:\Users\Dan\AppData\Roaming\vlc
2019-02-13 00:04 - 2013-08-22 10:20 - 000000000 ____D C:\Windows\CbsTemp
2019-02-05 16:46 - 2015-01-13 05:30 - 000000000 ____D C:\Users\Dan\AppData\Roaming\mIRC
2019-02-03 20:25 - 2016-01-09 14:00 - 000000000 ____D C:\Users\Dan\Documents\Academic
2019-01-29 20:01 - 2015-11-14 22:16 - 000000000 ____D C:\Users\Dan\AppData\Local\CrashDumps
 
==================== Files in the root of some directories =======
 
2015-04-03 04:59 - 2015-04-03 04:59 - 000524288 _____ (Simon Tatham) C:\Program Files (x86)\putty.exe
2015-02-17 17:26 - 2015-05-28 16:50 - 000000033 _____ () C:\Users\Dan\AppData\Roaming\AdobeWLCMCache.dat
2015-02-26 21:27 - 2016-01-10 01:17 - 000001456 _____ () C:\Users\Dan\AppData\Local\Adobe Save for Web 13.0 Prefs
2018-09-26 09:47 - 2018-09-26 09:47 - 000000000 _____ () C:\Users\Dan\AppData\Local\oobelibMkey.log
2015-04-03 13:12 - 2018-01-28 20:29 - 000000600 _____ () C:\Users\Dan\AppData\Local\PUTTY.RND
2014-11-04 18:52 - 2015-07-09 02:33 - 000007651 _____ () C:\Users\Dan\AppData\Local\Resmon.ResmonCfg
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2019-02-14 04:33
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.02.2019
Ran by Dan (21-02-2019 03:13:04)
Running from C:\Users\Dan\Desktop
Windows 8.1 (Update) (X64) (2014-11-01 19:36:09)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Admin (S-1-5-21-2555180676-4011908201-2030567858-1005 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-2555180676-4011908201-2030567858-500 - Administrator - Disabled)
Dan (S-1-5-21-2555180676-4011908201-2030567858-1001 - Administrator - Enabled) => C:\Users\Dan
Dan_2 (S-1-5-21-2555180676-4011908201-2030567858-1004 - Administrator - Enabled) => C:\Users\Dan_2.dan-desktop
Guest (S-1-5-21-2555180676-4011908201-2030567858-501 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2555180676-4011908201-2030567858-1001\...\uTorrent) (Version: 3.5.0.44294 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ActiveEarth 2.1 (HKLM-x32\...\ActiveEarth) (Version: 2.1 - Norris Family Industry, Inc.)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 19.010.20091 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Audition CC 2015 (HKLM-x32\...\{839A3566-AED6-4787-A849-5CBE2B1DC6AE}) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Bridge CC (64 Bit) (HKLM-x32\...\{359F8007-6486-429C-A8C5-D67F6897C88C}) (Version: 6.1.1 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.3.0.151 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 31 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 31.0.0.122 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015 (HKLM-x32\...\{5680D629-B263-49CC-821E-3CEBD4507B51}) (Version: 19.0.1 - Adobe Systems Incorporated)
Adobe InDesign CC 2015 (HKLM-x32\...\{DBFD0312-6E55-1014-8952-E78D43BC0147}) (Version: 11.0.1.105 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2015 (HKLM-x32\...\{0FAC7130-BEC5-47A5-8813-1D339B8326ED}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
Amazon Kindle (HKU\S-1-5-21-2555180676-4011908201-2030567858-1001\...\Amazon Kindle) (Version: 1.17.1.44183 - Amazon)
Amazon Music (HKU\S-1-5-21-2555180676-4011908201-2030567858-1001\...\Amazon Amazon Music) (Version: 4.3.2.1367 - Amazon Services LLC)
AMR Player 1.3 (HKLM-x32\...\{2F881B56-CBDF-4EC6-A8D2-6412A879C66A}_is1) (Version:  - www.amrplayer.com)
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Application Verifier x64 External Package (HKLM\...\{B27BC1FC-8474-9E32-73C2-6F7CD58AD1E3}) (Version: 10.1.17763.132 - Microsoft) Hidden
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.15.0 - Asmedia Technology)
ASUS PCE-N53 WLAN Card Utilities & Driver (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.0.0.9 - ASUS)
Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
Blender (HKLM\...\Blender) (Version: 2.73a - Blender Foundation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Build Tools - amd64 (HKLM\...\{F74753A3-C93C-34F5-A199-993CAF602B7D}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools - x86 (HKLM-x32\...\{FB3A15FD-FC67-3A2F-892B-6890B0C56EA9}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (HKLM\...\{05198C22-FFCE-374A-B190-9F18CC99DAEA}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (HKLM-x32\...\{9347889B-C22A-3905-901F-C05D8F73C929}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
calibre 64bit (HKLM\...\{9825E222-549C-44FA-A285-D1123AD63519}) (Version: 2.76.0 - Kovid Goyal)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.5.02033 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{0C9580F0-95DC-4E64-BB4C-1091B660A64F}) (Version: 4.5.02033 - Cisco Systems, Inc.) Hidden
Civ4 Microsoft Windows SDK & Visual C++ Toolkit version 1.0 (HKLM-x32\...\{296CB37D-BEA2-42D3-A5FA-42C83BC436D5}_is1) (Version: 1.0 - )
ColorPic (HKLM-x32\...\ColorPic) (Version: 4.1 - Iconico)
CuteFTP 9 (HKLM-x32\...\{89B9E358-75C6-4C6B-BD38-803FF156CC4B}) (Version: 9.2.0 - Globalscape)
CutePDF Writer 3.1 (HKLM\...\CutePDF Writer Installation) (Version:  3.1 - Acro Software Inc.)
DiagnosticsHub_CollectionService (HKLM\...\{440C5592-4EA5-4772-B256-969D66068843}) (Version: 15.9.28016 - Microsoft Corporation) Hidden
Discord (HKU\S-1-5-21-2555180676-4011908201-2030567858-1001\...\Discord) (Version: 0.0.301 - Discord Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 399.24 - NVIDIA Corporation) Hidden
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ExtractNow (HKLM-x32\...\ExtractNow) (Version: 4.8.2.0 - Nathan Moinvaziri)
FAHClient (HKLM-x32\...\FAHClient) (Version: 7.4.4 - Stanford University)
File Shredder 2.5 (HKLM\...\File Shredder_is1) (Version:  - Pow Tools)
FileZilla Client 3.19.0 (HKLM-x32\...\FileZilla Client) (Version: 3.19.0 - Tim Kosse)
FreeFileSync 9.1 (HKLM-x32\...\FreeFileSync_is1) (Version: 9.1 - www.FreeFileSync.org)
Git version 2.20.1 (HKLM\...\Git_is1) (Version: 2.20.1 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.109 - Google Inc.)
Google Drive (HKLM-x32\...\{A8DC81F2-D365-4248-892A-FA3B5951F731}) (Version: 2.34.9392.7803 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HD To TC Conversion Tool version 2.2 (HKLM-x32\...\{EED7429B-114D-4253-9A08-A531187CCE09}_is1) (Version: 2.2 - )
icecap_collection_neutral (HKLM-x32\...\{A3B4D258-74E1-49D6-9A86-2DFEFEE48DEC}) (Version: 15.8.27906 - Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM\...\{E524832A-C567-499A-8872-0D79596E4DEE}) (Version: 15.8.27906 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{469961DF-482F-4213-ACD4-4AFD443F2A88}) (Version: 15.8.27924 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{12246E9A-D1A6-4D96-8CEA-CCFD064B16E2}) (Version: 15.8.27924 - Microsoft Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{f3e3c5dd-edd0-406b-8aa2-ce5acb93660e}) (Version: 10.0.14 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
Intel® Network Connections 19.1.51.0 (HKLM\...\PROSetDX) (Version: 19.1.51.0 - Intel)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.3.1001 - Intel Corporation)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java SE Development Kit 8 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180450}) (Version: 8.0.450.15 - Oracle Corporation)
Kits Configuration Installer (HKLM-x32\...\{29B915AE-013F-151F-3E61-67F7363C3A09}) (Version: 10.1.17763.132 - Microsoft) Hidden
Linphone (HKLM-x32\...\Linphone) (Version: 3.11.1 - Belledonne communications)
Logitech Gaming Software 8.89 (HKLM\...\Logitech Gaming Software) (Version: 8.89.68 - Logitech Inc.)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft AS OLE DB Provider for SQL Server 2016 (HKLM\...\{875FD7AC-E11F-4F3D-BA4E-BCED5E4B78FF}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft MPI (7.1.12437.25) (HKLM\...\{8499ACD3-C1E3-45AB-BF96-DA491727EBE1}) (Version: 7.1.12437.25 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Visio Professional 2007 (HKLM-x32\...\VISPROR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft R Client (HKLM\...\{02EFEF35-C9D6-465D-BB0E-EB48B549B3AB}) (Version: 3.3.2.1988 - Microsoft)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server vNext CTP1.6 (HKLM\...\{98DD6908-C582-452A-954D-E79E6DF0310A}) (Version: 15.0.600.33 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server vNext CTP1.6 (HKLM-x32\...\{640EECB8-1962-4D23-ACB2-310107EC7ED9}) (Version: 15.0.600.33 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27024 (HKLM-x32\...\{5fb2083a-f3cc-4b78-93ff-bd9788b5de01}) (Version: 14.16.27024.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27024 (HKLM-x32\...\{2ff11a2a-f7ac-4a6c-8cd4-c7bb974f3642}) (Version: 14.16.27024.1 - Microsoft Corporation)
