The two main symptoms I have are (I know, I know, I'm sorry) that my system is running slowly and that it regularly hangs when I try to reboot. There's nothing specific that leads me to believe I have some kind of malware but I figured since I've tried everything else I can think of and it hasn't helped I'll give this a shot as well. I really appreciate the services you guys offer here, it's top notch in every way. Here's my logs.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.02.2019
Ran by Dan (administrator) on DAN-DESKTOP (21-02-2019 03:10:22)
Running from C:\Users\Dan\Desktop
Loaded Profiles: Dan (Available Profiles: Dan & Dan_2 & Admin)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Users\Dan\AppData\Local\Google\Chrome\User Data\SwReporter\38.190.200\software_reporter_tool.exe
(Google) C:\Users\Dan\AppData\Local\Google\Chrome\User Data\SwReporter\38.190.200\software_reporter_tool.exe
(Google) C:\Users\Dan\AppData\Local\Google\Chrome\User Data\SwReporter\38.190.200\software_reporter_tool.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Google) C:\Users\Dan\AppData\Local\Google\Chrome\User Data\SwReporter\38.190.200\software_reporter_tool.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\livecomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-04-11] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7573208 2014-11-03] (Realtek Semiconductor Corp -> Realtek Semiconductor)
...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc. -> Apple Inc.)
...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17305208 2016-12-08] (Logitech Inc -> Logitech Inc.)
...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2292912 2015-09-17] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle America, Inc. -> Oracle Corporation)
...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech, Inc. -> Logitech Inc.)
...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [4810224 2019-01-31] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation -> Microsoft Corporation)
...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1226240 2017-09-20] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [112104 2018-01-08] (VMware, Inc. -> VMware, Inc.)
HKU\S-1-5-21-2555180676-4011908201-2030567858-1001\...\Run: [Amazon Music] => C:\Users\Dan\AppData\Local\Amazon Music\Amazon Music Helper.exe [5908968 2016-06-16] (Amazon Services LLC -> )
HKU\S-1-5-21-2555180676-4011908201-2030567858-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2555180676-4011908201-2030567858-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [5933552 2019-01-31] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKU\S-1-5-21-2555180676-4011908201-2030567858-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25638872 2018-04-23] (Google Inc -> Google)
HKU\S-1-5-21-2555180676-4011908201-2030567858-1001\...\Run: [Discord] => C:\Users\Dan\AppData\Local\Discord\app-0.0.301\Discord.exe [57816920 2018-04-30] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-2555180676-4011908201-2030567858-1001\...\Run: [igfxTray.exe] => H:\onion..Hteen-W0e8rq4534yt_vmcklwxodck039qv4ycuqXGVFGJ_I\onion..Hteen-W0e8rq4534yt vmcklwxodck039qv4ycuqXGVFGJ I\HteensRIP\Hteens\Preteens.exe
HKU\S-1-5-21-2555180676-4011908201-2030567858-1001\...\Run: [Voobly] => C:\Program Files (x86)\Voobly\voobly.exe [172032 2018-06-23] (Voobly)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\system32\lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [MSVideo] => C:\Windows\system32\vfwwdm32.dll [66048 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\system32\frapsv64.dll [105984 2015-09-05] (Beepa P/L)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [94208 2015-09-05] (Beepa P/L)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\Installer\chrmstp.exe [2019-02-13] (Google LLC -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-05-17]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-05-17]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D03D6C7B-A17F-4165-816A-4EC958B71010}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D5A4DE3F-EEB4-499D-9918-B4780A3896D6}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-18] (Oracle America, Inc. -> Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-18] (Oracle America, Inc. -> Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-16] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-16] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
FireFox:
========
FF HKLM\...\Firefox\Extensions: [
[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2018-09-20]
FF HKLM-x32\...\Firefox\Extensions: [
[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-18] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-09-17] (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-16] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-09-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-09-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2019-01-31] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-09-17] (Adobe Systems)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://lib.harvard.edu/
CHR StartupUrls: Default -> "hxxp://lab.dce.harvard.edu/"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default [2019-02-21]
CHR Extension: (Google Translate) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-10-20]
CHR Extension: (Slides) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-20]
CHR Extension: (Docs) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-20]
CHR Extension: (Google Drive) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-09]
CHR Extension: (YouTube) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-06]
CHR Extension: (Google Search) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-09]
CHR Extension: (hxxps://wrc.intersystems.com/wrc/login.csp) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cophpmjihimdjicamdainfhcifcnbecd [2014-11-01]
CHR Extension: (Tampermonkey) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-12-21]
CHR Extension: (Adobe Acrobat) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-14]
CHR Extension: (Google Play Music) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2018-11-30]
CHR Extension: (Sheets) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-20]
CHR Extension: (LibX for Google Chrome ) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffkfoaiikoedjcjlpnnaidojhfchiafk [2016-07-20]
CHR Extension: (Google Docs Offline) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-06]
CHR Extension: (VNC® Viewer for Google Chrome™) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabmpiboiopbgfabjmgeedhcmjenhbla [2016-01-01]
CHR Extension: (Cisco Webex Extension) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2018-07-18]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2019-02-21]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-01-16]
CHR Extension: (Lazarus: Form Recovery) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\loljledaigphbcpfhfmgopdkppkifgno [2014-11-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-07]
CHR Extension: (Gmail) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-18]
CHR Extension: (Chrome Media Router) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-21]
CHR Profile: C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-02-21]
CHR HKU\S-1-5-21-2555180676-4011908201-2030567858-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [669872 2015-09-15] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2917864 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2709480 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc. -> Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2013-07-04] (ASUSTeK Computer Inc. -> )
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-04-11] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Trusted Connect Service -> Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-12-08] (Logitech Inc -> Logitech Inc.)
S3 MsMpiLaunchSvc; C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe [27760 2016-06-13] (AzureEngBuildCodeSign -> ) [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [523152 2018-03-14] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [523152 2018-03-14] (NVIDIA Corporation -> NVIDIA Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12443624 2018-01-08] (VMware, Inc. -> )
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation -> Microsoft Corporation)
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [157480 2018-08-02] (Microsoft Corporation -> Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] (ASUSTeK Computer Inc. -> )
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d62x64.sys [534512 2017-04-25] (Intel® INTELND1617 -> Intel Corporation)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech -> Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [67736 2016-12-08] (Logitech Inc -> Logitech Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R1 MpKsl81d96e6f; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{46110EFA-202A-43FD-B669-FA6F69A02615}\MpKsl81d96e6f.sys [58120 2019-01-28] (Microsoft Corporation -> Microsoft Corporation)
S3 netr28ux; C:\Windows\system32\DRIVERS\netr28ux.sys [2576072 2014-03-28] (Mediatek Inc. -> Ralink Technology Corp.)
S3 netr28x; C:\Windows\system32\DRIVERS\netr28x.sys [2582704 2013-10-09] (Mediatek Inc. -> Ralink Technology, Corp.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31632 2018-03-14] (NVIDIA Corporation -> NVIDIA Corporation)
R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [56280 2018-09-06] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [59240 2017-12-14] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [65792 2018-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation -> Corel Corporation)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Windows -> Microsoft Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52592 2017-09-20] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
R0 vsock; C:\Windows\system32\DRIVERS\vsock.sys [91712 2016-09-30] (VMware, Inc. -> VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [38376 2017-05-05] (VMware, Inc. -> VMware, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X]
S3 iwdbus; \SystemRoot\System32\drivers\iwdbus.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-02-21 03:10 - 2019-02-21 03:11 - 000028546 _____ C:\Users\Dan\Desktop\FRST.txt
2019-02-21 03:09 - 2019-02-21 03:09 - 002435072 _____ (Farbar) C:\Users\Dan\Desktop\FRST64.exe
2019-02-05 13:54 - 2019-02-05 13:54 - 000662524 _____ C:\Users\Dan\Desktop\1Afu.pdf
2019-02-02 18:45 - 2019-02-02 18:45 - 000000000 ____D C:\Users\Dan\SimUText 2018-2019
2019-02-02 18:45 - 2019-02-02 18:45 - 000000000 ____D C:\Users\Dan\AppData\Local\Simbio
2019-02-02 18:45 - 2019-02-02 18:45 - 000000000 ____D C:\ProgramData\SimBio
2019-02-02 18:44 - 2019-02-02 18:44 - 000001188 _____ C:\Users\Public\Desktop\SimUText 2018-2019.lnk
2019-02-02 18:44 - 2019-02-02 18:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimUText 2018-2019
2019-02-02 18:44 - 2019-02-02 18:44 - 000000000 ____D C:\Program Files (x86)\SimBio
2019-02-02 18:43 - 2019-02-02 18:44 - 068371968 _____ C:\Users\Dan\Downloads\SimUText_2018-2019_Win_Setup_20181203.msi
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-02-21 03:10 - 2017-03-30 19:17 - 000000000 ____D C:\FRST
2019-02-21 03:05 - 2014-11-02 16:25 - 000000000 ____D C:\ProgramData\NVIDIA
2019-02-21 03:00 - 2014-11-01 15:02 - 000003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2555180676-4011908201-2030567858-1001
2019-02-21 03:00 - 2014-03-18 05:03 - 000871096 _____ C:\Windows\system32\PerfStringBackup.INI
2019-02-21 03:00 - 2013-08-22 08:36 - 000000000 ____D C:\Windows\Inf
2019-02-21 02:55 - 2014-12-05 16:30 - 000000000 ___RD C:\Users\Dan\OneDrive
2019-02-21 02:54 - 2015-11-27 22:42 - 000000000 ____D C:\ProgramData\VMware
2019-02-21 02:54 - 2014-11-01 14:36 - 000000000 ____D C:\Users\Dan
2019-02-21 02:54 - 2013-08-22 09:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-02-17 00:25 - 2014-11-03 03:54 - 000000000 ____D C:\Program Files (x86)\Steam
2019-02-16 03:02 - 2015-07-22 18:03 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2019-02-16 03:02 - 2015-07-22 18:02 - 000002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2019-02-16 03:02 - 2015-07-22 18:02 - 000002057 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2019-02-13 18:29 - 2014-11-01 15:00 - 000002244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-02-13 01:17 - 2015-02-27 01:47 - 000000000 ____D C:\Users\Dan\AppData\Roaming\vlc
2019-02-13 00:04 - 2013-08-22 10:20 - 000000000 ____D C:\Windows\CbsTemp
2019-02-05 16:46 - 2015-01-13 05:30 - 000000000 ____D C:\Users\Dan\AppData\Roaming\mIRC
2019-02-03 20:25 - 2016-01-09 14:00 - 000000000 ____D C:\Users\Dan\Documents\Academic
2019-01-29 20:01 - 2015-11-14 22:16 - 000000000 ____D C:\Users\Dan\AppData\Local\CrashDumps
==================== Files in the root of some directories =======
2015-04-03 04:59 - 2015-04-03 04:59 - 000524288 _____ (Simon Tatham) C:\Program Files (x86)\putty.exe
2015-02-17 17:26 - 2015-05-28 16:50 - 000000033 _____ () C:\Users\Dan\AppData\Roaming\AdobeWLCMCache.dat
2015-02-26 21:27 - 2016-01-10 01:17 - 000001456 _____ () C:\Users\Dan\AppData\Local\Adobe Save for Web 13.0 Prefs
2018-09-26 09:47 - 2018-09-26 09:47 - 000000000 _____ () C:\Users\Dan\AppData\Local\oobelibMkey.log
2015-04-03 13:12 - 2018-01-28 20:29 - 000000600 _____ () C:\Users\Dan\AppData\Local\PUTTY.RND
2014-11-04 18:52 - 2015-07-09 02:33 - 000007651 _____ () C:\Users\Dan\AppData\Local\Resmon.ResmonCfg
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2019-02-14 04:33
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.02.2019
Ran by Dan (21-02-2019 03:13:04)
Running from C:\Users\Dan\Desktop
Windows 8.1 (Update) (X64) (2014-11-01 19:36:09)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Admin (S-1-5-21-2555180676-4011908201-2030567858-1005 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-2555180676-4011908201-2030567858-500 - Administrator - Disabled)
Dan (S-1-5-21-2555180676-4011908201-2030567858-1001 - Administrator - Enabled) => C:\Users\Dan
Dan_2 (S-1-5-21-2555180676-4011908201-2030567858-1004 - Administrator - Enabled) => C:\Users\Dan_2.dan-desktop
Guest (S-1-5-21-2555180676-4011908201-2030567858-501 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-2555180676-4011908201-2030567858-1001\...\uTorrent) (Version: 3.5.0.44294 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ActiveEarth 2.1 (HKLM-x32\...\ActiveEarth) (Version: 2.1 - Norris Family Industry, Inc.)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 19.010.20091 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Audition CC 2015 (HKLM-x32\...\{839A3566-AED6-4787-A849-5CBE2B1DC6AE}) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Bridge CC (64 Bit) (HKLM-x32\...\{359F8007-6486-429C-A8C5-D67F6897C88C}) (Version: 6.1.1 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.3.0.151 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 31 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 31.0.0.122 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015 (HKLM-x32\...\{5680D629-B263-49CC-821E-3CEBD4507B51}) (Version: 19.0.1 - Adobe Systems Incorporated)
Adobe InDesign CC 2015 (HKLM-x32\...\{DBFD0312-6E55-1014-8952-E78D43BC0147}) (Version: 11.0.1.105 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2015 (HKLM-x32\...\{0FAC7130-BEC5-47A5-8813-1D339B8326ED}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
Amazon Kindle (HKU\S-1-5-21-2555180676-4011908201-2030567858-1001\...\Amazon Kindle) (Version: 1.17.1.44183 - Amazon)
Amazon Music (HKU\S-1-5-21-2555180676-4011908201-2030567858-1001\...\Amazon Amazon Music) (Version: 4.3.2.1367 - Amazon Services LLC)
AMR Player 1.3 (HKLM-x32\...\{2F881B56-CBDF-4EC6-A8D2-6412A879C66A}_is1) (Version: - www.amrplayer.com)
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Application Verifier x64 External Package (HKLM\...\{B27BC1FC-8474-9E32-73C2-6F7CD58AD1E3}) (Version: 10.1.17763.132 - Microsoft) Hidden
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.15.0 - Asmedia Technology)
ASUS PCE-N53 WLAN Card Utilities & Driver (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.0.0.9 - ASUS)
Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
Blender (HKLM\...\Blender) (Version: 2.73a - Blender Foundation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Build Tools - amd64 (HKLM\...\{F74753A3-C93C-34F5-A199-993CAF602B7D}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools - x86 (HKLM-x32\...\{FB3A15FD-FC67-3A2F-892B-6890B0C56EA9}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (HKLM\...\{05198C22-FFCE-374A-B190-9F18CC99DAEA}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (HKLM-x32\...\{9347889B-C22A-3905-901F-C05D8F73C929}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
calibre 64bit (HKLM\...\{9825E222-549C-44FA-A285-D1123AD63519}) (Version: 2.76.0 - Kovid Goyal)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.5.02033 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{0C9580F0-95DC-4E64-BB4C-1091B660A64F}) (Version: 4.5.02033 - Cisco Systems, Inc.) Hidden
Civ4 Microsoft Windows SDK & Visual C++ Toolkit version 1.0 (HKLM-x32\...\{296CB37D-BEA2-42D3-A5FA-42C83BC436D5}_is1) (Version: 1.0 - )
ColorPic (HKLM-x32\...\ColorPic) (Version: 4.1 - Iconico)
CuteFTP 9 (HKLM-x32\...\{89B9E358-75C6-4C6B-BD38-803FF156CC4B}) (Version: 9.2.0 - Globalscape)
CutePDF Writer 3.1 (HKLM\...\CutePDF Writer Installation) (Version: 3.1 - Acro Software Inc.)