Microsoft Visual Studio 2013 Shell (Isolated) (HKLM-x32\...\{dd77c2ff-db69-44f7-9e5c-63aa540dfe07}) (Version: 12.0.21005.13 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.18.1089.1204 - Microsoft Corporation)
Microsoft Web Deploy 4.0 (HKLM\...\{AEA6EBD0-7E59-46C0-8B5E-1715BC58DC45}) (Version: 10.0.1994 - Microsoft Corporation)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
mIRC (HKLM-x32\...\mIRC) (Version: 7.53 - mIRC Co. Ltd.)
MSI Development Tools (HKLM-x32\...\{6C961B30-A670-8A05-3BFE-3947E84DD4E4}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
NVIDIA 3D Vision Controller Driver 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 399.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 399.24 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.13.1.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.13.1.30 - NVIDIA Corporation)
NVIDIA Graphics Driver 399.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 399.24 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.37.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.37.4 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 399.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 399.24 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
PDFXplorer 1.0.0 (HKLM-x32\...\{ABABABAB-8932-49DF-BC7E-F8D41779C30B}) (Version: 1.0.0 - O2 Solutions)
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
Python 2.7.10 (64-bit) (HKLM\...\{E2B51919-207A-43EB-AE78-733F9C6797C3}) (Version: 2.7.10150 - Python Software Foundation)
Python 3.5.2 (32-bit) (HKU\S-1-5-21-2555180676-4011908201-2030567858-1001\...\{cf72a2ab-2f1d-49fd-a0d7-1065e6357e1e}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 Add to Path (32-bit) (HKLM-x32\...\{7E08C4EE-B1C7-4138-8227-7CD3837636AA}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Core Interpreter (32-bit) (HKLM-x32\...\{EB0611B2-7F10-4D97-BCF2-DCAAB1199498}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (32-bit) (HKLM-x32\...\{5DB2183B-62D3-407F-BBC1-EAD2F36283FA}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Documentation (32-bit) (HKLM-x32\...\{1FBA5182-78DD-4940-9F06-96E5042B7061}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (32-bit) (HKLM-x32\...\{33B10015-A9B1-4210-B50A-26C6443979B0}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 pip Bootstrap (32-bit) (HKLM-x32\...\{9ADF9987-3327-48C6-91B3-B10900366491}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (32-bit) (HKLM-x32\...\{FCBB04F4-D2CF-4F55-BE92-B3898696B318}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (32-bit) (HKLM-x32\...\{C1153533-FDC4-4922-892D-B71810F69566}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (32-bit) (HKLM-x32\...\{9D50A6D7-410A-4469-87B7-35FA84CBD479}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Utility Scripts (32-bit) (HKLM-x32\...\{E6DEBF43-7ACF-4E88-9BBF-9B5945683281}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 (Anaconda3 5.0.0 64-bit) (HKLM\...\Python 3.6.2 (Anaconda3 5.0.0 64-bit)) (Version: 5.0.0 - Anaconda, Inc.)
Python 3.6.5 (Anaconda3 5.2.0 64-bit) (HKLM\...\Python 3.6.5 (Anaconda3 5.2.0 64-bit)) (Version: 5.2.0 - Anaconda, Inc.)
Python 3.6.7 (64-bit) (HKU\S-1-5-21-2555180676-4011908201-2030567858-1001\...\{19294e4d-0315-4762-b347-f4caf7c5f36b}) (Version: 3.6.7150.0 - Python Software Foundation)
Python 3.6.7 Add to Path (64-bit) (HKLM\...\{DF7C1E89-C9B5-4FDE-A22F-5CF375FAE6D3}) (Version: 3.6.7150.0 - Python Software Foundation) Hidden
Python 3.6.7 Core Interpreter (64-bit) (HKLM\...\{00CF1307-AE3B-4F6F-9D8F-6918F5E338F6}) (Version: 3.6.7150.0 - Python Software Foundation) Hidden
Python 3.6.7 Development Libraries (64-bit) (HKLM\...\{20D182AF-4FEA-49D7-9F88-6111D18573EC}) (Version: 3.6.7150.0 - Python Software Foundation) Hidden
Python 3.6.7 Documentation (64-bit) (HKLM\...\{5D41B0AC-5D2E-484A-A876-A800D81B0015}) (Version: 3.6.7150.0 - Python Software Foundation) Hidden
Python 3.6.7 Executables (64-bit) (HKLM\...\{76967894-713A-47D7-B2EC-F179FDC9C3A3}) (Version: 3.6.7150.0 - Python Software Foundation) Hidden
Python 3.6.7 pip Bootstrap (64-bit) (HKLM\...\{396D987B-92CB-441A-B281-2541C27AB6B9}) (Version: 3.6.7150.0 - Python Software Foundation) Hidden
Python 3.6.7 Standard Library (64-bit) (HKLM\...\{B991B47C-1BFB-44B1-8A7D-B23656233D7C}) (Version: 3.6.7150.0 - Python Software Foundation) Hidden
Python 3.6.7 Tcl/Tk Support (64-bit) (HKLM\...\{DD3668AE-9CF5-45AC-813A-A38638F2A270}) (Version: 3.6.7150.0 - Python Software Foundation) Hidden
Python 3.6.7 Test Suite (64-bit) (HKLM\...\{45056525-2051-4489-AFDF-756610DC00A5}) (Version: 3.6.7150.0 - Python Software Foundation) Hidden
Python 3.6.7 Utility Scripts (64-bit) (HKLM\...\{056C4684-F37A-4379-8555-15A77A63EC2F}) (Version: 3.6.7150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{CA9E40C6-883C-4D46-80AB-836760F6D8F5}) (Version: 3.6.6501.0 - Python Software Foundation)
R for Windows 3.3.2 (HKLM\...\R for Windows 3.3.2_is1) (Version: 3.3.2 - R Core Team)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7233 - Realtek Semiconductor Corp.)
Ruby 2.1.5-p273-x64 (HKU\S-1-5-21-2555180676-4011908201-2030567858-1001\...\{2A5A5972-E912-49C4-9459-F05131507B6E}_is1) (Version: 2.1.5-p273 - RubyInstaller Team)
sbt 1.2.3 (HKLM-x32\...\{CE07BE71-510D-414A-92D4-DFF47631848A}) (Version: 1.2.3 - Lightbend, Inc.)
Screencast-O-Matic (HKU\S-1-5-21-2555180676-4011908201-2030567858-1001\...\Screencast-O-Matic) (Version:  - Screencast-O-Matic)
SDK ARM Additions (HKLM-x32\...\{0B5D6FB7-05A5-271B-5B99-82384219A471}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
SDK ARM Redistributables (HKLM-x32\...\{4A5F6E94-7967-A333-8231-CA9AF35E03BD}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
SimUText 2018-2019 (HKLM-x32\...\{405126D4-87A7-4E2C-9CF8-89E82393485F}) (Version: 2.10.1 - SimBio)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
SmartGit (HKLM-x32\...\SmartGit c:/program files (x86)/smartgit_is1) (Version:  - syntevo GmbH)
StartIsBack+ (HKLM-x32\...\StartIsBack) (Version: 1.7.6 - startisback.com)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Steel Bank Common Lisp 1.4.14 (X86-64) (HKLM\...\{54F4687A-CB7A-466D-94A8-88B308B2C3CF}) (Version: 1.4.14 - hxxp://www.sbcl.org)
StuffIt Standard (HKLM-x32\...\{40ABF1E0-8B6F-4D32-B343-E19FA2F04B3C}) (Version: 9.0.0.21 - Allume Systems, Inc.) Hidden
StuffIt Standard (HKLM-x32\...\InstallShield_{40ABF1E0-8B6F-4D32-B343-E19FA2F04B3C}) (Version: 9.0.0.21 - Allume Systems, Inc.)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.4 - TeamSpeak Systems GmbH)
TP-LINK Archer T2U_T2UH Driver (HKLM-x32\...\{F2496892-5295-4208-AB93-21F1AFD07C97}) (Version: 1.3.1 - TP-LINK)
TypeScript SDK (HKLM-x32\...\{3CBDDAE8-99AE-4168-BDA7-8352BF15BE73}) (Version: 3.1.2.0 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{7D225043-6CC5-7B56-11DD-AFF90E4C1C0C}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{CB19DBA2-C210-5646-9522-695A1317CD34}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{0460C87B-7F4C-3170-FAC9-B7A6AE5CE4E9}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{5F577A45-3C65-352B-061D-D6A57F05402C}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{3B588BBE-EB02-D1B2-5CD5-7DB85AD8A3E7}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{D2DC1EDF-EE04-9B5F-BDD7-06645D859EC3}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{CE83D0BD-418A-F3D1-D6CE-687E96D1EBD0}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
vcpp_crt.redist.clickonce (HKLM-x32\...\{16E08161-F78C-4FFC-8E12-F9BEA280795F}) (Version: 14.16.27012 - Microsoft Corporation) Hidden
Vim 7.4 (self-installing) (HKLM\...\Vim 7.4) (Version:  - )
Visual Studio Community 2017 (HKLM-x32\...\8680deaa) (Version: 15.9.28307.280 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VMware Workstation (HKLM\...\{0F2CF138-26A5-4C91-AE15-D935B5EB369E}) (Version: 12.5.9 - VMware, Inc.)
Voobly Game Data (HKLM-x32\...\Voobly_is1) (Version: Voobly Game Datas - Voobly)
VS Immersive Activate Helper (HKLM-x32\...\{54FBC9A9-CCA1-417E-ACA6-203A32A39F37}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
VS JIT Debugger (HKLM\...\{4B816AD0-D12B-498A-8148-7CBE3ED328DE}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
VS Script Debugging Common (HKLM\...\{8B657335-3813-4CF4-A6FE-2AA44BE23F94}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{71797C29-380A-492C-B35A-F5E4A7B57BDC}) (Version: 15.9.28307 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{40040E64-50EB-4FCF-B209-DA0B20821759}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{BFFA2FFB-1095-4ADD-A352-368806D2412B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{A254DA0E-26A1-43C3-95BE-7A24D5599473}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{1F42A73E-CF26-4D67-BA79-752CA56B639F}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{A41E138F-5A3F-443C-B72D-957AB994FB5A}) (Version: 15.9.28128 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx64 (HKLM\...\{B6BAC9A6-A70D-4E4D-B90A-7EE2B336E090}) (Version: 15.8.27729 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx86 (HKLM-x32\...\{3161DA68-DD37-4798-82DB-B3A0BD6BA233}) (Version: 15.8.27729 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{3A78DA3D-C8D4-429D-B536-6E59A0088451}) (Version: 15.8.27825 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{68B8AD33-CE97-4C3D-9583-669C39D21BA5}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{6DFE6F8D-B61D-4348-AB70-4ABF1210DFD5}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{1AC6CC3D-7724-4D84-9270-798A2191AB1C}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
WinAppDeploy (HKLM-x32\...\{716AE8F2-1BE3-7657-DF6B-F23DEEC75AF9}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Windows SDK AddOn (HKLM-x32\...\{1E76DFA7-96F3-4281-8E41-8A226C3E42EE}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.17763.132 (HKLM-x32\...\{5fe95b9d-9219-4d8b-a031-71323ae48a81}) (Version: 10.1.17763.132 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{00B12DF9-5428-9406-DE2C-8E8A1A062B05}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{E82A4A6C-C21C-35FE-B805-3E44318F6D63}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{7E898893-9C42-A572-7F57-FDE55CE812F7}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{E8B1CB29-5C24-D882-3CEF-F8A7263BC63D}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense Mobile - en-us (HKLM-x32\...\{F6F11150-93DE-0507-FCA0-F746E0207017}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{8329C3A0-8582-D1C2-67FF-800654BFDF45}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{771C9DEF-7C0B-85DA-6426-7A20F06BEC94}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{B047C746-63E8-41C7-A5C0-7ABD390CF3E6}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{0063AF94-397B-9C64-1C71-D404B27C5D96}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E9}) (Version: 19.5.11475 - WinZip Computing, S.L. )
Wireshark 2.2.4 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.2.4 - The Wireshark developer community, hxxps://www.wireshark.org)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2555180676-4011908201-2030567858-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> "C:\Windows\system32\igfxEM.exe" => No File
CustomCLSID: HKU\S-1-5-21-2555180676-4011908201-2030567858-1001_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()
CustomCLSID: HKU\S-1-5-21-2555180676-4011908201-2030567858-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [CuteShellExt] -> {A09315EC-39D3-4ED3-B6A1-262DDC54A3C5} => C:\Program Files (x86)\Globalscape\CuteFTP\CuteShell64.dll [2017-11-14] (GlobalSCAPE, Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers1: [gvim] -> {51EEE242-AD87-11d3-9C1E-0090278BBD99} => C:\Program Files (x86)\Vim\vim74\gvimext.dll [2013-08-10] (Tianmiao Hu's Developer Studio)
ContextMenuHandlers1-x32: [StuffIt Compress Menu] -> {3FBFD0B0-EB46-4797-9101-615610E87DA6} => C:\Program Files (x86)\Allume Systems\StuffIt\CompressMenu.dll [2005-03-23] (Allume Systems, Inc.)
ContextMenuHandlers1-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-04-29] (WinZip Computing LLC -> WinZip Computing, S.L.)
ContextMenuHandlers2: [CuteShellExt] -> {A09315EC-39D3-4ED3-B6A1-262DDC54A3C5} => C:\Program Files (x86)\Globalscape\CuteFTP\CuteShell64.dll [2017-11-14] (GlobalSCAPE, Inc.)
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Workstation\vmdkShellExt.dll [2018-01-08] (VMware, Inc. -> VMware, Inc.)
ContextMenuHandlers2-x32: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Workstation\x64\vmdkShellExt64.dll [2018-01-08] (VMware, Inc. -> VMware, Inc.)
ContextMenuHandlers3: [DeleteFiles] -> {736AF091-C361-49B4-A928-87C586130D33} => C:\Program Files\File Shredder\fsshell.dll [2012-04-01] ()
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers4: [CuteShellExt] -> {A09315EC-39D3-4ED3-B6A1-262DDC54A3C5} => C:\Program Files (x86)\Globalscape\CuteFTP\CuteShell64.dll [2017-11-14] (GlobalSCAPE, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-04-29] (WinZip Computing LLC -> WinZip Computing, S.L.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6-x32: [StuffIt Compress Menu] -> {3FBFD0B0-EB46-4797-9101-615610E87DA6} => C:\Program Files (x86)\Allume Systems\StuffIt\CompressMenu.dll [2005-03-23] (Allume Systems, Inc.)
ContextMenuHandlers6-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-04-29] (WinZip Computing LLC -> WinZip Computing, S.L.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {07B19094-A4A5-4A57-AC4D-5D21EDCE1993} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {0BEF4EF9-E19B-4046-824D-EBA26C98BE61} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {17AE0366-0188-45D4-A305-0E6F7C0F0EBE} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1DA15317-A9AB-4C89-BCCE-B8674236C094} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {216533A8-5A18-49FE-BD4E-3BA3720DDCB2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {3D8BDB75-55DC-44FB-B1F2-3A8D8FF40AA4} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
Task: {468BC46B-7AAA-4570-94FA-C31B37C1C30D} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4BADDD23-2EC0-483A-9DEA-1CB43CD7030C} - System32\Tasks\AdobeAAMUpdater-1.0-dan-desktop-Dan => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {56AAE29B-37E3-4AE8-8F3C-D40FE6861328} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime
Task: {56AAE29B-37E3-4AE8-8F3C-D40FE6861328} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-07-10] (Microsoft Windows -> Microsoft Corporation)
Task: {7DF19C7C-B5DC-4F70-8A62-A06DADEB1033} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {88217A6D-3526-4CE0-9A60-28C51E822030} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {9445E6A1-B206-40F1-B75F-7F74D9C8D095} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
Task: {972D04CF-3CFB-46D3-B9A2-EF58AEE6B332} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {ADF90067-0BB1-4BE6-BE48-03F2F26D2D33} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {B731CFF9-55AD-4763-86D4-12CE2504E0D0} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C1D8B7F1-E999-4711-A74B-46EA86147B04} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {CD6F827E-25BB-409C-84BE-A1BD6890BF73} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {CD6F827E-25BB-409C-84BE-A1BD6890BF73} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-07-10] (Microsoft Windows -> Microsoft Corporation)
Task: {D16BE426-D4DC-46DD-8C12-128B47121661} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {D16BE426-D4DC-46DD-8C12-128B47121661} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {D16BE426-D4DC-46DD-8C12-128B47121661} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [2016-07-10] (Microsoft Windows -> Microsoft Corporation)
Task: {D6FE8FAF-5FC1-4062-BCC5-EBBC1F80DE26} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {D75D1D0C-4C13-4B3D-85D0-F6400A633E05} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {D75D1D0C-4C13-4B3D-85D0-F6400A633E05} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-07-10] (Microsoft Windows -> Microsoft Corporation)
Task: {DAA17820-C7B2-4B75-8F3E-407423EC9D5E} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E48D1190-8E25-4FB5-9722-B5E3BD7C0DCD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {EDE703E1-8DD8-452B-A3FE-F4601FA6DB9B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {F59F1040-30EF-4CB2-83C4-AC4EF66B0EFE} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_122_pepper.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ruby 2.1.5-p273-x64\Interactive Ruby.lnk -> C:\Ruby21-x64\bin\irb.bat ()
 