DiagnosticsHub_CollectionService (HKLM\...\{440C5592-4EA5-4772-B256-969D66068843}) (Version: 15.9.28016 - Microsoft Corporation) Hidden
Discord (HKU\S-1-5-21-2555180676-4011908201-2030567858-1001\...\Discord) (Version: 0.0.301 - Discord Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 399.24 - NVIDIA Corporation) Hidden
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ExtractNow (HKLM-x32\...\ExtractNow) (Version: 4.8.2.0 - Nathan Moinvaziri)
FAHClient (HKLM-x32\...\FAHClient) (Version: 7.4.4 - Stanford University)
File Shredder 2.5 (HKLM\...\File Shredder_is1) (Version: - Pow Tools)
FileZilla Client 3.19.0 (HKLM-x32\...\FileZilla Client) (Version: 3.19.0 - Tim Kosse)
FreeFileSync 9.1 (HKLM-x32\...\FreeFileSync_is1) (Version: 9.1 - www.FreeFileSync.org)
Git version 2.20.1 (HKLM\...\Git_is1) (Version: 2.20.1 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.109 - Google Inc.)
Google Drive (HKLM-x32\...\{A8DC81F2-D365-4248-892A-FA3B5951F731}) (Version: 2.34.9392.7803 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HD To TC Conversion Tool version 2.2 (HKLM-x32\...\{EED7429B-114D-4253-9A08-A531187CCE09}_is1) (Version: 2.2 - )
icecap_collection_neutral (HKLM-x32\...\{A3B4D258-74E1-49D6-9A86-2DFEFEE48DEC}) (Version: 15.8.27906 - Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM\...\{E524832A-C567-499A-8872-0D79596E4DEE}) (Version: 15.8.27906 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{469961DF-482F-4213-ACD4-4AFD443F2A88}) (Version: 15.8.27924 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{12246E9A-D1A6-4D96-8CEA-CCFD064B16E2}) (Version: 15.8.27924 - Microsoft Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{f3e3c5dd-edd0-406b-8aa2-ce5acb93660e}) (Version: 10.0.14 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
Intel® Network Connections 19.1.51.0 (HKLM\...\PROSetDX) (Version: 19.1.51.0 - Intel)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.3.1001 - Intel Corporation)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java SE Development Kit 8 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180450}) (Version: 8.0.450.15 - Oracle Corporation)
Kits Configuration Installer (HKLM-x32\...\{29B915AE-013F-151F-3E61-67F7363C3A09}) (Version: 10.1.17763.132 - Microsoft) Hidden
Linphone (HKLM-x32\...\Linphone) (Version: 3.11.1 - Belledonne communications)
Logitech Gaming Software 8.89 (HKLM\...\Logitech Gaming Software) (Version: 8.89.68 - Logitech Inc.)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft AS OLE DB Provider for SQL Server 2016 (HKLM\...\{875FD7AC-E11F-4F3D-BA4E-BCED5E4B78FF}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft MPI (7.1.12437.25) (HKLM\...\{8499ACD3-C1E3-45AB-BF96-DA491727EBE1}) (Version: 7.1.12437.25 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Visio Professional 2007 (HKLM-x32\...\VISPROR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft R Client (HKLM\...\{02EFEF35-C9D6-465D-BB0E-EB48B549B3AB}) (Version: 3.3.2.1988 - Microsoft)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server vNext CTP1.6 (HKLM\...\{98DD6908-C582-452A-954D-E79E6DF0310A}) (Version: 15.0.600.33 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server vNext CTP1.6 (HKLM-x32\...\{640EECB8-1962-4D23-ACB2-310107EC7ED9}) (Version: 15.0.600.33 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27024 (HKLM-x32\...\{5fb2083a-f3cc-4b78-93ff-bd9788b5de01}) (Version: 14.16.27024.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27024 (HKLM-x32\...\{2ff11a2a-f7ac-4a6c-8cd4-c7bb974f3642}) (Version: 14.16.27024.1 - Microsoft Corporation)
Microsoft Visual Studio 2013 Shell (Isolated) (HKLM-x32\...\{dd77c2ff-db69-44f7-9e5c-63aa540dfe07}) (Version: 12.0.21005.13 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.18.1089.1204 - Microsoft Corporation)
Microsoft Web Deploy 4.0 (HKLM\...\{AEA6EBD0-7E59-46C0-8B5E-1715BC58DC45}) (Version: 10.0.1994 - Microsoft Corporation)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
mIRC (HKLM-x32\...\mIRC) (Version: 7.53 - mIRC Co. Ltd.)