ShortcutWithArgument: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ruby 2.1.5-p273-x64\Start Command Prompt with Ruby.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /E:ON /K C:\Ruby21-x64\bin\setrbvars.bat
ShortcutWithArgument: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi
ShortcutWithArgument: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\VNC® Viewer for Google Chrome™.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=iabmpiboiopbgfabjmgeedhcmjenhbla
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-02-02 17:28 - 2016-01-22 17:57 - 000089008 _____ () C:\Windows\System32\cpwmon64.dll
2014-11-14 16:11 - 2013-04-15 11:50 - 000198144 _____ () C:\Windows\System32\HP1006LM.DLL
2014-11-14 16:11 - 2013-04-15 11:50 - 000065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1006PP.dll
2015-02-13 03:20 - 2015-02-13 03:20 - 000085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-12-17 18:38 - 2015-12-17 18:38 - 001328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-02 05:24 - 2013-07-04 05:32 - 000936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
2018-06-22 16:59 - 2018-03-14 08:01 - 001268112 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-01-08 23:20 - 2018-01-08 23:20 - 012443624 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
2015-09-11 18:02 - 2015-09-11 18:02 - 000803488 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-02-12 15:55 - 2012-04-01 00:06 - 002689536 _____ () C:\Program Files\File Shredder\fsshell.dll
2019-02-13 18:29 - 2019-02-13 00:14 - 005186032 _____ () C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\libglesv2.dll
2019-02-13 18:29 - 2019-02-13 00:14 - 000117232 _____ () C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\libegl.dll
2019-02-12 12:47 - 2019-02-12 12:47 - 031313408 _____ () C:\Users\Dan\AppData\Local\Google\Chrome\User Data\PepperFlash\32.0.0.142\pepflashplayer.dll
2014-03-18 04:49 - 2014-03-18 04:49 - 000183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\ErrorReporting.dll
2016-06-27 10:22 - 2016-06-27 10:22 - 000052912 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2017-09-20 14:46 - 2017-09-20 14:46 - 000033792 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\boost_system-vc140-mt-1_59.dll
2017-09-20 14:45 - 2017-09-20 14:45 - 000062976 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\boost_date_time-vc140-mt-1_59.dll
2017-09-20 14:46 - 2017-09-20 14:46 - 000106496 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\boost_thread-vc140-mt-1_59.dll
2017-09-20 14:46 - 2017-09-20 14:46 - 000042496 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\boost_chrono-vc140-mt-1_59.dll
2017-09-20 14:46 - 2017-09-20 14:46 - 000073728 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-11-02 05:24 - 2019-02-21 02:54 - 000036864 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
2014-11-02 05:24 - 2013-07-04 05:32 - 000104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll
2018-01-08 23:20 - 2018-01-08 23:20 - 000173032 _____ () C:\Program Files (x86)\VMware\VMware Workstation\nfc-types.dll
2018-01-08 23:20 - 2018-01-08 23:20 - 000126440 _____ () C:\Program Files (x86)\VMware\VMware Workstation\expat.dll
2018-01-08 23:20 - 2018-01-08 23:20 - 000396776 _____ () C:\Program Files (x86)\VMware\VMware Workstation\ssoClient.dll
2018-06-22 16:59 - 2018-03-14 08:01 - 001041808 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2014-03-20 14:43 - 2014-03-20 14:43 - 001241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2018-06-22 16:59 - 2018-03-14 08:01 - 081564048 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2018-06-22 16:59 - 2018-03-14 08:01 - 002478480 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\swiftshader\libglesv2.dll
2018-06-22 16:59 - 2018-03-14 08:01 - 000125840 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\swiftshader\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2018-11-15 11:54 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files\Microsoft MPI\Bin\;C:\Python27\;C:\Python27\Scripts;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\Calibre2\;C:\Program Files\MiKTeX 2.9\miktex\bin\x64\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\sbt\bin;C:\Program Files\Steel Bank Common Lisp\1.4.14\;C:\Program Files\Git\cmd
HKU\S-1-5-21-2555180676-4011908201-2030567858-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
If an entry is included in the fixlist, it will be removed.
 
HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk"
HKLM\...\StartupApproved\StartupFolder: => "FAH.lnk"
HKLM\...\StartupApproved\StartupFolder: => "TRYCACHE.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "Launch LCore"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "LWS"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows"
HKU\S-1-5-21-2555180676-4011908201-2030567858-1001\...\StartupApproved\StartupFolder: => "[email protected]"
HKU\S-1-5-21-2555180676-4011908201-2030567858-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_31FA44FE943CF384B13C12A03C90A9AD"
HKU\S-1-5-21-2555180676-4011908201-2030567858-1001\...\StartupApproved\Run: => "Amazon Music"
HKU\S-1-5-21-2555180676-4011908201-2030567858-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2555180676-4011908201-2030567858-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
HKU\S-1-5-21-2555180676-4011908201-2030567858-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-2555180676-4011908201-2030567858-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-2555180676-4011908201-2030567858-1001\...\StartupApproved\Run: => "igfxTray.exe"
HKU\S-1-5-21-2555180676-4011908201-2030567858-1001\...\StartupApproved\Run: => "Voobly"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{0B6CD908-7363-4BFE-B9A5-705A5B19AB8A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{30152594-CA97-4919-92F4-C1EAD84FF1CE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{77FAE1B9-AD33-4646-B316-645A856FBB92}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe No File
FirewallRules: [{04B45243-2513-4868-BE9E-DC2C3982B7D3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe No File
FirewallRules: [{7CD68FBE-FB65-4908-AEC8-1EE893369696}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Age2HD\Launcher.exe (TODO: <Company name>)
FirewallRules: [{587E151B-4DBC-4E0D-B989-0D0C537C4E26}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Age2HD\Launcher.exe (TODO: <Company name>)
FirewallRules: [{4BED1343-9B4F-4892-9A36-134D79F87BCB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Age of Mythology\Launcher.exe (TODO: <Company name>)
FirewallRules: [{458E5347-143E-4BBA-96C7-5C19915F89C5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Age of Mythology\Launcher.exe (TODO: <Company name>)
FirewallRules: [TCP Query User{BA39435C-1E8B-4674-8FB7-3967AB68DE4D}C:\ruby21-x64\bin\ruby.exe] => (Allow) C:\ruby21-x64\bin\ruby.exe (hxxp://www.ruby-lang.org/)
FirewallRules: [UDP Query User{2F2928CD-F866-41EF-9380-A7FDF74E8688}C:\ruby21-x64\bin\ruby.exe] => (Allow) C:\ruby21-x64\bin\ruby.exe (hxxp://www.ruby-lang.org/)
FirewallRules: [TCP Query User{74DBF258-E6F9-4CDC-9FEA-DA84C7DB72AC}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe (mIRC Co. Ltd. -> mIRC Co. Ltd.)
FirewallRules: [UDP Query User{FCDAFD6B-4B91-490B-962A-F72BCAAC98C5}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe (mIRC Co. Ltd. -> mIRC Co. Ltd.)
FirewallRules: [TCP Query User{2ECDAB63-4E55-4DB0-AFE5-0ADDA52BD78C}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{28AAD047-3931-4C53-BB9C-0F74ABD18352}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{22A91067-3AA1-4EC7-961E-3142585D8F5E}] => (Allow) C:\Users\Dan\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{27F01C0D-86D2-4F4F-8A63-4DFCB3706FC6}] => (Allow) C:\Users\Dan\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{64648EB1-B8E2-4DED-B281-665D1E07E4E5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{774FBD40-7B98-4062-A907-DEDFF44D182B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{68F2F65A-B192-4BF6-A2C0-A5B57F2D8241}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BD58BA95-8F3F-48EA-A959-75D8C65F8EE0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DC708397-C4D1-4126-AA3E-69582B97D08A}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{DFE5CE35-D205-44C2-A7E5-AC2F66127A0B}C:\program files (x86)\icechat7\icechat7.exe] => (Allow) C:\program files (x86)\icechat7\icechat7.exe No File
FirewallRules: [UDP Query User{3844935F-8DC7-4334-A35C-3426DF6A439F}C:\program files (x86)\icechat7\icechat7.exe] => (Allow) C:\program files (x86)\icechat7\icechat7.exe No File
FirewallRules: [{B4256E9C-E097-4B3A-A78B-C2BCBE6DEE14}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{390B66D3-7F59-42DE-9CA7-89A5C2FAD8C5}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{0B886FEF-8135-4332-B42D-8113ED7FFDE2}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [UDP Query User{B5EF6F16-1B02-4B38-A914-7A4C10EE6760}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [{D1A3F963-82B5-4E34-91BF-01F9B10BE5C3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Age of Mythology\aomx.exe (Microsoft Corp)
FirewallRules: [{F501B363-24D4-4078-A8EE-DEA65CB880C1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Age of Mythology\aomx.exe (Microsoft Corp)
FirewallRules: [TCP Query User{B42DA771-B9EA-4609-89D6-C51F45F30EA3}C:\eve\sharedcache\tq\bin\exefile.exe] => (Allow) C:\eve\sharedcache\tq\bin\exefile.exe No File
FirewallRules: [UDP Query User{68F721A1-F983-48D7-BEA7-05D117431275}C:\eve\sharedcache\tq\bin\exefile.exe] => (Allow) C:\eve\sharedcache\tq\bin\exefile.exe No File
FirewallRules: [TCP Query User{0EC9BE74-8B9F-4145-9B8E-D73FACD97091}C:\program files (x86)\linphone\bin\linphone.exe] => (Allow) C:\program files (x86)\linphone\bin\linphone.exe ()
FirewallRules: [UDP Query User{5CECABCD-D549-4F2E-B430-2A5C43795404}C:\program files (x86)\linphone\bin\linphone.exe] => (Allow) C:\program files (x86)\linphone\bin\linphone.exe ()
FirewallRules: [TCP Query User{13498ADC-1BF8-47F7-B9A5-FA88C3D97364}C:\program files (x86)\steam\steamapps\common\sid meier's civilization vi sdk\assetmodtools\asseteditor\asseteditor.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\sid meier's civilization vi sdk\assetmodtools\asseteditor\asseteditor.exe No File
FirewallRules: [UDP Query User{4EFB4F08-5849-4394-822A-33BBD28647B4}C:\program files (x86)\steam\steamapps\common\sid meier's civilization vi sdk\assetmodtools\asseteditor\asseteditor.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\sid meier's civilization vi sdk\assetmodtools\asseteditor\asseteditor.exe No File
FirewallRules: [TCP Query User{8C20DE9F-DE91-491E-B240-7733184211C1}C:\programdata\anaconda3\python.exe] => (Allow) C:\programdata\anaconda3\python.exe (Python Software Foundation)