MSI Development Tools (HKLM-x32\...\{6C961B30-A670-8A05-3BFE-3947E84DD4E4}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
NVIDIA 3D Vision Controller Driver 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 399.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 399.24 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.13.1.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.13.1.30 - NVIDIA Corporation)
NVIDIA Graphics Driver 399.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 399.24 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.37.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.37.4 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 399.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 399.24 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
PDFXplorer 1.0.0 (HKLM-x32\...\{ABABABAB-8932-49DF-BC7E-F8D41779C30B}) (Version: 1.0.0 - O2 Solutions)
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
Python 2.7.10 (64-bit) (HKLM\...\{E2B51919-207A-43EB-AE78-733F9C6797C3}) (Version: 2.7.10150 - Python Software Foundation)
Python 3.5.2 (32-bit) (HKU\S-1-5-21-2555180676-4011908201-2030567858-1001\...\{cf72a2ab-2f1d-49fd-a0d7-1065e6357e1e}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 Add to Path (32-bit) (HKLM-x32\...\{7E08C4EE-B1C7-4138-8227-7CD3837636AA}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Core Interpreter (32-bit) (HKLM-x32\...\{EB0611B2-7F10-4D97-BCF2-DCAAB1199498}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (32-bit) (HKLM-x32\...\{5DB2183B-62D3-407F-BBC1-EAD2F36283FA}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Documentation (32-bit) (HKLM-x32\...\{1FBA5182-78DD-4940-9F06-96E5042B7061}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (32-bit) (HKLM-x32\...\{33B10015-A9B1-4210-B50A-26C6443979B0}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 pip Bootstrap (32-bit) (HKLM-x32\...\{9ADF9987-3327-48C6-91B3-B10900366491}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (32-bit) (HKLM-x32\...\{FCBB04F4-D2CF-4F55-BE92-B3898696B318}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (32-bit) (HKLM-x32\...\{C1153533-FDC4-4922-892D-B71810F69566}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (32-bit) (HKLM-x32\...\{9D50A6D7-410A-4469-87B7-35FA84CBD479}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Utility Scripts (32-bit) (HKLM-x32\...\{E6DEBF43-7ACF-4E88-9BBF-9B5945683281}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 (Anaconda3 5.0.0 64-bit) (HKLM\...\Python 3.6.2 (Anaconda3 5.0.0 64-bit)) (Version: 5.0.0 - Anaconda, Inc.)
Python 3.6.5 (Anaconda3 5.2.0 64-bit) (HKLM\...\Python 3.6.5 (Anaconda3 5.2.0 64-bit)) (Version: 5.2.0 - Anaconda, Inc.)
Python 3.6.7 (64-bit) (HKU\S-1-5-21-2555180676-4011908201-2030567858-1001\...\{19294e4d-0315-4762-b347-f4caf7c5f36b}) (Version: 3.6.7150.0 - Python Software Foundation)
Python 3.6.7 Add to Path (64-bit) (HKLM\...\{DF7C1E89-C9B5-4FDE-A22F-5CF375FAE6D3}) (Version: 3.6.7150.0 - Python Software Foundation) Hidden
Python 3.6.7 Core Interpreter (64-bit) (HKLM\...\{00CF1307-AE3B-4F6F-9D8F-6918F5E338F6}) (Version: 3.6.7150.0 - Python Software Foundation) Hidden
Python 3.6.7 Development Libraries (64-bit) (HKLM\...\{20D182AF-4FEA-49D7-9F88-6111D18573EC}) (Version: 3.6.7150.0 - Python Software Foundation) Hidden
Python 3.6.7 Documentation (64-bit) (HKLM\...\{5D41B0AC-5D2E-484A-A876-A800D81B0015}) (Version: 3.6.7150.0 - Python Software Foundation) Hidden
Python 3.6.7 Executables (64-bit) (HKLM\...\{76967894-713A-47D7-B2EC-F179FDC9C3A3}) (Version: 3.6.7150.0 - Python Software Foundation) Hidden
Python 3.6.7 pip Bootstrap (64-bit) (HKLM\...\{396D987B-92CB-441A-B281-2541C27AB6B9}) (Version: 3.6.7150.0 - Python Software Foundation) Hidden
Python 3.6.7 Standard Library (64-bit) (HKLM\...\{B991B47C-1BFB-44B1-8A7D-B23656233D7C}) (Version: 3.6.7150.0 - Python Software Foundation) Hidden
Python 3.6.7 Tcl/Tk Support (64-bit) (HKLM\...\{DD3668AE-9CF5-45AC-813A-A38638F2A270}) (Version: 3.6.7150.0 - Python Software Foundation) Hidden
Python 3.6.7 Test Suite (64-bit) (HKLM\...\{45056525-2051-4489-AFDF-756610DC00A5}) (Version: 3.6.7150.0 - Python Software Foundation) Hidden
Python 3.6.7 Utility Scripts (64-bit) (HKLM\...\{056C4684-F37A-4379-8555-15A77A63EC2F}) (Version: 3.6.7150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{CA9E40C6-883C-4D46-80AB-836760F6D8F5}) (Version: 3.6.6501.0 - Python Software Foundation)
R for Windows 3.3.2 (HKLM\...\R for Windows 3.3.2_is1) (Version: 3.3.2 - R Core Team)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7233 - Realtek Semiconductor Corp.)
Ruby 2.1.5-p273-x64 (HKU\S-1-5-21-2555180676-4011908201-2030567858-1001\...\{2A5A5972-E912-49C4-9459-F05131507B6E}_is1) (Version: 2.1.5-p273 - RubyInstaller Team)
sbt 1.2.3 (HKLM-x32\...\{CE07BE71-510D-414A-92D4-DFF47631848A}) (Version: 1.2.3 - Lightbend, Inc.)
Screencast-O-Matic (HKU\S-1-5-21-2555180676-4011908201-2030567858-1001\...\Screencast-O-Matic) (Version: - Screencast-O-Matic)
SDK ARM Additions (HKLM-x32\...\{0B5D6FB7-05A5-271B-5B99-82384219A471}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
SDK ARM Redistributables (HKLM-x32\...\{4A5F6E94-7967-A333-8231-CA9AF35E03BD}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
SimUText 2018-2019 (HKLM-x32\...\{405126D4-87A7-4E2C-9CF8-89E82393485F}) (Version: 2.10.1 - SimBio)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
SmartGit (HKLM-x32\...\SmartGit c:/program files (x86)/smartgit_is1) (Version: - syntevo GmbH)
StartIsBack+ (HKLM-x32\...\StartIsBack) (Version: 1.7.6 - startisback.com)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Steel Bank Common Lisp 1.4.14 (X86-64) (HKLM\...\{54F4687A-CB7A-466D-94A8-88B308B2C3CF}) (Version: 1.4.14 - hxxp://www.sbcl.org)
StuffIt Standard (HKLM-x32\...\{40ABF1E0-8B6F-4D32-B343-E19FA2F04B3C}) (Version: 9.0.0.21 - Allume Systems, Inc.) Hidden
StuffIt Standard (HKLM-x32\...\InstallShield_{40ABF1E0-8B6F-4D32-B343-E19FA2F04B3C}) (Version: 9.0.0.21 - Allume Systems, Inc.)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.4 - TeamSpeak Systems GmbH)
TP-LINK Archer T2U_T2UH Driver (HKLM-x32\...\{F2496892-5295-4208-AB93-21F1AFD07C97}) (Version: 1.3.1 - TP-LINK)
TypeScript SDK (HKLM-x32\...\{3CBDDAE8-99AE-4168-BDA7-8352BF15BE73}) (Version: 3.1.2.0 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{7D225043-6CC5-7B56-11DD-AFF90E4C1C0C}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{CB19DBA2-C210-5646-9522-695A1317CD34}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{0460C87B-7F4C-3170-FAC9-B7A6AE5CE4E9}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{5F577A45-3C65-352B-061D-D6A57F05402C}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{3B588BBE-EB02-D1B2-5CD5-7DB85AD8A3E7}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{D2DC1EDF-EE04-9B5F-BDD7-06645D859EC3}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{CE83D0BD-418A-F3D1-D6CE-687E96D1EBD0}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
vcpp_crt.redist.clickonce (HKLM-x32\...\{16E08161-F78C-4FFC-8E12-F9BEA280795F}) (Version: 14.16.27012 - Microsoft Corporation) Hidden
Vim 7.4 (self-installing) (HKLM\...\Vim 7.4) (Version: - )
Visual Studio Community 2017 (HKLM-x32\...\8680deaa) (Version: 15.9.28307.280 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VMware Workstation (HKLM\...\{0F2CF138-26A5-4C91-AE15-D935B5EB369E}) (Version: 12.5.9 - VMware, Inc.)