FirewallRules: [UDP Query User{C5E76A32-9439-4B16-A271-3A070A70343C}C:\programdata\anaconda3\python.exe] => (Allow) C:\programdata\anaconda3\python.exe (Python Software Foundation)
FirewallRules: [TCP Query User{998B7554-C0A6-48D1-8BF8-345ECFF67DD0}C:\programdata\anaconda3\pythonw.exe] => (Allow) C:\programdata\anaconda3\pythonw.exe (Python Software Foundation)
FirewallRules: [UDP Query User{EA6EA767-6AB3-47BB-A8AF-8A2F0871CCFA}C:\programdata\anaconda3\pythonw.exe] => (Allow) C:\programdata\anaconda3\pythonw.exe (Python Software Foundation)
FirewallRules: [TCP Query User{FB09F0D9-64A5-4B18-8BF4-7DB4DCD64AB7}C:\program files (x86)\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe (Cryptic Studios Inc. -> )
FirewallRules: [UDP Query User{3257391A-082E-47E5-BB99-325150508F24}C:\program files (x86)\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe (Cryptic Studios Inc. -> )
FirewallRules: [TCP Query User{69ECE697-8EFF-4142-A59C-C1E546CCEABE}C:\program files (x86)\fahclient\fahclient.exe] => (Allow) C:\program files (x86)\fahclient\fahclient.exe ()
FirewallRules: [UDP Query User{A34B80CD-378B-4971-B571-A59F24CDE85E}C:\program files (x86)\fahclient\fahclient.exe] => (Allow) C:\program files (x86)\fahclient\fahclient.exe ()
FirewallRules: [{2D65B7AD-1DDA-4CD7-A5A6-56976C35D5AE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Civilization IV Colonization\Colonization.exe (Firaxis Games)
FirewallRules: [{0BF25985-5F55-4D73-8E13-140C70F6CAB2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Civilization IV Colonization\Colonization.exe (Firaxis Games)
FirewallRules: [{D94DF7BF-1FF8-481F-8745-8E88777533CD}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{09C71628-9D34-42BD-8193-8F0A38D8535E}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{80153DE8-5670-454B-A49A-7544FA2A2AB7}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe (VMware, Inc. -> )
FirewallRules: [{E36F9780-FC9D-41B1-B45A-2CF9BEEFB723}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe (VMware, Inc. -> )
FirewallRules: [{12A33BE9-6966-4F56-BEA2-A23B46B71725}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe (Firaxis Games)
FirewallRules: [{DF897495-4288-4E50-AFD5-B2C7E6658D19}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe (Firaxis Games)
FirewallRules: [{01FFC33D-FBAD-4F6F-91CE-FB2BFA4B164A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe (Firaxis Games)
FirewallRules: [{368A7309-F700-4002-9EFF-29EA31096AFA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe (Firaxis Games)
FirewallRules: [{62A9959B-7108-4C2F-B8C5-5BDA390F2DF4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{089C5814-5A46-4EC5-8440-9CFC20427EDD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{A246A263-262D-4BBB-A817-ECBFA9C5FD52}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{3925E189-F4D4-453C-80AB-B5AE7E449BFC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{506300AB-8069-4B25-90D6-09B6373FB1C5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{09D32391-1D5F-4001-84A2-FE17C87DC5D3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{62AECF94-A015-4AEF-B01C-288293038A14}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe (Firaxis Games)
FirewallRules: [{1EC56D06-1BCA-481A-AA7F-5B02AF4CF01B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe (Firaxis Games)
FirewallRules: [{DF39C30D-C28F-471D-A646-44305C46BA6B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe (Firaxis Games)
FirewallRules: [{7B5141B6-4F9C-4C90-A4DD-A2BE09E08F7E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe (Firaxis Games)
FirewallRules: [TCP Query User{6FF673A7-7683-4A51-8614-FA2A64EFCFAB}C:\program files (x86)\voobly\voobly.exe] => (Allow) C:\program files (x86)\voobly\voobly.exe (Voobly)
FirewallRules: [UDP Query User{A8CD56B2-53D6-47B3-9A24-26FC31D1DDED}C:\program files (x86)\voobly\voobly.exe] => (Allow) C:\program files (x86)\voobly\voobly.exe (Voobly)
FirewallRules: [TCP Query User{B40A8D94-A95D-46CF-B4F1-01E4EB678BCD}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe] => (Allow) C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe (Microsoft Corporation)
FirewallRules: [UDP Query User{D8BB3AEA-08A0-4D10-A280-3CEB7FF83E8C}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe] => (Allow) C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe (Microsoft Corporation)
FirewallRules: [TCP Query User{14F42CA9-2DDE-4D20-A4DB-4CEE1297D86F}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{BAD7FA64-A3A0-4958-B8A5-820EC269FCBC}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{9CEC9315-AF31-4779-8A54-650638617A14}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe No File
FirewallRules: [{34A012B6-064A-49FB-B268-098983CD22B7}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe No File
FirewallRules: [{DFBEC894-9C7F-45EB-9C23-4FEE7DF1033F}] => (Allow) C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe (AzureEngBuildCodeSign -> )
FirewallRules: [{53EE520C-EE87-4B97-ABD9-4A8339C6853B}] => (Allow) C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe (AzureEngBuildCodeSign -> )
FirewallRules: [{92321E76-6A7B-4037-854C-FFF6FFAB69F0}] => (Allow) C:\Program Files\Microsoft MPI\Bin\mpiexec.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2445AFBD-76CD-43CA-8BB7-EC0C0DBD8AD3}] => (Allow) C:\Program Files\Microsoft MPI\Bin\mpiexec.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{82E52E33-FAD3-468F-BC8F-3CAC5D7F2594}] => (Allow) C:\Program Files\Microsoft MPI\Bin\smpd.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3F9B8D9A-2FD8-412D-96DD-079B0BE25691}] => (Allow) C:\Program Files\Microsoft MPI\Bin\smpd.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E76D95DD-AEDB-41B6-9AD9-6917A1922860}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{299DC2AD-5EA4-47EC-BE77-9D92F8CB26BC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe ()
FirewallRules: [{597C33D1-3F3A-4849-8C8A-6FB811AAE933}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe ()
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: ASUS PCE-N53 300Mbps 11n Dual band Wireless LAN PCI-E Card
Description: ASUS PCE-N53 300Mbps 11n Dual band Wireless LAN PCI-E Card
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ASUSTeK Computer Inc.
Service: netr28x
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/14/2019 04:33:57 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Flash Drive (E:) was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)
 
Error: (02/13/2019 04:52:09 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Flash Drive (E:) was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)
 
Error: (02/11/2019 02:13:22 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKsld8d59a2e.
 
System Error:
The system cannot find the file specified.
.
 
Error: (02/07/2019 03:16:13 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Flash Drive (E:) was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)
 
Error: (02/06/2019 02:34:18 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Flash Drive (E:) was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)
 
Error: (02/04/2019 03:50:02 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (02/04/2019 03:50:02 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (02/02/2019 06:44:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKsld8d59a2e.
 
System Error:
The system cannot find the file specified.
.
 
 
System errors:
=============
Error: (02/21/2019 02:58:52 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel® Management and Security Application Local Management Service service hung on starting.
 
Error: (02/21/2019 02:53:51 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:38:08 AM on ‎2/‎20/‎2019 was unexpected.
 
Error: (02/14/2019 04:47:32 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (02/02/2019 07:19:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (02/02/2019 07:19:03 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
 
Error: (02/01/2019 04:58:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (02/01/2019 04:58:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
 
Error: (01/20/2019 10:10:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
 
Windows Defender:
===================================
Date: 2019-02-10 01:21:16.094
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {32B4E92D-2D6F-4485-B584-3243963AE449}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2019-01-28 13:07:10.231
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {3C0CDFB1-F150-4AB7-8756-E97E910CE11D}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-12-18 07:00:48.647
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {AD375F47-7B85-4DAC-8071-5CB9F393535F}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-12-10 07:27:49.377
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {5450D4EC-E19C-4609-BD11-46C28C0F0C43}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-12-07 02:24:16.886
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {4F9548DD-B0C8-463B-917E-ED5C302CB4A3}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-07-18 18:45:08.417
Description: 
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Current
Error Code: 0x80070002
Error description: The system cannot find the file specified. 
Signature version: 0.0.0.0;0.0.0.0
Engine version: 0.0.0.0
 
CodeIntegrity:
===================================
 
Date: 2019-02-21 03:16:40.912
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2019-02-21 03:16:39.464
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2019-02-21 03:16:38.009
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2019-02-21 03:16:36.550
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2019-01-22 03:49:14.106
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2019-01-20 11:58:14.552
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2019-01-20 11:58:12.835
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2019-01-12 13:45:47.806
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 20%
Total physical RAM: 16315.82 MB
Available physical RAM: 12973.57 MB
Total Virtual: 18747.82 MB
Available Virtual: 14512.5 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.17 GB) (Free:545 GB) NTFS
Drive e: (Flash Drive) (Fixed) (Total:0.34 GB) (Free:0.31 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: () (Fixed) (Total:111.45 GB) (Free:79.2 GB) NTFS
 
\\?\Volume{a8a5dc82-61fd-11e4-8250-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.08 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 4943CA7F)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.2 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 4943CA7C)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.4 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 


  • 0

Advertisements

#2
iMacg3
Posted 22 February 2019 - 10:16 AM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Welcome to the Geeks To Go malware removal forum.
I'm iMacg3 and will be helping you.

Please keep the following information in mind before we begin:
  • Do not run any fixes or tools on your system unless I request that you do so.
  • Please read all instructions completely before you complete them.
  • If your computer seems to start working normally, please don't abandon the topic. Just because your computer doesn't seem to have a problem doesn't mean that it isn't infected.
  • If you have pirated or illegal software on your computer, uninstall it before proceeding.
  • If you don't respond to your topic in 4 days, it will be closed. You can have it reopened by contacting me or any staff member by pm with the address of the thread.
  • If you have questions about anything, please ask.
--------------------

Going over your logs I noticed that you have uTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.

--------------------

Do you recognize this file? It is set to run on startup.

H:\onion..Hteen-W0e8rq4534yt_vmcklwxodck039qv4ycuqXGVFGJ_I\onion..Hteen-W0e8rq4534yt vmcklwxodck039qv4ycuqXGVFGJ I\HteensRIP\Hteens\Preteens.exe



Highlight the contents of the below code box and press Ctrl + C:
Start::

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-2555180676-4011908201-2030567858-1001\...\Run: [AdobeBridge] => [X]

CustomCLSID: HKU\S-1-5-21-2555180676-4011908201-2030567858-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> "C:\Windows\system32\igfxEM.exe" => No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File

FirewallRules: [{77FAE1B9-AD33-4646-B316-645A856FBB92}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe No File
FirewallRules: [{04B45243-2513-4868-BE9E-DC2C3982B7D3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe No File
FirewallRules: [TCP Query User{DFE5CE35-D205-44C2-A7E5-AC2F66127A0B}C:\program files (x86)\icechat7\icechat7.exe] => (Allow) C:\program files (x86)\icechat7\icechat7.exe No File
FirewallRules: [UDP Query User{3844935F-8DC7-4334-A35C-3426DF6A439F}C:\program files (x86)\icechat7\icechat7.exe] => (Allow) C:\program files (x86)\icechat7\icechat7.exe No File
FirewallRules: [TCP Query User{B42DA771-B9EA-4609-89D6-C51F45F30EA3}C:\eve\sharedcache\tq\bin\exefile.exe] => (Allow) C:\eve\sharedcache\tq\bin\exefile.exe No File
FirewallRules: [UDP Query User{68F721A1-F983-48D7-BEA7-05D117431275}C:\eve\sharedcache\tq\bin\exefile.exe] => (Allow) C:\eve\sharedcache\tq\bin\exefile.exe No File

End::
Right-click on FRST/FRST64 and select Run as Administrator.
Click on Fix.
Note - there is no need to paste the contents of the code box anywhere.
If your computer restarts, allow it to do so.
Once the fix is complete, a file called fixlog will be saved to the same directory as FRST. The log may open in Notepad as well.
Please copy and paste the contents of the fixlog into your next reply.

Thanks.
  • 0

#3
dcrookston
Posted 23 February 2019 - 07:29 AM

dcrookston

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Do you recognize this file? It is set to run on startup.

H:\onion..Hteen-W0e8rq4534yt_vmcklwxodck039qv4ycuqXGVFGJ_I\onion..Hteen-W0e8rq4534yt vmcklwxodck039qv4ycuqXGVFGJ I\HteensRIP\Hteens\Preteens.exe

 

Sure don't!  That's kind of a terrifying filename to be honest.  I checked my H drive though and that directory doesn't seem to exist.  Even viewing hidden files I don't see it -- is there some kind of extra-hidden option I'm missing?

 

I'll run the next steps now and edit this reply when it's done.

 

Fix complete, here's the fixlog.  Note that I did reboot afterward.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 20.02.2019 02
Ran by Dan (23-02-2019 08:31:58) Run:1
Running from C:\Users\Dan\Desktop
Loaded Profiles: Dan (Available Profiles: Dan & Dan_2 & Admin)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
HKU\S-1-5-21-2555180676-4011908201-2030567858-1001\...\Run: [AdobeBridge] => [X]
CustomCLSID: HKU\S-1-5-21-2555180676-4011908201-2030567858-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> "C:\Windows\system32\igfxEM.exe" => No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
FirewallRules: [{77FAE1B9-AD33-4646-B316-645A856FBB92}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe No File
FirewallRules: [{04B45243-2513-4868-BE9E-DC2C3982B7D3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe No File
FirewallRules: [TCP Query User{DFE5CE35-D205-44C2-A7E5-AC2F66127A0B}C:\program files (x86)\icechat7\icechat7.exe] => (Allow) C:\program files (x86)\icechat7\icechat7.exe No File
FirewallRules: [UDP Query User{3844935F-8DC7-4334-A35C-3426DF6A439F}C:\program files (x86)\icechat7\icechat7.exe] => (Allow) C:\program files (x86)\icechat7\icechat7.exe No File
FirewallRules: [TCP Query User{B42DA771-B9EA-4609-89D6-C51F45F30EA3}C:\eve\sharedcache\tq\bin\exefile.exe] => (Allow) C:\eve\sharedcache\tq\bin\exefile.exe No File
FirewallRules: [UDP Query User{68F721A1-F983-48D7-BEA7-05D117431275}C:\eve\sharedcache\tq\bin\exefile.exe] => (Allow) C:\eve\sharedcache\tq\bin\exefile.exe No File
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-2555180676-4011908201-2030567858-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge" => removed successfully
HKU\S-1-5-21-2555180676-4011908201-2030567858-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{77FAE1B9-AD33-4646-B316-645A856FBB92}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{04B45243-2513-4868-BE9E-DC2C3982B7D3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{DFE5CE35-D205-44C2-A7E5-AC2F66127A0B}C:\program files (x86)\icechat7\icechat7.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{3844935F-8DC7-4334-A35C-3426DF6A439F}C:\program files (x86)\icechat7\icechat7.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B42DA771-B9EA-4609-89D6-C51F45F30EA3}C:\eve\sharedcache\tq\bin\exefile.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{68F721A1-F983-48D7-BEA7-05D117431275}C:\eve\sharedcache\tq\bin\exefile.exe" => removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 24878538 B
Java, Flash, Steam htmlcache => 94041383 B
Windows/system/drivers => 16031360 B
Edge => 0 B
Chrome => 5117149780 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 560 B
LocalService => 140308 B
NetworkService => 8754556 B
Dan => 946479968 B
Dan_2.dan-desktop => 6112 B
Admin => 34021 B
 
RecycleBin => 0 B
EmptyTemp: => 5.8 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 08:34:25 ====

Edited by dcrookston, 23 February 2019 - 07:44 AM.