Voobly Game Data (HKLM-x32\...\Voobly_is1) (Version: Voobly Game Datas - Voobly)
VS Immersive Activate Helper (HKLM-x32\...\{54FBC9A9-CCA1-417E-ACA6-203A32A39F37}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
VS JIT Debugger (HKLM\...\{4B816AD0-D12B-498A-8148-7CBE3ED328DE}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
VS Script Debugging Common (HKLM\...\{8B657335-3813-4CF4-A6FE-2AA44BE23F94}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{71797C29-380A-492C-B35A-F5E4A7B57BDC}) (Version: 15.9.28307 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{40040E64-50EB-4FCF-B209-DA0B20821759}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{BFFA2FFB-1095-4ADD-A352-368806D2412B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{A254DA0E-26A1-43C3-95BE-7A24D5599473}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{1F42A73E-CF26-4D67-BA79-752CA56B639F}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{A41E138F-5A3F-443C-B72D-957AB994FB5A}) (Version: 15.9.28128 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx64 (HKLM\...\{B6BAC9A6-A70D-4E4D-B90A-7EE2B336E090}) (Version: 15.8.27729 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx86 (HKLM-x32\...\{3161DA68-DD37-4798-82DB-B3A0BD6BA233}) (Version: 15.8.27729 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{3A78DA3D-C8D4-429D-B536-6E59A0088451}) (Version: 15.8.27825 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{68B8AD33-CE97-4C3D-9583-669C39D21BA5}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{6DFE6F8D-B61D-4348-AB70-4ABF1210DFD5}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{1AC6CC3D-7724-4D84-9270-798A2191AB1C}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
WinAppDeploy (HKLM-x32\...\{716AE8F2-1BE3-7657-DF6B-F23DEEC75AF9}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Windows SDK AddOn (HKLM-x32\...\{1E76DFA7-96F3-4281-8E41-8A226C3E42EE}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.17763.132 (HKLM-x32\...\{5fe95b9d-9219-4d8b-a031-71323ae48a81}) (Version: 10.1.17763.132 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{00B12DF9-5428-9406-DE2C-8E8A1A062B05}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{E82A4A6C-C21C-35FE-B805-3E44318F6D63}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{7E898893-9C42-A572-7F57-FDE55CE812F7}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{E8B1CB29-5C24-D882-3CEF-F8A7263BC63D}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense Mobile - en-us (HKLM-x32\...\{F6F11150-93DE-0507-FCA0-F746E0207017}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{8329C3A0-8582-D1C2-67FF-800654BFDF45}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{771C9DEF-7C0B-85DA-6426-7A20F06BEC94}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{B047C746-63E8-41C7-A5C0-7ABD390CF3E6}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{0063AF94-397B-9C64-1C71-D404B27C5D96}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E9}) (Version: 19.5.11475 - WinZip Computing, S.L. )
Wireshark 2.2.4 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.2.4 - The Wireshark developer community, hxxps://www.wireshark.org)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2555180676-4011908201-2030567858-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> "C:\Windows\system32\igfxEM.exe" => No File
CustomCLSID: HKU\S-1-5-21-2555180676-4011908201-2030567858-1001_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()
CustomCLSID: HKU\S-1-5-21-2555180676-4011908201-2030567858-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [CuteShellExt] -> {A09315EC-39D3-4ED3-B6A1-262DDC54A3C5} => C:\Program Files (x86)\Globalscape\CuteFTP\CuteShell64.dll [2017-11-14] (GlobalSCAPE, Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers1: [gvim] -> {51EEE242-AD87-11d3-9C1E-0090278BBD99} => C:\Program Files (x86)\Vim\vim74\gvimext.dll [2013-08-10] (Tianmiao Hu's Developer Studio)
ContextMenuHandlers1-x32: [StuffIt Compress Menu] -> {3FBFD0B0-EB46-4797-9101-615610E87DA6} => C:\Program Files (x86)\Allume Systems\StuffIt\CompressMenu.dll [2005-03-23] (Allume Systems, Inc.)
ContextMenuHandlers1-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-04-29] (WinZip Computing LLC -> WinZip Computing, S.L.)
ContextMenuHandlers2: [CuteShellExt] -> {A09315EC-39D3-4ED3-B6A1-262DDC54A3C5} => C:\Program Files (x86)\Globalscape\CuteFTP\CuteShell64.dll [2017-11-14] (GlobalSCAPE, Inc.)
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Workstation\vmdkShellExt.dll [2018-01-08] (VMware, Inc. -> VMware, Inc.)
ContextMenuHandlers2-x32: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Workstation\x64\vmdkShellExt64.dll [2018-01-08] (VMware, Inc. -> VMware, Inc.)
ContextMenuHandlers3: [DeleteFiles] -> {736AF091-C361-49B4-A928-87C586130D33} => C:\Program Files\File Shredder\fsshell.dll [2012-04-01] ()
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers4: [CuteShellExt] -> {A09315EC-39D3-4ED3-B6A1-262DDC54A3C5} => C:\Program Files (x86)\Globalscape\CuteFTP\CuteShell64.dll [2017-11-14] (GlobalSCAPE, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-04-29] (WinZip Computing LLC -> WinZip Computing, S.L.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6-x32: [StuffIt Compress Menu] -> {3FBFD0B0-EB46-4797-9101-615610E87DA6} => C:\Program Files (x86)\Allume Systems\StuffIt\CompressMenu.dll [2005-03-23] (Allume Systems, Inc.)
ContextMenuHandlers6-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-04-29] (WinZip Computing LLC -> WinZip Computing, S.L.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {07B19094-A4A5-4A57-AC4D-5D21EDCE1993} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {0BEF4EF9-E19B-4046-824D-EBA26C98BE61} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {17AE0366-0188-45D4-A305-0E6F7C0F0EBE} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1DA15317-A9AB-4C89-BCCE-B8674236C094} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {216533A8-5A18-49FE-BD4E-3BA3720DDCB2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {3D8BDB75-55DC-44FB-B1F2-3A8D8FF40AA4} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
Task: {468BC46B-7AAA-4570-94FA-C31B37C1C30D} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4BADDD23-2EC0-483A-9DEA-1CB43CD7030C} - System32\Tasks\AdobeAAMUpdater-1.0-dan-desktop-Dan => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {56AAE29B-37E3-4AE8-8F3C-D40FE6861328} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime
Task: {56AAE29B-37E3-4AE8-8F3C-D40FE6861328} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-07-10] (Microsoft Windows -> Microsoft Corporation)
Task: {7DF19C7C-B5DC-4F70-8A62-A06DADEB1033} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {88217A6D-3526-4CE0-9A60-28C51E822030} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {9445E6A1-B206-40F1-B75F-7F74D9C8D095} - System32\Tasks\
[email protected] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
Task: {972D04CF-3CFB-46D3-B9A2-EF58AEE6B332} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {ADF90067-0BB1-4BE6-BE48-03F2F26D2D33} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {B731CFF9-55AD-4763-86D4-12CE2504E0D0} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C1D8B7F1-E999-4711-A74B-46EA86147B04} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {CD6F827E-25BB-409C-84BE-A1BD6890BF73} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {CD6F827E-25BB-409C-84BE-A1BD6890BF73} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-07-10] (Microsoft Windows -> Microsoft Corporation)
Task: {D16BE426-D4DC-46DD-8C12-128B47121661} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {D16BE426-D4DC-46DD-8C12-128B47121661} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {D16BE426-D4DC-46DD-8C12-128B47121661} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [2016-07-10] (Microsoft Windows -> Microsoft Corporation)
Task: {D6FE8FAF-5FC1-4062-BCC5-EBBC1F80DE26} - System32\Tasks\
[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {D75D1D0C-4C13-4B3D-85D0-F6400A633E05} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {D75D1D0C-4C13-4B3D-85D0-F6400A633E05} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-07-10] (Microsoft Windows -> Microsoft Corporation)
Task: {DAA17820-C7B2-4B75-8F3E-407423EC9D5E} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E48D1190-8E25-4FB5-9722-B5E3BD7C0DCD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {EDE703E1-8DD8-452B-A3FE-F4601FA6DB9B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {F59F1040-30EF-4CB2-83C4-AC4EF66B0EFE} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_122_pepper.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ruby 2.1.5-p273-x64\Interactive Ruby.lnk -> C:\Ruby21-x64\bin\irb.bat ()
ShortcutWithArgument: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ruby 2.1.5-p273-x64\Start Command Prompt with Ruby.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /E:ON /K C:\Ruby21-x64\bin\setrbvars.bat
ShortcutWithArgument: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi
ShortcutWithArgument: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\VNC® Viewer for Google Chrome™.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=iabmpiboiopbgfabjmgeedhcmjenhbla
==================== Loaded Modules (Whitelisted) ==============
2017-02-02 17:28 - 2016-01-22 17:57 - 000089008 _____ () C:\Windows\System32\cpwmon64.dll
2014-11-14 16:11 - 2013-04-15 11:50 - 000198144 _____ () C:\Windows\System32\HP1006LM.DLL
2014-11-14 16:11 - 2013-04-15 11:50 - 000065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1006PP.dll
2015-02-13 03:20 - 2015-02-13 03:20 - 000085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-12-17 18:38 - 2015-12-17 18:38 - 001328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-02 05:24 - 2013-07-04 05:32 - 000936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
2018-06-22 16:59 - 2018-03-14 08:01 - 001268112 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-01-08 23:20 - 2018-01-08 23:20 - 012443624 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
2015-09-11 18:02 - 2015-09-11 18:02 - 000803488 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-02-12 15:55 - 2012-04-01 00:06 - 002689536 _____ () C:\Program Files\File Shredder\fsshell.dll
2019-02-13 18:29 - 2019-02-13 00:14 - 005186032 _____ () C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\libglesv2.dll
2019-02-13 18:29 - 2019-02-13 00:14 - 000117232 _____ () C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\libegl.dll
2019-02-12 12:47 - 2019-02-12 12:47 - 031313408 _____ () C:\Users\Dan\AppData\Local\Google\Chrome\User Data\PepperFlash\32.0.0.142\pepflashplayer.dll
2014-03-18 04:49 - 2014-03-18 04:49 - 000183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\ErrorReporting.dll
2016-06-27 10:22 - 2016-06-27 10:22 - 000052912 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2017-09-20 14:46 - 2017-09-20 14:46 - 000033792 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\boost_system-vc140-mt-1_59.dll
2017-09-20 14:45 - 2017-09-20 14:45 - 000062976 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\boost_date_time-vc140-mt-1_59.dll
2017-09-20 14:46 - 2017-09-20 14:46 - 000106496 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\boost_thread-vc140-mt-1_59.dll
2017-09-20 14:46 - 2017-09-20 14:46 - 000042496 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\boost_chrono-vc140-mt-1_59.dll
2017-09-20 14:46 - 2017-09-20 14:46 - 000073728 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-11-02 05:24 - 2019-02-21 02:54 - 000036864 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
2014-11-02 05:24 - 2013-07-04 05:32 - 000104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll
2018-01-08 23:20 - 2018-01-08 23:20 - 000173032 _____ () C:\Program Files (x86)\VMware\VMware Workstation\nfc-types.dll
2018-01-08 23:20 - 2018-01-08 23:20 - 000126440 _____ () C:\Program Files (x86)\VMware\VMware Workstation\expat.dll
2018-01-08 23:20 - 2018-01-08 23:20 - 000396776 _____ () C:\Program Files (x86)\VMware\VMware Workstation\ssoClient.dll
2018-06-22 16:59 - 2018-03-14 08:01 - 001041808 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2014-03-20 14:43 - 2014-03-20 14:43 - 001241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2018-06-22 16:59 - 2018-03-14 08:01 - 081564048 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2018-06-22 16:59 - 2018-03-14 08:01 - 002478480 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\swiftshader\libglesv2.dll
2018-06-22 16:59 - 2018-03-14 08:01 - 000125840 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\swiftshader\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 08:25 - 2018-11-15 11:54 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files\Microsoft MPI\Bin\;C:\Python27\;C:\Python27\Scripts;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\Calibre2\;C:\Program Files\MiKTeX 2.9\miktex\bin\x64\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\sbt\bin;C:\Program Files\Steel Bank Common Lisp\1.4.14\;C:\Program Files\Git\cmd
HKU\S-1-5-21-2555180676-4011908201-2030567858-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk"
HKLM\...\StartupApproved\StartupFolder: => "FAH.lnk"
HKLM\...\StartupApproved\StartupFolder: => "TRYCACHE.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "Launch LCore"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "LWS"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows"
HKU\S-1-5-21-2555180676-4011908201-2030567858-1001\...\StartupApproved\StartupFolder: => "
[email protected]"
HKU\S-1-5-21-2555180676-4011908201-2030567858-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_31FA44FE943CF384B13C12A03C90A9AD"
HKU\S-1-5-21-2555180676-4011908201-2030567858-1001\...\StartupApproved\Run: => "Amazon Music"
HKU\S-1-5-21-2555180676-4011908201-2030567858-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2555180676-4011908201-2030567858-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
HKU\S-1-5-21-2555180676-4011908201-2030567858-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-2555180676-4011908201-2030567858-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-2555180676-4011908201-2030567858-1001\...\StartupApproved\Run: => "igfxTray.exe"
HKU\S-1-5-21-2555180676-4011908201-2030567858-1001\...\StartupApproved\Run: => "Voobly"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{0B6CD908-7363-4BFE-B9A5-705A5B19AB8A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{30152594-CA97-4919-92F4-C1EAD84FF1CE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{77FAE1B9-AD33-4646-B316-645A856FBB92}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe No File
FirewallRules: [{04B45243-2513-4868-BE9E-DC2C3982B7D3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe No File
FirewallRules: [{7CD68FBE-FB65-4908-AEC8-1EE893369696}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Age2HD\Launcher.exe (TODO: <Company name>)
FirewallRules: [{587E151B-4DBC-4E0D-B989-0D0C537C4E26}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Age2HD\Launcher.exe (TODO: <Company name>)
FirewallRules: [{4BED1343-9B4F-4892-9A36-134D79F87BCB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Age of Mythology\Launcher.exe (TODO: <Company name>)
FirewallRules: [{458E5347-143E-4BBA-96C7-5C19915F89C5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Age of Mythology\Launcher.exe (TODO: <Company name>)
FirewallRules: [TCP Query User{BA39435C-1E8B-4674-8FB7-3967AB68DE4D}C:\ruby21-x64\bin\ruby.exe] => (Allow) C:\ruby21-x64\bin\ruby.exe (hxxp://www.ruby-lang.org/)
FirewallRules: [UDP Query User{2F2928CD-F866-41EF-9380-A7FDF74E8688}C:\ruby21-x64\bin\ruby.exe] => (Allow) C:\ruby21-x64\bin\ruby.exe (hxxp://www.ruby-lang.org/)
FirewallRules: [TCP Query User{74DBF258-E6F9-4CDC-9FEA-DA84C7DB72AC}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe (mIRC Co. Ltd. -> mIRC Co. Ltd.)
FirewallRules: [UDP Query User{FCDAFD6B-4B91-490B-962A-F72BCAAC98C5}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe (mIRC Co. Ltd. -> mIRC Co. Ltd.)
FirewallRules: [TCP Query User{2ECDAB63-4E55-4DB0-AFE5-0ADDA52BD78C}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{28AAD047-3931-4C53-BB9C-0F74ABD18352}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{22A91067-3AA1-4EC7-961E-3142585D8F5E}] => (Allow) C:\Users\Dan\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{27F01C0D-86D2-4F4F-8A63-4DFCB3706FC6}] => (Allow) C:\Users\Dan\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{64648EB1-B8E2-4DED-B281-665D1E07E4E5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{774FBD40-7B98-4062-A907-DEDFF44D182B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{68F2F65A-B192-4BF6-A2C0-A5B57F2D8241}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BD58BA95-8F3F-48EA-A959-75D8C65F8EE0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DC708397-C4D1-4126-AA3E-69582B97D08A}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{DFE5CE35-D205-44C2-A7E5-AC2F66127A0B}C:\program files (x86)\icechat7\icechat7.exe] => (Allow) C:\program files (x86)\icechat7\icechat7.exe No File
FirewallRules: [UDP Query User{3844935F-8DC7-4334-A35C-3426DF6A439F}C:\program files (x86)\icechat7\icechat7.exe] => (Allow) C:\program files (x86)\icechat7\icechat7.exe No File
FirewallRules: [{B4256E9C-E097-4B3A-A78B-C2BCBE6DEE14}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{390B66D3-7F59-42DE-9CA7-89A5C2FAD8C5}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{0B886FEF-8135-4332-B42D-8113ED7FFDE2}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [UDP Query User{B5EF6F16-1B02-4B38-A914-7A4C10EE6760}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [{D1A3F963-82B5-4E34-91BF-01F9B10BE5C3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Age of Mythology\aomx.exe (Microsoft Corp)
FirewallRules: [{F501B363-24D4-4078-A8EE-DEA65CB880C1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Age of Mythology\aomx.exe (Microsoft Corp)
FirewallRules: [TCP Query User{B42DA771-B9EA-4609-89D6-C51F45F30EA3}C:\eve\sharedcache\tq\bin\exefile.exe] => (Allow) C:\eve\sharedcache\tq\bin\exefile.exe No File
FirewallRules: [UDP Query User{68F721A1-F983-48D7-BEA7-05D117431275}C:\eve\sharedcache\tq\bin\exefile.exe] => (Allow) C:\eve\sharedcache\tq\bin\exefile.exe No File
FirewallRules: [TCP Query User{0EC9BE74-8B9F-4145-9B8E-D73FACD97091}C:\program files (x86)\linphone\bin\linphone.exe] => (Allow) C:\program files (x86)\linphone\bin\linphone.exe ()
FirewallRules: [UDP Query User{5CECABCD-D549-4F2E-B430-2A5C43795404}C:\program files (x86)\linphone\bin\linphone.exe] => (Allow) C:\program files (x86)\linphone\bin\linphone.exe ()
FirewallRules: [TCP Query User{13498ADC-1BF8-47F7-B9A5-FA88C3D97364}C:\program files (x86)\steam\steamapps\common\sid meier's civilization vi sdk\assetmodtools\asseteditor\asseteditor.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\sid meier's civilization vi sdk\assetmodtools\asseteditor\asseteditor.exe No File
FirewallRules: [UDP Query User{4EFB4F08-5849-4394-822A-33BBD28647B4}C:\program files (x86)\steam\steamapps\common\sid meier's civilization vi sdk\assetmodtools\asseteditor\asseteditor.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\sid meier's civilization vi sdk\assetmodtools\asseteditor\asseteditor.exe No File
FirewallRules: [TCP Query User{8C20DE9F-DE91-491E-B240-7733184211C1}C:\programdata\anaconda3\python.exe] => (Allow) C:\programdata\anaconda3\python.exe (Python Software Foundation)
FirewallRules: [UDP Query User{C5E76A32-9439-4B16-A271-3A070A70343C}C:\programdata\anaconda3\python.exe] => (Allow) C:\programdata\anaconda3\python.exe (Python Software Foundation)
FirewallRules: [TCP Query User{998B7554-C0A6-48D1-8BF8-345ECFF67DD0}C:\programdata\anaconda3\pythonw.exe] => (Allow) C:\programdata\anaconda3\pythonw.exe (Python Software Foundation)
FirewallRules: [UDP Query User{EA6EA767-6AB3-47BB-A8AF-8A2F0871CCFA}C:\programdata\anaconda3\pythonw.exe] => (Allow) C:\programdata\anaconda3\pythonw.exe (Python Software Foundation)
FirewallRules: [TCP Query User{FB09F0D9-64A5-4B18-8BF4-7DB4DCD64AB7}C:\program files (x86)\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe (Cryptic Studios Inc. -> )
FirewallRules: [UDP Query User{3257391A-082E-47E5-BB99-325150508F24}C:\program files (x86)\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe (Cryptic Studios Inc. -> )
FirewallRules: [TCP Query User{69ECE697-8EFF-4142-A59C-C1E546CCEABE}C:\program files (x86)\fahclient\fahclient.exe] => (Allow) C:\program files (x86)\fahclient\fahclient.exe ()
FirewallRules: [UDP Query User{A34B80CD-378B-4971-B571-A59F24CDE85E}C:\program files (x86)\fahclient\fahclient.exe] => (Allow) C:\program files (x86)\fahclient\fahclient.exe ()
FirewallRules: [{2D65B7AD-1DDA-4CD7-A5A6-56976C35D5AE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Civilization IV Colonization\Colonization.exe (Firaxis Games)
FirewallRules: [{0BF25985-5F55-4D73-8E13-140C70F6CAB2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Civilization IV Colonization\Colonization.exe (Firaxis Games)
FirewallRules: [{D94DF7BF-1FF8-481F-8745-8E88777533CD}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{09C71628-9D34-42BD-8193-8F0A38D8535E}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{80153DE8-5670-454B-A49A-7544FA2A2AB7}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe (VMware, Inc. -> )
FirewallRules: [{E36F9780-FC9D-41B1-B45A-2CF9BEEFB723}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe (VMware, Inc. -> )
FirewallRules: [{12A33BE9-6966-4F56-BEA2-A23B46B71725}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe (Firaxis Games)
FirewallRules: [{DF897495-4288-4E50-AFD5-B2C7E6658D19}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe (Firaxis Games)
FirewallRules: [{01FFC33D-FBAD-4F6F-91CE-FB2BFA4B164A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe (Firaxis Games)
FirewallRules: [{368A7309-F700-4002-9EFF-29EA31096AFA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe (Firaxis Games)
FirewallRules: [{62A9959B-7108-4C2F-B8C5-5BDA390F2DF4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{089C5814-5A46-4EC5-8440-9CFC20427EDD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{A246A263-262D-4BBB-A817-ECBFA9C5FD52}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{3925E189-F4D4-453C-80AB-B5AE7E449BFC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{506300AB-8069-4B25-90D6-09B6373FB1C5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{09D32391-1D5F-4001-84A2-FE17C87DC5D3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{62AECF94-A015-4AEF-B01C-288293038A14}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe (Firaxis Games)
FirewallRules: [{1EC56D06-1BCA-481A-AA7F-5B02AF4CF01B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe (Firaxis Games)
FirewallRules: [{DF39C30D-C28F-471D-A646-44305C46BA6B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe (Firaxis Games)
FirewallRules: [{7B5141B6-4F9C-4C90-A4DD-A2BE09E08F7E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe (Firaxis Games)
FirewallRules: [TCP Query User{6FF673A7-7683-4A51-8614-FA2A64EFCFAB}C:\program files (x86)\voobly\voobly.exe] => (Allow) C:\program files (x86)\voobly\voobly.exe (Voobly)
FirewallRules: [UDP Query User{A8CD56B2-53D6-47B3-9A24-26FC31D1DDED}C:\program files (x86)\voobly\voobly.exe] => (Allow) C:\program files (x86)\voobly\voobly.exe (Voobly)
FirewallRules: [TCP Query User{B40A8D94-A95D-46CF-B4F1-01E4EB678BCD}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe] => (Allow) C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe (Microsoft Corporation)
FirewallRules: [UDP Query User{D8BB3AEA-08A0-4D10-A280-3CEB7FF83E8C}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe] => (Allow) C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe (Microsoft Corporation)
FirewallRules: [TCP Query User{14F42CA9-2DDE-4D20-A4DB-4CEE1297D86F}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{BAD7FA64-A3A0-4958-B8A5-820EC269FCBC}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{9CEC9315-AF31-4779-8A54-650638617A14}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe No File
FirewallRules: [{34A012B6-064A-49FB-B268-098983CD22B7}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe No File
FirewallRules: [{DFBEC894-9C7F-45EB-9C23-4FEE7DF1033F}] => (Allow) C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe (AzureEngBuildCodeSign -> )
FirewallRules: [{53EE520C-EE87-4B97-ABD9-4A8339C6853B}] => (Allow) C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe (AzureEngBuildCodeSign -> )
FirewallRules: [{92321E76-6A7B-4037-854C-FFF6FFAB69F0}] => (Allow) C:\Program Files\Microsoft MPI\Bin\mpiexec.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2445AFBD-76CD-43CA-8BB7-EC0C0DBD8AD3}] => (Allow) C:\Program Files\Microsoft MPI\Bin\mpiexec.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{82E52E33-FAD3-468F-BC8F-3CAC5D7F2594}] => (Allow) C:\Program Files\Microsoft MPI\Bin\smpd.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3F9B8D9A-2FD8-412D-96DD-079B0BE25691}] => (Allow) C:\Program Files\Microsoft MPI\Bin\smpd.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E76D95DD-AEDB-41B6-9AD9-6917A1922860}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{299DC2AD-5EA4-47EC-BE77-9D92F8CB26BC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe ()
FirewallRules: [{597C33D1-3F3A-4849-8C8A-6FB811AAE933}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe ()
==================== Restore Points =========================
==================== Faulty Device Manager Devices =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: ASUS PCE-N53 300Mbps 11n Dual band Wireless LAN PCI-E Card
Description: ASUS PCE-N53 300Mbps 11n Dual band Wireless LAN PCI-E Card
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ASUSTeK Computer Inc.
Service: netr28x
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/14/2019 04:33:57 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Flash Drive (E:) was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)
Error: (02/13/2019 04:52:09 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Flash Drive (E:) was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)
Error: (02/11/2019 02:13:22 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKsld8d59a2e.
System Error:
The system cannot find the file specified.
.
Error: (02/07/2019 03:16:13 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Flash Drive (E:) was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)
Error: (02/06/2019 02:34:18 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Flash Drive (E:) was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)
Error: (02/04/2019 03:50:02 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (02/04/2019 03:50:02 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (02/02/2019 06:44:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKsld8d59a2e.
System Error:
The system cannot find the file specified.
.
System errors:
=============
Error: (02/21/2019 02:58:52 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel® Management and Security Application Local Management Service service hung on starting.
Error: (02/21/2019 02:53:51 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:38:08 AM on 2/20/2019 was unexpected.
Error: (02/14/2019 04:47:32 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
Error: (02/02/2019 07:19:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (02/02/2019 07:19:03 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
Error: (02/01/2019 04:58:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (02/01/2019 04:58:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
Error: (01/20/2019 10:10:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Windows Defender:
===================================
Date: 2019-02-10 01:21:16.094
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {32B4E92D-2D6F-4485-B584-3243963AE449}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2019-01-28 13:07:10.231
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {3C0CDFB1-F150-4AB7-8756-E97E910CE11D}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-12-18 07:00:48.647
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {AD375F47-7B85-4DAC-8071-5CB9F393535F}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-12-10 07:27:49.377
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {5450D4EC-E19C-4609-BD11-46C28C0F0C43}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-12-07 02:24:16.886
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {4F9548DD-B0C8-463B-917E-ED5C302CB4A3}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-07-18 18:45:08.417
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Current
Error Code: 0x80070002
Error description: The system cannot find the file specified.
Signature version: 0.0.0.0;0.0.0.0
Engine version: 0.0.0.0
CodeIntegrity:
===================================
Date: 2019-02-21 03:16:40.912
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2019-02-21 03:16:39.464
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2019-02-21 03:16:38.009
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2019-02-21 03:16:36.550
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2019-01-22 03:49:14.106
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2019-01-20 11:58:14.552
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2019-01-20 11:58:12.835
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2019-01-12 13:45:47.806
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel® Core i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 20%
Total physical RAM: 16315.82 MB
Available physical RAM: 12973.57 MB
Total Virtual: 18747.82 MB
Available Virtual: 14512.5 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.17 GB) (Free:545 GB) NTFS
Drive e: (Flash Drive) (Fixed) (Total:0.34 GB) (Free:0.31 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: () (Fixed) (Total:111.45 GB) (Free:79.2 GB) NTFS
\\?\Volume{a8a5dc82-61fd-11e4-8250-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.08 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 4943CA7F)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.2 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 4943CA7C)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.4 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================