  • 0

#4
iMacg3
Posted 23 February 2019 - 10:17 AM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi,

Thanks for the fixlog. Please do this.

---------------------
Highlight the contents of the below code box and press Ctrl + C:
Start::
HKU\S-1-5-21-2555180676-4011908201-2030567858-1001\...\Run: [igfxTray.exe] => H:\onion..Hteen-W0e8rq4534yt_vmcklwxodck039qv4ycuqXGVFGJ_I\onion..Hteen-W0e8rq4534yt vmcklwxodck039qv4ycuqXGVFGJ I\HteensRIP\Hteens\Preteens.exe
H:\onion..Hteen-W0e8rq4534yt_vmcklwxodck039qv4ycuqXGVFGJ_I\onion..Hteen-W0e8rq4534yt vmcklwxodck039qv4ycuqXGVFGJ I\HteensRIP\Hteens\Preteens.exe
Reboot:
End::
Right-click on FRST/FRST64 and select Run as Administrator.
Click on Fix.
Note - there is no need to paste the contents of the code box anywhere.
If your computer restarts, allow it to do so.
Once the fix is complete, a file called fixlog will be saved to the same directory as FRST. The log may open in Notepad as well.
Please copy and paste the contents of the fixlog into your next reply.

Let me know how the computer is doing.

Thanks.
  • 0

#5
dcrookston
Posted 23 February 2019 - 06:43 PM

dcrookston

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Fix result of Farbar Recovery Scan Tool (x64) Version: 20.02.2019 02
Ran by Dan (23-02-2019 19:36:41) Run:2
Running from C:\Users\Dan\Desktop
Loaded Profiles: Dan (Available Profiles: Dan & Dan_2 & Admin)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKU\S-1-5-21-2555180676-4011908201-2030567858-1001\...\Run: [igfxTray.exe] => H:\onion..Hteen-W0e8rq4534yt_vmcklwxodck039qv4ycuqXGVFGJ_I\onion..Hteen-W0e8rq4534yt vmcklwxodck039qv4ycuqXGVFGJ I\HteensRIP\Hteens\Preteens.exe
H:\onion..Hteen-W0e8rq4534yt_vmcklwxodck039qv4ycuqXGVFGJ_I\onion..Hteen-W0e8rq4534yt vmcklwxodck039qv4ycuqXGVFGJ I\HteensRIP\Hteens\Preteens.exe
Reboot:
 
*****************
 
"HKU\S-1-5-21-2555180676-4011908201-2030567858-1001\Software\Microsoft\Windows\CurrentVersion\Run\\igfxTray.exe" => removed successfully
"H:\onion..Hteen-W0e8rq4534yt_vmcklwxodck039qv4ycuqXGVFGJ_I\onion..Hteen-W0e8rq4534yt vmcklwxodck039qv4ycuqXGVFGJ I\HteensRIP\Hteens\Preteens.exe" => not found
 
 
The system needed a reboot.
 
==== End of Fixlog 19:36:41 ====

  • 0

#6
iMacg3
Posted 23 February 2019 - 06:58 PM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi,

How is the computer doing? Do the problems persist?

Thanks.
  • 0

#7
dcrookston
Posted 25 February 2019 - 09:35 AM

dcrookston

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Things seem to be running better, yes.  I did have to reset my Gmail password, which I didn't expect, but otherwise it looks like everything's good.


  • 0

#8
iMacg3
Posted 25 February 2019 - 09:43 AM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi,

Excellent :thumbsup: We'll run one final scan with ESET Online Scanner, just to err on the side of caution:

Download ESET Online Scanner and save it to your desktop.
  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • Click on Get Started.
  • Another window will appear - select Get Started. Select whether you would like to send anonymous data to ESET.
  • Click on the Full Scan option.
  • Click on the option to Enable ESET to detect and remove potentially unwanted applications, and select Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop with a name like ESETlog.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • On your desktop, a file will be created called ESETlog.txt. Open it, then copy and paste its contents into your next reply.

  • 0

#9
dcrookston
Posted 27 February 2019 - 11:28 AM

dcrookston

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Okay, well, it deleted uTorrent, CuteWriter, and what looks like a uTorrent update, all of which are mildly annoying.  But it finished, here's the log:

 

2/27/2019 12:24:31 PM
Files scanned: 1068052
Infected files: 3
Cleaned threats: 3
Total scan time 03:30:16
Scan status: Finished

  • 0

#10
dcrookston
Posted 27 February 2019 - 11:29 AM

dcrookston

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Now I have to download and reinstall CutePDF Writer :P


  • 0

#11
iMacg3
Posted 27 February 2019 - 12:14 PM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi,

Sounds like a false positive in the ESET Scan.
You can download Cute PDF Writer from the developer's website if you use it.

Let me know how the computer is doing.

Thanks.
  • 0

#12
dcrookston
Posted 28 February 2019 - 11:35 AM

dcrookston

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

It seems to be going well?  I think it might just be getting old.  Thank you for your help!


  • 0

#13
iMacg3
Posted 28 February 2019 - 11:39 AM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts

Hi,


Uninstall FRST
  • Right-click on FRST/FRST64, and select Rename.
  • Rename it to Uninstall.exe and press Enter on your keyboard.
  • Double-click on Uninstall.exe. Your computer will restart, and allow it to do so. FRST will now uninstall.
---------------------

Here are some tips to keep your computer safe on the Internet:

Keep your antivirus up to date and enabled. If you use Windows 8.1 or 10, using Windows Defender is sufficient protection. However, if you use Windows 7, running an antivirus is recommended. Some good AVs are Microsoft Security Essentials, BitDefender, or Kaspersky.

Keep your Windows operating system up to date. Make sure the Automatic Updates feature on your computer is enabled, so Windows can install updates automatically and keep your system up to date. Additionally, make sure to keep your third party software (such as Java, Adobe Flash, and Web browsers) up to date as well.

Use secure passwords. Make sure your passwords are complex and difficult to guess. There are password managers (for example, Bitwarden) that can help you keep track of your passwords and use secure passwords. Make sure to use a different password at every website that requires a login.

Don't download attachments without knowing what they are. Do not download any email attachments that end with an extension of .exe, .pif, .com, or .bat. When downloading third party software, make sure to download it from the developer. Also, un-check offers of additional software when installing some software you want.

I do not recommend you use "Peer-to-Peer" file sharing (P2P) programs. This is an easy way to get your computer infected, almost as easy as intentionally infecting your computer.
Avoid pirated/"cracked" software. Like using P2P applications, there is a high risk of infecting your computer.

Here are some guides for you to read about keeping your computer safe -

Keep your computer safe on the Internet

Answers to common security questions

If you ever have any malware infections on your computer (hopefully not) you can always come back here for help.

Safe surfing! :)
  • 0

#14
iMacg3
Posted 04 March 2019 - 09:38 AM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP