Solved Help with removing adware

Tom Ashton · Sep 24, 2017

Yesterday, i found google chrome to be redirecting me to other webpages and spamming me with adverts, so i looked around and found that this is called adware. So i followed a few threads and installed malwarebytes which found an adware program along with some other stuff. So i removed them thinking that this would be the end of it, but sadly no. As of right now, i have uninstalled and reinstalled google chrome which yielded no results as well as removing all extensions and anything i could think of that may be the problem. I have not had a virus before so im not well versed in this kinda stuff so some help would be appreciated.

Tom Ashton · Sep 24, 2017

I did some of the prework stuff and got the first 2 logs (FRST and addition) but when i ran the aswmbr, my pc crashed. Therefore i only have 2 logs. What shall I do?

jmarket · Sep 24, 2017

Hi Tom and welcome to PCHF

Just Upload the FRST logs

Malnutrition · Sep 25, 2017

Actually I'd like to see a ZHP diag log . If you have any issues loading it here, then use PAstebin.com or SendSpace.com and send us the link to your logs. Please post this along with the FRST logs.

ZHP Diag Scan

Download ZHP Diag to your desktop.

1. Right Click Run as Admin.

2. Click the Options button.

Click on Check All
Then Click Validate
Then click close.

2. Click the Scanner button.

When complete please push the report button.
A notepad will open... copy and paste the report in your next reply.

Tom Ashton · Sep 25, 2017

Ok, this is the FRST log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-09-2017
Ran by Tom (administrator) on DESKTOP-VFLINGR (24-09-2017 17:58:39)
Running from C:\Users\Tom\Desktop
Loaded Profiles: Tom (Available Profiles: Tom)
Platform: Windows 10 Pro Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) D:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Malwarebytes) D:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(© 2015 Microsoft Corporation) C:\Users\Tom\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8822016 2016-06-26] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17494136 2017-04-06] (Logitech Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2013-12-05] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.)
HKU\S-1-5-21-2235556512-3620655794-2756196336-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3071776 2017-09-07] (Valve Corporation)
HKU\S-1-5-21-2235556512-3620655794-2756196336-1001\...\Run: [BingSvc] => C:\Users\Tom\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-2235556512-3620655794-2756196336-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27793888 2017-05-05] (Skype Technologies S.A.)
HKU\S-1-5-21-2235556512-3620655794-2756196336-1001\...\Run: [Spotify] => C:\Users\Tom\AppData\Roaming\Spotify\Spotify.exe [15849072 2017-07-17] (Spotify Ltd)
HKU\S-1-5-21-2235556512-3620655794-2756196336-1001\...\Run: [Spotify Web Helper] => C:\Users\Tom\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1579120 2017-07-17] (Spotify Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2017-08-23]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)
Startup: C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2017-08-02]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-2235556512-3620655794-2756196336-1001] => hxxp://accessunlimitedweb.com/wpad.dat?eba26c9b7e75eb6c2021304adf1dc75435690757
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9592b15e-0986-4b06-82d9-a04d32ecc759}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{9592b15e-0986-4b06-82d9-a04d32ecc759}: [DhcpNameServer] 192.168.1.1
ManualProxies: 0hxxp://accessunlimitedweb.com/wpad.dat?eba26c9b7e75eb6c2021304adf1dc75435690757

Internet Explorer:
==================
HKU\S-1-5-21-2235556512-3620655794-2756196336-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2017-07-22] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-07-22] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-07-22] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-22] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-22] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-22] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-22] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-22] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-22] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-22] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-22] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-22] (Microsoft Corporation)

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-07-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-07-22] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-07-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-09-24] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-09-24] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

Chrome:
=======
CHR HomePage: Default -> msn.com
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms}
CHR Profile: C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default [2017-09-24]
CHR Extension: (Google Slides) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-09-24]
CHR Extension: (Google Docs) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-09-24]
CHR Extension: (Google Drive) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-24]
CHR Extension: (YouTube) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-24]
CHR Extension: (Steam Powered) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\chnfggpncfadofhgkekcppnonikpgbjm [2017-09-24]
CHR Extension: (Google Sheets) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-09-24]
CHR Extension: (Google Docs Offline) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-24]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-09-24]
CHR Extension: (Qmee) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbaanpgkpkoamihninlcegnjclcpibde [2017-09-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-24]
CHR Extension: (Enhanced Steam) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2017-09-24]
CHR Extension: (Gmail) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-24]
CHR Extension: (Chrome Media Router) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-24]
CHR Profile: C:\Users\Tom\AppData\Local\Google\Chrome\User Data\System Profile [2017-09-24]
CHR HKU\S-1-5-21-2235556512-3620655794-2756196336-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2235556512-3620655794-2756196336-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ijahobfejgeblmkpcmgpelfibgnnjpil] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2017-08-02] (Adobe Systems) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3705536 2017-07-03] (Microsoft Corporation)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [227104 2016-09-22] (EasyAntiCheat Ltd)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-09-15] (Hi-Rez Studios) [File not signed]
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-04-06] (Logitech Inc.)
R2 MBAMService; D:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-07-26] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-07-26] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-07-26] (NVIDIA Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-19] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-08-24] ()
R3 ladfGSS; C:\WINDOWS\system32\drivers\ladfGSS.sys [54552 2017-04-05] (Logitech Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2017-04-06] (Logitech Inc.)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [192960 2017-09-24] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [101824 2017-09-24] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-09-24] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253888 2017-09-24] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [94144 2017-09-24] (Malwarebytes)
R1 MpKsl7aecbb60; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0BA0659A-5067-4713-9DE0-A817833F65C5}\MpKsl7aecbb60.sys [44928 2017-09-24] (Microsoft Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_f9309145156afb40\nvlddmkm.sys [14456912 2017-05-19] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-07-26] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-07-26] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-07-26] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [46408 2017-06-02] (SteelSeries ApS)
R3 sshid; C:\WINDOWS\System32\drivers\sshid.sys [45936 2017-08-15] (SteelSeries ApS)
R3 SteamStreamingMicrophone; C:\WINDOWS\system32\drivers\SteamStreamingMicrophone.sys [40736 2017-07-28] ()
R3 SteamStreamingSpeakers; C:\WINDOWS\system32\drivers\SteamStreamingSpeakers.sys [40736 2017-07-21] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-24 17:58 - 2017-09-24 17:58 - 000020150 _____ C:\Users\Tom\Desktop\FRST.txt
2017-09-24 17:58 - 2017-09-24 17:58 - 000000000 ____D C:\FRST
2017-09-24 17:55 - 2017-09-24 17:55 - 002399744 _____ (Farbar) C:\Users\Tom\Desktop\FRST64.exe
2017-09-24 14:40 - 2017-09-24 14:41 - 000000000 ____D C:\AdwCleaner
2017-09-24 14:25 - 2017-09-24 14:25 - 000002351 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-24 14:25 - 2017-09-24 14:25 - 000002339 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-09-24 14:22 - 2017-09-24 14:22 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-09-24 14:22 - 2017-09-24 14:22 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-09-24 14:13 - 2017-09-24 17:03 - 000001065 _____ C:\Users\Tom\Desktop\google.txt
2017-09-24 13:01 - 2017-09-24 14:42 - 000101824 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-09-24 11:53 - 2017-09-24 14:42 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-09-24 11:53 - 2017-09-24 14:42 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-09-24 11:53 - 2017-09-24 14:42 - 000045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-09-24 11:53 - 2017-09-24 13:01 - 000192960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-09-24 11:53 - 2017-09-24 11:53 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-09-24 11:53 - 2017-08-24 11:27 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-09-24 11:16 - 2017-09-24 11:17 - 000000059 _____ C:\Users\Tom\Desktop\Stuff 2 Do.txt
2017-09-22 18:51 - 2017-09-22 18:51 - 000000000 ____D C:\Users\Tom\AppData\LocalLow\2xMilk
2017-09-15 17:21 - 2017-09-15 17:21 - 000000000 ____D C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Screaming Bee
2017-09-15 17:13 - 2017-09-15 17:21 - 000000000 ____D C:\Users\Tom\AppData\Roaming\Screaming Bee
2017-09-15 17:13 - 2017-09-15 17:21 - 000000000 ____D C:\ProgramData\Screaming Bee
2017-09-12 18:32 - 2017-09-05 06:31 - 001596592 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-09-12 18:32 - 2017-09-05 06:31 - 001147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-09-12 18:32 - 2017-09-05 06:31 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-09-12 18:32 - 2017-09-05 06:30 - 000287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-09-12 18:32 - 2017-09-05 06:27 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-09-12 18:32 - 2017-09-05 06:27 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-09-12 18:32 - 2017-09-05 06:26 - 008319904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-09-12 18:32 - 2017-09-05 06:26 - 001930840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-09-12 18:32 - 2017-09-05 06:25 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-09-12 18:32 - 2017-09-05 06:25 - 000159648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-09-12 18:32 - 2017-09-05 06:24 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-09-12 18:32 - 2017-09-05 06:24 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-09-12 18:32 - 2017-09-05 06:23 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-09-12 18:32 - 2017-09-05 06:21 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-09-12 18:32 - 2017-09-05 06:19 - 004848960 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-09-12 18:32 - 2017-09-05 06:19 - 002443168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-09-12 18:32 - 2017-09-05 06:18 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-09-12 18:32 - 2017-09-05 06:18 - 005477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-09-12 18:32 - 2017-09-05 06:18 - 002972552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-09-12 18:32 - 2017-09-05 06:18 - 002647224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-09-12 18:32 - 2017-09-05 06:18 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-09-12 18:32 - 2017-09-05 06:18 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-09-12 18:32 - 2017-09-05 06:17 - 000316320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-09-12 18:32 - 2017-09-05 06:16 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-09-12 18:32 - 2017-09-05 06:16 - 000724200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-09-12 18:32 - 2017-09-05 06:16 - 000546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-09-12 18:32 - 2017-09-05 06:16 - 000410168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-09-12 18:32 - 2017-09-05 06:16 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-09-12 18:32 - 2017-09-05 06:15 - 003116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-09-12 18:32 - 2017-09-05 06:15 - 000871448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-09-12 18:32 - 2017-09-05 06:15 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-09-12 18:32 - 2017-09-05 06:14 - 021352656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-09-12 18:32 - 2017-09-05 06:14 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-09-12 18:32 - 2017-09-05 06:14 - 004708504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-09-12 18:32 - 2017-09-05 06:14 - 001146176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2017-09-12 18:32 - 2017-09-05 06:14 - 000958664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2017-09-12 18:32 - 2017-09-05 06:14 - 000254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-09-12 18:32 - 2017-09-05 06:14 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-09-12 18:32 - 2017-09-05 06:13 - 001619816 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-09-12 18:32 - 2017-09-05 06:12 - 002229152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-09-12 18:32 - 2017-09-05 06:12 - 001854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-09-12 18:32 - 2017-09-05 06:12 - 001462688 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-09-12 18:32 - 2017-09-05 06:12 - 001409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-09-12 18:32 - 2017-09-05 06:12 - 001292880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-09-12 18:32 - 2017-09-05 06:12 - 000855456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-09-12 18:32 - 2017-09-05 06:12 - 000849824 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-09-12 18:32 - 2017-09-05 06:12 - 000699808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-09-12 18:32 - 2017-09-05 06:12 - 000674720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-09-12 18:32 - 2017-09-05 06:12 - 000627080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-09-12 18:32 - 2017-09-05 06:12 - 000081176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2017-09-12 18:32 - 2017-09-05 06:11 - 002675104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-09-12 18:32 - 2017-09-05 06:11 - 000610720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2017-09-12 18:32 - 2017-09-05 06:11 - 000387936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-09-12 18:32 - 2017-09-05 05:53 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-09-12 18:32 - 2017-09-05 05:53 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-09-12 18:32 - 2017-09-05 05:52 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-09-12 18:32 - 2017-09-05 05:50 - 004330920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2017-09-12 18:32 - 2017-09-05 05:46 - 004471888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-09-12 18:32 - 2017-09-05 05:45 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-09-12 18:32 - 2017-09-05 05:45 - 005821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-09-12 18:32 - 2017-09-05 05:45 - 002476712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-09-12 18:32 - 2017-09-05 05:45 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-09-12 18:32 - 2017-09-05 05:45 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-09-12 18:32 - 2017-09-05 05:45 - 000085784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialUIBroker.exe
2017-09-12 18:32 - 2017-09-05 05:44 - 000569264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2017-09-12 18:32 - 2017-09-05 05:43 - 000611096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-09-12 18:32 - 2017-09-05 05:43 - 000359560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-09-12 18:32 - 2017-09-05 05:43 - 000280480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-09-12 18:32 - 2017-09-05 05:43 - 000169376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-09-12 18:32 - 2017-09-05 05:43 - 000042456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbs.dll
2017-09-12 18:32 - 2017-09-05 05:42 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-09-12 18:32 - 2017-09-05 05:42 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-09-12 18:32 - 2017-09-05 05:42 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-09-12 18:32 - 2017-09-05 05:42 - 000291904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2017-09-12 18:32 - 2017-09-05 05:42 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-09-12 18:32 - 2017-09-05 05:41 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-09-12 18:32 - 2017-09-05 05:41 - 006761560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-09-12 18:32 - 2017-09-05 05:41 - 004671832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-09-12 18:32 - 2017-09-05 05:41 - 001106904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2017-09-12 18:32 - 2017-09-05 05:41 - 001013912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2017-09-12 18:32 - 2017-09-05 05:40 - 000052768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2017-09-12 18:32 - 2017-09-05 05:39 - 001517472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-09-12 18:32 - 2017-09-05 05:37 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-09-12 18:32 - 2017-09-05 05:31 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-09-12 18:32 - 2017-09-05 05:30 - 001639936 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-09-12 18:32 - 2017-09-05 05:29 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-09-12 18:32 - 2017-09-05 05:28 - 017371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-09-12 18:32 - 2017-09-05 05:28 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2017-09-12 18:32 - 2017-09-05 05:28 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2017-09-12 18:32 - 2017-09-05 05:27 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-09-12 18:32 - 2017-09-05 05:27 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-09-12 18:32 - 2017-09-05 05:27 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2017-09-12 18:32 - 2017-09-05 05:27 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-09-12 18:32 - 2017-09-05 05:27 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll
2017-09-12 18:32 - 2017-09-05 05:27 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-09-12 18:32 - 2017-09-05 05:26 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-09-12 18:32 - 2017-09-05 05:26 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-09-12 18:32 - 2017-09-05 05:26 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2017-09-12 18:32 - 2017-09-05 05:26 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-09-12 18:32 - 2017-09-05 05:26 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.exe
2017-09-12 18:32 - 2017-09-05 05:26 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe
2017-09-12 18:32 - 2017-09-05 05:25 - 013844480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-09-12 18:32 - 2017-09-05 05:25 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-09-12 18:32 - 2017-09-05 05:25 - 000527872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-09-12 18:32 - 2017-09-05 05:25 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-09-12 18:32 - 2017-09-05 05:25 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-09-12 18:32 - 2017-09-05 05:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2017-09-12 18:32 - 2017-09-05 05:24 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-09-12 18:32 - 2017-09-05 05:24 - 000457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-09-12 18:32 - 2017-09-05 05:24 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
2017-09-12 18:32 - 2017-09-05 05:24 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-09-12 18:32 - 2017-09-05 05:24 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcrecovery.dll
2017-09-12 18:32 - 2017-09-05 05:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-09-12 18:32 - 2017-09-05 05:23 - 020509184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-09-12 18:32 - 2017-09-05 05:23 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2017-09-12 18:32 - 2017-09-05 05:23 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-09-12 18:32 - 2017-09-05 05:23 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2017-09-12 18:32 - 2017-09-05 05:23 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-09-12 18:32 - 2017-09-05 05:22 - 023684608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-09-12 18:32 - 2017-09-05 05:22 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2017-09-12 18:32 - 2017-09-05 05:22 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2017-09-12 18:32 - 2017-09-05 05:22 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
2017-09-12 18:32 - 2017-09-05 05:22 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-09-12 18:32 - 2017-09-05 05:22 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-09-12 18:32 - 2017-09-05 05:22 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-09-12 18:32 - 2017-09-05 05:22 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-09-12 18:32 - 2017-09-05 05:22 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-09-12 18:32 - 2017-09-05 05:22 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2017-09-12 18:32 - 2017-09-05 05:22 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-09-12 18:32 - 2017-09-05 05:22 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-09-12 18:32 - 2017-09-05 05:21 - 006728704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-09-12 18:32 - 2017-09-05 05:21 - 001178624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2017-09-12 18:32 - 2017-09-05 05:21 - 001051136 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2017-09-12 18:32 - 2017-09-05 05:21 - 000946688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2017-09-12 18:32 - 2017-09-05 05:21 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-09-12 18:32 - 2017-09-05 05:21 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-09-12 18:32 - 2017-09-05 05:21 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2017-09-12 18:32 - 2017-09-05 05:21 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2017-09-12 18:32 - 2017-09-05 05:21 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-09-12 18:32 - 2017-09-05 05:21 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.exe
2017-09-12 18:32 - 2017-09-05 05:20 - 007337472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-09-12 18:32 - 2017-09-05 05:20 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-09-12 18:32 - 2017-09-05 05:20 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-09-12 18:32 - 2017-09-05 05:20 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-09-12 18:32 - 2017-09-05 05:20 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-09-12 18:32 - 2017-09-05 05:20 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-09-12 18:32 - 2017-09-05 05:19 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-09-12 18:32 - 2017-09-05 05:19 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-09-12 18:32 - 2017-09-05 05:19 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
2017-09-12 18:32 - 2017-09-05 05:19 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2017-09-12 18:32 - 2017-09-05 05:19 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
2017-09-12 18:32 - 2017-09-05 05:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-09-12 18:32 - 2017-09-05 05:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-09-12 18:32 - 2017-09-05 05:18 - 012801536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-09-12 18:32 - 2017-09-05 05:18 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-09-12 18:32 - 2017-09-05 05:18 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-09-12 18:32 - 2017-09-05 05:18 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2017-09-12 18:32 - 2017-09-05 05:18 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-09-12 18:32 - 2017-09-05 05:18 - 000832000 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2017-09-12 18:32 - 2017-09-05 05:18 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-09-12 18:32 - 2017-09-05 05:18 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2017-09-12 18:32 - 2017-09-05 05:18 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2017-09-12 18:32 - 2017-09-05 05:18 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-09-12 18:32 - 2017-09-05 05:18 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
2017-09-12 18:32 - 2017-09-05 05:18 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-09-12 18:32 - 2017-09-05 05:18 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-09-12 18:32 - 2017-09-05 05:18 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-09-12 18:32 - 2017-09-05 05:18 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-09-12 18:32 - 2017-09-05 05:18 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
2017-09-12 18:32 - 2017-09-05 05:18 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
2017-09-12 18:32 - 2017-09-05 05:17 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-09-12 18:32 - 2017-09-05 05:17 - 008207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-09-12 18:32 - 2017-09-05 05:17 - 002765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-09-12 18:32 - 2017-09-05 05:17 - 001397760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-09-12 18:32 - 2017-09-05 05:17 - 000918528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2017-09-12 18:32 - 2017-09-05 05:17 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
2017-09-12 18:32 - 2017-09-05 05:17 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2017-09-12 18:32 - 2017-09-05 05:17 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2017-09-12 18:32 - 2017-09-05 05:17 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-09-12 18:32 - 2017-09-05 05:16 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-09-12 18:32 - 2017-09-05 05:16 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-09-12 18:32 - 2017-09-05 05:16 - 002680320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2017-09-12 18:32 - 2017-09-05 05:16 - 000844288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2017-09-12 18:32 - 2017-09-05 05:16 - 000563200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2017-09-12 18:32 - 2017-09-05 05:16 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-09-12 18:32 - 2017-09-05 05:16 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-09-12 18:32 - 2017-09-05 05:16 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2017-09-12 18:32 - 2017-09-05 05:15 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-09-12 18:32 - 2017-09-05 05:15 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-09-12 18:32 - 2017-09-05 05:15 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-09-12 18:32 - 2017-09-05 05:15 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-09-12 18:32 - 2017-09-05 05:15 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-09-12 18:32 - 2017-09-05 05:15 - 001736704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2017-09-12 18:32 - 2017-09-05 05:15 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-09-12 18:32 - 2017-09-05 05:15 - 001143296 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-09-12 18:32 - 2017-09-05 05:15 - 001077248 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-09-12 18:32 - 2017-09-05 05:15 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-09-12 18:32 - 2017-09-05 05:15 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-09-12 18:32 - 2017-09-05 05:15 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-09-12 18:32 - 2017-09-05 05:15 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-09-12 18:32 - 2017-09-05 05:15 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-09-12 18:32 - 2017-09-05 05:15 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2017-09-12 18:32 - 2017-09-05 05:14 - 011887104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-09-12 18:32 - 2017-09-05 05:14 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-09-12 18:32 - 2017-09-05 05:14 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-09-12 18:32 - 2017-09-05 05:14 - 002445824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-09-12 18:32 - 2017-09-05 05:14 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-09-12 18:32 - 2017-09-05 05:14 - 002006528 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2017-09-12 18:32 - 2017-09-05 05:14 - 001657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-09-12 18:32 - 2017-09-05 05:14 - 001583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-09-12 18:32 - 2017-09-05 05:14 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-09-12 18:32 - 2017-09-05 05:14 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-09-12 18:32 - 2017-09-05 05:14 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-09-12 18:32 - 2017-09-05 05:14 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-09-12 18:32 - 2017-09-05 05:14 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-09-12 18:32 - 2017-09-05 05:14 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-09-12 18:32 - 2017-09-05 05:13 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-09-12 18:32 - 2017-09-05 05:13 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-09-12 18:32 - 2017-09-05 05:13 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-09-12 18:32 - 2017-09-05 05:13 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-09-12 18:32 - 2017-09-05 05:12 - 006265856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-09-12 18:32 - 2017-09-05 05:12 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-09-12 18:32 - 2017-09-05 05:12 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-09-12 18:32 - 2017-09-05 05:12 - 002153984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-09-12 18:32 - 2017-09-05 05:12 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-09-12 18:32 - 2017-09-05 05:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-09-12 18:32 - 2017-09-05 05:11 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-09-12 18:32 - 2017-09-05 05:11 - 001463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-09-12 18:32 - 2017-09-05 05:11 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-09-12 18:32 - 2017-09-05 05:11 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-09-12 18:32 - 2017-09-05 05:11 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-09-12 18:32 - 2017-09-05 05:11 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-09-12 18:32 - 2017-09-05 05:10 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-09-12 18:32 - 2017-09-05 05:10 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-09-12 18:32 - 2017-09-05 05:10 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-09-12 18:32 - 2017-09-05 05:10 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthHFSrv.dll
2017-09-12 18:32 - 2017-09-05 05:06 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2017-09-12 18:32 - 2017-09-05 05:06 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-09-12 18:32 - 2017-09-05 05:06 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-09-12 18:32 - 2017-09-05 05:04 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-09-12 18:32 - 2017-09-05 05:04 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-09-12 18:32 - 2017-09-01 06:55 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-09-12 18:31 - 2017-09-05 06:31 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-09-12 18:31 - 2017-09-05 06:31 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-09-12 18:31 - 2017-09-05 06:31 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-09-12 18:31 - 2017-09-05 06:31 - 000115792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2017-09-12 18:31 - 2017-09-05 06:23 - 004462120 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2017-09-12 18:31 - 2017-09-05 06:20 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-09-12 18:31 - 2017-09-05 06:18 - 001668344 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2017-09-12 18:31 - 2017-09-05 06:18 - 000685512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2017-09-12 18:31 - 2017-09-05 06:16 - 001320344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-09-12 18:31 - 2017-09-05 06:16 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-09-12 18:31 - 2017-09-05 06:16 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-09-12 18:31 - 2017-09-05 06:16 - 000049720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll
2017-09-12 18:31 - 2017-09-05 06:15 - 000381824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2017-09-12 18:31 - 2017-09-05 06:15 - 000257440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-09-12 18:31 - 2017-09-05 06:13 - 000078240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncAppvPublishingServer.exe
2017-09-12 18:31 - 2017-09-05 06:13 - 000064680 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2017-09-12 18:31 - 2017-09-05 06:12 - 001693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-09-12 18:31 - 2017-09-05 06:12 - 000844704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-09-12 18:31 - 2017-09-05 06:12 - 000774560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-09-12 18:31 - 2017-09-05 06:12 - 000406944 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-09-12 18:31 - 2017-09-05 06:12 - 000235424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2017-09-12 18:31 - 2017-09-05 06:12 - 000203680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamingUX.dll
2017-09-12 18:31 - 2017-09-05 05:30 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-09-12 18:31 - 2017-09-05 05:30 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-09-12 18:31 - 2017-09-05 05:30 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-09-12 18:31 - 2017-09-05 05:30 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-09-12 18:31 - 2017-09-05 05:30 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-09-12 18:31 - 2017-09-05 05:30 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-09-12 18:31 - 2017-09-05 05:30 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-09-12 18:31 - 2017-09-05 05:30 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-09-12 18:31 - 2017-09-05 05:28 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-09-12 18:31 - 2017-09-05 05:27 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CfgSPCellular.dll
2017-09-12 18:31 - 2017-09-05 05:27 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAPNCsp.dll
2017-09-12 18:31 - 2017-09-05 05:27 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-09-12 18:31 - 2017-09-05 05:26 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2017-09-12 18:31 - 2017-09-05 05:26 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\csplte.dll
2017-09-12 18:31 - 2017-09-05 05:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2017-09-12 18:31 - 2017-09-05 05:26 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2017-09-12 18:31 - 2017-09-05 05:26 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-09-12 18:31 - 2017-09-05 05:25 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-09-12 18:31 - 2017-09-05 05:25 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-09-12 18:31 - 2017-09-05 05:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-09-12 18:31 - 2017-09-05 05:24 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
2017-09-12 18:31 - 2017-09-05 05:24 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2017-09-12 18:31 - 2017-09-05 05:24 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
2017-09-12 18:31 - 2017-09-05 05:24 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2017-09-12 18:31 - 2017-09-05 05:23 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2017-09-12 18:31 - 2017-09-05 05:23 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-09-12 18:31 - 2017-09-05 05:23 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-09-12 18:31 - 2017-09-05 05:23 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2017-09-12 18:31 - 2017-09-05 05:23 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
2017-09-12 18:31 - 2017-09-05 05:22 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-09-12 18:31 - 2017-09-05 05:22 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-09-12 18:31 - 2017-09-05 05:22 - 000413184 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-09-12 18:31 - 2017-09-05 05:22 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2017-09-12 18:31 - 2017-09-05 05:22 - 000213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
2017-09-12 18:31 - 2017-09-05 05:21 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2017-09-12 18:31 - 2017-09-05 05:21 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2017-09-12 18:31 - 2017-09-05 05:20 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-09-12 18:31 - 2017-09-05 05:20 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-09-12 18:31 - 2017-09-05 05:20 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-09-12 18:31 - 2017-09-05 05:19 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-09-12 18:31 - 2017-09-05 05:19 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-09-12 18:31 - 2017-09-05 05:19 - 001028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-09-12 18:31 - 2017-09-05 05:19 - 000996864 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2017-09-12 18:31 - 2017-09-05 05:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-09-12 18:31 - 2017-09-05 05:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-09-12 18:31 - 2017-09-05 05:19 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2017-09-12 18:31 - 2017-09-05 05:18 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-09-12 18:31 - 2017-09-05 05:18 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-09-12 18:31 - 2017-09-05 05:18 - 000803328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-09-12 18:31 - 2017-09-05 05:18 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-09-12 18:31 - 2017-09-05 05:18 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-09-12 18:31 - 2017-09-05 05:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-09-12 18:31 - 2017-09-05 05:16 - 000440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2017-09-12 18:31 - 2017-09-05 05:16 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-09-12 18:31 - 2017-09-05 05:15 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-09-12 18:31 - 2017-09-05 05:15 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-09-12 18:31 - 2017-09-05 05:15 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-09-12 18:31 - 2017-09-05 05:15 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-09-12 18:31 - 2017-09-05 05:14 - 000810496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-09-12 18:31 - 2017-09-05 05:13 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-09-12 18:31 - 2017-09-05 05:11 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-09-12 18:31 - 2017-09-05 05:09 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2017-09-12 18:31 - 2017-09-05 05:07 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-09-12 18:31 - 2017-09-05 05:07 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-09-11 17:35 - 2017-09-11 17:35 - 000000000 ___RD C:\Users\Tom\Documents\Downloads (D)
2017-09-10 20:52 - 2017-09-10 20:52 - 000000047 _____ C:\Users\Tom\Desktop\Release Dates.txt
2017-09-09 19:20 - 2017-09-09 19:20 - 000000000 ___RD C:\Users\Tom\AppData\Roaming\Brother
2017-09-09 19:20 - 2017-09-09 19:20 - 000000000 ____D C:\Users\Tom\AppData\LocalLow\Brother
2017-09-04 15:21 - 2017-09-04 15:21 - 000000766 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2017-09-04 13:20 - 2017-09-04 13:20 - 000000000 ____D C:\Users\Tom\AppData\LocalLow\srylain Inc_
2017-09-04 12:58 - 2017-09-04 13:02 - 000000000 ____D C:\Users\Tom\Documents\Guitar Hero III - Copy
2017-09-03 20:17 - 2017-09-03 20:20 - 000000000 ____D C:\Users\Tom\Documents\Volo Airsport
2017-09-03 20:17 - 2017-09-03 20:17 - 000000000 ____D C:\Users\Tom\AppData\LocalLow\Ramjet Anvil
2017-09-01 12:23 - 2017-09-01 12:23 - 800488666 _____ C:\WINDOWS\MEMORY.DMP
2017-09-01 12:23 - 2017-09-01 12:23 - 000683812 _____ C:\WINDOWS\Minidump\090117-7046-01.dmp
2017-09-01 12:23 - 2017-09-01 12:23 - 000000000 ____D C:\WINDOWS\Minidump
2017-09-01 10:57 - 2017-09-22 21:28 - 000000000 ____D C:\Users\Tom\AppData\Roaming\vlc
2017-09-01 10:46 - 2017-09-01 10:47 - 000000000 ____D C:\Users\Tom\AppData\Roaming\livestreamer
2017-08-31 18:30 - 2017-08-31 18:30 - 000000000 ____D C:\Users\Tom\AppData\LocalLow\Thunder Lotus Games
2017-08-30 11:35 - 2017-07-28 20:51 - 000040736 _____ C:\WINDOWS\system32\Drivers\SteamStreamingMicrophone.sys
2017-08-30 11:35 - 2017-07-21 07:42 - 000040736 _____ C:\WINDOWS\system32\Drivers\SteamStreamingSpeakers.sys
2017-08-29 12:54 - 2017-08-29 12:54 - 000003135 _____ C:\Users\Tom\Desktop\GHTCP.lnk
2017-08-25 10:14 - 2017-08-25 10:14 - 000000000 ____D C:\Users\Tom\Documents\Aspyr

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-24 16:04 - 2016-06-26 15:04 - 000000000 ____D C:\Users\Tom\AppData\Local\Packages
2017-09-24 14:48 - 2017-07-19 19:46 - 001068326 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-09-24 14:43 - 2017-07-19 19:37 - 000000000 ____D C:\ProgramData\NVIDIA
2017-09-24 14:43 - 2016-06-26 17:00 - 000000000 ____D C:\Program Files (x86)\Steam
2017-09-24 14:42 - 2017-07-19 19:42 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-24 14:42 - 2017-03-18 12:40 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2017-09-24 14:42 - 2016-09-18 10:49 - 000000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-09-24 14:37 - 2016-06-26 15:05 - 000000000 ___RD C:\Users\Tom\OneDrive
2017-09-24 14:25 - 2016-06-26 19:34 - 000000000 ____D C:\Users\Tom\AppData\Local\Google
2017-09-24 14:24 - 2017-07-19 19:37 - 000000000 ____D C:\Users\Tom
2017-09-24 14:22 - 2016-06-26 19:34 - 000000000 ____D C:\Program Files (x86)\Google
2017-09-24 14:19 - 2016-06-26 20:10 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-09-24 13:47 - 2017-02-18 19:28 - 000000000 ____D C:\Users\Tom\AppData\Local\CrashDumps
2017-09-24 11:20 - 2017-03-18 22:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-24 11:20 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-22 19:09 - 2016-09-22 17:07 - 000000000 ____D C:\Program Files (x86)\Overwatch
2017-09-22 19:09 - 2016-09-22 17:06 - 000000000 ____D C:\Users\Tom\AppData\Local\Battle.net
2017-09-22 19:09 - 2016-09-22 17:05 - 000000000 ____D C:\Program Files (x86)\Battle.net
2017-09-15 19:51 - 2017-07-16 09:53 - 000000000 ____D C:\Users\Tom\AppData\Roaming\steelseries-engine-3-client
2017-09-15 17:41 - 2017-03-13 18:09 - 000000000 ____D C:\Users\Tom\AppData\Roaming\Audacity
2017-09-15 17:13 - 2017-03-18 22:01 - 000000000 ____D C:\WINDOWS\INF
2017-09-13 17:05 - 2016-04-27 07:42 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-09-13 17:04 - 2017-07-19 19:36 - 000388920 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-09-12 20:13 - 2017-03-18 22:03 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-09-12 20:13 - 2017-03-18 22:03 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-09-12 20:13 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2017-09-12 20:13 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-09-12 20:13 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\setup
2017-09-12 20:13 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-09-12 20:13 - 2017-03-18 22:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-09-12 20:13 - 2017-03-18 22:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-09-12 18:35 - 2016-06-26 15:58 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-09-12 18:34 - 2017-03-18 21:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-09-12 18:34 - 2016-06-26 15:58 - 138202976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-09-10 19:07 - 2017-03-12 15:48 - 000000359 _____ C:\WINDOWS\BRRBCOM.INI
2017-09-09 17:18 - 2017-02-25 15:28 - 000000000 ____D C:\Users\Tom\AppData\Local\8BitBoy
2017-09-07 17:45 - 2016-10-29 12:51 - 000000000 ____D C:\Users\Tom\Documents\SavedGames
2017-09-03 14:18 - 2017-07-22 08:54 - 000000000 ____D C:\ProgramData\Remotr
2017-09-02 16:15 - 2017-03-18 22:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-09-02 16:15 - 2017-03-18 22:06 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-09-01 10:57 - 2017-03-03 17:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

==================== Files in the root of some directories =======

2016-11-12 19:32 - 2017-04-14 11:17 - 000002782 _____ () C:\Users\Tom\AppData\Roaming\SpeedRunnersLog.txt
2016-11-12 19:32 - 2016-11-12 19:32 - 000002606 _____ () C:\Users\Tom\AppData\Roaming\TargetInvocationLog.txt
2017-06-02 14:17 - 2017-06-02 14:17 - 000000000 _____ () C:\Users\Tom\AppData\Local\BlackstarMarketing.log
2017-06-02 15:21 - 2017-06-02 15:38 - 000000326 _____ () C:\Users\Tom\AppData\Local\insider.log
2017-07-31 13:21 - 2017-07-31 13:21 - 000007069 _____ () C:\Users\Tom\AppData\Local\recently-used.xbel
2017-06-27 19:16 - 2017-06-27 19:16 - 000007589 _____ () C:\Users\Tom\AppData\Local\Resmon.ResmonCfg
2017-07-19 19:37 - 2017-07-19 19:37 - 000000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
2017-09-24 14:18 - 2006-05-25 01:10 - 000455600 _____ (Macrovision Corporation) C:\Users\Tom\AppData\Local\Temp\_is365B.exe
2017-09-15 17:17 - 2006-05-25 01:10 - 000455600 _____ (Macrovision Corporation) C:\Users\Tom\AppData\Local\Temp\_is6467.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-30 14:34

==================== End of FRST.txt ============================

This is the Addition log

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-09-2017
Ran by Tom (24-09-2017 17:59:07)
Running from C:\Users\Tom\Desktop
Windows 10 Pro Version 1703 (X64) (2017-07-19 18:44:18)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2235556512-3620655794-2756196336-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2235556512-3620655794-2756196336-503 - Limited - Disabled)
Guest (S-1-5-21-2235556512-3620655794-2756196336-501 - Limited - Disabled)
Tom (S-1-5-21-2235556512-3620655794-2756196336-1001 - Administrator - Enabled) => C:\Users\Tom

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

12 is Better Than 6 (HKLM\...\Steam App 410110) (Version: - Ink Stains Games)
7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
8BitBoy (HKLM\...\Steam App 296910) (Version: - AwesomeBlade)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adventure in the Tower of Flight (HKLM\...\Steam App 368830) (Version: - Pixel Barrage Entertainment, Inc.)
Apowersoft Phone Manager version 2.8.4 (HKLM-x32\...\{4A00E3C4-2D0F-4AE7-9F2A-74870BE09EF8}_is1) (Version: 2.8.4 - APOWERSOFT LIMITED)
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Arduino (HKLM-x32\...\Arduino) (Version: 1.6.8 - Arduino LLC)
Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Blackstar INSIDER (HKLM-x32\...\{C7F2434B-AE8C-49C1-84F9-BB2F2A546007}) (Version: 1.8.1229 - Blackstar Amplification Ltd.)
Blackstar INSIDER Interface (HKU\S-1-5-21-2235556512-3620655794-2756196336-1001\...\3322152541.www.blackstaramps.com) (Version: - www.blackstaramps.com)
Blender 2.78 (HKLM\...\Steam App 365670) (Version: - Blender Foundation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brawlhalla (HKLM\...\Steam App 291550) (Version: - Blue Mammoth Games)
Brother MFL-Pro Suite DCP-9020CDW (HKLM-x32\...\{E98A9C92-E767-475B-8BC6-8780A86DDC72}) (Version: 1.0.5.0 - Brother Industries, Ltd.)
Clustertruck (HKLM\...\Steam App 397950) (Version: - Landfall Games)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Discord (HKU\S-1-5-21-2235556512-3620655794-2756196336-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
DLC Quest (HKLM\...\Steam App 230050) (Version: - Going Loud Studios)
Enemy Mind (HKLM\...\Steam App 285840) (Version: - Schell Games)
Epic Games Launcher (HKLM-x32\...\{2DE76AAC-8061-4D9B-B7BA-A7CFBE0F8048}) (Version: 1.1.86.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Flinthook (HKLM\...\Steam App 401710) (Version: - Tribute Games Inc.)
Free Pascal 3.0.0 (HKLM-x32\...\FreePascal_is1) (Version: - Free Pascal Team)
G4FON Koch Method Morse Trainer (HKLM-x32\...\G4FON Koch Method Morse Trainer) (Version: - )
GameGuru (HKLM\...\Steam App 266310) (Version: - The Game Creators)
GameLooper (HKLM\...\Steam App 435060) (Version: - GameLooper)
GCFScape 1.8.6 (HKLM\...\GCFScape_is1) (Version: - Ryan Gregg)
GIMP 2.8.22 (HKLM\...\GIMP-2_is1) (Version: 2.8.22 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Grapple (HKLM\...\Steam App 268320) (Version: - Tuesday Society)
Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
Guitar Hero III (HKLM-x32\...\{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}) (Version: 1.3 - Aspyr)
Guitar Hero Three Control Panel (HKLM-x32\...\{FC7CCCFB-2081-4E9D-8F6D-CAAE87267E6C}) (Version: 2.0.4 - Sigma Production Inc.)
Half-Life(R) 2 (HKLM-x32\...\{D45EC259-4A19-4656-B588-C2C360DD18EA}) (Version: 1.0.0.0 - Valve)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
INK (HKLM\...\Steam App 385710) (Version: - ZackBellGames)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Jotun (HKLM\...\Steam App 323580) (Version: - Thunder Lotus Games)
Kreedz Climbing (HKLM\...\Steam App 626680) (Version: - ObsessionSoft)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Livestreamer 1.12.2 (HKLM-x32\...\Livestreamer) (Version: - )
Logitech Gaming Software 8.92 (HKLM\...\Logitech Gaming Software) (Version: 8.92.67 - Logitech Inc.)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.7766.2099 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual Studio 2017 (HKLM-x32\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.10.30640.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
MorphVOX Pro (HKLM-x32\...\{75B956F9-D72D-4929-B695-120D70E8AEE1}) (Version: 4.4.7 - Screaming Bee)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Murder Miners (HKLM\...\Steam App 274900) (Version: - JForce Games)
No Time To Explain Remastered (HKLM\...\Steam App 368730) (Version: - tinyBuild)
NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.53 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.8.0.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.8.0.89 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.53 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.15.1 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.7766.2099 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.7766.2099 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
One Finger Death Punch (HKLM\...\Steam App 264200) (Version: - Silver Dollar Games)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
osu! (HKLM-x32\...\{8b8cf839-c99a-4c57-a05e-1400933bf99b}) (Version: latest - ppy Pty Ltd)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
Poi (HKLM\...\Steam App 401810) (Version: - PolyKid)
Pokemon Showdown (HKLM-x32\...\Pokemon Showdown) (Version: - "Pokemon Showdown")
Poker Night at the Inventory (HKLM\...\Steam App 31280) (Version: - Telltale Games)
Portal (HKLM\...\Steam App 400) (Version: - Valve)
Portal 2 (HKLM\...\Steam App 620) (Version: - Valve)
Race The Sun (HKLM\...\Steam App 253030) (Version: - Flippfly LLC)
Ratz Instagib 2.0 (HKLM\...\Steam App 338170) (Version: - Lino Slahuschek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7836 - Realtek Semiconductor Corp.)
Refunct (HKLM\...\Steam App 406150) (Version: - Dominique Grieshofer)
Rocket League (HKLM\...\Steam App 252950) (Version: - Psyonix, Inc.)
Rust (HKLM\...\Steam App 252490) (Version: - Facepunch Studios)
Skullgirls (HKLM\...\Steam App 245170) (Version: - Lab Zero Games)
Skype™ 7.35 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.35.103 - Skype Technologies S.A.)
SL-6640-SBK BLACK WIDOW Flightstick (HKLM-x32\...\SL-6640-SBK BLACK WIDOW Flightstick) (Version: - )
Source SDK (HKLM\...\Steam App 211) (Version: - Valve)
Sparkour Alpha Demo (HKLM\...\Steam App 517690) (Version: - Reeline Studios)
SpeedRunners (HKLM\...\Steam App 207140) (Version: - DoubleDutch Games)
Spotify (HKU\S-1-5-21-2235556512-3620655794-2756196336-1001\...\Spotify) (Version: 1.0.59.395.ge6ca9946 - Spotify AB)
Spriter Pro (HKLM\...\Steam App 332360) (Version: - BrashMonkey)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine 3.11.1 (HKLM\...\SteelSeries Engine 3) (Version: 3.11.1 - SteelSeries ApS)
Stencyl (HKLM-x32\...\Stencyl) (Version: /root/.jenkins/jobs/Stencyl-Windows/workspace/build - Stencyl, LLC)
Super Hipster Lumberjack (HKLM\...\Steam App 388340) (Version: - Day Dreamer Games)
Team Fortress 2 (HKLM\...\Steam App 440) (Version: - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TEKKEN 7 (HKLM\...\Steam App 389730) (Version: - BANDAI NAMCO Studios Inc.)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
Unity (HKLM-x32\...\Unity) (Version: 5.6.1f1 - Unity Technologies ApS)
Unreal Development Kit: 2013-02 (HKLM\...\UDK-8f52df52-7c0d-4c3a-9790-1b0cc4251882) (Version: - Epic Games, Inc.)
UserTesting (HKU\S-1-5-21-2235556512-3620655794-2756196336-1001\...\UserTestingPlugin) (Version: - UserTesting.com)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Volo Airsport (HKLM\...\Steam App 329190) (Version: - Ramjet Anvil)
vs_communitymsi (HKLM-x32\...\{A041943F-C97B-48F6-8F23-C5078F99BB3A}) (Version: 15.0.26323 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{1210EE60-E253-407D-B537-D36898049CF0}) (Version: 15.0.26228 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{581E5656-26E2-4A02-9711-48C8E4998310}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{15D591B0-7B40-4957-B6C0-EB7452B5AAB6}) (Version: 15.0.26228 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{DC296244-0701-4EDE-9696-05B9C1D017B3}) (Version: 15.0.26228 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{11230C85-1813-4BC3-9C24-E0B74B59653E}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{9477F337-FD16-4ACA-8217-E2D7A0F92603}) (Version: 15.0.26301 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{497A5ACE-DA03-4412-A110-910B2C450720}) (Version: 15.0.26424 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{A8B77523-13AB-46B9-B54F-5483E09668F9}) (Version: 15.0.26228 - Microsoft Corporation) Hidden
VTFEdit 1.2.5 (HKLM-x32\...\VTFEdit_is1) (Version: - Neil Jedrzejewski & Ryan Gregg)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
VVVVVV (HKLM\...\Steam App 70300) (Version: - Terry Cavanagh)
WinDirStat 1.1.2 (HKU\S-1-5-21-2235556512-3620655794-2756196336-1001\...\WinDirStat) (Version: - )
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows Driver Package - Adafruit Industries LLC (usbser) Ports (02/25/2016 6.2.2600.0) (HKLM\...\1245A5961AC9D2C18ADF9EEC931D77E059B7F74E) (Version: 02/25/2016 6.2.2600.0 - Adafruit Industries LLC)
Windows Driver Package - Adafruit Industries LLC (usbser) Ports (05/06/2014 6.2.2600.0) (HKLM\...\DCB075664682927C9BBCC4197B223FD46536AC11) (Version: 05/06/2014 6.2.2600.0 - Adafruit Industries LLC)
Windows Driver Package - ArcBotics LLC (www.arcbotics.com) Sparki USB Driver (02/18/2016 1.6.8.1) (HKLM\...\7141494BA4FCE256201C72C9447D31AD95B0183F) (Version: 02/18/2016 1.6.8.1 - ArcBotics LLC (www.arcbotics.com))
Windows Driver Package - Arduino LLC (www.arduino.cc) Arduino USB Driver (01/04/2013 1.0.0.0) (HKLM\...\1E3EA5624DD04BEFECF3FFF6D3A21CCE9CD70A91) (Version: 01/04/2013 1.0.0.0 - Arduino LLC (www.arduino.cc))
Windows Driver Package - ATMEL, Inc. (usbser) Ports (01/08/2013 6.0.0.0) (HKLM\...\0ED695C81FAE1F3FF0020BB04E14E01EC7AFA041) (Version: 01/08/2013 6.0.0.0 - ATMEL, Inc.)
Windows Driver Package - BirdBrain Technologies LLC (www.birdbraintechnologies.com) Hummingbird Duo USB Driver (12/03/2014 0.1.0.0) (HKLM\...\D3CF67D79398A460216FE982E95D3F3ED9D00969) (Version: 12/03/2014 0.1.0.0 - BirdBrain Technologies LLC (www.birdbraintechnologies.com))
Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (07/12/2013 2.08.30) (HKLM\...\22CCD58B53472BE3FCAFF05631111C4062959A43) (Version: 07/12/2013 2.08.30 - FTDI)
Windows Driver Package - FTDI CDM Driver Package - VCP Driver (07/12/2013 2.08.30) (HKLM\...\BD00013670D26C16E19F284BF8E15DAF813497C7) (Version: 07/12/2013 2.08.30 - FTDI)
Windows Driver Package - libusbK AVRISP mkII (04/27/2014 3.0.7.0) (HKLM\...\053CDDAAECC24EBC2DB6F865540D8056F5FE3FCA) (Version: 04/27/2014 3.0.7.0 - libusbK)
Windows Driver Package - libusbK USBasp (04/27/2014 3.0.7.0) (HKLM\...\B5255A6AF36AB651D9EFB929ACA27523F06F35E5) (Version: 04/27/2014 3.0.7.0 - libusbK)
Windows Driver Package - libusbK USBTinyISP (04/27/2014 3.0.7.0) (HKLM\...\DE72E36F3DC9C272561882EBE57C16AD6CA1A9CE) (Version: 04/27/2014 3.0.7.0 - libusbK)
Windows Driver Package - LightUp (usbser) Ports (04/01/2014 1.1.0.0) (HKLM\...\7C0ED5A12A230FF7D0EE5DB7580F3FC9B888E410) (Version: 04/01/2014 1.1.0.0 - LightUp)
Windows Driver Package - SparkFun Electronics (usbser) Ports (10/27/2014 5.1.2600.0) (HKLM\...\AF341C2811B6988C95D1BE33E4541B80FBEEC07E) (Version: 10/27/2014 5.1.2600.0 - SparkFun Electronics)
Windows Driver Package - wch.cn (CH341SER_A64) Ports (08/08/2014 3.4.2014.08) (HKLM\...\E46668F0267651C248944766291791B0DEF36F1D) (Version: 08/08/2014 3.4.2014.08 - wch.cn)
Windows Movie Maker 2016 (HKLM-x32\...\{3CC29C1A-B5FE-457B-8F22-32A2videowin}}_is1) (Version: - videowinsoft.com)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wondershare Filmora(Build 8.2.2) (HKLM\...\Wondershare Filmora_is1) (Version: - Wondershare Software)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2235556512-3620655794-2756196336-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Tom\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2235556512-3620655794-2756196336-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Tom\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2235556512-3620655794-2756196336-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Tom\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileSyncShell64.dll => No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => D:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => D:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E47A284-FE32-454F-9C75-7DB42CE63DE7} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-07-26] (NVIDIA Corporation)
Task: {225FACE9-868E-4A7F-B1E0-27CA5A7FA4BE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-08-19] (Microsoft Corporation)
Task: {48F6063D-042C-4878-AC04-FF9B131A2246} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-07-26] (NVIDIA Corporation)
Task: {4F914D22-A0AE-46DD-8E27-E25A8EFC1125} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-24] (Google Inc.)
Task: {5D8D3097-40DE-4718-9A5A-243F27A5ECB3} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-08-19] (Microsoft Corporation)
Task: {6C02DBD9-33DE-4605-A07E-2423299E2131} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-07-26] (NVIDIA Corporation)
Task: {71A0CF38-4251-4A5C-8E1D-9A1AC081D508} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-03] (Microsoft Corporation)
Task: {76A662BA-B7B6-40AA-8372-9B4F20AE055F} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-07-26] (NVIDIA Corporation)
Task: {90788567-348A-4F4B-8203-2C9989D48875} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-07-26] (NVIDIA Corporation)
Task: {9207EFC3-A322-4D42-B5D6-E2AF676E9388} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-24] (Google Inc.)
Task: {A3670645-9803-451D-8FDC-162CD7D85C06} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-07-26] (NVIDIA Corporation)
Task: {A40E1AEA-5AE9-40C1-8201-318D1491371E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-03] (Microsoft Corporation)
Task: {DB7ADC6C-36C5-43E6-88C8-AB20388D4515} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-07-26] (NVIDIA Corporation)
Task: {E7DD7C16-EA47-4578-963D-36EDA5545EEF} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-07-26] (NVIDIA Corporation)
Task: {E7FFE8C6-B3FF-4205-BE13-C9A43EB7CC73} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-08-19] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-01-13 14:56 - 2017-01-13 14:56 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 14:56 - 2017-01-13 14:56 - 001353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-05-12 16:49 - 2017-07-26 18:09 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-03-12 15:48 - 2005-04-22 05:36 - 000143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll
2017-09-24 11:53 - 2017-08-24 11:27 - 002264528 _____ () D:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-03-18 21:58 - 2017-03-18 21:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-07-21 20:23 - 2017-07-21 20:23 - 008930504 _____ () C:\Program Files\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2017-03-18 21:59 - 2017-03-19 03:30 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-08-23 12:03 - 2017-08-23 12:04 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-08-23 12:03 - 2017-08-23 12:04 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-08-23 12:03 - 2017-08-23 12:04 - 036162048 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-08-23 12:03 - 2017-08-23 12:04 - 002237952 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\skypert.dll
2015-03-07 01:07 - 2015-03-07 01:07 - 000908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2017-04-06 00:05 - 2017-04-06 00:05 - 001096824 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-07 01:07 - 2015-03-07 01:07 - 000060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2017-04-06 00:05 - 2017-04-06 00:05 - 000241784 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2017-09-24 14:25 - 2017-09-21 08:29 - 004022616 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libglesv2.dll
2017-09-24 14:25 - 2017-09-21 08:29 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libegl.dll
2016-06-26 17:04 - 2017-08-04 22:19 - 000678176 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-06-26 17:04 - 2016-09-01 02:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-06-26 17:04 - 2017-09-07 05:51 - 002505504 _____ () C:\Program Files (x86)\Steam\video.dll
2016-06-26 17:04 - 2016-01-27 08:49 - 000332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-06-26 17:04 - 2016-01-27 08:49 - 002549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-06-26 17:04 - 2016-01-27 08:49 - 000491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-06-26 17:04 - 2016-01-27 08:49 - 000442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-06-26 17:04 - 2016-01-27 08:49 - 000485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-06-26 17:04 - 2016-09-01 02:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-06-26 17:04 - 2016-09-01 02:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-06-26 17:04 - 2017-09-07 05:51 - 000885024 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-06-26 17:04 - 2016-07-04 23:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2017-03-12 15:48 - 2009-02-27 17:38 - 000139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2017-05-12 16:49 - 2017-07-26 18:08 - 069820864 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2016-12-13 17:07 - 2017-07-17 23:50 - 073115424 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-06-09 16:11 - 2017-05-17 02:54 - 000678176 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2016-06-26 17:04 - 2015-09-25 00:52 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2017-05-12 16:49 - 2017-07-26 18:09 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2235556512-3620655794-2756196336-1001\...\sharepoint.com -> hxxps://whiteways-files.sharepoint.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 12:04 - 2017-08-31 12:25 - 000000954 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 motdgd.com
127.0.0.1 motd.pinion.gg
127.0.0.1 pinion.gg
127.0.0.1 pinionprizes.gg
127.0.0.1 vppgamingnetwork.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2235556512-3620655794-2756196336-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-2235556512-3620655794-2756196336-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2235556512-3620655794-2756196336-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2235556512-3620655794-2756196336-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2235556512-3620655794-2756196336-1001\...\StartupApproved\Run: => "Spotify Web Helper"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9416FDED-DC9A-4C3E-AC23-482D60924C38}] => (Allow) D:\SteamLibrary\steamapps\common\Skullgirls\SkullGirls.exe
FirewallRules: [{117491BE-2B17-4E49-9770-ADFA772C46B2}] => (Allow) D:\SteamLibrary\steamapps\common\Skullgirls\SkullGirls.exe
FirewallRules: [{8B02224B-EA95-4968-903F-1B194D2F8DA5}] => (Allow) D:\SteamLibrary\steamapps\common\Blender\blender.exe
FirewallRules: [{44D9465A-FDB6-461C-8C74-FB80A4F60F75}] => (Allow) D:\SteamLibrary\steamapps\common\Blender\blender.exe
FirewallRules: [{92CF0309-ED72-432A-BF01-8497D6363573}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{623D834D-313A-492D-B6D6-2117A29D1BF7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [UDP Query User{AC876894-E15F-4CF6-A61E-02C2C9071922}D:\steamlibrary\steamapps\common\tekken 7\tekkengame\binaries\win64\tekkengame-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\tekken 7\tekkengame\binaries\win64\tekkengame-win64-shipping.exe
FirewallRules: [TCP Query User{D475F7BD-111C-410A-B2DB-3B7C0965BD3A}D:\steamlibrary\steamapps\common\tekken 7\tekkengame\binaries\win64\tekkengame-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\tekken 7\tekkengame\binaries\win64\tekkengame-win64-shipping.exe
FirewallRules: [{7E379D63-B4F4-487B-8E3B-064327B7DBF3}] => (Allow) D:\SteamLibrary\steamapps\common\TEKKEN 7\TEKKEN 7.exe
FirewallRules: [{205C50B4-25D9-42E7-9276-2DB01CB9749A}] => (Allow) D:\SteamLibrary\steamapps\common\TEKKEN 7\TEKKEN 7.exe
FirewallRules: [{E020C7EA-69FF-46CB-B7F3-341DC0C7184F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SparkourAlphaDemo\Sparkour.exe
FirewallRules: [{9A90965C-D698-45FD-977D-0211E067316F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SparkourAlphaDemo\Sparkour.exe
FirewallRules: [UDP Query User{4F06C08B-0C6C-4242-97CB-2F984DA24A5D}C:\udk\rl_test\binaries\swarmagent.exe] => (Allow) C:\udk\rl_test\binaries\swarmagent.exe
FirewallRules: [TCP Query User{6B79A8C1-CA8A-44C6-9DAA-856D10AB2056}C:\udk\rl_test\binaries\swarmagent.exe] => (Allow) C:\udk\rl_test\binaries\swarmagent.exe
FirewallRules: [{442034C6-B87B-45F1-96C9-8B4E638D7115}] => (Allow) C:\UDK\RL_Test\Binaries\Win64\UDK.exe
FirewallRules: [{FED801F4-8FC3-4D46-A4FF-1B97F058A3A3}] => (Allow) C:\UDK\RL_Test\Binaries\Win64\UDK.exe
FirewallRules: [{C96B51FB-2B89-4EC6-9A52-7041F83E5C6E}] => (Allow) C:\UDK\RL_Test\Binaries\Win32\UDK.exe
FirewallRules: [{3D2391D5-9E53-4238-A1C6-68EC8E58961B}] => (Allow) C:\UDK\RL_Test\Binaries\Win32\UDK.exe
FirewallRules: [{DDF79449-2F43-435E-9711-620B172A6C2A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\No Time To Explain Remastered\NoTimeToExplain.exe
FirewallRules: [{C5012D35-546A-4F47-A9B2-D7B6E255DCAA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\No Time To Explain Remastered\NoTimeToExplain.exe
FirewallRules: [{B2D1FA38-E392-48BD-89B8-3481BC28DFBF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\INK\INK.exe
FirewallRules: [{A63CEA51-BE90-4310-B324-F55EB0754604}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\INK\INK.exe
FirewallRules: [UDP Query User{F958700B-B855-4A8E-B40F-FCB43DBA6891}C:\program files (x86)\blackstar amplification ltd\blackstar insider\blackstarinsiderserverpc.exe] => (Allow) C:\program files (x86)\blackstar amplification ltd\blackstar insider\blackstarinsiderserverpc.exe
FirewallRules: [TCP Query User{32B15D7F-E2B3-4BFE-A6C1-3BD966B3C161}C:\program files (x86)\blackstar amplification ltd\blackstar insider\blackstarinsiderserverpc.exe] => (Allow) C:\program files (x86)\blackstar amplification ltd\blackstar insider\blackstarinsiderserverpc.exe
FirewallRules: [UDP Query User{CB6FEDF8-42FC-4255-9BE1-E73670FB51D9}C:\users\tom\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\tom\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{4EC35BD5-AEA6-4B25-9518-A06657EB3D3F}C:\users\tom\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\tom\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{094103AD-662B-47D0-B507-2A452D61CC61}C:\program files (x86)\steam\steamapps\common\ratz instagib\ratzed\mapeditor.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\ratz instagib\ratzed\mapeditor.exe
FirewallRules: [TCP Query User{341C44D0-EAD7-465C-B760-B4AD9B459B55}C:\program files (x86)\steam\steamapps\common\ratz instagib\ratzed\mapeditor.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\ratz instagib\ratzed\mapeditor.exe
FirewallRules: [UDP Query User{9A292C19-8944-4963-B357-850914AFAA0E}C:\program files\unity\monodevelop\bin\monodevelop.exe] => (Block) C:\program files\unity\monodevelop\bin\monodevelop.exe
FirewallRules: [TCP Query User{26943A4B-2A01-4D1D-8BE0-A6E957E4C390}C:\program files\unity\monodevelop\bin\monodevelop.exe] => (Block) C:\program files\unity\monodevelop\bin\monodevelop.exe
FirewallRules: [UDP Query User{3BC103CB-B807-474B-A149-538B35CB9505}C:\program files\unity\editor\unity.exe] => (Block) C:\program files\unity\editor\unity.exe
FirewallRules: [TCP Query User{E6CA4361-B6E3-449B-B9C5-57A478E3B68B}C:\program files\unity\editor\unity.exe] => (Block) C:\program files\unity\editor\unity.exe
FirewallRules: [UDP Query User{DEAA8AD3-1872-408F-9391-62CB151A7CED}C:\users\tom\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tom\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{C85D1837-A87E-4A43-996C-B89499492EE9}C:\users\tom\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tom\appdata\roaming\spotify\spotify.exe
FirewallRules: [{6F6C2FEF-A766-4B0B-9C43-2896B8AB8137}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D3AC1B1C-3654-4668-9526-7F7EC6876B19}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3BF90114-6895-463F-8DC0-997453B07814}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{0A502C3E-2FD1-4A54-AFBF-561632100C07}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{120C74C1-F5D4-4726-88E9-3CCE166E8B1F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{59FC6199-83DE-4AFE-BE1E-DE100AEBEFAB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Flinthook\Flinthook.exe
FirewallRules: [{D60C26BD-FE44-4C9B-805A-0E4FC81F81EC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Flinthook\Flinthook.exe
FirewallRules: [{7F51C273-DB8E-4954-8D88-73DC8595DAEA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{86175E4C-818F-4EC5-879D-BD4F2B39DFD1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{196CE4CF-063E-4E10-B33A-5EA42D4DFEF8}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Phone Manager\iOS Recorder.exe
FirewallRules: [{F6FD483B-DF27-4C52-BE3F-D1DA07D8B41C}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Phone Manager\iOS Recorder.exe
FirewallRules: [UDP Query User{2D68BD70-B3EE-4BB4-B092-7DE026E7C371}C:\program files (x86)\apowersoft\apowersoft phone manager\apowersoft phone manager.exe] => (Allow) C:\program files (x86)\apowersoft\apowersoft phone manager\apowersoft phone manager.exe
FirewallRules: [TCP Query User{4C88940D-76CF-4404-A32B-FFDB2F324042}C:\program files (x86)\apowersoft\apowersoft phone manager\apowersoft phone manager.exe] => (Allow) C:\program files (x86)\apowersoft\apowersoft phone manager\apowersoft phone manager.exe
FirewallRules: [{575F9868-581C-4F7F-89D5-36FBB23AE5DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EnemyMind\EnemyMind.exe
FirewallRules: [{B6603F26-EF00-435C-8937-AF23BFDDD3A5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EnemyMind\EnemyMind.exe
FirewallRules: [UDP Query User{E8F0A2DC-A9A7-4C31-8550-4280A70DD60E}C:\program files (x86)\steam\steamapps\common\red trigger\engine\binaries\win64\ue4game-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\red trigger\engine\binaries\win64\ue4game-win64-shipping.exe
FirewallRules: [TCP Query User{2F5B6D79-84DB-4D40-8F1C-D25E36DC81AB}C:\program files (x86)\steam\steamapps\common\red trigger\engine\binaries\win64\ue4game-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\red trigger\engine\binaries\win64\ue4game-win64-shipping.exe
FirewallRules: [{AF258261-FCF5-47B7-ABC8-CF8FA621E37C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Poi\Poi.exe
FirewallRules: [{210C4508-DB09-4C80-A68D-021834FB78EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Poi\Poi.exe
FirewallRules: [{7E30A06D-D8BE-4C05-A6A4-3B98D4CE505D}] => (Allow) LPort=54925
FirewallRules: [{7FD4C3F7-A6AA-4708-BE42-6BB7B4EABDD9}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{7844F6E2-B732-41B1-B515-B538DA862F4F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TowerOfFlight\TowerOfFlight.exe
FirewallRules: [{39B50514-43BF-4A82-86C9-04CB41638987}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TowerOfFlight\TowerOfFlight.exe
FirewallRules: [{826998AB-4528-4341-B3D2-6C80D55F7B61}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal\hl2.exe
FirewallRules: [{1A167B1B-F8D8-4A7B-AFC5-5004AB915995}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal\hl2.exe
FirewallRules: [{BD58A874-4165-45FD-99A9-0EF9C13E1CB8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{0217058C-B0A7-4E85-BA68-E66982AFC813}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{17A985CF-2004-4A9E-8D53-ACDFB426A1D3}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe
FirewallRules: [{9F5F2681-AC90-4CE7-9D1A-147F9808DFDA}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe
FirewallRules: [{943BF6BC-B5E5-4BB4-8FAC-DC0B56A1C10F}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
FirewallRules: [{9D477B9D-00AF-4A67-9208-025A576B838E}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
FirewallRules: [{57A608E7-0362-4BBD-9A97-80670678BF52}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ClusterTruck\Clustertruck.exe
FirewallRules: [{29242437-3272-4142-8B89-3E4668D0F197}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ClusterTruck\Clustertruck.exe
FirewallRules: [UDP Query User{D64FCD27-EA79-4D14-9A2A-8DD2F6E2F24A}C:\program files (x86)\heroes of the storm\versions\base49008\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base49008\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{DEA85547-5659-4F37-80DD-D51EBECAD4B1}C:\program files (x86)\heroes of the storm\versions\base49008\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base49008\heroesofthestorm_x64.exe
FirewallRules: [{FCD6F280-54E3-4828-AD08-DB10546E1B9D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\A Story About My Uncle\Binaries\Win32\ASAMU-Win32-Shipping.exe
FirewallRules: [{AF03C5DC-65A5-422A-A31E-F75681D3B422}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\A Story About My Uncle\Binaries\Win32\ASAMU-Win32-Shipping.exe
FirewallRules: [{D1BC5E58-BB76-4209-9D27-6B85BAD95667}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{0B4BC8D0-70A0-4E64-8868-D40A995E368C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [UDP Query User{C34A876D-4D0B-4C6B-B211-8C735DFF7775}C:\program files (x86)\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{A60D3FBB-7F82-4864-AB7F-FB14CCE639AE}C:\program files (x86)\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{4834F3E2-2F2C-4BA9-990C-E5D9782A24BD}C:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{2B20E585-5C33-4023-B4AE-3E8BDE250279}C:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe
FirewallRules: [{43842874-343B-42EC-B168-7D4CDD181503}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Poker Night at the Inventory\CelebrityPoker.exe
FirewallRules: [{3BEB787F-43B6-4FAC-BF44-3A806A9D1711}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Poker Night at the Inventory\CelebrityPoker.exe
FirewallRules: [UDP Query User{05C9BBE9-0483-4133-A00E-0B6DC9AC1CEE}C:\program files (x86)\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{94940F8C-9C32-4AD7-9830-0FAEEFD64003}C:\program files (x86)\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{10E6EDAB-D3ED-45D9-96D1-1E18CFF55758}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{6EBA7151-F2B4-4C2B-B9B9-1A4D6F634664}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{0A8CB229-7B6F-43B0-8E96-17DD0858EA96}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{8FA39C48-A75E-45AB-8F65-D22A8590B914}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [{30A00E70-30F4-42FF-A22C-BA1A1AF8424E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\vvvvvv\VVVVVV.exe
FirewallRules: [{A54DC929-2EA9-4C9C-9A7C-D3CCA4A43746}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\vvvvvv\VVVVVV.exe
FirewallRules: [{684EE991-1D4A-40F1-A499-92DA61945B46}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SpeedRunners\SpeedRunners.exe
FirewallRules: [{F3EE08BB-9404-4DE2-9295-EFCBA4B9C141}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SpeedRunners\SpeedRunners.exe
FirewallRules: [UDP Query User{055F21DF-2B15-4328-AEE4-1C0EB49096CF}C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe
FirewallRules: [TCP Query User{78232D3E-365E-442E-9C0C-2E5D8E50E99D}C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe
FirewallRules: [UDP Query User{80B03491-489F-46E7-A1AE-15B983BDFFB3}C:\program files (x86)\overwatch test\overwatch.exe] => (Allow) C:\program files (x86)\overwatch test\overwatch.exe
FirewallRules: [TCP Query User{1A9B98B8-8F51-45CF-BFD0-46272D91BD5D}C:\program files (x86)\overwatch test\overwatch.exe] => (Allow) C:\program files (x86)\overwatch test\overwatch.exe
FirewallRules: [UDP Query User{CAD46788-F1C6-4AD3-83C4-08855C437270}C:\program files (x86)\steam\steamapps\common\spellsworn\spellsworn\binaries\win64\spellsworn-win64-test.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\spellsworn\spellsworn\binaries\win64\spellsworn-win64-test.exe
FirewallRules: [TCP Query User{50042EF9-90F3-43B8-8DFD-BEB2102F21E3}C:\program files (x86)\steam\steamapps\common\spellsworn\spellsworn\binaries\win64\spellsworn-win64-test.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\spellsworn\spellsworn\binaries\win64\spellsworn-win64-test.exe
FirewallRules: [{581BE7AA-E4FF-4249-81E0-BEC1BF7741DA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grapple\Grapple.exe
FirewallRules: [{FE89DCF2-30C3-4E32-97D8-CB8553507893}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grapple\Grapple.exe
FirewallRules: [{78F013B0-3CA5-4FD7-9FD4-E36DAE7FD073}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DLC Quest\DLC.exe
FirewallRules: [{5D1FE9B9-77A7-48D8-A87D-6CC02A32D4B8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DLC Quest\DLC.exe
FirewallRules: [{89D7B28E-3FF3-4163-AF40-0E3D8129D3E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Refunct\Refunct\Binaries\Win32\Refunct-Win32-Shipping.exe
FirewallRules: [{421DE155-A019-425B-A400-A10C2D959F6E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Refunct\Refunct\Binaries\Win32\Refunct-Win32-Shipping.exe
FirewallRules: [UDP Query User{2E7F652B-23D0-44ED-9024-AC7910F86D49}C:\users\tom\downloads\arduino-nightly-windows\arduino-nightly\java\bin\javaw.exe] => (Allow) C:\users\tom\downloads\arduino-nightly-windows\arduino-nightly\java\bin\javaw.exe
FirewallRules: [TCP Query User{974AADE7-34F3-4D57-AB86-63E8809D5F44}C:\users\tom\downloads\arduino-nightly-windows\arduino-nightly\java\bin\javaw.exe] => (Allow) C:\users\tom\downloads\arduino-nightly-windows\arduino-nightly\java\bin\javaw.exe
FirewallRules: [UDP Query User{104C7A34-B421-4C9C-A07E-7E69E56DB6B6}C:\program files (x86)\arduino\java\bin\java.exe] => (Allow) C:\program files (x86)\arduino\java\bin\java.exe
FirewallRules: [TCP Query User{839FFD9D-9024-4BAF-BB63-85283BADFE67}C:\program files (x86)\arduino\java\bin\java.exe] => (Allow) C:\program files (x86)\arduino\java\bin\java.exe
FirewallRules: [UDP Query User{C9654D96-9956-419E-8D75-99768102E625}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [TCP Query User{0AA06BFA-E5E2-4F65-B9C8-A007CE0C2062}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [UDP Query User{4BA396FF-E741-44B0-8297-B3E5EF89ED7E}C:\users\tom\appdata\local\temp\codebender\node.exe] => (Allow) C:\users\tom\appdata\local\temp\codebender\node.exe
FirewallRules: [TCP Query User{19B18644-C2AF-4BEF-8EED-DBF87BDCAA60}C:\users\tom\appdata\local\temp\codebender\node.exe] => (Allow) C:\users\tom\appdata\local\temp\codebender\node.exe
FirewallRules: [{556FD58B-97D1-4FC9-937D-0E583CEC8677}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bus Driver\bin\win_x86\launcher.exe
FirewallRules: [{6AE36354-7075-4895-A556-472E350A2FA8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bus Driver\bin\win_x86\launcher.exe
FirewallRules: [{0F1AA046-BC1B-4E23-9527-E3946F689FA8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bus Driver\bin\win_x86\busdriver.exe
FirewallRules: [{7B475CC0-8666-423A-B873-946979E92D68}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bus Driver\bin\win_x86\busdriver.exe
FirewallRules: [{FEFF286A-3ACF-4DCB-937D-B3E78F68246D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trucks & Trailers\bin\win_x86\trucks_n_trailers.exe
FirewallRules: [{929CA325-16B8-4018-A324-3A17ED68A093}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trucks & Trailers\bin\win_x86\trucks_n_trailers.exe
FirewallRules: [{44035CB2-3771-4A01-919F-B65EFEE64205}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Game Guru\GameGuru.exe
FirewallRules: [{2D594497-D9EF-47F5-B6DF-675F6D82A2E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Game Guru\GameGuru.exe
FirewallRules: [UDP Query User{CB37F7A1-2D57-4089-9067-550B850765CE}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{26C41FF5-BE93-40D2-B4DE-8261DEF25E6A}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{8186B567-CE55-4951-A039-C2620C30D3BF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [{7C13514E-89C0-4073-B940-733817974CF8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [UDP Query User{619A2532-F02F-4387-BB56-650C4C514A00}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [TCP Query User{BD224FD1-4D9F-48A6-BD92-DA70324CD218}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [{C6F38A1A-4D01-4B09-88E8-04E2E9505A28}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{75A8440D-B9E4-40C2-B4D9-97E8E157A3D6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{1A47F66B-186C-45DB-935F-9AFE53536072}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{5160F211-DB79-400A-9AC9-D494D09C7E52}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C4F3C1B6-0C9C-4C46-B4BD-AF573E180E12}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CBF6887C-636A-4EA5-BB71-4B13FC6DA92C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{906CA277-7E20-416C-B698-0A68AF760124}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{1AC0EC82-617D-4AE0-9DED-2BC557DA301A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{12BE850F-BDD8-4435-A03E-B6C18F9680DE}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{C67D51D4-0B10-4373-8833-D92E3B75F7D3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CEDF0BE9-29A3-4EA1-9CD9-080823D6C54A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{08A46F3A-3318-4075-A89F-D71E4037BA2F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{073EBED9-A610-4774-85D0-854198E19E2B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{4C837508-5C79-45C1-8D6C-6CF10FEBA341}C:\users\tom\downloads\pooter\tetrisonlinepoland_en\tetrisonlinepoland\tetris.exe] => (Allow) C:\users\tom\downloads\pooter\tetrisonlinepoland_en\tetrisonlinepoland\tetris.exe
FirewallRules: [UDP Query User{8673B9B9-DEDC-4E70-B569-2F64EC90371F}C:\users\tom\downloads\pooter\tetrisonlinepoland_en\tetrisonlinepoland\tetris.exe] => (Allow) C:\users\tom\downloads\pooter\tetrisonlinepoland_en\tetrisonlinepoland\tetris.exe
FirewallRules: [{DD9AFEA1-89D6-4D17-8D9A-6D48C9FEF157}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ratz Instagib\RatzInstagib.exe
FirewallRules: [{670B6CC1-A7E8-4F47-909A-4BF698B20EFA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ratz Instagib\RatzInstagib.exe
FirewallRules: [{EFBCA149-0519-49F0-8DB3-4E4675DF8EC1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GameLooper\GameLooper.exe
FirewallRules: [{7DF36F1E-6667-46B6-B3FE-D77022A89FE6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GameLooper\GameLooper.exe
FirewallRules: [TCP Query User{8151FF08-080A-4448-9C27-8610D861FC06}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{3405BD9F-ADD5-4932-87D8-B8FEB1468861}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{F015BCA6-67EE-453C-8137-B8B87317A884}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spriter\Spriter.exe
FirewallRules: [{085D27FC-C1C4-46D1-80CD-CE65448ED921}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spriter\Spriter.exe
FirewallRules: [TCP Query User{5B4F43AF-1D1A-4E1B-834C-7C758145C4ED}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{E299FDE4-23A4-4A58-814D-B299BC231520}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{9136BC3D-E2CD-437E-A3AF-4142B2F009E8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RaceTheSun\RaceTheSun.exe
FirewallRules: [{D7048E76-B59A-4FEA-B4A8-CA64C3A37E01}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RaceTheSun\RaceTheSun.exe
FirewallRules: [TCP Query User{5697C0F2-BBF2-4341-9C16-72798ED66BB3}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{C7795273-2F5E-4027-8903-E0243D2579A9}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{D2FF66AA-6E4B-43FF-9227-7BC6E40006FA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\8BitBoy\8bitboy.exe
FirewallRules: [{2DC08144-0A8B-4BA8-B7C2-49927AB2313D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\8BitBoy\8bitboy.exe
FirewallRules: [{AD0E4B62-B9F5-43A4-853A-2F29976B8DA0}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{9D461CAE-A489-4192-996A-9EA1E9A65F74}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{0D675BAF-56C5-4646-A278-E716D81CBD75}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{3C5C9EE5-4631-4D5F-B9B0-00EAF74F8592}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{40CB5960-73D4-49DF-85A6-EE2C6DDABD2E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{9E1865E9-2A31-47DD-B7F0-D91702DF1A3A}] => (Allow) C:\Program Files (x86)\Remotr\RemotrServer.exe
FirewallRules: [{F0BBDA79-EF89-4E0A-BA11-B662506E3C1C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceSDK\bin\SDKLauncher.exe
FirewallRules: [{02A235C3-DBA7-4D33-AAB5-05B54F1848DC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceSDK\bin\SDKLauncher.exe
FirewallRules: [{B150D3F2-6DFE-42A6-98B8-C38A0438569E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\12 is Better Than 6\12ibt6Hi\12ibt6.exe
FirewallRules: [{73004BA0-3B00-4FA3-B3DC-AE4CE222C942}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\12 is Better Than 6\12ibt6Hi\12ibt6.exe
FirewallRules: [{3EA0045E-4789-4FEC-A70A-88D147CEC9D2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\12 is Better Than 6\12ibt6Low\12ibt6.exe
FirewallRules: [{41501B38-6B0D-4FF9-99B6-700C6B816CDD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\12 is Better Than 6\12ibt6Low\12ibt6.exe
FirewallRules: [{77E49FE0-245B-4402-AB69-0A43ECAB5683}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{BB5349CE-0B9E-46EE-87A3-CDAFFA99085A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{9BDDD3C0-8E26-4D70-963E-BC850D5DF40B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{1E1B3920-D5C8-4AFF-BC2A-57B247CF992C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8F7B56D9-BBAA-4A1D-B5DD-9ADA2277919D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{D2ED63C6-F8BA-4191-B49E-95753F8369A9}D:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) D:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [UDP Query User{A3C023C5-EE8C-419C-A487-E7452D9471ED}D:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) D:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [TCP Query User{B123FA2A-0680-4B33-9CFA-11EF77A2C86B}D:\program files (x86)\aspyr\guitar hero iii\gh3.exe] => (Allow) D:\program files (x86)\aspyr\guitar hero iii\gh3.exe
FirewallRules: [UDP Query User{66FC7C2B-A551-471E-AF31-D29A48B5C410}D:\program files (x86)\aspyr\guitar hero iii\gh3.exe] => (Allow) D:\program files (x86)\aspyr\guitar hero iii\gh3.exe
FirewallRules: [{1F0DC317-8E87-47F4-A59F-1CDBF828C92F}] => (Allow) D:\SteamLibrary\steamapps\common\Jotun\Jotun.exe
FirewallRules: [{0A9F9DA0-6E60-4BC9-989E-11F8C3BF218B}] => (Allow) D:\SteamLibrary\steamapps\common\Jotun\Jotun.exe
FirewallRules: [{59005321-D032-471F-9589-EBAD725C7A98}] => (Allow) D:\SteamLibrary\steamapps\common\Volo Airsport\volo_airsport.exe
FirewallRules: [{A0667F11-1316-46A9-8991-01455292146F}] => (Allow) D:\SteamLibrary\steamapps\common\Volo Airsport\volo_airsport.exe
FirewallRules: [{3F0B89C2-5A42-4F72-8AB3-E2816F3E5A35}] => (Allow) D:\SteamLibrary\steamapps\common\MurderMiners\Murder Miners.exe
FirewallRules: [{92680527-1A34-4E08-BEA5-C4155A9238D4}] => (Allow) D:\SteamLibrary\steamapps\common\MurderMiners\Murder Miners.exe
FirewallRules: [{5DCC488D-3BDD-4081-8E0D-D9E18E348651}] => (Allow) D:\SteamLibrary\steamapps\common\KreedzClimbing\hl2.exe
FirewallRules: [{D1CCECE6-66D3-407E-9D4D-18BEC9C852AE}] => (Allow) D:\SteamLibrary\steamapps\common\KreedzClimbing\hl2.exe
FirewallRules: [{994D3A7C-BD68-4549-B5A5-01C90A884BD8}] => (Allow) D:\SteamLibrary\steamapps\common\KreedzClimbing\bin\kz\LaunchSDKTool.exe
FirewallRules: [{6F6FEF66-1D46-4E3B-803C-07BFF0BABFE5}] => (Allow) D:\SteamLibrary\steamapps\common\KreedzClimbing\bin\kz\LaunchSDKTool.exe
FirewallRules: [{6EA0776E-3BA2-471A-85ED-059E63D5EA6E}] => (Allow) D:\SteamLibrary\steamapps\common\Super Hipster Lumberjack\SuperHipsterLumberjackV2.exe
FirewallRules: [{9070679C-880A-4348-BC10-84153A71B25A}] => (Allow) D:\SteamLibrary\steamapps\common\Super Hipster Lumberjack\SuperHipsterLumberjackV2.exe
FirewallRules: [{3208AA5A-0DA2-46F2-B6F0-939F90D936E3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

12-09-2017 18:33:20 Windows Update
15-09-2017 17:13:29 Installed MorphVOX Pro
24-09-2017 14:19:10 Removed Challenger Prime Gaming Keyboard Driver

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/24/2017 01:50:54 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (09/24/2017 01:47:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.608, time stamp: 0x59ae240c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x2cc4
Faulting application start time: 0x01d3353348ed4c28
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: unknown
Report Id: 252f93ff-b6d8-4857-a67b-703a3a2919cb
Faulting package full name: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess

Error: (09/24/2017 01:47:16 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-VFLINGR)
Description: Activation of app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!ContentProcess failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/24/2017 01:47:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.608, time stamp: 0x59ae240c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x2c4c
Faulting application start time: 0x01d3353336cd8174
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: unknown
Report Id: ae33d5b9-87ec-4bb4-9d77-023c5b9e412a
Faulting package full name: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess

Error: (09/24/2017 01:47:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.608, time stamp: 0x59ae240c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x2c4c
Faulting application start time: 0x01d3353336cd8174
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: unknown
Report Id: 82d2f6b7-159b-4b67-a237-7c69fa35ff29
Faulting package full name: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess

Error: (09/24/2017 01:47:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.608, time stamp: 0x59ae240c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x2c4c
Faulting application start time: 0x01d3353336cd8174
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: unknown
Report Id: 5875b1fc-167c-4fb6-a8ba-d411253d1098
Faulting package full name: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess

Error: (09/24/2017 01:47:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.608, time stamp: 0x59ae240c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x2c4c
Faulting application start time: 0x01d3353336cd8174
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: unknown
Report Id: 1a6b8166-7936-4f50-a6ca-3b17ae6e6eb6
Faulting package full name: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess

Error: (09/24/2017 01:47:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.608, time stamp: 0x59ae240c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x2c4c
Faulting application start time: 0x01d3353336cd8174
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: unknown
Report Id: 74c48ba6-c0dd-49b6-9e45-b58f858b113f
Faulting package full name: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess

Error: (09/24/2017 01:46:30 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-VFLINGR)
Description: Activation of app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!ContentProcess failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/24/2017 01:46:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.608, time stamp: 0x59ae240c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x8b8
Faulting application start time: 0x01d335331b60463c
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: unknown
Report Id: e7df1a4c-51ba-436e-a741-f3cf280093df
Faulting package full name: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess

System errors:
=============
Error: (09/24/2017 02:42:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.

Error: (09/24/2017 02:41:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (09/24/2017 02:41:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s).

Error: (09/24/2017 02:41:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA Telemetry Container service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (09/24/2017 02:41:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (09/24/2017 02:41:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Hi-Rez Studios Authenticate and Update Service service terminated unexpectedly. It has done this 1 time(s).

Error: (09/24/2017 02:41:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.

Error: (09/24/2017 02:41:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Logitech Gaming Registry Service service terminated unexpectedly. It has done this 1 time(s).

Error: (09/24/2017 02:41:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

Error: (09/24/2017 02:41:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

CodeIntegrity:
===================================
Date: 2017-09-24 17:59:13.991
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-24 17:59:13.989
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-24 17:58:00.127
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-24 17:58:00.125
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-24 17:55:17.995
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-24 17:55:17.994
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-24 17:55:17.726
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-24 17:55:17.724
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-24 17:55:15.487
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-24 17:55:15.485
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-6100 CPU @ 3.70GHz
Percentage of memory in use: 37%
Total physical RAM: 8114.22 MB
Available physical RAM: 5076.56 MB
Total Virtual: 9394.22 MB
Available Virtual: 5782.07 MB

==================== Drives ================================

Drive c: (SSD) (Fixed) (Total:223.08 GB) (Free:24.05 GB) NTFS
Drive d: (HDD) (Fixed) (Total:931.51 GB) (Free:780.26 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 0B254F57)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: E202CF6C)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

And this is the ZHP log:

~ ZHPDiag v2017.9.24.167 By Nicolas Coolman (2017/09/24)
~ Run by Tom (Administrator) (2017/09/25 17:02:42)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook: https://www.facebook.com/nicolascoolman1
~ Certificate ZHPDiag: Legal
~ State version: Version OK
~ Mode: Scan
~ Report: C:\Users\Tom\Desktop\ZHPDiag.txt
~ Report: C:\Users\Tom\AppData\Roaming\ZHP\ZHPDiag.txt
~ UAC: Activate
~ System startup: Normal (Normal boot)
Windows 10 Pro, 64-bit (Build 15063) =>.Microsoft Corporation

---\\ Internet Browsers (3) - 0s
~ GCIE: Google Chrome v61.0.3163.100
~ MSIE: Microsoft Edge v40
~ MSIE: Internet Explorer v11.608.15063.0

---\\ Windows Product Information (3) - 3s
~ Windows Server License Manager Script : OK
~ Licence Script File Génération : OK
Windows Automatic Updates : OK

---\\ System protection software (1) - 2s
Windows Defender (Activate) (Protection)

---\\ Information on the system (6) - 0s
~ Operating System: Intel64 Family 6 Model 94 Stepping 3, GenuineIntel
~ Operating System: 64-bit
~ Boot mode: Normal (Normal boot)
Total RAM: 8308.96 MB (61% free) : OK =>.RAM Value
System Restore: Activé (Enable)
System drive C: has 24 GB (10%) free of 228 GB : OK =>.Disk Space

---\\ Connection to the system mode (3) - 0s
~ Computer Name: DESKTOP-VFLINGR
~ User Name: Tom
~ Logged in as Administrator

---\\ Enumeration of the disk units (2) - 0s
~ Drive C: has 24 GB free of 228 GB (System)
~ Drive D: has 798 GB free of 953 GB

---\\ State of the Windows Security Center (8) - 0s
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] AutoConfigUrl: Modified
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM64\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK

---\\ Search Generic System Files (24) - 1s
[MD5.3AF6D6F752EDE013ED15DFD2D44F8EF9] - 05/09/2017 - (.Microsoft Corporation - Windows Explorer.) -- C:\WINDOWS\Explorer.exe [4848960] =>.Microsoft Windows®
[MD5.ECB702B8C5650381C0784F1EEABB97BC] - 18/03/2017 - (.Microsoft Corporation - Windows host process (Rundll32).) -- C:\WINDOWS\System32\rundll32.exe [68608] =>.Microsoft Corporation
[MD5.0242626678C83AE788C655C1990A3CC3] - 28/07/2017 - (.Microsoft Corporation - Windows Start-Up Application.) -- C:\WINDOWS\System32\Wininit.exe [318232] =>.Microsoft Windows Publisher®
[MD5.9AA7516745C98B81FC10227FF2652391] - 05/09/2017 - (.Microsoft Corporation - Internet Extensions for Win32.) -- C:\WINDOWS\System32\wininet.dll [3307008] =>.Microsoft Corporation
[MD5.9CDA170849A4F66F4D68B3DBB3AC8394] - 05/09/2017 - (.Microsoft Corporation - Windows Logon Application.) -- C:\WINDOWS\System32\Winlogon.exe [706560] =>.Microsoft Corporation
[MD5.50CDF68A8EA8A2A9165CD573FA6C42D8] - 18/03/2017 - (.Microsoft Corporation - Software Licensing Library.) -- C:\WINDOWS\System32\sppcomapi.dll [414208] =>.Microsoft Corporation
[MD5.0F9FA6A2D4EAE50393DCE473759A9845] - 18/03/2017 - (.Microsoft Corporation - DNS Client API DLL.) -- C:\WINDOWS\System32\dnsapi.dll [661224] =>.Microsoft Windows®
[MD5.3F969D5ADEAB3284ABD500B37D74A8F8] - 18/03/2017 - (.Microsoft Corporation - DNS Client API DLL.) -- C:\WINDOWS\Syswow64\dnsapi.dll [508344] =>.Microsoft Windows®
[MD5.5A6D591D56791BA63CE73FCAD60D89A1] - 05/09/2017 - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) -- C:\WINDOWS\System32\drivers\AFD.sys [610720] =>.Microsoft Windows®
[MD5.01733BEEE02E51F712330D5909BD701C] - 18/03/2017 - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) -- C:\WINDOWS\System32\drivers\atapi.sys [29088] =>.Microsoft Windows®
[MD5.B6E5AD7C83A5254DEE9D86023C0E5A81] - 18/03/2017 - (.Microsoft Corporation - CD-ROM File System Driver.) -- C:\WINDOWS\System32\drivers\Cdfs.sys [93184] =>.Microsoft Corporation
[MD5.ABE77AD954BC3D72F559CF0C381E50BC] - 18/03/2017 - (.Microsoft Corporation - SCSI CD-ROM Driver.) -- C:\WINDOWS\System32\drivers\Cdrom.sys [160256] =>.Microsoft Corporation
[MD5.185A4519B7764F4DEF714D890A7A9FD2] - 18/03/2017 - (.Microsoft Corporation - DFS Namespace Client Driver.) -- C:\WINDOWS\System32\drivers\DfsC.sys [150528] =>.Microsoft Corporation
[MD5.02B9639D9997E95CDF2F4C4F3BDCC73D] - 20/06/2017 - (.Microsoft Corporation - High Definition Audio Bus Driver.) -- C:\WINDOWS\System32\drivers\HDAudBus.sys [86528] =>.Microsoft Corporation
[MD5.C6C8315E3262FAE460529C6DA2951682] - 18/03/2017 - (.Microsoft Corporation - i8042 Port Driver.) -- C:\WINDOWS\System32\drivers\i8042prt.sys [115200] =>.Microsoft Corporation
[MD5.DCC05E5EAA580C97F13B434FAFACED85] - 18/03/2017 - (.Microsoft Corporation - IP Network Address Translator.) -- C:\WINDOWS\System32\drivers\IpNat.sys [214528] =>.Microsoft Corporation
[MD5.F2AD1B72C5A6475FB5FF332E1980DF88] - 18/03/2017 - (.Microsoft Corporation - Windows NT SMB Minirdr.) -- C:\WINDOWS\System32\drivers\MRxSmb.sys [467352] =>.Microsoft Windows®
[MD5.BAD3C424788BC071C3EC82CFCDA954D2] - 05/09/2017 - (.Microsoft Corporation - MBT Transport driver.) -- C:\WINDOWS\System32\drivers\netBT.sys [305152] =>.Microsoft Corporation
[MD5.075F8C81457804BB79DD33FE69A96C57] - 28/07/2017 - (.Microsoft Corporation - NT File System Driver.) -- C:\WINDOWS\System32\drivers\ntfs.sys [2327456] =>.Microsoft Windows®
[MD5.2CC6C325B271C7CA60F374F8F868CB45] - 18/03/2017 - (.Microsoft Corporation - Parallel Port Driver.) -- C:\WINDOWS\System32\drivers\Parport.sys [97792] =>.Microsoft Corporation
[MD5.5279EC98F6218D29EADDFECCC0D80E9A] - 18/03/2017 - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) -- C:\WINDOWS\System32\drivers\Rasl2tp.sys [107008] =>.Microsoft Corporation
[MD5.53A01D3FDB701AC5D9DDE4140227E3D9] - 19/03/2017 - (.Microsoft Corporation - Microsoft RDP Device redirector.) -- C:\WINDOWS\System32\drivers\rdpdr.sys [183296] =>.Microsoft Corporation
[MD5.D74756DD1518D28A09CDA99696273FA4] - 01/08/2017 - (.Microsoft Corporation - TDI Translation Driver.) -- C:\WINDOWS\System32\drivers\tdx.sys [119712] =>.Microsoft Windows®
[MD5.E3429DBBEA3965BB96E24B16EF4A2551] - 18/03/2017 - (.Microsoft Corporation - Volume Shadow Copy driver.) -- C:\WINDOWS\System32\drivers\volsnap.sys [397216] =>.Microsoft Windows®

---\\ Non Microsoft non disabled Windows Services (10) - 1s
O23 - Service: Apple Mobile Device Service (Apple Mobile Device Service) . (.Apple Inc. - MobileDeviceService.) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe =>.Apple Inc.®
O23 - Service: Bonjour Service (Bonjour Service) . (.Apple Inc. - Bonjour Service.) - C:\Program Files\Bonjour\mDNSResponder.exe =>.Apple Inc.®
O23 - Service: Google Update Service (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc®
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) . (.Hi-Rez Studios - HiPatchService.) - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe =>.Hi-Rez Studios
O23 - Service: Logitech Gaming Registry Service (LogiRegistryService) . (.Logitech Inc. - Logitech Surround Sound Service.) - C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe =>.Logitech Inc®
O23 - Service: Malwarebytes Service (MBAMService) . (.Malwarebytes - Malwarebytes Service.) - D:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe =>.Malwarebytes Corporation®
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) . (.NVIDIA Corporation - NVIDIA Container.) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe =>.NVIDIA Corporation®
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) . (.NVIDIA Corporation - NVIDIA Container.) - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe =>.NVIDIA Corporation®
O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) . (.NVIDIA Corporation - NVIDIA Container.) - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe =>.NVIDIA Corporation®
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files (x86)\Skype\Updater\Updater.exe =>.Skype Software Sarl®

---\\ Services not Microsoft (SR=Run, SS=Stop) (16) - 23s
SS - Demand [02/08/2017] [ 72704] Adobe LM Service (Adobe LM Service) . (.Adobe Systems.) - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe =>.Adobe Systems
SR - Auto [22/09/2016] [ 83768] Apple Mobile Device Service (Apple Mobile Device Service) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe =>.Apple Inc.®
SR - Auto [12/08/2015] [ 462096] Bonjour Service (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe =>.Apple Inc.®
SS - Demand [25/09/2013] [ 282112] BrYNSvc (BrYNSvc) . (.Brother Industries, Ltd..) - C:\Program Files (x86)\Browny02\BrYNSvc.exe =>.Brother Industries, Ltd.
SS - Auto [24/09/2017] [ 153168] Google Update Service (gupdate) (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc®
SS - Demand [24/09/2017] [ 153168] Google Update Service (gupdatem) (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc®
SPaused - Auto [15/09/2016] [ 9728] Hi-Rez Studios Authenticate and Update Service (HiPatchService) . (.Hi-Rez Studios.) - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe =>.Hi-Rez Studios
SR - Demand [19/01/2017] [ 651576] iPod Service (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe =>.Apple Inc.®
SR - Auto [06/04/2017] [ 225400] Logitech Gaming Registry Service (LogiRegistryService) . (.Logitech Inc..) - C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe =>.Logitech Inc®
SR - Auto [07/08/2017] [ 6058960] Malwarebytes Service (MBAMService) . (.Malwarebytes.) - D:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe =>.Malwarebytes Corporation®
SR - Auto [26/07/2017] [ 512960] NVIDIA LocalSystem Container (NvContainerLocalSystem) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe =>.NVIDIA Corporation®
SS - Demand [26/07/2017] [ 512960] NVIDIA NetworkService Container (NvContainerNetworkService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe =>.NVIDIA Corporation®
SR - Auto [01/05/2017] [ 462968] NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe =>.NVIDIA Corporation®
SR - Auto [26/07/2017] [ 449984] NVIDIA Telemetry Container (NvTelemetryContainer) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe =>.NVIDIA Corporation®
SS - Auto [14/03/2017] [ 317400] Skype Updater (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe =>.Skype Software Sarl®
SR - Demand [14/03/2017] [ 317400] Steam Client Service (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe =>.Valve®

---\\ Task Planned Automatically (Register) (10) - 2s
O40 - TASK: {0E47A284-FE32-454F-9C75-7DB42CE63DE7} [64Bits][\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}] - (.NVIDIA Corporation - NVIDIA crash and telemetry reporter.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [717248] =>.NVIDIA Corporation®
O40 - TASK: {48F6063D-042C-4878-AC04-FF9B131A2246} [64Bits][\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}] - (.NVIDIA Corporation - NVIDIA GeForce Experience.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [1714112] =>.NVIDIA Corporation®
O40 - TASK: {4F914D22-A0AE-46DD-8E27-E25A8EFC1125} [64Bits][\GoogleUpdateTaskMachineCore] - (.Google Inc. - Google Installer.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168] =>.Google Inc®
O40 - TASK: {6C02DBD9-33DE-4605-A07E-2423299E2131} [64Bits][\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}] - (.NVIDIA Corporation - NVIDIA driver profile updater.) -- C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [647616] =>.NVIDIA Corporation®
O40 - TASK: {76A662BA-B7B6-40AA-8372-9B4F20AE055F} [64Bits][\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}] - (.NVIDIA Corporation - NVIDIA telemetry monitor.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [436672] =>.NVIDIA Corporation®
O40 - TASK: {90788567-348A-4F4B-8203-2C9989D48875} [64Bits][\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}] - (.NVIDIA Corporation - NVIDIA Container.) -- C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960] =>.NVIDIA Corporation®
O40 - TASK: {9207EFC3-A322-4D42-B5D6-E2AF676E9388} [64Bits][\GoogleUpdateTaskMachineUA] - (.Google Inc. - Google Installer.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168] =>.Google Inc®
O40 - TASK: {A3670645-9803-451D-8FDC-162CD7D85C06} [64Bits][\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}] - (.NVIDIA Corporation - NVIDIA crash and telemetry reporter.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [717248] =>.NVIDIA Corporation®
O40 - TASK: {DB7ADC6C-36C5-43E6-88C8-AB20388D4515} [64Bits][\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}] - (.NVIDIA Corporation - NVIDIA driver profile updater.) -- C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [647616] =>.NVIDIA Corporation®
O40 - TASK: {E7DD7C16-EA47-4578-963D-36EDA5545EEF} [64Bits][\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}] - (.NVIDIA Corporation - NVIDIA nodejs launcher.) -- C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [946112] =>.NVIDIA Corporation®

---\\ Auto loading programs from Registry and folders (20) - 1s
O4 - HKLM\..\Run: [SecurityHealth] . (.Microsoft Corporation - Windows Defender notification icon.) -- C:\Program Files\Windows Defender\MSASCuiL.exe =>.Microsoft Windows®
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Realtek HD Audio Manager.) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe =>.Realtek Semiconductor Corp®
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe =>.Apple Inc.®
O4 - HKLM\..\Run: [ShadowPlay] . (.Microsoft Corporation - Windows host process (Rundll32).) -- C:\WINDOWS\system32\rundll32.exe =>.Microsoft Corporation
O4 - HKLM\..\Run: [Launch LCore] . (.Logitech Inc. - Logitech Gaming Framework.) -- C:\Program Files\Logitech Gaming Software\LCore.exe =>.Logitech Inc®
O4 - HKCU\..\Run: [Steam] . (.Valve Corporation - Steam Client Bootstrapper.) -- C:\Program Files (x86)\Steam\steam.exe =>.Valve®
O4 - HKCU\..\Run: [BingSvc] . (.© 2015 Microsoft Corporation - Microsoft Bing Service.) -- C:\Users\Tom\AppData\Local\Microsoft\BingSvc\BingSvc.exe =>.Microsoft Corporation®
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Software Sarl®
O4 - HKCU\..\Run: [Spotify] . (.Spotify Ltd - Spotify.) -- C:\Users\Tom\AppData\Roaming\Spotify\Spotify.exe =>.Spotify AB®
O4 - HKCU\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\Tom\AppData\Roaming\Spotify\SpotifyWebHelper.exe =>.Spotify AB®
O4 - HKLM\..\Wow6432Node\Run: [Wondershare Helper Compact.exe] . (.Wondershare - Wondershare Studio.) -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe =>.Wondershare software CO., LIMITED®
O4 - HKLM\..\Wow6432Node\Run: [ControlCenter4] . (.Brother Industries, Ltd. - ControlCenter Launcher.) -- C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe =>.Brother Industries, Ltd.
O4 - HKLM\..\Wow6432Node\Run: [BrStsMon00] . (.Brother Industries, Ltd. - Status Monitor Application.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe =>.Brother Industries, Ltd.
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] . (.Microsoft Corporation - Microsoft OneDrive Setup.) -- C:\Windows\SysWOW64\OneDriveSetup.exe =>.Microsoft Windows®
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] . (.Microsoft Corporation - Microsoft OneDrive Setup.) -- C:\Windows\SysWOW64\OneDriveSetup.exe =>.Microsoft Windows®
O4 - HKUS\S-1-5-21-2235556512-3620655794-2756196336-1001\..\Run: [Steam] . (.Valve Corporation - Steam Client Bootstrapper.) -- C:\Program Files (x86)\Steam\steam.exe =>.Valve®
O4 - HKUS\S-1-5-21-2235556512-3620655794-2756196336-1001\..\Run: [BingSvc] . (.© 2015 Microsoft Corporation - Microsoft Bing Service.) -- C:\Users\Tom\AppData\Local\Microsoft\BingSvc\BingSvc.exe =>.Microsoft Corporation®
O4 - HKUS\S-1-5-21-2235556512-3620655794-2756196336-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Software Sarl®
O4 - HKUS\S-1-5-21-2235556512-3620655794-2756196336-1001\..\Run: [Spotify] . (.Spotify Ltd - Spotify.) -- C:\Users\Tom\AppData\Roaming\Spotify\Spotify.exe =>.Spotify AB®
O4 - HKUS\S-1-5-21-2235556512-3620655794-2756196336-1001\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\Tom\AppData\Roaming\Spotify\SpotifyWebHelper.exe =>.Spotify AB®

---\\ Google Chrome, Start,Search,Extensions (23) - 0s
G0 - GCSP: Preferences [User Data\Default][HomePage] http://apis.google.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://clients5.google.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://gb.api4load.biz
G0 - GCSP: Preferences [User Data\Default][HomePage] http://lastpass.com
G0 - GCSP: Preferences [User Data\Default][HomePage] http://lh3.googleusercontent.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://qmee-apps.s3.amazonaws.com
G0 - GCSP: Preferences [User Data\Default][HomePage] http://s2.googleusercontent.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://ssl.gstatic.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.google.co.uk =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.gstatic.com =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [aapocclcgogkmnckokdopfmhonfmgoek] =>.Google Inc. {Slides}
G2 - GCE: Preference [User Data\Default] [aohghmighlieiainnegkcijnfilokake] =>.Google Inc. {Docs}
G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] http://drive.google.com/ =>.Google Inc. {Drive}
G2 - GCE: Preference [User Data\Default] [blpcfgokakmgnkcojhhkbfbldkacnbeo] http://www.youtube.com =>.Youtube {Youtube}
G2 - GCE: Preference [User Data\Default] [chnfggpncfadofhgkekcppnonikpgbjm] Steam Powered
G2 - GCE: Preference [User Data\Default] [felcaaldnbdncclmgdcncolpebgiejap] =>.Google Inc. {Sheets}
G2 - GCE: Preference [User Data\Default] [ghbmnnjooekpmoecnnnilnnbdlolhkhi] =>.Google Inc. {Docs hors connexion}
G2 - GCE: Preference [User Data\Default] [hdokiejnpimakedhajhdlcegeplioahd] LastPass =>.LastPass
G2 - GCE: Preference [User Data\Default] [mbaanpgkpkoamihninlcegnjclcpibde] Qmee
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] =>.Google Inc. {Wallet}
G2 - GCE: Preference [User Data\Default] [okadibdjfemgnhjiembecghcbfknbfhg] Enhanced Steam =>.enhancedsteam.com
G2 - GCE: Preference [User Data\Default] [pjkljhegncpnkpknbcohdijeoejaedia] http://mail.google.com/ =>.Google Inc. {Gmail}
G2 - GCE: Preference [User Data\Default] [pkedcjkdefgpdelpbcmbmeomcjbeemfm] Chrome Media Router =>.Google Inc.

---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (1) - 0s
P2 - FPN: [HKLM] [@videolan.org/vlc,version=2.2.4] - (.VideoLAN.) -- C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll =>.VideoLAN

---\\ Internet Explorer Extensions, Start, Search (15) - 0s
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation
R3 - URLSearchHook: (no name)[HKCU] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Browser.) (11.00.15063.608 (WinBuild.160101.0800)) -- C:\Windows\SysWOW64\ieframe.dll =>.Microsoft Corporation

---\\ Internet Explorer, Proxy Management (4) - 0s
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies [http://accessunlimitedweb.com/]

---\\ Line Analysis, IniFiles, Auto loading programs (3) - 0s
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe (.Microsoft Corporation.) =>.Microsoft Corporation
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe (.Microsoft Corporation.) =>.Microsoft Corporation
F2 - REG:system.ini: VMApplet=

---\\ Hosts file redirection (1) - 0s
~ Le fichier hôte est sain (The hosts file is clean) (27)

---\\ Browser Helper Object (BHO) (2) - 0s
O2 - BHO: Lync Click to Call BHO [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} . (.Microsoft Corporation - Skype for Business.) -- C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll =>.Microsoft Corporation®
O2 - BHO: Microsoft OneDrive for Business Browser Helper [64Bits] - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} . (.Microsoft Corporation - Microsoft OneDrive for Business Extensions.) -- C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL =>.Microsoft Corporation®

---\\ Global shortcuts Startup (133) - 9s
O4 - GS\Desktop [Administrator]: Blackstar INSIDER.lnk . (...) C:\Users\Tom\AppData\Roaming\Microsoft\Installer\{C7F2434B-AE8C-49C1-84F9-BB2F2A546007}\_60ECA5A00B20A95CAC4E4B.exe
O4 - GS\Desktop [Administrator]: G4FON Koch Trainer.lnk . (...) D:\Program Files (x86)\G4FON Software\Morse Trainer\KochV9_Rx.exe
O4 - GS\Desktop [Administrator]: GHTCP.lnk . (...) C:\Users\Tom\AppData\Roaming\Microsoft\Installer\{FC7CCCFB-2081-4E9D-8F6D-CAAE87267E6C}\_28BB4DA61285E053C6AFC4.exe
O4 - GS\Desktop [Administrator]: Photoshop CS2.lnk . (.Adobe Systems, Incorporated - Adobe Photoshop CS2.) D:\Program Files (x86)\Adobe\Adobe Photoshop CS2\Photoshop.exe =>.Adobe Systems, Incorporated
O4 - GS\Desktop [Administrator]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\Tom\AppData\Roaming\Spotify\Spotify.exe =>.Spotify AB®
O4 - GS\Desktop [Administrator]: The Elder Scrolls Online.lnk . (.ZeniMax Online Studios - ZeniMax Online Studios Launcher.) D:\Games\Launcher\Bethesda.net_Launcher.exe =>.Zenimax Media Inc.®
O4 - GS\Desktop [Administrator]: TOP.lnk . (.Wojtek - TOPLauncher.) C:\Users\Tom\Downloads\pooter\TetrisOnlinePoland_en\TetrisOnlinePoland\TOPLauncher.exe
O4 - GS\Desktop [Administrator]: WinDirStat.lnk . (.Seifert - Windows Directory Statistics.) D:\Program Files (x86)\WinDirStat\windirstat.exe =>.Seifert
O4 - GS\Desktop [Administrator]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Tom\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [Administrator]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\sendTo [Administrator]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
O4 - GS\sendTo [Administrator]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\System32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\sendTo [Administrator]: Skype.lnk . (.Skype Technologies S.A. - Skype.) C:\Program Files (x86)\Skype\Phone\Skype.exe /sendto: =>.Skype Software Sarl®
O4 - GS\TaskBar [Administrator]: Battle.net.lnk . (.Blizzard Entertainment - Blizzard App Launcher.) C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe =>.Blizzard Entertainment, Inc.®
O4 - GS\TaskBar [Administrator]: Discord.lnk . (.Hammer & Chisel, Inc. - Discord.) C:\Users\Tom\AppData\Local\Discord\app-0.0.297\Discord.exe =>.Hammer & Chisel Inc.®
O4 - GS\TaskBar [Administrator]: Excel 2016.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE =>.Microsoft Corporation
O4 - GS\TaskBar [Administrator]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\TaskBar [Administrator]: PowerPoint 2016.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE =>.Microsoft Corporation
O4 - GS\TaskBar [Administrator]: Publisher 2016.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Microsoft Office\root\Office16\MSPUB.EXE =>.Microsoft Corporation
O4 - GS\TaskBar [Administrator]: Steam.lnk . (.Valve Corporation - Steam Client Bootstrapper.) C:\Program Files (x86)\Steam\Steam.exe =>.Valve®
O4 - GS\TaskBar [Administrator]: Word 2016.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE =>.Microsoft Corporation
O4 - GS\Startup [Administrator]: Adobe Gamma.lnk . (.Adobe Systems, Inc. - Adobe Gamma Loader.) C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe =>.Adobe Systems, Inc.
O4 - GS\Programs [Administrator]: Optional Features.lnk . (.Microsoft Corporation - Features On Demand Helper.) C:\Windows\System32\fodhelper.exe =>.Microsoft Corporation
O4 - GS\Programs [Administrator]: osu!.lnk . (...) C:\Users\Tom\Downloads\osu!\osu!.exe
O4 - GS\Programs [Administrator]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\Tom\AppData\Roaming\Spotify\Spotify.exe =>.Spotify AB®
O4 - GS\Programs [Administrator]: Update and Privacy Settings.lnk . (.Microsoft Corporation - UNP UXLauncher.) C:\Windows\System32\UNP\UNPUXLauncher.exe /campaignID {91be532c-f9f1-406a-9858-43697c6f437a} /launchtype toast =>.Microsoft Corporation
O4 - GS\Desktop [Guest]: Blackstar INSIDER.lnk . (...) C:\Users\Tom\AppData\Roaming\Microsoft\Installer\{C7F2434B-AE8C-49C1-84F9-BB2F2A546007}\_60ECA5A00B20A95CAC4E4B.exe
O4 - GS\Desktop [Guest]: G4FON Koch Trainer.lnk . (...) D:\Program Files (x86)\G4FON Software\Morse Trainer\KochV9_Rx.exe
O4 - GS\Desktop [Guest]: GHTCP.lnk . (...) C:\Users\Tom\AppData\Roaming\Microsoft\Installer\{FC7CCCFB-2081-4E9D-8F6D-CAAE87267E6C}\_28BB4DA61285E053C6AFC4.exe
O4 - GS\Desktop [Guest]: Photoshop CS2.lnk . (.Adobe Systems, Incorporated - Adobe Photoshop CS2.) D:\Program Files (x86)\Adobe\Adobe Photoshop CS2\Photoshop.exe =>.Adobe Systems, Incorporated
O4 - GS\Desktop [Guest]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\Tom\AppData\Roaming\Spotify\Spotify.exe =>.Spotify AB®
O4 - GS\Desktop [Guest]: The Elder Scrolls Online.lnk . (.ZeniMax Online Studios - ZeniMax Online Studios Launcher.) D:\Games\Launcher\Bethesda.net_Launcher.exe =>.Zenimax Media Inc.®
O4 - GS\Desktop [Guest]: TOP.lnk . (.Wojtek - TOPLauncher.) C:\Users\Tom\Downloads\pooter\TetrisOnlinePoland_en\TetrisOnlinePoland\TOPLauncher.exe
O4 - GS\Desktop [Guest]: WinDirStat.lnk . (.Seifert - Windows Directory Statistics.) D:\Program Files (x86)\WinDirStat\windirstat.exe =>.Seifert
O4 - GS\Desktop [Guest]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Tom\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [Guest]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\sendTo [Guest]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
O4 - GS\sendTo [Guest]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\System32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\sendTo [Guest]: Skype.lnk . (.Skype Technologies S.A. - Skype.) C:\Program Files (x86)\Skype\Phone\Skype.exe /sendto: =>.Skype Software Sarl®
O4 - GS\TaskBar [Guest]: Battle.net.lnk . (.Blizzard Entertainment - Blizzard App Launcher.) C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe =>.Blizzard Entertainment, Inc.®
O4 - GS\TaskBar [Guest]: Discord.lnk . (.Hammer & Chisel, Inc. - Discord.) C:\Users\Tom\AppData\Local\Discord\app-0.0.297\Discord.exe =>.Hammer & Chisel Inc.®
O4 - GS\TaskBar [Guest]: Excel 2016.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE =>.Microsoft Corporation
O4 - GS\TaskBar [Guest]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\TaskBar [Guest]: PowerPoint 2016.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE =>.Microsoft Corporation
O4 - GS\TaskBar [Guest]: Publisher 2016.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Microsoft Office\root\Office16\MSPUB.EXE =>.Microsoft Corporation
O4 - GS\TaskBar [Guest]: Steam.lnk . (.Valve Corporation - Steam Client Bootstrapper.) C:\Program Files (x86)\Steam\Steam.exe =>.Valve®
O4 - GS\TaskBar [Guest]: Word 2016.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE =>.Microsoft Corporation
O4 - GS\Startup [Guest]: Adobe Gamma.lnk . (.Adobe Systems, Inc. - Adobe Gamma Loader.) C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe =>.Adobe Systems, Inc.
O4 - GS\Programs [Guest]: Optional Features.lnk . (.Microsoft Corporation - Features On Demand Helper.) C:\Windows\System32\fodhelper.exe =>.Microsoft Corporation
O4 - GS\Programs [Guest]: osu!.lnk . (...) C:\Users\Tom\Downloads\osu!\osu!.exe
O4 - GS\Programs [Guest]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\Tom\AppData\Roaming\Spotify\Spotify.exe =>.Spotify AB®
O4 - GS\Programs [Guest]: Update and Privacy Settings.lnk . (.Microsoft Corporation - UNP UXLauncher.) C:\Windows\System32\UNP\UNPUXLauncher.exe /campaignID {91be532c-f9f1-406a-9858-43697c6f437a} /launchtype toast =>.Microsoft Corporation
O4 - GS\Desktop [Tom]: Blackstar INSIDER.lnk . (...) C:\Users\Tom\AppData\Roaming\Microsoft\Installer\{C7F2434B-AE8C-49C1-84F9-BB2F2A546007}\_60ECA5A00B20A95CAC4E4B.exe
O4 - GS\Desktop [Tom]: G4FON Koch Trainer.lnk . (...) D:\Program Files (x86)\G4FON Software\Morse Trainer\KochV9_Rx.exe
O4 - GS\Desktop [Tom]: GHTCP.lnk . (...) C:\Users\Tom\AppData\Roaming\Microsoft\Installer\{FC7CCCFB-2081-4E9D-8F6D-CAAE87267E6C}\_28BB4DA61285E053C6AFC4.exe
O4 - GS\Desktop [Tom]: Photoshop CS2.lnk . (.Adobe Systems, Incorporated - Adobe Photoshop CS2.) D:\Program Files (x86)\Adobe\Adobe Photoshop CS2\Photoshop.exe =>.Adobe Systems, Incorporated
O4 - GS\Desktop [Tom]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\Tom\AppData\Roaming\Spotify\Spotify.exe =>.Spotify AB®
O4 - GS\Desktop [Tom]: The Elder Scrolls Online.lnk . (.ZeniMax Online Studios - ZeniMax Online Studios Launcher.) D:\Games\Launcher\Bethesda.net_Launcher.exe =>.Zenimax Media Inc.®
O4 - GS\Desktop [Tom]: TOP.lnk . (.Wojtek - TOPLauncher.) C:\Users\Tom\Downloads\pooter\TetrisOnlinePoland_en\TetrisOnlinePoland\TOPLauncher.exe
O4 - GS\Desktop [Tom]: WinDirStat.lnk . (.Seifert - Windows Directory Statistics.) D:\Program Files (x86)\WinDirStat\windirstat.exe =>.Seifert
O4 - GS\Desktop [Tom]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Tom\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [Tom]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\sendTo [Tom]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
O4 - GS\sendTo [Tom]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\System32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\sendTo [Tom]: Skype.lnk . (.Skype Technologies S.A. - Skype.) C:\Program Files (x86)\Skype\Phone\Skype.exe /sendto: =>.Skype Software Sarl®
O4 - GS\TaskBar [Tom]: Battle.net.lnk . (.Blizzard Entertainment - Blizzard App Launcher.) C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe =>.Blizzard Entertainment, Inc.®
O4 - GS\TaskBar [Tom]: Discord.lnk . (.Hammer & Chisel, Inc. - Discord.) C:\Users\Tom\AppData\Local\Discord\app-0.0.297\Discord.exe =>.Hammer & Chisel Inc.®
O4 - GS\TaskBar [Tom]: Excel 2016.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE =>.Microsoft Corporation
O4 - GS\TaskBar [Tom]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\TaskBar [Tom]: PowerPoint 2016.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE =>.Microsoft Corporation
O4 - GS\TaskBar [Tom]: Publisher 2016.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Microsoft Office\root\Office16\MSPUB.EXE =>.Microsoft Corporation
O4 - GS\TaskBar [Tom]: Steam.lnk . (.Valve Corporation - Steam Client Bootstrapper.) C:\Program Files (x86)\Steam\Steam.exe =>.Valve®
O4 - GS\TaskBar [Tom]: Word 2016.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE =>.Microsoft Corporation
O4 - GS\Startup [Tom]: Adobe Gamma.lnk . (.Adobe Systems, Inc. - Adobe Gamma Loader.) C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe =>.Adobe Systems, Inc.
O4 - GS\Programs [Tom]: Optional Features.lnk . (.Microsoft Corporation - Features On Demand Helper.) C:\Windows\System32\fodhelper.exe =>.Microsoft Corporation
O4 - GS\Programs [Tom]: osu!.lnk . (...) C:\Users\Tom\Downloads\osu!\osu!.exe
O4 - GS\Programs [Tom]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\Tom\AppData\Roaming\Spotify\Spotify.exe =>.Spotify AB®
O4 - GS\Programs [Tom]: Update and Privacy Settings.lnk . (.Microsoft Corporation - UNP UXLauncher.) C:\Windows\System32\UNP\UNPUXLauncher.exe /campaignID {91be532c-f9f1-406a-9858-43697c6f437a} /launchtype toast =>.Microsoft Corporation
O4 - GS\CommonDesktop [Public]: Arduino.lnk . (.Arduino LLC - Arduino IDE.) D:\Program Files (x86)\Arduino\arduino.exe =>.Arduino LLC
O4 - GS\CommonDesktop [Public]: Battle.net.lnk . (.Blizzard Entertainment - Blizzard App Launcher.) C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe =>.Blizzard Entertainment, Inc.®
O4 - GS\CommonDesktop [Public]: GeForce Experience.lnk . (.NVIDIA Corporation - NVIDIA GeForce Experience.) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe =>.NVIDIA Corporation®
O4 - GS\CommonDesktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\CommonDesktop [Public]: Overwatch.lnk . (.Blizzard Entertainment - Overwatch Setup.) C:\Program Files (x86)\Overwatch\Overwatch Launcher.exe =>.Blizzard Entertainment, Inc.®
O4 - GS\CommonDesktop [Public]: Skype.lnk . (...) C:\WINDOWS\Installer\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}\SkypeIcon.exe =>.Skype Technologies
O4 - GS\CommonDesktop [Public]: Steam.lnk . (.Valve Corporation - Steam Client Bootstrapper.) C:\Program Files (x86)\Steam\Steam.exe =>.Valve®
O4 - GS\CommonDesktop [Public]: TeamSpeak 3 Client.lnk . (.TeamSpeak Systems GmbH - TeamSpeak 3 Client.) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe =>.TeamSpeak Systems GmbH®
O4 - GS\CommonDesktop [Public]: Unity 5.6.1f1 (64-bit).lnk . (.Unity Technologies ApS - Unity Editor.) C:\Program Files\Unity\Editor\Unity.exe =>.Unity Technologies SF®
O4 - GS\CommonDesktop [Public]: Wondershare Filmora.lnk . (.Wondershare Software - Wondershare Filmora.) C:\Program Files\Wondershare\Wondershare Filmora\Filmora.exe =>.Wondershare Technology Co.,Ltd®
O4 - GS\Programs [Public]: Optional Features.lnk . (.Microsoft Corporation - Features On Demand Helper.) C:\Windows\System32\fodhelper.exe =>.Microsoft Corporation
O4 - GS\Programs [Public]: osu!.lnk . (...) C:\Users\Tom\Downloads\osu!\osu!.exe
O4 - GS\Programs [Public]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\Tom\AppData\Roaming\Spotify\Spotify.exe =>.Spotify AB®
O4 - GS\Programs [Public]: Update and Privacy Settings.lnk . (.Microsoft Corporation - UNP UXLauncher.) C:\Windows\System32\UNP\UNPUXLauncher.exe /campaignID {91be532c-f9f1-406a-9858-43697c6f437a} /launchtype toast =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Accessories [Public]: Notepad.lnk . (.Microsoft Corporation - Notepad.) C:\WINDOWS\system32\notepad.exe =>.Microsoft Corporation
O4 - GS\Startup [Public]: SteelSeries Engine 3.lnk . (.SteelSeries ApS - SteelSeries Engine 3 Core.) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe -dataPath="C:\ProgramData\SteelSeries\SteelSeries Engine 3" -dbEnv=production -auto=true =>.SteelSeries ApS®
O4 - GS\Accessories [Public]: Math Input Panel.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\mip.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Paint.lnk . (.Microsoft Corporation - Paint.) C:\WINDOWS\system32\mspaint.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Quick Assist.lnk . (.Microsoft Corporation - Quick Assist.) C:\WINDOWS\system32\quickassist.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Remote Desktop Connection.lnk . (.Microsoft Corporation - Remote Desktop Connection.) C:\WINDOWS\system32\mstsc.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Snipping Tool.lnk . (.Microsoft Corporation - Snipping Tool.) C:\WINDOWS\system32\SnippingTool.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Steps Recorder.lnk . (.Microsoft Corporation - Steps Recorder.) C:\WINDOWS\system32\psr.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Windows Fax and Scan.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\WINDOWS\system32\WFS.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Wordpad.lnk . (.Microsoft Corporation - Windows Wordpad Application.) C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: XPS Viewer.lnk . (.Microsoft Corporation - XPS Viewer.) C:\WINDOWS\system32\xpsrchvw.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Character Map.lnk . (.Microsoft Corporation - Character Map.) C:\WINDOWS\system32\charmap.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Access 2016.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Microsoft Office\root\Office16\MSACCESS.EXE =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Adobe Bridge.lnk . (.Adobe Systems, Inc. - Adobe Bridge.) C:\Program Files (x86)\Adobe\Adobe Bridge\Bridge.exe =>.Adobe Systems, Inc.
O4 - GS\ProgramsCommon [Public]: Adobe Help Center.lnk . (.Adobe Systems Incorporated - .) C:\Program Files (x86)\Adobe\Adobe Help Center\ahc.exe =>.Adobe Systems Incorporated
O4 - GS\ProgramsCommon [Public]: Adobe ImageReady CS2.lnk . (.Adobe Systems Incorporated - ImageReady CS2.) D:\Program Files (x86)\Adobe\Adobe Photoshop CS2\ImageReady.exe =>.Adobe Systems Incorporated
O4 - GS\ProgramsCommon [Public]: Adobe Photoshop CS2.lnk . (.Adobe Systems, Incorporated - Adobe Photoshop CS2.) D:\Program Files (x86)\Adobe\Adobe Photoshop CS2\Photoshop.exe =>.Adobe Systems, Incorporated
O4 - GS\ProgramsCommon [Public]: Apple Software Update.lnk . (...) C:\WINDOWS\Installer\{56EC47AA-5813-4FF6-8E75-544026FBEA83}\AppleSoftwareUpdateIco.exe =>.Apple Inc.
O4 - GS\ProgramsCommon [Public]: Arduino.lnk . (.Arduino LLC - Arduino IDE.) D:\Program Files (x86)\Arduino\arduino.exe =>.Arduino LLC
O4 - GS\ProgramsCommon [Public]: Audacity.lnk . (.The Audacity Team - Audacity®, the Free, Cross-Platform Sound E.) D:\Program Files (x86)\Audacity\audacity.exe =>.James Crook®
O4 - GS\ProgramsCommon [Public]: Excel 2016.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: GIMP 2.lnk . (.Spencer Kimball, Peter Mattis and the GIMP Developmen - GNU Image Manipulation Program.) D:\Program Files\GIMP 2\bin\gimp-2.8.exe =>.Jernej Simončič®
O4 - GS\ProgramsCommon [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\ProgramsCommon [Public]: Immersive Control Panel.lnk . (.Microsoft Corporation - Windows Control Panel.) C:\WINDOWS\System32\Control.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: MiracastView.lnk . (.Microsoft Corporation - MiracastView.) C:\WINDOWS\MiracastView\MiracastView.exe =>.Microsoft Windows®
O4 - GS\ProgramsCommon [Public]: Movie Maker.lnk . (.Microsoft Corporation - Movie Maker.) C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe =>.Microsoft Corporation®
O4 - GS\ProgramsCommon [Public]: OneDrive for Business.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVE.EXE =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: OneNote 2016.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Outlook 2016.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Photo Gallery.lnk . (.Microsoft Corporation - Photo Gallery.) C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe =>.Microsoft Corporation®
O4 - GS\ProgramsCommon [Public]: PowerPoint 2016.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: PrintDialog.lnk . (.Microsoft Corporation - Print Dialog.) C:\WINDOWS\PrintDialog\PrintDialog.exe =>.Microsoft Windows®
O4 - GS\ProgramsCommon [Public]: Publisher 2016.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Microsoft Office\root\Office16\MSPUB.EXE =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Skype for Business 2016.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: TeamSpeak 3 Client.lnk . (.TeamSpeak Systems GmbH - TeamSpeak 3 Client.) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe =>.TeamSpeak Systems GmbH®
O4 - GS\ProgramsCommon [Public]: Visual Studio 2017.lnk . (.Microsoft Corporation - Microsoft Visual Studio 2017.) C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\Common7\IDE\devenv.exe =>.Microsoft Corporation®
O4 - GS\ProgramsCommon [Public]: Visual Studio Installer.lnk . (.Microsoft Corporation - Visual Studio Installer.) C:\Program Files (x86)\Microsoft Visual Studio\Installer\vs_installer.exe =>.Microsoft Corporation®
O4 - GS\ProgramsCommon [Public]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Word 2016.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE =>.Microsoft Corporation

---\\ Lop.com/Domain Hijackers (5) - 0s
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpDomain = home.lan =>.Local Domain
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 =>.Local IP Adress
O17 - HKLM\System\CCS\Services\Tcpip\..\{9592b15e-0986-4b06-82d9-a04d32ecc759}: NameServer = 8.8.8.8,8.8.4.4 =>.France Google Cloud
O17 - HKLM\System\CCS\Services\Tcpip\..\{9592b15e-0986-4b06-82d9-a04d32ecc759}: DhcpNameServer = 192.168.1.1 =>.Local IP Adress
O17 - HKLM\System\CCS\Services\Tcpip\..\{9592b15e-0986-4b06-82d9-a04d32ecc759}: DhcpDomain = home.lan =>.Local Domain

---\\ Extra protocols (27) - 0s
O18 - Handler: about [64Bits] - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: cdl [64Bits] - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: dvd [64Bits] - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\Windows\SysWOW64\MSVidCtl.dll =>.Microsoft Corporation
O18 - Handler: file [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: ftp [64Bits] - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: http [64Bits] - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: https [64Bits] - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\SysWOW64\itss.dll =>.Microsoft Corporation
O18 - Handler: javascript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: local [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: mailto [64Bits] - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: mhtml [64Bits] - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\SysWOW64\inetcomm.dll =>.Microsoft Corporation
O18 - Handler: mk [64Bits] - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: ms-its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\SysWOW64\itss.dll =>.Microsoft Corporation
O18 - Handler: mso-minsb-roaming.16 [64Bits] - {83C25742-A9F7-49FB-9138-434302C88D07} . (.Microsoft Corporation - Microsoft Office 2016 component.) -- C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL =>.Microsoft Corporation®
O18 - Handler: mso-minsb.16 [64Bits] - {42089D2D-912D-4018-9087-2B87803E93FB} . (.Microsoft Corporation - Microsoft Office 2016 component.) -- C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL =>.Microsoft Corporation®
O18 - Handler: osf-roaming.16 [64Bits] - {42089D2D-912D-4018-9087-2B87803E93FB} . (.Microsoft Corporation - Microsoft Office 2016 component.) -- C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL =>.Microsoft Corporation®
O18 - Handler: osf.16 [64Bits] - {5504BE45-A83B-4808-900A-3A5C36E7F77A} . (.Microsoft Corporation - Microsoft Office 2016 component.) -- C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL =>.Microsoft Corporation®
O18 - Handler: res [64Bits] - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: tbauth [64Bits] - {14654CA6-5711-491D-B89A-58E571679951} . (.Microsoft Corporation - TBAuth protocol handler.) -- C:\Windows\SysWOW64\tbauth.dll =>.Microsoft Corporation
O18 - Handler: tv [64Bits] - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\Windows\SysWOW64\MSVidCtl.dll =>.Microsoft Corporation
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: windows.tbauth [64Bits] - {14654CA6-5711-491D-B89A-58E571679951} . (.Microsoft Corporation - TBAuth protocol handler.) -- C:\Windows\SysWOW64\tbauth.dll =>.Microsoft Corporation
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Photo Gallery Album Download Protocol Handl.) -- C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll =>.Microsoft Corporation®
O18 - Filter: application/octet-stream [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\SysWOW64\mscoree.dll =>.Microsoft Corporation
O18 - Filter: application/x-complus [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\SysWOW64\mscoree.dll =>.Microsoft Corporation
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\SysWOW64\mscoree.dll =>.Microsoft Corporation

---\\ Software installed (168) - 13s
O42 - Logiciel: 12 is Better Than 6 - (.Ink Stains Games.) [HKLM][64Bits] -- Steam App 410110 =>.Valve®
O42 - Logiciel: 7-Zip 16.02 (x64) - (.Igor Pavlov.) [HKLM][64Bits] -- 7-Zip =>.Igor Pavlov
O42 - Logiciel: 8BitBoy - (.AwesomeBlade.) [HKLM][64Bits] -- Steam App 296910 =>.Valve®
O42 - Logiciel: Adobe Bridge 1.0 - (.Adobe Systems.) [HKLM][64Bits] -- {B74D4E10-1033-0000-0000-000000000001} =>.Adobe Systems
O42 - Logiciel: Adobe Common File Installer - (.Adobe System Incorporated.) [HKLM][64Bits] -- {8EDBA74D-0686-4C99-BFDD-F894678E5B39} =>.Adobe System Incorporated
O42 - Logiciel: Adobe Help Center 1.0 - (.Adobe Systems.) [HKLM][64Bits] -- {E9787678-1033-0000-8E67-000000000001} =>.Adobe Systems
O42 - Logiciel: Adobe Photoshop CS2 - (.Adobe Systems, Inc..) [HKLM][64Bits] -- {236BB7C4-4419-42FD-0409-1E257A25E34D} =>.Adobe Systems, Inc.
O42 - Logiciel: Adobe Photoshop CS2 - (.Adobe Systems, Inc..) [HKLM][64Bits] -- Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D} =>.Adobe Systems, Inc.
O42 - Logiciel: Adobe Stock Photos 1.0 - (.Adobe Systems.) [HKLM][64Bits] -- {786C5747-1033-0000-B58E-000000000001} =>.Adobe Systems
O42 - Logiciel: Adventure in the Tower of Flight - (.Pixel Barrage Entertainment, Inc..) [HKLM][64Bits] -- Steam App 368830 =>.Valve®
O42 - Logiciel: Apowersoft Phone Manager version 2.8.4 - (.APOWERSOFT LIMITED.) [HKLM][64Bits] -- {4A00E3C4-2D0F-4AE7-9F2A-74870BE09EF8}_is1 =>.APOWERSOFT LIMITED
O42 - Logiciel: Apple Application Support (32-bit) - (.Apple Inc..) [HKLM][64Bits] -- {9BA1A894-B42F-4805-BC8C-349C905A3930} =>.Apple Inc.
O42 - Logiciel: Apple Application Support (64-bit) - (.Apple Inc..) [HKLM][64Bits] -- {7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13} =>.Apple Inc.
O42 - Logiciel: Apple Mobile Device Support - (.Apple Inc..) [HKLM][64Bits] -- {55BB2110-FB43-49B3-93F4-945A0CFB0A6C} =>.Apple Inc.
O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM][64Bits] -- {56EC47AA-5813-4FF6-8E75-544026FBEA83} =>.Apple Inc.
O42 - Logiciel: Arduino - (.Arduino LLC.) [HKLM][64Bits] -- Arduino =>.Arduino LLC
O42 - Logiciel: Audacity 2.1.3 - (.Audacity Team.) [HKLM][64Bits] -- Audacity®_is1 =>.Audacity Team
O42 - Logiciel: Battle.net - (.Blizzard Entertainment.) [HKLM][64Bits] -- Battle.net =>.Blizzard Entertainment, Inc.®
O42 - Logiciel: Blackstar INSIDER - (.Blackstar Amplification Ltd..) [HKLM][64Bits] -- {C7F2434B-AE8C-49C1-84F9-BB2F2A546007}
O42 - Logiciel: Blackstar INSIDER Interface - (.www.blackstaramps.com.) [HKCU][64Bits] -- 3322152541.www.blackstaramps.com
O42 - Logiciel: Blender 2.78 - (.Blender Foundation.) [HKLM][64Bits] -- Steam App 365670 =>.Valve®
O42 - Logiciel: Bonjour - (.Apple Inc..) [HKLM][64Bits] -- {56DDDFB8-7F79-4480-89D5-25E1F52AB28F} =>.Apple Inc.
O42 - Logiciel: Brawlhalla - (.Blue Mammoth Games.) [HKLM][64Bits] -- Steam App 291550 =>.Valve®
O42 - Logiciel: Brother MFL-Pro Suite DCP-9020CDW - (.Brother Industries, Ltd..) [HKLM][64Bits] -- {E98A9C92-E767-475B-8BC6-8780A86DDC72} =>.Macrovision Corporation®
O42 - Logiciel: Clustertruck - (.Landfall Games.) [HKLM][64Bits] -- Steam App 397950 =>.Valve®
O42 - Logiciel: Counter-Strike: Global Offensive - (.Valve.) [HKLM][64Bits] -- Steam App 730 =>.Valve®
O42 - Logiciel: D3DX10 - (.Microsoft.) [HKLM][64Bits] -- {E09C4DB7-630C-4F06-A631-8EA7239923AF} =>.Microsoft
O42 - Logiciel: Discord - (.Hammer & Chisel, Inc..) [HKCU][64Bits] -- Discord =>.Hammer & Chisel, Inc.
O42 - Logiciel: DLC Quest - (.Going Loud Studios.) [HKLM][64Bits] -- Steam App 230050 =>.Valve®
O42 - Logiciel: Enemy Mind - (.Schell Games.) [HKLM][64Bits] -- Steam App 285840 =>.Valve®
O42 - Logiciel: Epic Games Launcher - (.Epic Games, Inc..) [HKLM][64Bits] -- {2DE76AAC-8061-4D9B-B7BA-A7CFBE0F8048} =>.Epic Games, Inc.
O42 - Logiciel: Epic Games Launcher Prerequisites (x64) - (.Epic Games, Inc..) [HKLM][64Bits] -- {66C5838F-B854-4A55-89E6-A6138747A4DF} =>.Epic Games, Inc.
O42 - Logiciel: Flinthook - (.Tribute Games Inc..) [HKLM][64Bits] -- Steam App 401710 =>.Valve®
O42 - Logiciel: Free Pascal 3.0.0 - (.Free Pascal Team.) [HKLM][64Bits] -- FreePascal_is1
O42 - Logiciel: G4FON Koch Method Morse Trainer - (..) [HKLM][64Bits] -- G4FON Koch Method Morse Trainer
O42 - Logiciel: GameGuru - (.The Game Creators.) [HKLM][64Bits] -- Steam App 266310 =>.Valve®
O42 - Logiciel: GameLooper - (.GameLooper.) [HKLM][64Bits] -- Steam App 435060 =>.Valve®
O42 - Logiciel: GCFScape 1.8.6 - (.Ryan Gregg.) [HKLM][64Bits] -- GCFScape_is1 =>.Ryan Gregg
O42 - Logiciel: GIMP 2.8.22 - (.The GIMP Team.) [HKLM][64Bits] -- GIMP-2_is1 =>.Jernej Simončič®
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM][64Bits] -- Google Chrome =>.Google Inc®
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM][64Bits] -- {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} =>.Google Inc.
O42 - Logiciel: Grapple - (.Tuesday Society.) [HKLM][64Bits] -- Steam App 268320 =>.Valve®
O42 - Logiciel: Gtk# for .Net 2.12.26 - (.Xamarin, Inc..) [HKLM][64Bits] -- {BC25B808-A11C-4C9F-9C0A-6682E47AAB83} =>.Xamarin, Inc.
O42 - Logiciel: Guitar Hero III - (.Aspyr.) [HKLM][64Bits] -- {0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}
O42 - Logiciel: Guitar Hero Three Control Panel - (.Sigma Production Inc..) [HKLM][64Bits] -- {FC7CCCFB-2081-4E9D-8F6D-CAAE87267E6C}
O42 - Logiciel: Half-Life(R) 2 - (.Valve.) [HKLM][64Bits] -- {D45EC259-4A19-4656-B588-C2C360DD18EA} =>.Valve
O42 - Logiciel: Heroes of the Storm - (.Blizzard Entertainment.) [HKLM][64Bits] -- Heroes of the Storm =>.Blizzard Entertainment, Inc.®
O42 - Logiciel: Hi-Rez Studios Authenticate and Update Service - (.Hi-Rez Studios.) [HKLM][64Bits] -- {3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC} =>.Hi-Rez Studios
O42 - Logiciel: INK - (.ZackBellGames.) [HKLM][64Bits] -- Steam App 385710 =>.Valve®
O42 - Logiciel: iTunes - (.Apple Inc..) [HKLM][64Bits] -- {9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB} =>.Apple Inc.
O42 - Logiciel: Jotun - (.Thunder Lotus Games.) [HKLM][64Bits] -- Steam App 323580 =>.Valve®
O42 - Logiciel: Kreedz Climbing - (.ObsessionSoft.) [HKLM][64Bits] -- Steam App 626680 =>.Valve®
O42 - Logiciel: Launcher Prerequisites (x64) - (.Epic Games, Inc..) [HKLM][64Bits] -- {c6c5a357-c7ca-4a5f-9789-3bb1af579253} =>.Epic Games Inc.®
O42 - Logiciel: Livestreamer 1.12.2 - (..) [HKLM][64Bits] -- Livestreamer
O42 - Logiciel: Logitech Gaming Software - (.Logitech Inc..) [HKLM][64Bits] -- {690285C2-2481-44FB-8402-162EA970A6DD} =>.Logitech Inc.
O42 - Logiciel: Logitech Gaming Software 8.92 - (.Logitech Inc..) [HKLM][64Bits] -- Logitech Gaming Software =>.Logitech Inc®
O42 - Logiciel: Malwarebytes version 3.2.2.2029 - (.Malwarebytes.) [HKLM][64Bits] -- {35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1 =>.Malwarebytes Corporation®
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM][64Bits] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} =>.Microsoft Corporation
O42 - Logiciel: Microsoft XNA Framework Redistributable 4.0 Refresh - (.Microsoft Corporation.) [HKLM][64Bits] -- {D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F} =>.Microsoft Corporation
O42 - Logiciel: Minecraft - (.Mojang.) [HKLM][64Bits] -- {1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872} =>.Mojang
O42 - Logiciel: MorphVOX Pro - (.Screaming Bee.) [HKLM][64Bits] -- {75B956F9-D72D-4929-B695-120D70E8AEE1} =>.Screaming Bee
O42 - Logiciel: MSVCRT110 - (.Microsoft.) [HKLM][64Bits] -- {8E14DDC8-EA60-4E18-B3E3-1937104D5BDA} =>.Microsoft
O42 - Logiciel: Murder Miners - (.JForce Games.) [HKLM][64Bits] -- Steam App 274900 =>.Valve®
O42 - Logiciel: No Time To Explain Remastered - (.tinyBuild.) [HKLM][64Bits] -- Steam App 368730 =>.Valve®
O42 - Logiciel: NVIDIA 3D Vision Controller Driver 364.44 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA 3D Vision Driver 376.53 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Backend - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvBackend =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Container - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Control Panel 382.05 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Display Container - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainer =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Display Container LS - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainerLS =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Display Session Container - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplaySessionContainer =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Display Watchdog Plugin - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayPluginWatchdog =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA GeForce Experience 3.8.0.89 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Graphics Driver 376.53 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA HD Audio Driver 1.3.34.17 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Install Application - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA LocalSystem Container - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.LocalSystem =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Message Bus for NvContainer - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.MessageBus =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA NetworkService Container - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NetworkService =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA NodeJS - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Optimus Update 27.1.0.0 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA PhysX System Software 9.16.0318 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Session Container - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.Session =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA ShadowPlay 3.8.0.89 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay =>.NVIDIA Corporation
O42 - Logiciel: Nvidia Share - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_OSC =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA SHIELD Streaming - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA SHIELD Wireless Controller Driver - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Stereoscopic 3D Driver - (.NVIDIA Corporation.) [HKLM][64Bits] -- NVIDIAStereo =>.NVIDIA Corporation®
O42 - Logiciel: NVIDIA Telemetry Client - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Telemetry Container - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetryContainer =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Update 27.1.0.0 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Update Core - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA User Container - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.User =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Virtual Audio 3.90.1 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Virtual Host Controller - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Watchdog Plugin for NvContainer - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvPlugin.Watchdog =>.NVIDIA Corporation
O42 - Logiciel: OBS Studio - (.OBS Project.) [HKLM][64Bits] -- OBS Studio =>.OBS Project
O42 - Logiciel: Office 16 Click-to-Run Extensibility Component - (.Microsoft Corporation.) [HKLM][64Bits] -- {90160000-008C-0000-1000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Office 16 Click-to-Run Licensing Component - (.Microsoft Corporation.) [HKLM][64Bits] -- {90160000-007E-0000-1000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Office 16 Click-to-Run Localization Component - (.Microsoft Corporation.) [HKLM][64Bits] -- {90160000-008C-0409-1000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: One Finger Death Punch - (.Silver Dollar Games.) [HKLM][64Bits] -- Steam App 264200 =>.Valve®
O42 - Logiciel: OpenAL - (.Open Audio Library.) [HKLM][64Bits] -- OpenAL =>.Creative Labs Inc®
O42 - Logiciel: osu! - (.ppy Pty Ltd.) [HKLM][64Bits] -- {8b8cf839-c99a-4c57-a05e-1400933bf99b} =>.ppy Pty Ltd
O42 - Logiciel: Overwatch - (.Blizzard Entertainment.) [HKLM][64Bits] -- Overwatch =>.Blizzard Entertainment, Inc.®
O42 - Logiciel: Poi - (.PolyKid.) [HKLM][64Bits] -- Steam App 401810 =>.Valve®
O42 - Logiciel: Pokemon Showdown - (."Pokemon Showdown".) [HKLM][64Bits] -- Pokemon Showdown
O42 - Logiciel: Poker Night at the Inventory - (.Telltale Games.) [HKLM][64Bits] -- Steam App 31280 =>.Valve®
O42 - Logiciel: Portal - (.Valve.) [HKLM][64Bits] -- Steam App 400 =>.Valve®
O42 - Logiciel: Portal 2 - (.Valve.) [HKLM][64Bits] -- Steam App 620 =>.Valve®
O42 - Logiciel: Race The Sun - (.Flippfly LLC.) [HKLM][64Bits] -- Steam App 253030 =>.Valve®
O42 - Logiciel: Ratz Instagib 2.0 - (.Lino Slahuschek.) [HKLM][64Bits] -- Steam App 338170 =>.Valve®
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM][64Bits] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} =>.Realtek Semiconductor Corp®
O42 - Logiciel: Refunct - (.Dominique Grieshofer.) [HKLM][64Bits] -- Steam App 406150 =>.Valve®
O42 - Logiciel: Rocket League - (.Psyonix, Inc..) [HKLM][64Bits] -- Steam App 252950 =>.Valve®
O42 - Logiciel: Rust - (.Facepunch Studios.) [HKLM][64Bits] -- Steam App 252490 =>.Valve®
O42 - Logiciel: Skullgirls - (.Lab Zero Games.) [HKLM][64Bits] -- Steam App 245170 =>.Valve®
O42 - Logiciel: Skype™ 7.35 - (.Skype Technologies S.A..) [HKLM][64Bits] -- {3B7E914A-93D5-4A29-92BB-AF8C3F66C431} =>.Skype Technologies S.A.
O42 - Logiciel: SL-6640-SBK BLACK WIDOW Flightstick - (..) [HKLM][64Bits] -- SL-6640-SBK BLACK WIDOW Flightstick
O42 - Logiciel: Source SDK - (.Valve.) [HKLM][64Bits] -- Steam App 211 =>.Valve®
O42 - Logiciel: Sparkour Alpha Demo - (.Reeline Studios.) [HKLM][64Bits] -- Steam App 517690 =>.Valve®
O42 - Logiciel: SpeedRunners - (.DoubleDutch Games.) [HKLM][64Bits] -- Steam App 207140 =>.Valve®
O42 - Logiciel: Spotify - (.Spotify AB.) [HKCU][64Bits] -- Spotify =>.Spotify AB®
O42 - Logiciel: Spriter Pro - (.BrashMonkey.) [HKLM][64Bits] -- Steam App 332360 =>.Valve®
O42 - Logiciel: Steam - (.Valve Corporation.) [HKLM][64Bits] -- Steam =>.Valve®
O42 - Logiciel: SteelSeries Engine 3.11.1 - (.SteelSeries ApS.) [HKLM][64Bits] -- SteelSeries Engine 3 =>.SteelSeries ApS®
O42 - Logiciel: Stencyl - (.Stencyl, LLC.) [HKLM][64Bits] -- Stencyl
O42 - Logiciel: Super Hipster Lumberjack - (.Day Dreamer Games.) [HKLM][64Bits] -- Steam App 388340 =>.Valve®
O42 - Logiciel: Team Fortress 2 - (.Valve.) [HKLM][64Bits] -- Steam App 440 =>.Valve®
O42 - Logiciel: TeamSpeak 3 Client - (.TeamSpeak Systems GmbH.) [HKLM][64Bits] -- TeamSpeak 3 Client =>.TeamSpeak Systems GmbH
O42 - Logiciel: TEKKEN 7 - (.BANDAI NAMCO Studios Inc..) [HKLM][64Bits] -- Steam App 389730 =>.Valve®
O42 - Logiciel: The Elder Scrolls Online - (.Zenimax Online Studios.) [HKLM][64Bits] -- The Elder Scrolls Online =>.Zenimax Online Studios
O42 - Logiciel: Unity - (.Unity Technologies ApS.) [HKLM][64Bits] -- Unity =>.Unity Technologies SF®
O42 - Logiciel: Unreal Development Kit: 2013-02 - (.Epic Games, Inc..) [HKLM][64Bits] -- UDK-8f52df52-7c0d-4c3a-9790-1b0cc4251882 =>.Epic Games Inc.®
O42 - Logiciel: UserTesting - (.UserTesting.com.) [HKCU][64Bits] -- UserTestingPlugin
O42 - Logiciel: VLC media player - (.VideoLAN.) [HKLM][64Bits] -- VLC media player =>.VideoLAN
O42 - Logiciel: Volo Airsport - (.Ramjet Anvil.) [HKLM][64Bits] -- Steam App 329190 =>.Valve®
O42 - Logiciel: vs_communitymsi - (.Microsoft Corporation.) [HKLM][64Bits] -- {A041943F-C97B-48F6-8F23-C5078F99BB3A} =>.Microsoft Corporation
O42 - Logiciel: vs_communitymsires - (.Microsoft Corporation.) [HKLM][64Bits] -- {1210EE60-E253-407D-B537-D36898049CF0} =>.Microsoft Corporation
O42 - Logiciel: vs_devenvmsi - (.Microsoft Corporation.) [HKLM][64Bits] -- {581E5656-26E2-4A02-9711-48C8E4998310} =>.Microsoft Corporation
O42 - Logiciel: vs_filehandler_amd64 - (.Microsoft Corporation.) [HKLM][64Bits] -- {15D591B0-7B40-4957-B6C0-EB7452B5AAB6} =>.Microsoft Corporation
O42 - Logiciel: vs_filehandler_x86 - (.Microsoft Corporation.) [HKLM][64Bits] -- {DC296244-0701-4EDE-9696-05B9C1D017B3} =>.Microsoft Corporation
O42 - Logiciel: vs_FileTracker_Singleton - (.Microsoft Corporation.) [HKLM][64Bits] -- {11230C85-1813-4BC3-9C24-E0B74B59653E} =>.Microsoft Corporation
O42 - Logiciel: vs_minshellinteropmsi - (.Microsoft Corporation.) [HKLM][64Bits] -- {9477F337-FD16-4ACA-8217-E2D7A0F92603} =>.Microsoft Corporation
O42 - Logiciel: vs_minshellmsi - (.Microsoft Corporation.) [HKLM][64Bits] -- {497A5ACE-DA03-4412-A110-910B2C450720} =>.Microsoft Corporation
O42 - Logiciel: vs_minshellmsires - (.Microsoft Corporation.) [HKLM][64Bits] -- {A8B77523-13AB-46B9-B54F-5483E09668F9} =>.Microsoft Corporation
O42 - Logiciel: VTFEdit 1.2.5 - (.Neil Jedrzejewski & Ryan Gregg.) [HKLM][64Bits] -- VTFEdit_is1 =>.Neil Jedrzejewski & Ryan Gregg
O42 - Logiciel: Vulkan Run Time Libraries 1.0.26.0 - (.LunarG, Inc..) [HKLM][64Bits] -- VulkanRT1.0.26.0 =>.LunarG, Inc.®
O42 - Logiciel: VVVVVV - (.Terry Cavanagh.) [HKLM][64Bits] -- Steam App 70300 =>.Valve®
O42 - Logiciel: WinDirStat 1.1.2 - (.Seifert Systems.) [HKCU][64Bits] -- WinDirStat =>.Seifert Systems
O42 - Logiciel: Windows 10 Update and Privacy Settings - (.Microsoft Corporation.) [HKLM][64Bits] -- {4DFCD818-036A-4229-A67D-CF17DC461D92} =>.Microsoft Corporation
O42 - Logiciel: Windows Driver Package - Adafruit Industries LLC (usbser) Ports (02/25/201 - (.Adafruit Industries LLC.) [HKLM][64Bits] -- 1245A5961AC9D2C18ADF9EEC931D77E059B7F74E =>.Future Technology Devices International Ltd®
O42 - Logiciel: Windows Driver Package - Adafruit Industries LLC (usbser) Ports (05/06/201 - (.Adafruit Industries LLC.) [HKLM][64Bits] -- DCB075664682927C9BBCC4197B223FD46536AC11 =>.Future Technology Devices International Ltd®
O42 - Logiciel: Windows Driver Package - ArcBotics LLC (www.arcbotics.com) Sparki USB Drive - (.ArcBotics LLC (www.arcbotics.com).) [HKLM][64Bits] -- 7141494BA4FCE256201C72C9447D31AD95B0183F {0640392F1B64F86FA78A3DECE3456389}
O42 - Logiciel: Windows Driver Package - Arduino LLC (www.arduino.cc) Arduino USB Driver (0 - (.Arduino LLC (www.arduino.cc).) [HKLM][64Bits] -- 1E3EA5624DD04BEFECF3FFF6D3A21CCE9CD70A91 =>.Future Technology Devices International Ltd®
O42 - Logiciel: Windows Driver Package - ATMEL, Inc. (usbser) Ports (01/08/2013 6.0.0.0) - (.ATMEL, Inc..) [HKLM][64Bits] -- 0ED695C81FAE1F3FF0020BB04E14E01EC7AFA041 =>.Future Technology Devices International Ltd®
O42 - Logiciel: Windows Driver Package - BirdBrain Technologies LLC (www.birdbraintechnolog - (.BirdBrain Technologies LLC (www.birdbraintechnologies.com).) [HKLM][64Bits] -- D3CF67D79398A460216FE982E95D3F3ED9D00969 =>.CODEBENDER OOD®
O42 - Logiciel: Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (07/12/2 - (.FTDI.) [HKLM][64Bits] -- 22CCD58B53472BE3FCAFF05631111C4062959A43 =>.Future Technology Devices International Ltd®
O42 - Logiciel: Windows Driver Package - FTDI CDM Driver Package - VCP Driver (07/12/2013 2 - (.FTDI.) [HKLM][64Bits] -- BD00013670D26C16E19F284BF8E15DAF813497C7 =>.Future Technology Devices International Ltd®
O42 - Logiciel: Windows Driver Package - libusbK AVRISP mkII (04/27/2014 3.0.7.0) - (.libusbK.) [HKLM][64Bits] -- 053CDDAAECC24EBC2DB6F865540D8056F5FE3FCA {091E467CEB42A5E245C2A5F4C9993EBC}
O42 - Logiciel: Windows Driver Package - libusbK USBasp (04/27/2014 3.0.7.0) - (.libusbK.) [HKLM][64Bits] -- B5255A6AF36AB651D9EFB929ACA27523F06F35E5 {091E467CEB42A5E245C2A5F4C9993EBC}
O42 - Logiciel: Windows Driver Package - libusbK USBTinyISP (04/27/2014 3.0.7.0) - (.libusbK.) [HKLM][64Bits] -- DE72E36F3DC9C272561882EBE57C16AD6CA1A9CE {091E467CEB42A5E245C2A5F4C9993EBC}
O42 - Logiciel: Windows Driver Package - LightUp (usbser) Ports (04/01/2014 1.1.0.0) - (.LightUp.) [HKLM][64Bits] -- 7C0ED5A12A230FF7D0EE5DB7580F3FC9B888E410 =>.Future Technology Devices International Ltd®
O42 - Logiciel: Windows Driver Package - SparkFun Electronics (usbser) Ports (10/27/2014 5 - (.SparkFun Electronics.) [HKLM][64Bits] -- AF341C2811B6988C95D1BE33E4541B80FBEEC07E =>.Future Technology Devices International Ltd®
O42 - Logiciel: Windows Driver Package - wch.cn (CH341SER_A64) Ports (08/08/2014 3.4.2014. - (.wch.cn.) [HKLM][64Bits] -- E46668F0267651C248944766291791B0DEF36F1D =>.Future Technology Devices International Ltd®
O42 - Logiciel: WinRAR 5.40 (64-bit) - (.win.rar GmbH.) [HKLM][64Bits] -- WinRAR archiver =>.win.rar GmbH®
O42 - Logiciel: Wondershare Filmora(Build 8.2.2) - (.Wondershare Software.) [HKLM][64Bits] -- Wondershare Filmora_is1 =>.Wondershare Software
O42 - Logiciel: Wondershare Helper Compact 2.5.2 - (.Wondershare.) [HKLM][64Bits] -- {5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1 =>.Wondershare

---\\ HKCU & HKLM Software Keys (118) - 14s
HKLM\SOFTWARE\Wow6432Node\Adobe =>.Adobe
HKLM\SOFTWARE\Wow6432Node\Adobe Systems =>.Adobe Systems
HKLM\SOFTWARE\Wow6432Node\AGEIA Technologies =>.AGEIA Technologies
HKLM\SOFTWARE\Wow6432Node\Apple Inc. =>.Apple Inc.
HKLM\SOFTWARE\Wow6432Node\Arduino =>.Arduino
HKLM\SOFTWARE\Wow6432Node\Aspyr
HKLM\SOFTWARE\Wow6432Node\Blizzard Entertainment =>.Blizzard Entertainment
HKLM\SOFTWARE\Wow6432Node\Brother =>.Brother
HKLM\SOFTWARE\Wow6432Node\Brother Industries, Ltd. =>.Brother Industries, Ltd.
HKLM\SOFTWARE\Wow6432Node\EasyAntiCheat =>.EasyAntiCheat
HKLM\SOFTWARE\Wow6432Node\EpicGames =>.Epic Games
HKLM\SOFTWARE\Wow6432Node\Google =>.Google
HKLM\SOFTWARE\Wow6432Node\Hi-Rez Studios =>.Hi-Rez Studios
HKLM\SOFTWARE\Wow6432Node\HiRez Studios =>.Hirez Studios
HKLM\SOFTWARE\Wow6432Node\IM Providers =>.IM Providers
HKLM\SOFTWARE\Wow6432Node\InstallShield =>.InstallShield
HKLM\SOFTWARE\Wow6432Node\Intel =>.Intel
HKLM\SOFTWARE\Wow6432Node\JavaSoft =>.JavaSoft
HKLM\SOFTWARE\Wow6432Node\Khronos =>.Khronos
HKLM\SOFTWARE\Wow6432Node\Macromedia =>.Macromedia
HKLM\SOFTWARE\Wow6432Node\Mojang =>.Mojang
HKLM\SOFTWARE\Wow6432Node\MozillaPlugins =>.MozillaPlugins
HKLM\SOFTWARE\Wow6432Node\Nuance =>.Nuance
HKLM\SOFTWARE\Wow6432Node\NVIDIA Corporation =>.nVidia Corporation
HKLM\SOFTWARE\Wow6432Node\OBS Studio =>.OBS Studio
HKLM\SOFTWARE\Wow6432Node\ODBC =>.DB Connectivity Solutions
HKLM\SOFTWARE\Wow6432Node\OpenAL =>.Open Audio Library
HKLM\SOFTWARE\Wow6432Node\Phase Shift
HKLM\SOFTWARE\Wow6432Node\Remotr
HKLM\SOFTWARE\Wow6432Node\Screaming Bee =>.Screaming Bee
HKLM\SOFTWARE\Wow6432Node\SigmaInc
HKLM\SOFTWARE\Wow6432Node\Skype =>.Skype
HKLM\SOFTWARE\Wow6432Node\SRS Labs =>.SRS Labs
HKLM\SOFTWARE\Wow6432Node\Stencyl =>.Stencyl
HKLM\SOFTWARE\Wow6432Node\telltale games =>.Telltale Games
HKLM\SOFTWARE\Wow6432Node\Valve =>.Valve
HKLM\SOFTWARE\Wow6432Node\VideoLAN =>.VideoLAN
HKLM\SOFTWARE\Wow6432Node\WafCX =>.WafCX
HKLM\SOFTWARE\Wow6432Node\Wondershare =>.Wondershare
HKLM\SOFTWARE\Wow6432Node\WOW6432Node =>.Microsoft Corporation
HKLM\SOFTWARE\Wow6432Node\Xamarin =>.Xamarin
HKLM\SOFTWARE\Wow6432Node\Zenimax_Online
HKLM\SOFTWARE\Wow6432Node\RegisteredApplications =>.Microsoft Corporation
HKCU\SOFTWARE\2xMilk
HKCU\SOFTWARE\7-Zip =>.Igor Pavlov
HKCU\SOFTWARE\Adobe =>.Adobe
HKCU\SOFTWARE\Apowersoft =>.Apowersoft
HKCU\SOFTWARE\AppDataLow =>.Microsoft Corporation
HKCU\SOFTWARE\Apple Computer, Inc. =>.Apple Computer, Inc.
HKCU\SOFTWARE\Apple Inc. =>.Apple Inc.
HKCU\SOFTWARE\Blackstar Amplification Ltd.
HKCU\SOFTWARE\Blizzard Entertainment =>.Blizzard Entertainment
HKCU\SOFTWARE\Bluebutton Games =>.Bluebutton Games
HKCU\SOFTWARE\BrashMonkey
HKCU\SOFTWARE\Brother =>.Brother
HKCU\SOFTWARE\BugSplat =>.Bugsplat Game
HKCU\SOFTWARE\Chromium =>.Chromium
HKCU\SOFTWARE\CineForm =>.CineForm
HKCU\SOFTWARE\DayDreamerGames
HKCU\SOFTWARE\DefaultCompany =>.Unity
HKCU\SOFTWARE\Epic Games =>.Epic Games
HKCU\SOFTWARE\Facepunch Studios LTD =>.Facepunch Studios LTD
HKCU\SOFTWARE\Flippfly
HKCU\SOFTWARE\Foam
HKCU\SOFTWARE\G4FON Software
HKCU\SOFTWARE\GameGuru
HKCU\SOFTWARE\GemMine
HKCU\SOFTWARE\Google =>.Google
HKCU\SOFTWARE\HidJoySetting
HKCU\SOFTWARE\IM Providers =>.IM Providers
HKCU\SOFTWARE\Imagination Technologies =>.Imagination Technologies
HKCU\SOFTWARE\InstinctSoftware
HKCU\SOFTWARE\Intel =>.Intel
HKCU\SOFTWARE\JavaSoft =>.JavaSoft
HKCU\SOFTWARE\Landfall
HKCU\SOFTWARE\LinoSlahuschek
HKCU\SOFTWARE\Logitech =>.Logitech
HKCU\SOFTWARE\Macromedia =>.Macromedia
HKCU\SOFTWARE\Malwarebytes =>.Malwarebytes
HKCU\SOFTWARE\Mine =>.Microsoft Corporation
HKCU\SOFTWARE\Mojang =>.Mojang
HKCU\SOFTWARE\Neko Entertainment
HKCU\SOFTWARE\Netscape =>.Netscape
HKCU\SOFTWARE\NVIDIA Corporation =>.nVidia Corporation
HKCU\SOFTWARE\ODBC =>.DB Connectivity Solutions
HKCU\SOFTWARE\OpenAutomate =>.nVidia Corporation
HKCU\SOFTWARE\osu! =>.Osu! Games
HKCU\SOFTWARE\PolyKid
HKCU\SOFTWARE\ProtectedStorage =>.Microsoft Corporation
HKCU\SOFTWARE\QtProject =>.QtProject
HKCU\SOFTWARE\QUICKTEQUILA =>.QUICKTEQUILA
HKCU\SOFTWARE\Ramjet Anvil
HKCU\SOFTWARE\Realtek =>.Realtek Semiconductor Corp.
HKCU\SOFTWARE\ReeLine
HKCU\SOFTWARE\RegisteredApplications =>.Microsoft Corporation
HKCU\SOFTWARE\Remote Mouse =>.Remote Mouse
HKCU\SOFTWARE\RemoteMouse.net =>.RemoteMouse.net
HKCU\SOFTWARE\Reptile
HKCU\SOFTWARE\SaurikIT =>.SaurikIT, LLC
HKCU\SOFTWARE\Scirra =>.Scirra
HKCU\SOFTWARE\Seifert =>.Seifert Systems
HKCU\SOFTWARE\Skype =>.Skype
HKCU\SOFTWARE\skypeapp-71cf7ccfa697
HKCU\SOFTWARE\Spotify =>.Spotify
HKCU\SOFTWARE\srylain Inc.
HKCU\SOFTWARE\Telltale Games =>.Telltale Games
HKCU\SOFTWARE\Thunder Lotus Games
HKCU\SOFTWARE\tinyBuild GAMES =>.tinyBuild GAMES
HKCU\SOFTWARE\TuesdaySociety
HKCU\SOFTWARE\Unity =>.Unity
HKCU\SOFTWARE\Unity Technologies =>.Unity Technologies
HKCU\SOFTWARE\Valve =>.Valve
HKCU\SOFTWARE\WinRAR =>.WinRAR
HKCU\SOFTWARE\WinRAR SFX =>.RarLab
HKCU\SOFTWARE\Wondershare =>.Wondershare
HKCU\SOFTWARE\Wow6432Node =>.Microsoft Corporation
HKCU\SOFTWARE\ZHP =>.Nicolas Coolman
HKCU\SOFTWARE\AppDataLow\Software =>.Microsoft Corporation

---\\ Contents of the Common Files folders (310) - 4s
O43 - CFD: 26/06/2016 - [] AD -- C:\Program Files\7-Zip =>.Igor Pavlov
O43 - CFD: 12/07/2016 - [] AD -- C:\Program Files\Bonjour =>.Apple Inc.
O43 - CFD: 22/07/2017 - [] D -- C:\Program Files\Common Files =>.Microsoft Corporation
O43 - CFD: 18/10/2016 - [] D -- C:\Program Files\DIFX =>.Microsoft Corporation
O43 - CFD: 19/07/2017 - [] D -- C:\Program Files\Intel =>.Intel Corporation
O43 - CFD: 12/09/2017 - [] D -- C:\Program Files\Internet Explorer =>.Microsoft Corporation
O43 - CFD: 04/03/2017 - [] D -- C:\Program Files\iPod =>.Apple Inc.®
O43 - CFD: 04/03/2017 - [] AD -- C:\Program Files\iTunes =>.Apple Inc.
O43 - CFD: 25/05/2017 - [] D -- C:\Program Files\Logitech Gaming Software =>.Logitech Inc®
O43 - CFD: 19/08/2017 - [] AD -- C:\Program Files\Microsoft Office =>.Microsoft Corporation
O43 - CFD: 21/07/2017 - [] D -- C:\Program Files\Microsoft Office 15 =>.Microsoft Corporation
O43 - CFD: 15/06/2017 - [] AD -- C:\Program Files\Microsoft Silverlight =>.Microsoft Corporation
O43 - CFD: 20/07/2017 - [] D -- C:\Program Files\MSBuild =>.Microsoft Corporation
O43 - CFD: 03/08/2017 - [] D -- C:\Program Files\NVIDIA Corporation =>.nVidia Corporation
O43 - CFD: 19/07/2017 - [] D -- C:\Program Files\Realtek =>.Realtek
O43 - CFD: 20/07/2017 - [] D -- C:\Program Files\Reference Assemblies =>.Microsoft Corporation
O43 - CFD: 16/07/2017 - [] D -- C:\Program Files\SteelSeries =>.SteelSeries ApS®
O43 - CFD: 08/07/2016 - [] AD -- C:\Program Files\TeamSpeak 3 Client =>.TeamSpeak
O43 - CFD: 27/04/2016 - [0] HD -- C:\Program Files\Uninstall Information =>.Microsoft Corporation
O43 - CFD: 31/05/2017 - [] D -- C:\Program Files\Unity =>.Unity
O43 - CFD: 25/06/2017 - [] AD -- C:\Program Files\UNP =>.Microsoft Corporation
O43 - CFD: 20/08/2017 - [] RD -- C:\Program Files\Windows Defender =>.Microsoft Corporation
O43 - CFD: 19/03/2017 - [] D -- C:\Program Files\Windows Defender Advanced Threat Protection =>.Microsoft Corporation
O43 - CFD: 12/09/2017 - [] D -- C:\Program Files\Windows Mail =>.Microsoft Corporation
O43 - CFD: 19/03/2017 - [] D -- C:\Program Files\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files\Windows Multimedia Platform =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files\Windows NT =>.Microsoft Corporation
O43 - CFD: 12/09/2017 - [] D -- C:\Program Files\Windows Photo Viewer =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files\Windows Portable Devices =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files\Windows Security =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] SHD -- C:\Program Files\Windows Sidebar =>.Microsoft Corporation
O43 - CFD: 24/09/2017 - [] HD -- C:\Program Files\WindowsApps =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files\WindowsPowerShell =>.Microsoft Corporation
O43 - CFD: 06/04/2017 - [] AD -- C:\Program Files\WinRAR =>.win.rar GmbH®
O43 - CFD: 17/05/2017 - [] D -- C:\Program Files\Wondershare =>.Wondershare
O43 - CFD: 02/08/2017 - [] D -- C:\Program Files (x86)\Adobe =>.Adobe
O43 - CFD: 13/04/2017 - [] D -- C:\Program Files (x86)\Apowersoft =>.Apowersoft
O43 - CFD: 12/07/2016 - [] AD -- C:\Program Files (x86)\Apple Software Update =>.Apple Inc.
O43 - CFD: 22/09/2017 - [] AD -- C:\Program Files (x86)\Battle.net =>.Games Software
O43 - CFD: 02/06/2017 - [] D -- C:\Program Files (x86)\Blackstar Amplification Ltd
O43 - CFD: 12/07/2016 - [] AD -- C:\Program Files (x86)\Bonjour =>.Apple Inc.
O43 - CFD: 12/03/2017 - [] D -- C:\Program Files (x86)\Brother =>.Brother
O43 - CFD: 12/03/2017 - [] D -- C:\Program Files (x86)\Browny02 =>.Brother Industries, Ltd.
O43 - CFD: 15/09/2017 - [] D -- C:\Program Files (x86)\Common Files =>.Microsoft Corporation
O43 - CFD: 12/03/2017 - [] D -- C:\Program Files (x86)\ControlCenter4 =>.Brother Industries, Ltd
O43 - CFD: 24/09/2017 - [] D -- C:\Program Files (x86)\Google =>.Google Inc®
O43 - CFD: 31/05/2017 - [] D -- C:\Program Files (x86)\GtkSharp =>.Xamarin, Inc
O43 - CFD: 25/09/2017 - [] AD -- C:\Program Files (x86)\Hi-Rez Studios =>.Hi-Rez Studios
O43 - CFD: 24/09/2017 - [] HD -- C:\Program Files (x86)\InstallShield Installation Information =>.InstallShield
O43 - CFD: 12/09/2017 - [] D -- C:\Program Files (x86)\Internet Explorer =>.Microsoft Corporation
O43 - CFD: 09/02/2017 - [] D -- C:\Program Files (x86)\Microsoft ASP.NET =>.Microsoft Corporation
O43 - CFD: 21/07/2017 - [] AD -- C:\Program Files (x86)\Microsoft Office =>.Microsoft Corporation
O43 - CFD: 31/05/2017 - [] D -- C:\Program Files (x86)\Microsoft SDKs =>.Microsoft Corporation
O43 - CFD: 15/06/2017 - [] D -- C:\Program Files (x86)\Microsoft Silverlight =>.Microsoft Corporation
O43 - CFD: 31/05/2017 - [] D -- C:\Program Files (x86)\Microsoft Visual Studio =>.Microsoft Corporation
O43 - CFD: 31/05/2017 - [] D -- C:\Program Files (x86)\Microsoft Visual Studio Tools for Unity =>.Pinnacle Systems, Inc.
O43 - CFD: 29/10/2016 - [] D -- C:\Program Files (x86)\Microsoft XNA =>.Microsoft Corporation
O43 - CFD: 19/07/2017 - [] D -- C:\Program Files (x86)\Microsoft.NET =>.Microsoft Corporation
O43 - CFD: 19/07/2017 - [] D -- C:\Program Files (x86)\MSBuild =>.Microsoft Corporation
O43 - CFD: 03/08/2017 - [] D -- C:\Program Files (x86)\NVIDIA Corporation =>.nVidia Corporation
O43 - CFD: 25/04/2017 - [] D -- C:\Program Files (x86)\OpenAL =>.Open Audio Library
O43 - CFD: 22/09/2017 - [] AD -- C:\Program Files (x86)\Overwatch =>.Blizzard Entertainment
O43 - CFD: 20/07/2017 - [] D -- C:\Program Files (x86)\Reference Assemblies =>.Microsoft Corporation
O43 - CFD: 19/05/2017 - [] RD -- C:\Program Files (x86)\Skype =>.Skype
O43 - CFD: 24/12/2016 - [] D -- C:\Program Files (x86)\SL-6640-SBK BLACK WIDOW Flightstick
O43 - CFD: 25/09/2017 - [] D -- C:\Program Files (x86)\Steam =>.Steam Games
O43 - CFD: 13/11/2016 - [] D -- C:\Program Files (x86)\Stencyl =>.Stencyl
O43 - CFD: 26/06/2016 - [] D -- C:\Program Files (x86)\Tt eSPORTS
O43 - CFD: 19/07/2017 - [0] HD -- C:\Program Files (x86)\Uninstall Information =>.Microsoft Corporation
O43 - CFD: 09/02/2017 - [] D -- C:\Program Files (x86)\VulkanRT =>.LunarG, Inc
O43 - CFD: 20/08/2017 - [] D -- C:\Program Files (x86)\Windows Defender =>.Microsoft Corporation
O43 - CFD: 31/05/2017 - [] D -- C:\Program Files (x86)\Windows Kits =>.Microsoft Corporation
O43 - CFD: 08/02/2017 - [] AD -- C:\Program Files (x86)\Windows Live =>.Microsoft Corporation
O43 - CFD: 12/09/2017 - [] D -- C:\Program Files (x86)\Windows Mail =>.Microsoft Corporation
O43 - CFD: 19/03/2017 - [] D -- C:\Program Files (x86)\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 08/02/2017 - [] AD -- C:\Program Files (x86)\Windows Movie Maker =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files (x86)\Windows Multimedia Platform =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files (x86)\Windows NT =>.Microsoft Corporation
O43 - CFD: 12/09/2017 - [] D -- C:\Program Files (x86)\Windows Photo Viewer =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files (x86)\Windows Portable Devices =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] SHD -- C:\Program Files (x86)\Windows Sidebar =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files (x86)\WindowsPowerShell =>.Microsoft Corporation
O43 - CFD: 26/06/2017 - [] HD -- C:\Program Files (x86)\Zero G Registry =>.Flexera
O43 - CFD: 19/07/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip =>.Igor Pavlov
O43 - CFD: 18/03/2017 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility =>.Microsoft Corporation
O43 - CFD: 20/08/2017 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories =>.Microsoft Corporation
O43 - CFD: 12/09/2017 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools =>.Administrative Tools
O43 - CFD: 02/08/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe =>.Adobe
O43 - CFD: 19/07/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft =>.Apowersoft
O43 - CFD: 19/07/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net =>.Games Software
O43 - CFD: 19/07/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother =>.Brother
O43 - CFD: 19/07/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Pascal
O43 - CFD: 03/03/2017 - [0] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games =>.Microsoft Corporation
O43 - CFD: 19/07/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios =>.Hi-Rez Studios
O43 - CFD: 19/07/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes =>.Apple Inc.
O43 - CFD: 19/07/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech =>.Logitech
O43 - CFD: 18/03/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance =>.Microsoft Corporation
O43 - CFD: 21/07/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools =>.Microsoft Corporation
O43 - CFD: 19/07/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight =>.Microsoft Corporation
O43 - CFD: 10/09/2016 - [0] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft =>.Microsoft Corporation
O43 - CFD: 19/07/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation =>.nVidia Corporation
O43 - CFD: 12/07/2016 - [0] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio =>.OBS Studio
O43 - CFD: 19/07/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch =>.Blizzard Entertainment
O43 - CFD: 19/07/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype =>.Skype
O43 - CFD: 19/07/2017 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup =>.Microsoft Corporation
O43 - CFD: 19/07/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam =>.Steam Games
O43 - CFD: 19/07/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SteelSeries =>.SteelSeries
O43 - CFD: 18/03/2017 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools =>.Microsoft Corporation
O43 - CFD: 27/04/2016 - [0] RHD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC =>.Wacom Technology
O43 - CFD: 19/07/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity 5.6.1f1 (64-bit)
O43 - CFD: 19/07/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unreal Development Kit
O43 - CFD: 19/07/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Valve =>.Valve
O43 - CFD: 01/09/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN =>.VideoLan Team
O43 - CFD: 19/07/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017 =>.Pinnacle Systems, Inc.
O43 - CFD: 30/07/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VTFEdit
O43 - CFD: 19/07/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker =>.Microsoft Corporation
O43 - CFD: 19/07/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR =>.WinRAR
O43 - CFD: 19/07/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare =>.Wondershare
O43 - CFD: 02/08/2017 - [] D -- C:\ProgramData\Adobe =>.Adobe
O43 - CFD: 12/07/2016 - [] D -- C:\ProgramData\Apple =>.Apple Inc.
O43 - CFD: 12/07/2016 - [] D -- C:\ProgramData\Apple Computer =>.Apple Inc.
O43 - CFD: 19/07/2017 - [0] SHD -- C:\ProgramData\Application Data =>.Microsoft Corporation
O43 - CFD: 22/09/2016 - [] D -- C:\ProgramData\Battle.net =>.Games Software
O43 - CFD: 21/07/2017 - [] D -- C:\ProgramData\Blizzard Entertainment =>.Blizzard Entertainment
O43 - CFD: 12/03/2017 - [] D -- C:\ProgramData\Brother =>.Brother
O43 - CFD: 16/07/2016 - [0] D -- C:\ProgramData\Comms =>.Microsoft Corporation
O43 - CFD: 26/06/2016 - [] D -- C:\ProgramData\Conexant =>.Conexant
O43 - CFD: 12/03/2017 - [] D -- C:\ProgramData\ControlCenter4 =>.Brother Industries, Ltd
O43 - CFD: 19/07/2017 - [0] SHD -- C:\ProgramData\Desktop =>.Microsoft Corporation
O43 - CFD: 19/07/2017 - [0] SHD -- C:\ProgramData\Documents =>.Microsoft Corporation
O43 - CFD: 28/06/2017 - [] D -- C:\ProgramData\Elder Scrolls Online
O43 - CFD: 14/11/2016 - [] D -- C:\ProgramData\Epic =>.Epic
O43 - CFD: 18/09/2016 - [] D -- C:\ProgramData\Hi-Rez Studios =>.Hi-Rez Studios
O43 - CFD: 28/07/2016 - [] D -- C:\ProgramData\LogiShrd =>.Logitech Inc.
O43 - CFD: 24/09/2017 - [] D -- C:\ProgramData\Malwarebytes =>.Malwarebytes
O43 - CFD: 19/07/2017 - [] SD -- C:\ProgramData\Microsoft =>.Microsoft Corporation
O43 - CFD: 19/07/2017 - [] D -- C:\ProgramData\Microsoft OneDrive =>.Microsoft Corporation
O43 - CFD: 25/09/2017 - [] D -- C:\ProgramData\NVIDIA =>.nVidia Corporation
O43 - CFD: 03/08/2017 - [] D -- C:\ProgramData\NVIDIA Corporation =>.nVidia Corporation
O43 - CFD: 24/08/2017 - [] D -- C:\ProgramData\Package Cache =>.Microsoft Corporation
O43 - CFD: 19/08/2017 - [] AD -- C:\ProgramData\regid.1991-06.com.microsoft =>.Microsoft Corporation
O43 - CFD: 03/09/2017 - [] D -- C:\ProgramData\Remotr
O43 - CFD: 15/09/2017 - [] D -- C:\ProgramData\Screaming Bee =>.Screaming Bee
O43 - CFD: 19/05/2017 - [] D -- C:\ProgramData\Skype =>.Skype
O43 - CFD: 18/03/2017 - [0] D -- C:\ProgramData\SoftwareDistribution =>.Microsoft Corporation
O43 - CFD: 19/07/2017 - [0] SHD -- C:\ProgramData\Start Menu =>.Microsoft Corporation
O43 - CFD: 26/06/2016 - [] D -- C:\ProgramData\SteelSeries =>.SteelSeries
O43 - CFD: 19/07/2017 - [0] SHD -- C:\ProgramData\Templates =>.Microsoft Corporation
O43 - CFD: 02/06/2017 - [] D -- C:\ProgramData\Unity =>.Unity
O43 - CFD: 19/07/2017 - [] D -- C:\ProgramData\USOPrivate =>.Microsoft Corporation
O43 - CFD: 19/07/2017 - [] D -- C:\ProgramData\USOShared =>.Microsoft Corporation
O43 - CFD: 19/03/2017 - [] D -- C:\ProgramData\WindowsHolographicDevices =>.Microsoft Corporation
O43 - CFD: 04/03/2017 - [] D -- C:\ProgramData\Wondershare =>.Wondershare
O43 - CFD: 17/05/2017 - [] D -- C:\ProgramData\Wondershare Video Editor =>.Wondershare Inc
O43 - CFD: 28/06/2017 - [] D -- C:\ProgramData\X360CE =>.Microsoft Corporation
O43 - CFD: 02/08/2017 - [] D -- C:\Program Files (x86)\Common Files\Adobe =>.Adobe
O43 - CFD: 02/08/2017 - [] D -- C:\Program Files (x86)\Common Files\Adobe Systems Shared =>.Adobe Inc.
O43 - CFD: 12/07/2016 - [] D -- C:\Program Files (x86)\Common Files\Apple =>.Apple Inc.
O43 - CFD: 21/07/2017 - [] AD -- C:\Program Files (x86)\Common Files\DESIGNER =>.Designer
O43 - CFD: 19/07/2017 - [] D -- C:\Program Files (x86)\Common Files\Intel =>.Intel Corporation
O43 - CFD: 21/07/2017 - [] AD -- C:\Program Files (x86)\Common Files\Microsoft Shared =>.Microsoft Corporation
O43 - CFD: 15/09/2017 - [] D -- C:\Program Files (x86)\Common Files\Screaming Bee =>.Screaming Bee
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files (x86)\Common Files\Services =>.Microsoft Corporation
O43 - CFD: 19/05/2017 - [] AD -- C:\Program Files (x86)\Common Files\Skype =>.Skype
O43 - CFD: 09/09/2017 - [] D -- C:\Program Files (x86)\Common Files\Steam =>.Steam Games
O43 - CFD: 19/03/2017 - [] D -- C:\Program Files (x86)\Common Files\System =>.Microsoft Corporation
O43 - CFD: 08/02/2017 - [] D -- C:\Program Files (x86)\Common Files\Windows Live =>.Microsoft Corporation
O43 - CFD: 04/03/2017 - [] D -- C:\Program Files (x86)\Common Files\Wondershare =>.Wondershare
O43 - CFD: 10/09/2016 - [] D -- C:\Users\Tom\AppData\Roaming\.minecraft =>.Microsoft Corporation
O43 - CFD: 03/08/2017 - [] D -- C:\Users\Tom\AppData\Roaming\Adobe =>.Adobe
O43 - CFD: 13/04/2017 - [] D -- C:\Users\Tom\AppData\Roaming\Apowersoft =>.Apowersoft
O43 - CFD: 06/12/2016 - [] D -- C:\Users\Tom\AppData\Roaming\Apple Computer =>.Apple Inc.
O43 - CFD: 15/09/2017 - [] D -- C:\Users\Tom\AppData\Roaming\Audacity =>.Audacity
O43 - CFD: 22/09/2016 - [] D -- C:\Users\Tom\AppData\Roaming\Battle.net =>.Games Software
O43 - CFD: 15/07/2017 - [] D -- C:\Users\Tom\AppData\Roaming\Blender Foundation =>.Blender Foundation
O43 - CFD: 17/04/2017 - [] D -- C:\Users\Tom\AppData\Roaming\BrawlhallaAir =>.Games Software
O43 - CFD: 09/09/2017 - [] RD -- C:\Users\Tom\AppData\Roaming\Brother =>.Brother
O43 - CFD: 22/07/2016 - [] D -- C:\Users\Tom\AppData\Roaming\com.oyundongusu.gameloopercreator
O43 - CFD: 29/10/2016 - [] D -- C:\Users\Tom\AppData\Roaming\com.shirogames.evoland
O43 - CFD: 04/08/2016 - [0] D -- C:\Users\Tom\AppData\Roaming\Construct2
O43 - CFD: 12/03/2017 - [] D -- C:\Users\Tom\AppData\Roaming\ControlCenter4 =>.Brother Industries, Ltd
O43 - CFD: 12/04/2017 - [] D -- C:\Users\Tom\AppData\Roaming\discord =>.GitHub
O43 - CFD: 14/04/2017 - [] D -- C:\Users\Tom\AppData\Roaming\discordsdk
O43 - CFD: 13/04/2017 - [] D -- C:\Users\Tom\AppData\Roaming\EnemyMind
O43 - CFD: 09/10/2016 - [] D -- C:\Users\Tom\AppData\Roaming\fp
O43 - CFD: 25/07/2016 - [] D -- C:\Users\Tom\AppData\Roaming\Godot
O43 - CFD: 09/07/2017 - [] D -- C:\Users\Tom\AppData\Roaming\Google =>.Google
O43 - CFD: 09/09/2016 - [] D -- C:\Users\Tom\AppData\Roaming\java =>.Oracle
O43 - CFD: 01/09/2017 - [] D -- C:\Users\Tom\AppData\Roaming\livestreamer =>.Legitimate
O43 - CFD: 28/07/2016 - [] D -- C:\Users\Tom\AppData\Roaming\Logishrd =>.Logitech Inc.
O43 - CFD: 28/07/2016 - [] D -- C:\Users\Tom\AppData\Roaming\Logitech =>.Logitech
O43 - CFD: 26/06/2016 - [] D -- C:\Users\Tom\AppData\Roaming\Macromedia =>.Macromedia
O43 - CFD: 01/09/2017 - [] SD -- C:\Users\Tom\AppData\Roaming\Microsoft =>.Microsoft Corporation
O43 - CFD: 31/05/2017 - [] D -- C:\Users\Tom\AppData\Roaming\MonoDevelop-Unity-5.0
O43 - CFD: 16/05/2017 - [] D -- C:\Users\Tom\AppData\Roaming\NVIDIA =>.nVidia Corporation
O43 - CFD: 02/08/2017 - [] D -- C:\Users\Tom\AppData\Roaming\obs-studio =>.OBS-Studio
O43 - CFD: 21/04/2017 - [] D -- C:\Users\Tom\AppData\Roaming\Octane
O43 - CFD: 15/09/2017 - [] D -- C:\Users\Tom\AppData\Roaming\Screaming Bee =>.Screaming Bee
O43 - CFD: 23/07/2017 - [] D -- C:\Users\Tom\AppData\Roaming\Skype =>.Skype
O43 - CFD: 01/08/2017 - [] D -- C:\Users\Tom\AppData\Roaming\Spotify =>.Spotify
O43 - CFD: 15/09/2017 - [] D -- C:\Users\Tom\AppData\Roaming\steelseries-engine-3-client =>.Legitimate
O43 - CFD: 13/11/2016 - [] D -- C:\Users\Tom\AppData\Roaming\Stencyl =>.Stencyl
O43 - CFD: 31/03/2017 - [] D -- C:\Users\Tom\AppData\Roaming\TS3Client =>.TeamSpeak
O43 - CFD: 31/05/2017 - [] D -- C:\Users\Tom\AppData\Roaming\Unity =>.Unity
O43 - CFD: 31/05/2017 - [] D -- C:\Users\Tom\AppData\Roaming\Visual Studio Setup =>.Pinnacle Systems, Inc.
O43 - CFD: 22/09/2017 - [] D -- C:\Users\Tom\AppData\Roaming\vlc =>.VideoLan Team
O43 - CFD: 31/05/2017 - [] D -- C:\Users\Tom\AppData\Roaming\vstelemetry =>.Legitimate
O43 - CFD: 06/04/2017 - [] D -- C:\Users\Tom\AppData\Roaming\WinRAR =>.WinRAR
O43 - CFD: 08/02/2017 - [] D -- C:\Users\Tom\AppData\Roaming\WMM
O43 - CFD: 25/09/2017 - [] D -- C:\Users\Tom\AppData\Roaming\ZHP =>.Nicolas Coolman
O43 - CFD: 02/08/2017 - [] D -- C:\Users\Tom\AppData\Roaming\_12ibt6
O43 - CFD: 08/07/2017 - [] D -- C:\Users\Tom\AppData\Local\.IdentityService
O43 - CFD: 09/09/2017 - [] D -- C:\Users\Tom\AppData\Local\8BitBoy
O43 - CFD: 26/06/2016 - [0] D -- C:\Users\Tom\AppData\Local\ActiveSync =>.Microsoft Corporation
O43 - CFD: 02/08/2017 - [] D -- C:\Users\Tom\AppData\Local\Adobe =>.Adobe
O43 - CFD: 12/07/2016 - [] D -- C:\Users\Tom\AppData\Local\Apple =>.Apple Inc.
O43 - CFD: 12/07/2016 - [] D -- C:\Users\Tom\AppData\Local\Apple Computer =>.Apple Inc.
O43 - CFD: 19/07/2017 - [0] SHD -- C:\Users\Tom\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 04/08/2017 - [] D -- C:\Users\Tom\AppData\Local\Arduino15 =>.Arduino
O43 - CFD: 24/08/2017 - [] D -- C:\Users\Tom\AppData\Local\Aspyr
O43 - CFD: 13/03/2017 - [] D -- C:\Users\Tom\AppData\Local\Audacity =>.Audacity
O43 - CFD: 22/09/2017 - [] D -- C:\Users\Tom\AppData\Local\Battle.net =>.Games Software
O43 - CFD: 29/07/2017 - [] D -- C:\Users\Tom\AppData\Local\Blizzard Entertainment =>.Blizzard Entertainment
O43 - CFD: 26/06/2016 - [] D -- C:\Users\Tom\AppData\Local\CEF =>.CEF
O43 - CFD: 15/07/2016 - [] D -- C:\Users\Tom\AppData\Local\CircaInfinity
O43 - CFD: 26/06/2016 - [] D -- C:\Users\Tom\AppData\Local\Comms =>.Microsoft Corporation
O43 - CFD: 20/07/2017 - [] D -- C:\Users\Tom\AppData\Local\ConnectedDevicesPlatform =>.Microsoft Corporation
O43 - CFD: 28/07/2016 - [] D -- C:\Users\Tom\AppData\Local\ContraptionMaker
O43 - CFD: 24/09/2017 - [] D -- C:\Users\Tom\AppData\Local\CrashDumps =>.Microsoft Corporation
O43 - CFD: 19/02/2017 - [] D -- C:\Users\Tom\AppData\Local\CrashRpt
O43 - CFD: 21/07/2017 - [0] D -- C:\Users\Tom\AppData\Local\DBG =>.DBG
O43 - CFD: 22/09/2017 - [] D -- C:\Users\Tom\AppData\Local\Diagnostics =>.Microsoft Corporation
O43 - CFD: 12/04/2017 - [] D -- C:\Users\Tom\AppData\Local\Discord =>.GitHub
O43 - CFD: 29/07/2017 - [] D -- C:\Users\Tom\AppData\Local\DLLInjector
O43 - CFD: 24/12/2016 - [0] D -- C:\Users\Tom\AppData\Local\DogFighter
O43 - CFD: 27/06/2017 - [0] D -- C:\Users\Tom\AppData\Local\ElevatedDiagnostics =>.Microsoft Corporation
O43 - CFD: 14/11/2016 - [] D -- C:\Users\Tom\AppData\Local\EpicGamesLauncher =>.Epic Games
O43 - CFD: 16/07/2017 - [] D -- C:\Users\Tom\AppData\Local\fabi.me
O43 - CFD: 29/07/2017 - [] D -- C:\Users\Tom\AppData\Local\fontconfig =>.Portable Apps
O43 - CFD: 09/10/2016 - [] D -- C:\Users\Tom\AppData\Local\FreePascal
O43 - CFD: 21/04/2017 - [] D -- C:\Users\Tom\AppData\Local\game.exe_Url_fcvf2xduu03tnylrf3aqnlj3rcj0ngip
O43 - CFD: 29/07/2017 - [] D -- C:\Users\Tom\AppData\Local\gegl-0.2 =>.Portable Apps
O43 - CFD: 24/09/2017 - [] D -- C:\Users\Tom\AppData\Local\Google =>.Google
O43 - CFD: 31/07/2017 - [] D -- C:\Users\Tom\AppData\Local\gtk-2.0 =>.GTK Project
O43 - CFD: 18/09/2016 - [] D -- C:\Users\Tom\AppData\Local\HirezLauncherUI =>.Hi-Rez Studios
O43 - CFD: 19/07/2017 - [0] SHD -- C:\Users\Tom\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 10/06/2017 - [] D -- C:\Users\Tom\AppData\Local\INK
O43 - CFD: 28/07/2016 - [] D -- C:\Users\Tom\AppData\Local\Logitech =>.Logitech
O43 - CFD: 01/09/2017 - [] D -- C:\Users\Tom\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 08/09/2016 - [] D -- C:\Users\Tom\AppData\Local\Microsoft Help =>.Microsoft Corporation
O43 - CFD: 26/06/2016 - [] D -- C:\Users\Tom\AppData\Local\MicrosoftEdge =>.Microsoft Corporation
O43 - CFD: 31/05/2017 - [] D -- C:\Users\Tom\AppData\Local\MonoDevelop-Unity-5.0
O43 - CFD: 25/07/2017 - [] D -- C:\Users\Tom\AppData\Local\Nem's Tools
O43 - CFD: 26/06/2016 - [0] D -- C:\Users\Tom\AppData\Local\NetworkTiles =>.NetworkTiles
O43 - CFD: 12/05/2017 - [] D -- C:\Users\Tom\AppData\Local\NVIDIA =>.nVidia Corporation
O43 - CFD: 22/06/2017 - [] D -- C:\Users\Tom\AppData\Local\NVIDIA Corporation =>.nVidia Corporation
O43 - CFD: 24/09/2017 - [] D -- C:\Users\Tom\AppData\Local\Packages =>.Microsoft Corporation
O43 - CFD: 29/06/2016 - [0] D -- C:\Users\Tom\AppData\Local\PeerDistRepub =>.Microsoft Corporation
O43 - CFD: 01/10/2016 - [] D -- C:\Users\Tom\AppData\Local\Pokemon Showdown =>.Games Software
O43 - CFD: 29/01/2017 - [] D -- C:\Users\Tom\AppData\Local\Programs =>.Microsoft Corporation
O43 - CFD: 26/06/2016 - [] D -- C:\Users\Tom\AppData\Local\Publishers =>.Microsoft Corporation
O43 - CFD: 17/03/2017 - [] D -- C:\Users\Tom\AppData\Local\RedTrigger
O43 - CFD: 29/10/2016 - [] D -- C:\Users\Tom\AppData\Local\Refunct
O43 - CFD: 31/05/2017 - [] D -- C:\Users\Tom\AppData\Local\ServiceHub
O43 - CFD: 01/08/2017 - [] D -- C:\Users\Tom\AppData\Local\Spotify =>.Spotify
O43 - CFD: 12/04/2017 - [] D -- C:\Users\Tom\AppData\Local\SquirrelTemp =>.Squirrels
O43 - CFD: 13/12/2016 - [] D -- C:\Users\Tom\AppData\Local\Steam =>.Steam Games
O43 - CFD: 10/07/2017 - [] D -- C:\Users\Tom\AppData\Local\TekkenGame
O43 - CFD: 25/09/2017 - [] D -- C:\Users\Tom\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 19/07/2017 - [0] SHD -- C:\Users\Tom\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 26/06/2016 - [] D -- C:\Users\Tom\AppData\Local\TileDataLayer =>.Microsoft Corporation
O43 - CFD: 13/11/2016 - [] D -- C:\Users\Tom\AppData\Local\tyranoscript
O43 - CFD: 06/11/2016 - [] D -- C:\Users\Tom\AppData\Local\Uber Entertainment =>.Uber Entertainment
O43 - CFD: 31/05/2017 - [] D -- C:\Users\Tom\AppData\Local\Unity =>.Unity
O43 - CFD: 03/07/2017 - [] D -- C:\Users\Tom\AppData\Local\UNP =>.Microsoft Corporation
O43 - CFD: 17/03/2017 - [] D -- C:\Users\Tom\AppData\Local\UnrealEngine =>.Unreal Software
O43 - CFD: 14/11/2016 - [] D -- C:\Users\Tom\AppData\Local\UnrealEngineLauncher =>.Unreal Software
O43 - CFD: 05/10/2016 - [] D -- C:\Users\Tom\AppData\Local\UserTestingPlugin
O43 - CFD: 09/10/2016 - [] D -- C:\Users\Tom\AppData\Local\VirtualStore =>.Microsoft Corporation
O43 - CFD: 04/03/2017 - [] D -- C:\Users\Tom\AppData\Local\Wondershare =>.Wondershare
O43 - CFD: 25/09/2017 - [] D -- C:\Users\Tom\AppData\Local\ZHP =>.Nicolas Coolman
O43 - CFD: 10/09/2016 - [] D -- C:\Users\Tom\AppData\Local\_10_Second_Ninja_X_GameMaker_Edition
O43 - CFD: 29/01/2017 - [0] D -- C:\Users\Tom\AppData\Local\Programs\Common =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] RD -- C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility =>.Microsoft Corporation
O43 - CFD: 19/07/2017 - [] RD -- C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories =>.Microsoft Corporation
O43 - CFD: 13/09/2017 - [] RD -- C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools =>.Administrative Tools
O43 - CFD: 19/07/2017 - [] D -- C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blackstar Amplification
O43 - CFD: 01/08/2017 - [] D -- C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\G4FON Software
O43 - CFD: 12/04/2017 - [0] D -- C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc =>.Hammer & Chisel, Inc
O43 - CFD: 18/03/2017 - [] D -- C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance =>.Microsoft Corporation
O43 - CFD: 19/07/2017 - [] D -- C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2017 Tools for Unity =>.Pinnacle Systems, Inc.
O43 - CFD: 15/09/2017 - [] D -- C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Screaming Bee =>.Screaming Bee
O43 - CFD: 13/09/2017 - [] RD -- C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup =>.Microsoft Corporation
O43 - CFD: 19/07/2017 - [] D -- C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Stencyl =>.Stencyl
O43 - CFD: 18/03/2017 - [] RD -- C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools =>.Microsoft Corporation
O43 - CFD: 19/07/2017 - [] D -- C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls Online
O43 - CFD: 21/07/2017 - [] D -- C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat =>.Seifert Systems
O43 - CFD: 18/03/2017 - [] RD -- C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell =>.Microsoft Corporation
O43 - CFD: 19/07/2017 - [] D -- C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR =>.WinRAR
O43 - CFD: 19/07/2017 - [0] SHD -- C:\Users\Default\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 19/07/2017 - [0] SHD -- C:\Users\Default\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 19/03/2017 - [] D -- C:\Users\Default\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [0] D -- C:\Users\Default\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 19/07/2017 - [0] SHD -- C:\Users\Default\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 19/07/2017 - [0] SHD -- C:\Users\Default User\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 19/07/2017 - [0] SHD -- C:\Users\Default User\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 19/03/2017 - [] D -- C:\Users\Default User\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [0] D -- C:\Users\Default User\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 19/07/2017 - [0] SHD -- C:\Users\Default User\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 20/07/2017 - [] D -- C:\WINDOWS\System32\Config\systemprofile\AppData\Local\Microsoft =>.Microsoft Corporation

---\\ ShellIconOverlayIdentifiers (SIOI) (3) - 0s
O106 - SIOI: Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict) [ SkyDrivePro1 (ErrorConflict)] - {8BA85C75-763B-4103-94EB-9470F12FE0F7}. (.Microsoft Corporation - Microsoft OneDrive for Business Extensions.) -- C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL =>.Microsoft Corporation®
O106 - SIOI: Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress) [ SkyDrivePro2 (SyncInProgress)] - {CD55129A-B1A1-438E-A425-CEBC7DC684EE}. (.Microsoft Corporation - Microsoft OneDrive for Business Extensions.) -- C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL =>.Microsoft Corporation®
O106 - SIOI: Microsoft SkyDrive Pro Icon Overlay 3 (InSync) [ SkyDrivePro3 (InSync)] - {E768CD3B-BDDC-436D-9C13-E1B39CA257B1}. (.Microsoft Corporation - Microsoft OneDrive for Business Extensions.) -- C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL =>.Microsoft Corporation®

---\\ Image File Execution Options (18) - 0s
O50 - IFEO:C:\Windows\System32\cscript.exe - (.Microsoft Corporation - Microsoft ® Console Based Script Host.) [DisableExceptionChainValidation\\3] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\dllhost.exe - (.Microsoft Corporation - COM Surrogate.) [DisableExceptionChainValidation\\3] =>.Microsoft Windows®
O50 - IFEO:C:\WINDOWS\System32\drvinst.exe - (.Microsoft Corporation - Driver Installation Module.) [DisableExceptionChainValidation\\3] =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\ie4uinit.exe - (.Microsoft Corporation - IE Per-User Initialization Utility.) [MitigationOptions\\256] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\ieUnatt.exe - (.Microsoft Corporation - IE 7.0 Unattended Install Utility.) [MitigationOptions\\256] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\mmc.exe - (.Microsoft Corporation - Microsoft Management Console.) [DisableExceptionChainValidation\\3] =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\MRT.exe - (.Microsoft Corporation - Microsoft Windows Malicious Software Remova.) [CFGOptions\\1] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\msfeedssync.exe - (.Microsoft Corporation - Microsoft Feeds Synchronization.) [MitigationOptions\\256] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\mshta.exe - (.Microsoft Corporation - Microsoft (R) HTML Application host.) [MitigationOptions\\256] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\PresentationHost.exe - (.Microsoft Corporation - Windows Presentation Foundation Host.) [MitigationOptions\\1118481] =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\PrintIsolationHost.exe - (.Microsoft Corporation - PrintIsolationHost.) [MitigationOptions\\2097152] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\rundll32.exe - (.Microsoft Corporation - Windows host process (Rundll32).) [DisableExceptionChainValidation\\3] =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\runtimebroker.exe - (.Microsoft Corporation - Runtime Broker.) [MitigationOptions\\4294967296] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\searchprotocolhost.exe - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) [DisableExceptionChainValidation\\3] =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\spoolsv.exe - (.Microsoft Corporation - Spooler SubSystem App.) [DisableExceptionChainValidation\\3] =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\spoolsv.exe - (.Microsoft Corporation - Spooler SubSystem App.) [MitigationOptions\\2097152] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\svchost.exe - (.Microsoft Corporation - Host Process for Windows Services.) [MinimumStackCommitInBytes\\32768] =>.Microsoft Windows Publisher®
O50 - IFEO:C:\Windows\System32\wscript.exe - (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) [DisableExceptionChainValidation\\3] =>.Microsoft Corporation

---\\ System Drivers List (70) - 4s
O58 - SDL:2017/03/18 21:56:25 A . (.LSI - LSI 3ware SCSI Storport Driver.) -- C:\WINDOWS\System32\drivers\3ware.sys [107424] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.PMC-Sierra - PMC-Sierra Storport Driver For SPC8x6G SAS.) -- C:\WINDOWS\System32\drivers\adp80xx.sys [1135512] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.Advanced Micro Devices - AHCI 1.3 Device Driver.) -- C:\WINDOWS\System32\drivers\amdsata.sys [83352] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller D.) -- C:\WINDOWS\System32\drivers\amdsbs.sys [259488] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\WINDOWS\System32\drivers\amdxata.sys [27040] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.PMC-Sierra, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\WINDOWS\System32\drivers\arcsas.sys [132000] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\WINDOWS\System32\drivers\bcmfn2.sys [9728] =>.Windows (R) Win 7 DDK provider
O58 - SDL:2017/03/18 21:56:23 A . (.QLogic Corporation - QLogic Gigabit Ethernet VBD.) -- C:\WINDOWS\System32\drivers\bxvbda.sys [533920] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.Chelsio Communications - Chelsio iSCSI Crash Dump Driver.) -- C:\WINDOWS\System32\drivers\cht4dx64.sys [102816] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.Chelsio Communications - Chelsio iSCSI VMiniport Driver.) -- C:\WINDOWS\System32\drivers\cht4sx64.sys [347032] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.Chelsio Communications - Virtual Bus Driver for Chelsio ® T4 Chipset.) -- C:\WINDOWS\System32\drivers\cht4vx64.sys [2104224] =>.Microsoft Windows®
O58 - SDL:2017/01/10 17:56:50 A . (...) -- C:\WINDOWS\System32\drivers\EasyAntiCheat.sys [542968] =>.EasyAntiCheat Oy®
O58 - SDL:2017/03/18 21:56:23 A . (.QLogic Corporation - QLogic 10 GigE VBD.) -- C:\WINDOWS\System32\drivers\evbda.sys [3419040] =>.Microsoft Windows®
O58 - SDL:2017/09/25 16:51:00 A . (.Malwarebytes - Malwarebytes Anti-Ransomware Protection.) -- C:\WINDOWS\System32\drivers\farflt.sys [101824] =>.Malwarebytes Corporation®
O58 - SDL:2017/03/18 21:56:25 A . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Drive.) -- C:\WINDOWS\System32\drivers\HpSAMD.sys [64416] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:28 A . (.Intel(R) Corporation - Intel(R) Serial IO GPIO Controller Driver.) -- C:\WINDOWS\System32\drivers\iagpio.sys [33280] =>.Intel(R) Corporation
O58 - SDL:2017/03/18 21:56:28 A . (.Intel(R) Corporation - Intel(R) Serial IO I2C Driver.) -- C:\WINDOWS\System32\drivers\iai2c.sys [81408] =>.Intel(R) Corporation
O58 - SDL:2017/03/18 21:56:28 A . (.Intel Corporation - Intel(R) Serial IO GPIO Driver v2.) -- C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [70656] =>.Intel Corporation
O58 - SDL:2017/03/18 21:56:28 A . (.Intel Corporation - Intel(R) Serial IO GPIO Driver v2.) -- C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [85504] =>.Intel Corporation
O58 - SDL:2017/03/18 21:56:28 A . (.Intel Corporation - Intel(R) Serial IO I2C Driver v2.) -- C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [165376] =>.Intel Corporation
O58 - SDL:2017/03/18 21:56:28 A . (.Intel Corporation - Intel(R) Serial IO I2C Driver v2.) -- C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [168448] =>.Intel Corporation
O58 - SDL:2017/03/18 21:56:23 A . (.Intel Corporation - Intel(R) Serial IO GPIO Controller Driver.) -- C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [38128] =>.Intel Corporation - Client Components Group®
O58 - SDL:2017/03/18 21:56:19 A . (.Intel Corporation - Intel(R) Serial IO I2C Controller Driver.) -- C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [113152] =>.Intel Corporation
O58 - SDL:2017/03/18 21:56:26 A . (.Intel Corporation - Intel(R) Rapid Storage Technology driver (i.) -- C:\WINDOWS\System32\drivers\iaStorAV.sys [673184] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:26 A . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) -- C:\WINDOWS\System32\drivers\iaStorV.sys [412064] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.Mellanox - InfiniBand Fabric Bus Driver.) -- C:\WINDOWS\System32\drivers\ibbus.sys [526240] =>.Microsoft Windows®
O58 - SDL:2017/04/05 23:39:50 A . (.Logitech Inc. - Surround Filter Driver.) -- C:\WINDOWS\System32\drivers\ladfGSS.sys [54552] =>.Logitech Inc®
O58 - SDL:2017/04/06 00:05:26 A . (.Logitech Inc. - Logitech WingMan Virtual Bus Enumerator Dri.) -- C:\WINDOWS\System32\drivers\LGBusEnum.sys [36496] =>.Logitech Inc®
O58 - SDL:2017/04/06 00:05:26 A . (.Logitech Inc. - Logitech Gaming Software Joystick Translati.) -- C:\WINDOWS\System32\drivers\LGJoyXlCore.sys [67736] =>.Logitech Inc®
O58 - SDL:2017/04/06 00:05:26 A . (.Logitech Inc. - Logitech GamePanel Virtual Hid Device Drive.) -- C:\WINDOWS\System32\drivers\LGVirHid.sys [26008] =>.Logitech Inc®
O58 - SDL:2017/03/18 21:56:25 A . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\WINDOWS\System32\drivers\lsi_sas.sys [108960] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\WINDOWS\System32\drivers\lsi_sas2i.sys [123808] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.Avago Technologies - Avago SAS Gen3 Driver (StorPort).) -- C:\WINDOWS\System32\drivers\lsi_sas3i.sys [103328] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.LSI Corporation - LSI SSS PCIe/Flash Driver (StorPort).) -- C:\WINDOWS\System32\drivers\lsi_sss.sys [82848] =>.Microsoft Windows®
O58 - SDL:2017/08/24 11:27:36 A . (...) -- C:\WINDOWS\System32\drivers\mbae64.sys [77440] =>.Malwarebytes Corporation®
O58 - SDL:2017/09/25 16:50:59 A . (.Malwarebytes - Malwarebytes Real-Time Protection.) -- C:\WINDOWS\System32\drivers\mbam.sys [45472] =>.Malwarebytes Corporation®
O58 - SDL:2017/09/24 13:01:59 A . (.Malwarebytes - Malwarebytes Chameleon.) -- C:\WINDOWS\System32\drivers\MBAMChameleon.sys [192960] =>.Malwarebytes Corporation®
O58 - SDL:2017/09/25 16:50:59 A . (.Malwarebytes - Malwarebytes SwissArmy.) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [253888] =>.Malwarebytes Corporation®
O58 - SDL:2017/03/18 21:56:25 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) -- C:\WINDOWS\System32\drivers\megasas.sys [59808] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) -- C:\WINDOWS\System32\drivers\MegaSas2i.sys [64416] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\WINDOWS\System32\drivers\megasr.sys [575904] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.Mellanox - MLX4 Bus Driver.) -- C:\WINDOWS\System32\drivers\mlx4_bus.sys [842656] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.Marvell Semiconductor, Inc. - Marvell Flash Controller Driver.) -- C:\WINDOWS\System32\drivers\mvumis.sys [63904] =>.Microsoft Windows®
O58 - SDL:2017/09/25 17:03:16 A . (.Malwarebytes - Malwarebytes Web Protection.) -- C:\WINDOWS\System32\drivers\mwac.sys [94144] =>.Malwarebytes Corporation®
O58 - SDL:2017/03/18 21:56:25 A . (.Mellanox - NetworkDirect Support Filter Driver.) -- C:\WINDOWS\System32\drivers\ndfltr.sys [108960] =>.Microsoft Windows®
O58 - SDL:2017/05/19 18:03:32 A . (.NVIDIA Corporation - NVIDIA HDMI Audio Driver.) -- C:\WINDOWS\System32\drivers\nvhda64v.sys [226712] =>.NVIDIA Corporation®
O58 - SDL:2017/03/18 21:56:25 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\WINDOWS\System32\drivers\nvraid.sys [150432] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\WINDOWS\System32\drivers\nvstor.sys [166304] =>.Microsoft Windows®
O58 - SDL:2017/07/26 18:09:22 A . (.NVIDIA Corporation - NVIDIA Virtual Audio Driver.) -- C:\WINDOWS\System32\drivers\nvvad64v.sys [48064] =>.NVIDIA Corporation®
O58 - SDL:2017/07/26 18:09:23 A . (.NVIDIA Corporation - Virtual USB Host Controller driver.) -- C:\WINDOWS\System32\drivers\nvvhci.sys [57792] =>.NVIDIA Corporation®
O58 - SDL:2017/03/18 21:56:25 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) -- C:\WINDOWS\System32\drivers\percsas2i.sys [58784] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) -- C:\WINDOWS\System32\drivers\percsas3i.sys [61848] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:26 A . (.Realtek - Realtek 8136/8168/8169 NDIS 6.40 64-bit Dri.) -- C:\WINDOWS\System32\drivers\rt640x64.sys [604160] =>.Realtek
O58 - SDL:2016/06/26 15:47:04 A . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function D.) -- C:\WINDOWS\System32\drivers\RTKVHD64.sys [5111040] =>.Realtek Semiconductor Corp®
O58 - SDL:2017/03/18 21:56:23 A . (.Realtek Semiconductor Corporation - Realtek WLAN USB NDIS Driver 28199.) -- C:\WINDOWS\System32\drivers\rtwlanu_oldIC.sys [3814400] =>.Realtek Semiconductor Corporation
O58 - SDL:2010/07/01 15:21:50 A . (.Screaming Bee LLC - Screaming Bee Audio Driver.) -- C:\WINDOWS\System32\drivers\ScreamingBAudio64.sys [38992] =>.Screaming Bee LLC®
O58 - SDL:2017/03/18 21:56:26 A . (...) -- C:\WINDOWS\System32\drivers\SDFRd.sys [31128] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\WINDOWS\System32\drivers\sisraid2.sys [44960] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\WINDOWS\System32\drivers\sisraid4.sys [81824] =>.Microsoft Windows®
O58 - SDL:2017/06/02 03:44:06 A . (.SteelSeries ApS - SteelSeries Device Factory Driver.) -- C:\WINDOWS\System32\drivers\ssdevfactory.sys [46408] =>.SteelSeries ApS®
O58 - SDL:2017/08/15 12:29:42 A . (.SteelSeries ApS - SteelSeries HID Driver.) -- C:\WINDOWS\System32\drivers\sshid.sys [45936] =>.SteelSeries ApS®
O58 - SDL:2017/07/28 20:51:36 A . (...) -- C:\WINDOWS\System32\drivers\SteamStreamingMicrophone.sys [40736] {0C9DB9CBA3B958CDC4DF7DA6AB751599}
O58 - SDL:2017/07/21 07:42:04 A . (...) -- C:\WINDOWS\System32\drivers\SteamStreamingSpeakers.sys [40736] {0C9DB9CBA3B958CDC4DF7DA6AB751599}
O58 - SDL:2017/03/18 21:56:25 A . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Wind.) -- C:\WINDOWS\System32\drivers\stexstor.sys [31136] =>.Microsoft Windows®
O58 - SDL:2016/06/26 15:47:56 A . (.Intel Corporation - Intel(R) Management Engine Interface.) -- C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys [194104] =>.Intel(R) Embedded Subsystems and IP Blocks Group®
O58 - SDL:2015/11/05 16:23:52 A . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\WINDOWS\System32\drivers\usbaapl64.sys [54784] =>.Apple, Inc.
O58 - SDL:2017/03/18 21:56:25 A . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\WINDOWS\System32\drivers\vsmraid.sys [166816] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.VIA Corporation - VIA StorX RAID Controller Driver.) -- C:\WINDOWS\System32\drivers\VSTXRAID.SYS [305568] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.Mellanox - Kernel WinMad.) -- C:\WINDOWS\System32\drivers\winmad.sys [32160] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.Mellanox - Kernel WinVerbs.) -- C:\WINDOWS\System32\drivers\winverbs.sys [64920] =>.Microsoft Windows®

---\\ File Associations Shell Spawning (10) - 0s
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\WINDOWS\System32\control.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Event Viewer Snapin Launcher.) -- C:\WINDOWS\System32\eventvwr.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE =>.Microsoft Corporation®
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (...) -- %1" %*
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Registry Editor.) -- C:\Windows\regedit.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.scr> <scrfile>[HKLM\..\open\Command] (...) -- "%1" /S

---\\ Start Menu Internet (8) - 0s
O68 - StartMenuInternet: <Google Chrome> <Google Chrome> [64Bits][HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer> [64Bits][HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O68 - StartMenuInternet: <Google Chrome> <Google Chrome> [64Bits][HKLM\..\InstallInfo\ShowIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer> [64Bits][HKLM\..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: <Google Chrome> <Google Chrome> [64Bits][HKLM\..\InstallInfo\ReinstallCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer> [64Bits][HKLM\..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: <Google Chrome> <Google Chrome> [64Bits][HKLM\..\InstallInfo\HideIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer> [64Bits][HKLM\..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation

---\\ Search Browser Infection (4) - 0s
O69 - SBI: SearchScopes [HKCU] [64Bits]{0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com/ =>.Bing.com
O69 - SBI: SearchScopes [HKLM] [64Bits]{0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (@ieframe.dll,-12512) - http://www.bing.com/ =>.Bing.com
O69 - SBI: SearchScopes [HKUS\.DEFAULT] [64Bits]{0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com/ =>.Bing.com
O69 - SBI: SearchScopes [HKUS\S-1-5-18] [64Bits]{0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com/ =>.Bing.com

---\\ Search Svchost Services (48) - 0s
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) -- C:\WINDOWS\System32\certprop.dll [189952] =>.Microsoft Corporation
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) -- C:\WINDOWS\System32\certprop.dll [189952] =>.Microsoft Corporation
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - Server Service DLL.) -- C:\WINDOWS\System32\srvsvc.dll [303104] =>.Microsoft Corporation
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Group Policy Client.) -- C:\WINDOWS\System32\gpsvc.dll [1269248] =>.Microsoft Corporation
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - IKE extension.) -- C:\WINDOWS\System32\ikeext.dll [934912] =>.Microsoft Corporation
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service that offers IPv6 connectivity over.) -- C:\WINDOWS\System32\iphlpsvc.dll [996864] =>.Microsoft Corporation
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - Secondary Logon Service DLL.) -- C:\WINDOWS\system32\seclogon.dll [31232] =>.Microsoft Corporation
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Application Information Service.) -- C:\WINDOWS\System32\appinfo.dll [138752] =>.Microsoft Corporation
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - iSCSI Discovery service.) -- C:\WINDOWS\System32\iscsiexe.dll [150016] =>.Microsoft Corporation
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Microsoft EAPHost service.) -- C:\WINDOWS\System32\eapsvc.dll [108032] =>.Microsoft Corporation
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Task Scheduler Service.) -- C:\WINDOWS\System32\schedsvc.dll [877568] =>.Microsoft Corporation
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\WINDOWS\System32\wbem\WMIsvc.dll [221696] =>.Microsoft Corporation
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - Computer Browser Service DLL.) -- C:\WINDOWS\System32\browser.dll [133120] =>.Microsoft Corporation
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\WINDOWS\System32\profsvc.dll [413184] =>.Microsoft Corporation
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Remote Desktop Configuration service.) -- C:\WINDOWS\System32\sessenv.dll [385536] =>.Microsoft Corporation
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Problem Reports and Solutions.) -- C:\WINDOWS\System32\wercplsupport.dll [93184] =>.Microsoft Corporation
O83 - Search Svchost Services: shpamsvc (shpamsvc) . (.Microsoft Corporation - SharedPC.AccountManager.) -- C:\WINDOWS\System32\Windows.SharedPC.AccountManager.dll [192512] =>.Microsoft Corporation
O83 - Search Svchost Services: XblGameSave (XblGameSave) . (.Microsoft Corporation - Xbox Live Game Save Service.) -- C:\WINDOWS\System32\XblGameSave.dll [1135104] =>.Microsoft Corporation
O83 - Search Svchost Services: NaturalAuthentication (NaturalAuthentication) . (.Microsoft Corporation - Natural Authentication Service.) -- C:\WINDOWS\System32\NaturalAuth.dll [723968] =>.Microsoft Corporation
O83 - Search Svchost Services: wlidsvc (wlidsvc) . (.Microsoft Corporation - Microsoft® Account Service.) -- C:\WINDOWS\System32\wlidsvc.dll [2153984] =>.Microsoft Corporation
O83 - Search Svchost Services: UserManager (UserManager) . (.Microsoft Corporation - UserMgr.) -- C:\WINDOWS\System32\usermgr.dll [877568] =>.Microsoft Corporation
O83 - Search Svchost Services: XblAuthManager (XblAuthManager) . (.Microsoft Corporation - Xbox Live Auth Manager.) -- C:\WINDOWS\System32\XblAuthManager.dll [1015296] =>.Microsoft Corporation
O83 - Search Svchost Services: DmEnrollmentSvc (DmEnrollmentSvc) . (.Microsoft Corporation - Windows Managent Service DLL.) -- C:\WINDOWS\System32\Windows.Internal.Management.dll [536064] =>.Microsoft Corporation
O83 - Search Svchost Services: xbgm (xbgm) . (.Microsoft Corporation - Xbox Game Monitoring Service.) -- C:\WINDOWS\System32\xbgmsvc.dll [301216] =>.Microsoft Windows Publisher®
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Windows Shell Theme Service Dll.) -- C:\WINDOWS\System32\themeservice.dll [69632] =>.Microsoft Corporation
O83 - Search Svchost Services: TokenBroker (TokenBroker) . (.Microsoft Corporation - Token Broker.) -- C:\WINDOWS\System32\TokenBroker.dll [1052160] =>.Microsoft Corporation
O83 - Search Svchost Services: lfsvc (lfsvc) . (.Microsoft Corporation - Geolocation Service.) -- C:\WINDOWS\System32\lfsvc.dll [43520] =>.Microsoft Corporation
O83 - Search Svchost Services: Irmon (Irmon) . (.Microsoft Corporation - Infrared Monitor.) -- C:\WINDOWS\System32\irmon.dll [24576] =>.Microsoft Corporation
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) -- C:\WINDOWS\System32\rasauto.dll [104448] =>.Microsoft Corporation
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) -- C:\WINDOWS\System32\rasmans.dll [874496] =>.Microsoft Corporation
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) -- C:\WINDOWS\System32\mprdim.dll [490496] =>.Microsoft Corporation
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) -- C:\WINDOWS\System32\sens.dll [69632] =>.Microsoft Corporation
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Microsoft NAT Helper Components.) -- C:\WINDOWS\System32\ipnathlp.dll [537600] =>.Microsoft Corporation
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Microsoft® Windows(TM) Telephony Server.) -- C:\WINDOWS\System32\tapisrv.dll [306688] =>.Microsoft Corporation
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) -- C:\WINDOWS\System32\wuaueng.dll [2445824] =>.Microsoft Corporation
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Background Intelligent Transfer Service.) -- C:\WINDOWS\System32\qmgr.dll [1159680] =>.Microsoft Corporation
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Windows Shell Services Dll.) -- C:\WINDOWS\System32\shsvcs.dll [612864] =>.Microsoft Corporation
O83 - Search Svchost Services: dmwappushservice (dmwappushservice) . (.Microsoft Corporation - dmwappushsvc.) -- C:\WINDOWS\System32\dmwappushsvc.dll [55296] =>.Microsoft Corporation
O83 - Search Svchost Services: wisvc (wisvc) . (.Microsoft Corporation - Flight Settings.) -- C:\WINDOWS\System32\flightsettings.dll [699904] =>.Microsoft Corporation
O83 - Search Svchost Services: WpnService (WpnService) . (.Microsoft Corporation - Windows Push Notification System Service.) -- C:\WINDOWS\System32\WpnService.dll [276480] =>.Microsoft Corporation
O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - BDE Service.) -- C:\WINDOWS\System32\bdesvc.dll [385536] =>.Microsoft Corporation
O83 - Search Svchost Services: XboxNetApiSvc (XboxNetApiSvc) . (.Microsoft Corporation - Xbox Live Networking Service.) -- C:\WINDOWS\System32\XboxNetApiSvc.dll [1067008] =>.Microsoft Corporation
O83 - Search Svchost Services: UsoSvc (UsoSvc) . (.Microsoft Corporation - Update Session Orchestrator Core.) -- C:\WINDOWS\System32\usocore.dll [681984] =>.Microsoft Corporation
O83 - Search Svchost Services: NetSetupSvc (NetSetupSvc) . (.Microsoft Corporation - Network Setup Service.) -- C:\WINDOWS\System32\NetSetupSvc.dll [261632] =>.Microsoft Corporation
O83 - Search Svchost Services: DsmSvc (DsmSvc) . (.Microsoft Corporation - Device Setup Manager.) -- C:\WINDOWS\System32\DeviceSetupManager.dll [233984] =>.Microsoft Corporation
O83 - Search Svchost Services: NcaSvc (NcaSvc) . (.Microsoft Corporation - Microsoft Network Connectivity Assistant Se.) -- C:\WINDOWS\System32\ncasvc.dll [167424] =>.Microsoft Corporation
O83 - Search Svchost Services: XboxGipSvc (XboxGipSvc) . (.Microsoft Corporation - Xbox Gip Management Service.) -- C:\WINDOWS\System32\XboxGipSvc.dll [18944] =>.Microsoft Corporation
O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Software installation Service.) -- C:\WINDOWS\System32\appmgmts.dll [196096] =>.Microsoft Corporation

---\\ Firewall Active Exception List (77) - 22s
O87 - FAEL: "{9416FDED-DC9A-4C3E-AC23-482D60924C38}" [In-None-P17-TRUE] .(...) -- D:\SteamLibrary\steamapps\common\Skullgirls\SkullGirls.exe =>.Steam Games
O87 - FAEL: "{117491BE-2B17-4E49-9770-ADFA772C46B2}" [In-None-P6-TRUE] .(...) -- D:\SteamLibrary\steamapps\common\Skullgirls\SkullGirls.exe =>.Steam Games
O87 - FAEL: "{7E379D63-B4F4-487B-8E3B-064327B7DBF3}" [In-None-P17-TRUE] .(...) -- D:\SteamLibrary\steamapps\common\TEKKEN 7\TEKKEN 7.exe =>.Steam Games
O87 - FAEL: "{205C50B4-25D9-42E7-9276-2DB01CB9749A}" [In-None-P6-TRUE] .(...) -- D:\SteamLibrary\steamapps\common\TEKKEN 7\TEKKEN 7.exe =>.Steam Games
O87 - FAEL: "{E020C7EA-69FF-46CB-B7F3-341DC0C7184F}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\Steam\steamapps\common\SparkourAlphaDemo\Sparkour.exe =>.Steam Games
O87 - FAEL: "{9A90965C-D698-45FD-977D-0211E067316F}" [In-None-P6-TRUE] .(...) -- C:\Program Files (x86)\Steam\steamapps\common\SparkourAlphaDemo\Sparkour.exe =>.Steam Games
O87 - FAEL: "{DDF79449-2F43-435E-9711-620B172A6C2A}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\Steam\steamapps\common\No Time To Explain Remastered\NoTimeToExplain.exe =>.Steam Games
O87 - FAEL: "{C5012D35-546A-4F47-A9B2-D7B6E255DCAA}" [In-None-P6-TRUE] .(...) -- C:\Program Files (x86)\Steam\steamapps\common\No Time To Explain Remastered\NoTimeToExplain.exe =>.Steam Games
O87 - FAEL: "{B2D1FA38-E392-48BD-89B8-3481BC28DFBF}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\Steam\steamapps\common\INK\INK.exe =>.Steam SteamApps Games
O87 - FAEL: "{A63CEA51-BE90-4310-B324-F55EB0754604}" [In-None-P6-TRUE] .(...) -- C:\Program Files (x86)\Steam\steamapps\common\INK\INK.exe =>.Steam SteamApps Games
O87 - FAEL: "UDP Query User{F958700B-B855-4A8E-B40F-FCB43DBA6891}C:\program files (x86)\blackstar amplification ltd\blackstar insider\blackstarinsiderserverpc.exe" [In-None-P17-TRUE] .(.Blackstar Amplification Ltd. - Blackstar INSIDER Server.) -- C:\program files (x86)\blackstar amplification ltd\blackstar insider\blackstarinsiderserverpc.exe
O87 - FAEL: "TCP Query User{32B15D7F-E2B3-4BFE-A6C1-3BD966B3C161}C:\program files (x86)\blackstar amplification ltd\blackstar insider\blackstarinsiderserverpc.exe" [In-None-P6-TRUE] .(.Blackstar Amplification Ltd. - Blackstar INSIDER Server.) -- C:\program files (x86)\blackstar amplification ltd\blackstar insider\blackstarinsiderserverpc.exe
O87 - FAEL: "UDP Query User{094103AD-662B-47D0-B507-2A452D61CC61}C:\program files (x86)\steam\steamapps\common\ratz instagib\ratzed\mapeditor.exe" [In-None-P17-TRUE] .(...) -- C:\program files (x86)\steam\steamapps\common\ratz instagib\ratzed\mapeditor.exe =>.Steam Games
O87 - FAEL: "TCP Query User{341C44D0-EAD7-465C-B760-B4AD9B459B55}C:\program files (x86)\steam\steamapps\common\ratz instagib\ratzed\mapeditor.exe" [In-None-P6-TRUE] .(...) -- C:\program files (x86)\steam\steamapps\common\ratz instagib\ratzed\mapeditor.exe =>.Steam Games
O87 - FAEL: "UDP Query User{9A292C19-8944-4963-B357-850914AFAA0E}C:\program files\unity\monodevelop\bin\monodevelop.exe" [In-None-P17-TRUE] .(.(c) 2004 MonoDevelop Team and Mike Krueger 2000-2003 - MonoDevelop.) -- C:\program files\unity\monodevelop\bin\monodevelop.exe
O87 - FAEL: "TCP Query User{26943A4B-2A01-4D1D-8BE0-A6E957E4C390}C:\program files\unity\monodevelop\bin\monodevelop.exe" [In-None-P6-TRUE] .(.(c) 2004 MonoDevelop Team and Mike Krueger 2000-2003 - MonoDevelop.) -- C:\program files\unity\monodevelop\bin\monodevelop.exe
O87 - FAEL: "{3BF90114-6895-463F-8DC0-997453B07814}" [In-None-P17-TRUE] .(...) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (.not file.)
O87 - FAEL: "{7F51C273-DB8E-4954-8D88-73DC8595DAEA}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe =>.Steam Games
O87 - FAEL: "{86175E4C-818F-4EC5-879D-BD4F2B39DFD1}" [In-None-P6-TRUE] .(...) -- C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe =>.Steam Games
O87 - FAEL: "{575F9868-581C-4F7F-89D5-36FBB23AE5DE}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\Steam\steamapps\common\EnemyMind\EnemyMind.exe =>.Steam Games
O87 - FAEL: "{B6603F26-EF00-435C-8937-AF23BFDDD3A5}" [In-None-P6-TRUE] .(...) -- C:\Program Files (x86)\Steam\steamapps\common\EnemyMind\EnemyMind.exe =>.Steam Games
O87 - FAEL: "UDP Query User{E8F0A2DC-A9A7-4C31-8550-4280A70DD60E}C:\program files (x86)\steam\steamapps\common\red trigger\engine\binaries\win64\ue4game-win64-shipping.exe" [In-None-P17-TRUE] .(...) -- C:\program files (x86)\steam\steamapps\common\red trigger\engine\binaries\win64\ue4game-win64-shipping.exe (.not file.) =>.Steam Games
O87 - FAEL: "TCP Query User{2F5B6D79-84DB-4D40-8F1C-D25E36DC81AB}C:\program files (x86)\steam\steamapps\common\red trigger\engine\binaries\win64\ue4game-win64-shipping.exe" [In-None-P6-TRUE] .(...) -- C:\program files (x86)\steam\steamapps\common\red trigger\engine\binaries\win64\ue4game-win64-shipping.exe (.not file.) =>.Steam Games
O87 - FAEL: "{AF258261-FCF5-47B7-ABC8-CF8FA621E37C}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\Steam\steamapps\common\Poi\Poi.exe =>.Steam Games
O87 - FAEL: "{210C4508-DB09-4C80-A68D-021834FB78EB}" [In-None-P6-TRUE] .(...) -- C:\Program Files (x86)\Steam\steamapps\common\Poi\Poi.exe =>.Steam Games
O87 - FAEL: "{7844F6E2-B732-41B1-B515-B538DA862F4F}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\Steam\steamapps\common\TowerOfFlight\TowerOfFlight.exe =>.Steam Games
O87 - FAEL: "{39B50514-43BF-4A82-86C9-04CB41638987}" [In-None-P6-TRUE] .(...) -- C:\Program Files (x86)\Steam\steamapps\common\TowerOfFlight\TowerOfFlight.exe =>.Steam Games
O87 - FAEL: "{BD58A874-4165-45FD-99A9-0EF9C13E1CB8}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe =>.Steam Games
O87 - FAEL: "{0217058C-B0A7-4E85-BA68-E66982AFC813}" [In-None-P6-TRUE] .(...) -- C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe =>.Steam Games
O87 - FAEL: "{17A985CF-2004-4A9E-8D53-ACDFB426A1D3}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe (.not file.)
O87 - FAEL: "{9F5F2681-AC90-4CE7-9D1A-147F9808DFDA}" [In-None-P6-TRUE] .(...) -- C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe (.not file.)
O87 - FAEL: "{943BF6BC-B5E5-4BB4-8FAC-DC0B56A1C10F}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe (.not file.)
O87 - FAEL: "{9D477B9D-00AF-4A67-9208-025A576B838E}" [In-None-P6-TRUE] .(...) -- C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe (.not file.)
O87 - FAEL: "{57A608E7-0362-4BBD-9A97-80670678BF52}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\Steam\steamapps\common\ClusterTruck\Clustertruck.exe =>.Steam Games
O87 - FAEL: "{29242437-3272-4142-8B89-3E4668D0F197}" [In-None-P6-TRUE] .(...) -- C:\Program Files (x86)\Steam\steamapps\common\ClusterTruck\Clustertruck.exe =>.Steam Games
O87 - FAEL: "UDP Query User{D64FCD27-EA79-4D14-9A2A-8DD2F6E2F24A}C:\program files (x86)\heroes of the storm\versions\base49008\heroesofthestorm_x64.exe" [In-None-P17-TRUE] .(...) -- C:\program files (x86)\heroes of the storm\versions\base49008\heroesofthestorm_x64.exe (.not file.)
O87 - FAEL: "TCP Query User{DEA85547-5659-4F37-80DD-D51EBECAD4B1}C:\program files (x86)\heroes of the storm\versions\base49008\heroesofthestorm_x64.exe" [In-None-P6-TRUE] .(...) -- C:\program files (x86)\heroes of the storm\versions\base49008\heroesofthestorm_x64.exe (.not file.)
O87 - FAEL: "{FCD6F280-54E3-4828-AD08-DB10546E1B9D}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\Steam\steamapps\common\A Story About My Uncle\Binaries\Win32\ASAMU-Win32-Shipping.exe (.not file.) =>.Steam Games
O87 - FAEL: "{AF03C5DC-65A5-422A-A31E-F75681D3B422}" [In-None-P6-TRUE] .(...) -- C:\Program Files (x86)\Steam\steamapps\common\A Story About My Uncle\Binaries\Win32\ASAMU-Win32-Shipping.exe (.not file.) =>.Steam Games
O87 - FAEL: "UDP Query User{C34A876D-4D0B-4C6B-B211-8C735DFF7775}C:\program files (x86)\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe" [In-None-P17-TRUE] .(...) -- C:\program files (x86)\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe (.not file.)
O87 - FAEL: "TCP Query User{A60D3FBB-7F82-4864-AB7F-FB14CCE639AE}C:\program files (x86)\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe" [In-None-P6-TRUE] .(...) -- C:\program files (x86)\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe (.not file.)
O87 - FAEL: "UDP Query User{4834F3E2-2F2C-4BA9-990C-E5D9782A24BD}C:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe" [In-None-P17-TRUE] .(...) -- C:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe (.not file.)
O87 - FAEL: "TCP Query User{2B20E585-5C33-4023-B4AE-3E8BDE250279}C:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe" [In-None-P6-TRUE] .(...) -- C:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe (.not file.)
O87 - FAEL: "UDP Query User{05C9BBE9-0483-4133-A00E-0B6DC9AC1CEE}C:\program files (x86)\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe" [In-None-P17-TRUE] .(...) -- C:\program files (x86)\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe (.not file.)
O87 - FAEL: "TCP Query User{94940F8C-9C32-4AD7-9830-0FAEEFD64003}C:\program files (x86)\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe" [In-None-P6-TRUE] .(...) -- C:\program files (x86)\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe (.not file.)
O87 - FAEL: "UDP Query User{10E6EDAB-D3ED-45D9-96D1-1E18CFF55758}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe" [In-None-P17-TRUE] .(...) -- C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (.not file.)
O87 - FAEL: "TCP Query User{6EBA7151-F2B4-4C2B-B9B9-1A4D6F634664}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe" [In-None-P6-TRUE] .(...) -- C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (.not file.)
O87 - FAEL: "UDP Query User{0A8CB229-7B6F-43B0-8E96-17DD0858EA96}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe" [In-None-P17-TRUE] .(...) -- C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (.not file.)
O87 - FAEL: "TCP Query User{8FA39C48-A75E-45AB-8F65-D22A8590B914}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe" [In-None-P6-TRUE] .(...) -- C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (.not file.)
O87 - FAEL: "{30A00E70-30F4-42FF-A22C-BA1A1AF8424E}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\Steam\steamapps\common\vvvvvv\VVVVVV.exe =>.Steam Games
O87 - FAEL: "{A54DC929-2EA9-4C9C-9A7C-D3CCA4A43746}" [In-None-P6-TRUE] .(...) -- C:\Program Files (x86)\Steam\steamapps\common\vvvvvv\VVVVVV.exe =>.Steam Games
O87 - FAEL: "UDP Query User{055F21DF-2B15-4328-AEE4-1C0EB49096CF}C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe" [In-None-P17-TRUE] .(...) -- C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe (.not file.)
O87 - FAEL: "TCP Query User{78232D3E-365E-442E-9C0C-2E5D8E50E99D}C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe" [In-None-P6-TRUE] .(...) -- C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe (.not file.)
O87 - FAEL: "UDP Query User{80B03491-489F-46E7-A1AE-15B983BDFFB3}C:\program files (x86)\overwatch test\overwatch.exe" [In-None-P17-TRUE] .(...) -- C:\program files (x86)\overwatch test\overwatch.exe (.not file.)
O87 - FAEL: "TCP Query User{1A9B98B8-8F51-45CF-BFD0-46272D91BD5D}C:\program files (x86)\overwatch test\overwatch.exe" [In-None-P6-TRUE] .(...) -- C:\program files (x86)\overwatch test\overwatch.exe (.not file.)
O87 - FAEL: "UDP Query User{CAD46788-F1C6-4AD3-83C4-08855C437270}C:\program files (x86)\steam\steamapps\common\spellsworn\spellsworn\binaries\win64\spellsworn-win64-test.exe" [In-None-P17-TRUE] .(...) -- C:\program files (x86)\steam\steamapps\common\spellsworn\spellsworn\binaries\win64\spellsworn-win64-test.exe (.not file.) =>.Steam Games
O87 - FAEL: "TCP Query User{50042EF9-90F3-43B8-8DFD-BEB2102F21E3}C:\program files (x86)\steam\steamapps\common\spellsworn\spellsworn\binaries\win64\spellsworn-win64-test.exe" [In-None-P6-TRUE] .(...) -- C:\program files (x86)\steam\steamapps\common\spellsworn\spellsworn\binaries\win64\spellsworn-win64-test.exe (.not file.) =>.Steam Games
O87 - FAEL: "{581BE7AA-E4FF-4249-81E0-BEC1BF7741DA}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\Steam\steamapps\common\Grapple\Grapple.exe =>.Steam Games
O87 - FAEL: "{FE89DCF2-30C3-4E32-97D8-CB8553507893}" [In-None-P6-TRUE] .(...) -- C:\Program Files (x86)\Steam\steamapps\common\Grapple\Grapple.exe =>.Steam Games
O87 - FAEL: "UDP Query User{2E7F652B-23D0-44ED-9024-AC7910F86D49}C:\users\tom\downloads\arduino-nightly-windows\arduino-nightly\java\bin\javaw.exe" [In-None-P17-TRUE] .(...) -- C:\users\tom\downloads\arduino-nightly-windows\arduino-nightly\java\bin\javaw.exe (.not file.)
O87 - FAEL: "TCP Query User{974AADE7-34F3-4D57-AB86-63E8809D5F44}C:\users\tom\downloads\arduino-nightly-windows\arduino-nightly\java\bin\javaw.exe" [In-None-P6-TRUE] .(...) -- C:\users\tom\downloads\arduino-nightly-windows\arduino-nightly\java\bin\javaw.exe (.not file.)
O87 - FAEL: "UDP Query User{104C7A34-B421-4C9C-A07E-7E69E56DB6B6}C:\program files (x86)\arduino\java\bin\java.exe" [In-None-P17-TRUE] .(...) -- C:\program files (x86)\arduino\java\bin\java.exe (.not file.)
O87 - FAEL: "TCP Query User{839FFD9D-9024-4BAF-BB63-85283BADFE67}C:\program files (x86)\arduino\java\bin\java.exe" [In-None-P6-TRUE] .(...) -- C:\program files (x86)\arduino\java\bin\java.exe (.not file.)
O87 - FAEL: "UDP Query User{C9654D96-9956-419E-8D75-99768102E625}C:\program files (x86)\arduino\java\bin\javaw.exe" [In-None-P17-TRUE] .(...) -- C:\program files (x86)\arduino\java\bin\javaw.exe (.not file.)
O87 - FAEL: "TCP Query User{0AA06BFA-E5E2-4F65-B9C8-A007CE0C2062}C:\program files (x86)\arduino\java\bin\javaw.exe" [In-None-P6-TRUE] .(...) -- C:\program files (x86)\arduino\java\bin\javaw.exe (.not file.)
O87 - FAEL: "UDP Query User{4BA396FF-E741-44B0-8297-B3E5EF89ED7E}C:\users\tom\appdata\local\temp\codebender\node.exe" [In-None-P17-TRUE] .(...) -- C:\users\tom\appdata\local\temp\codebender\node.exe (.not file.) =>.Temporary file not necessary
O87 - FAEL: "TCP Query User{19B18644-C2AF-4BEF-8EED-DBF87BDCAA60}C:\users\tom\appdata\local\temp\codebender\node.exe" [In-None-P6-TRUE] .(...) -- C:\users\tom\appdata\local\temp\codebender\node.exe (.not file.) =>.Temporary file not necessary
O87 - FAEL: "{556FD58B-97D1-4FC9-937D-0E583CEC8677}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\Steam\steamapps\common\Bus Driver\bin\win_x86\launcher.exe (.not file.) =>.Steam Games
O87 - FAEL: "{6AE36354-7075-4895-A556-472E350A2FA8}" [In-None-P6-TRUE] .(...) -- C:\Program Files (x86)\Steam\steamapps\common\Bus Driver\bin\win_x86\launcher.exe (.not file.) =>.Steam Games
O87 - FAEL: "{0F1AA046-BC1B-4E23-9527-E3946F689FA8}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\Steam\steamapps\common\Bus Driver\bin\win_x86\busdriver.exe (.not file.) =>.Steam Games
O87 - FAEL: "{7B475CC0-8666-423A-B873-946979E92D68}" [In-None-P6-TRUE] .(...) -- C:\Program Files (x86)\Steam\steamapps\common\Bus Driver\bin\win_x86\busdriver.exe (.not file.) =>.Steam Games
O87 - FAEL: "{FEFF286A-3ACF-4DCB-937D-B3E78F68246D}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\Steam\steamapps\common\Trucks & Trailers\bin\win_x86\trucks_n_trailers.exe (.not file.) =>.Steam Games
O87 - FAEL: "{929CA325-16B8-4018-A324-3A17ED68A093}" [In-None-P6-TRUE] .(...) -- C:\Program Files (x86)\Steam\steamapps\common\Trucks & Trailers\bin\win_x86\trucks_n_trailers.exe (.not file.) =>.Steam Games
O87 - FAEL: "{44035CB2-3771-4A01-919F-B65EFEE64205}" [In-None-P17-TRUE] .(.The Game Creators - Game Guru Interface.) -- C:\Program Files (x86)\Steam\steamapps\common\Game Guru\GameGuru.exe =>.Steam SteamApps Games
O87 - FAEL: "{2D594497-D9EF-47F5-B6DF-675F6D82A2E6}" [In-None-P6-TRUE] .(.The Game Creators - Game Guru Interface.) -- C:\Program Files (x86)\Steam\steamapps\common\Game Guru\GameGuru.exe =>.Steam SteamApps Games
O87 - FAEL: "UDP Query User{619A2532-F02F-4387-BB56-650C4C514A00}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe" [In-None-P17-TRUE] .(...) -- C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe (.not file.) =>.Steam Games
O87 - FAEL: "TCP Query User{BD224FD1-4D9F-48A6-BD92-DA70324CD218}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe" [In-None-P6-TRUE] .(...) -- C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe (.not file.) =>.Steam Games

---\\ Additional Scan (O88) (1) - 0s
~ No malicious or unnecessary items found.

---\\ Summary of the elements found (1) - 0s
~ No malicious or unnecessary items found.

~ Unselected Options:
~ End of the scan, 37268 items in 03mn04s (1242)(0)

Is that all that you need?

Malnutrition · Sep 26, 2017

Eliminate restrictive settings with this tool.

Temporarily disable your antivirus --- Your antivirus may flag this tool as malware, it is safe to run I assure you.
Download SupRestric.exe save to your desktop. ( Unzip it there)
Close all running programs.
Double click the file to launch it.
Windows: 7/8/10 Vista and run as administrator
Click Yes at any prompt.
The analysis takes only a few moments.
The report is on the desktop ( CTR.txt )
Copy paste report in next reply.
A reboot is needed to complete the repairs.

Rogue Killer Scan.

Download RogueKiller -- (Portable) -- from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all other the running programs
Disable ALL Antivirus -- Antimalware -- Applications.
Right Click Rogue Killer and Run as Administrator.
Click the Start Scan button.
Allow the scan to run -- it can take ten minutes or more.
Once the scan is complete check All items for removal.
After All items are checked then press Remove Selected.
Wait until the Status box shows Deleting Finished.
Click on open report -- then open txt
Copy the content of the report and paste it here in your next reply.

JRT Scan.

Please download Junkware Removal Tool and save it on your desktop.

Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log is saved to your desktop and will automatically open.
Please post the JRT log.

Adware Cleaner Scan.

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Malnutrition · Sep 26, 2017

I will have a look at the logs, in the mean time please run these tools.

Tom Ashton · Sep 26, 2017

Rapport de Contrôle restrictions Pierre13 (CTR version 2.4.0.0 ) du 26\09\2017 à 16:36:43
PC de Tom
Windows 10 Pro (64 bits)

réparation erreur 2203 effectuée.

Contrôle présence restrictions

[TROJ_POWELIKS.B] clé feature_browser_emulation supprimée.
[BKDR_BLACKEN.A] clé WarnOnClose corrigée.
Autorisation installation sponsor Java(x86) supprimée.
Autorisation installation sponsor Java(x64) supprimée.
Restriction Affichage Documents récents supprimée.
Restriction Affichage Documents supprimée.
Restriction synchronisation en arrière-plan des flux d'informations et des Web Slices supprimée.
Restriction découverte des flux RSS et des Web Slices supprimée.
Pavé numérique activé.
Restriction utilisateur pour Windows Installer supprimée.
Service Pare feu Windows activé.
Paramètres Pare feu Windows rétablis par défaut et activés.

238 restrictions contrôlées.

11 restriction(s) réparée(s).
Re démarrer le PC pour prendre en compte la ou les réparations.

Le rapport est sur le bureau (C:\Users\Tom\Desktop\CTR.txt)

--------(RogueKiller)----------

RogueKiller V12.11.17.0 (x64) [Sep 25 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.15063) 64 bits version
Started in : Normal mode
User : Tom [Administrator]
Started from : C:\Users\Tom\Desktop\RogueKiller_portable64.exe
Mode : Scan -- Date : 09/26/2017 16:38:45 (Duration : 00:17:14)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 3 ¤¤¤
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2235556512-3620655794-2756196336-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | AutoConfigUrl : http://accessunlimitedweb.com/wpad.dat?eba26c9b7e75eb6c2021304adf1dc75435690757 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2235556512-3620655794-2756196336-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | AutoConfigUrl : http://accessunlimitedweb.com/wpad.dat?eba26c9b7e75eb6c2021304adf1dc75435690757 -> Found
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : 0http://accessunlimitedweb.com/wpad.dat?eba26c9b7e75eb6c2021304adf1dc75435690757 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: KINGSTON SV300S37A240G +++++
--- User ---
[MBR] 7d4036c0cd46466b663945cb83c689b3
[BSP] 1768863a0bb5618da1249427d9e889bf : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 500 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1026048 | Size: 228434 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: SAMSUNG HD103UJ +++++
--- User ---
[MBR] 488dd771117691d0780cd0f6d6a9591b
[BSP] e67d7a9d0a7fac9b30e9edcf1668dfff : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953868 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

--------------(JRT)-----------------

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Pro x64
Ran by Tom (Administrator) on 26/09/2017 at 17:02:00.53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 1

Successfully deleted: C:\Users\Tom\AppData\Roaming\speedrunnerslog.txt (File)

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26/09/2017 at 17:03:10.87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

---------------(AdwareCleaner)--------------

# AdwCleaner 7.0.2.1 - Logfile created on Tue Sep 26 16:04:57 2017
# Updated on 2017/29/08 by Malwarebytes
# Database: 09-23-2017.2
# Running on Windows 10 Pro (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [1232 B] - [2017/9/24 13:41:54]
C:/AdwCleaner/AdwCleaner[S0].txt - [1085 B] - [2017/9/24 13:41:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt ##########

Im still having problems so im not sure what to do

Malnutrition · Sep 27, 2017

Sorry for the delay. @Tom Ashton I work long hours and went directly to sleep yesterday.

Disable Windows Defender, Firewall & Antivirus prior to running this tool!!
Save AdsFix to your desktop.
Right Click & Run As Administrator.
With an infected machine, it could take several seconds to be charged.
You will then be prompted to install Certificates.
Install then click OK.
Right Click & Run As Administrator Again.

Click Options then select Unlock the deletion.
Then click on clean.
Enter your country
Don’t use the machine while scanning and be patient
Once the scan has completed, please copy and paste the report in your next reply.
The report will be C:\AdsFix_date_hour.txt or on your dektop with the same name.

Malnutrition · Sep 28, 2017

FRST Fix.

Click Here To Download Fixlist.

Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Security Check Scan.

Download Security Check to your desktop.
Right click it run as administrator.
When the program completes, the tool will automatically open a log file.
Please post that log here in your next post.

Reset your router to factory settings.

In your next reply I need the following:

ADS-Fix Report
FRST Fixlog.
Security Check Report
Tell me how the machine is running now.

Tom Ashton · Sep 28, 2017

Frst Fix:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-09-2017 01
Ran by Tom (administrator) on DESKTOP-VFLINGR (28-09-2017 18:11:16)
Running from C:\Users\Tom\Desktop
Loaded Profiles: Tom (Available Profiles: Tom)
Platform: Windows 10 Pro Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) D:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Malwarebytes) D:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(© 2015 Microsoft Corporation) C:\Users\Tom\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8822016 2016-06-26] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17494136 2017-04-06] (Logitech Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2013-12-05] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.)
HKU\S-1-5-21-2235556512-3620655794-2756196336-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3074336 2017-09-27] (Valve Corporation)
HKU\S-1-5-21-2235556512-3620655794-2756196336-1001\...\Run: [BingSvc] => C:\Users\Tom\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-2235556512-3620655794-2756196336-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27793888 2017-05-05] (Skype Technologies S.A.)
HKU\S-1-5-21-2235556512-3620655794-2756196336-1001\...\Run: [Spotify] => C:\Users\Tom\AppData\Roaming\Spotify\Spotify.exe [15849072 2017-07-17] (Spotify Ltd)
HKU\S-1-5-21-2235556512-3620655794-2756196336-1001\...\Run: [Spotify Web Helper] => C:\Users\Tom\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1579120 2017-07-17] (Spotify Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2017-09-25]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)
Startup: C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2017-08-02]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9592b15e-0986-4b06-82d9-a04d32ecc759}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{9592b15e-0986-4b06-82d9-a04d32ecc759}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2235556512-3620655794-2756196336-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-2235556512-3620655794-2756196336-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2017-07-22] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-07-22] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-07-22] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-22] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-22] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-22] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-22] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-22] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-22] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-22] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-22] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-22] (Microsoft Corporation)

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-07-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-07-22] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-07-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-09-24] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-09-24] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

Chrome:
=======
CHR HomePage: Default -> msn.com
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms}
CHR Profile: C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default [2017-09-28]
CHR Extension: (Google Slides) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-09-24]
CHR Extension: (Google Docs) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-09-24]
CHR Extension: (Google Drive) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-24]
CHR Extension: (YouTube) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-24]
CHR Extension: (Steam Powered) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\chnfggpncfadofhgkekcppnonikpgbjm [2017-09-24]
CHR Extension: (Google Sheets) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-09-24]
CHR Extension: (Google Docs Offline) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-24]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-09-24]
CHR Extension: (Qmee) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbaanpgkpkoamihninlcegnjclcpibde [2017-09-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-24]
CHR Extension: (Enhanced Steam) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2017-09-24]
CHR Extension: (Gmail) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-24]
CHR Extension: (Chrome Media Router) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-24]
CHR Profile: C:\Users\Tom\AppData\Local\Google\Chrome\User Data\System Profile [2017-09-24]
CHR HKU\S-1-5-21-2235556512-3620655794-2756196336-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2235556512-3620655794-2756196336-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ijahobfejgeblmkpcmgpelfibgnnjpil] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2017-08-02] (Adobe Systems) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3705536 2017-07-03] (Microsoft Corporation)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [227104 2016-09-22] (EasyAntiCheat Ltd)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-09-15] (Hi-Rez Studios) [File not signed]
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-04-06] (Logitech Inc.)
R2 MBAMService; D:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-07-26] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-07-26] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-07-26] (NVIDIA Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-19] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-08-24] ()
R3 ladfGSS; C:\WINDOWS\system32\drivers\ladfGSS.sys [54552 2017-04-05] (Logitech Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2017-04-06] (Logitech Inc.)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [192960 2017-09-26] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [101824 2017-09-28] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-09-28] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253888 2017-09-28] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [94144 2017-09-28] (Malwarebytes)
R1 MpKslf75f4afe; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BE2FEEB4-5162-4678-94F6-1FE4FB2ACCCC}\MpKslf75f4afe.sys [44928 2017-09-27] (Microsoft Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_f9309145156afb40\nvlddmkm.sys [14456912 2017-05-19] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-07-26] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-07-26] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-07-26] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [46408 2017-06-02] (SteelSeries ApS)
R3 sshid; C:\WINDOWS\System32\drivers\sshid.sys [45936 2017-08-15] (SteelSeries ApS)
R3 SteamStreamingMicrophone; C:\WINDOWS\system32\drivers\SteamStreamingMicrophone.sys [40736 2017-07-28] ()
R3 SteamStreamingSpeakers; C:\WINDOWS\system32\drivers\SteamStreamingSpeakers.sys [40736 2017-07-21] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-28 18:11 - 2017-09-28 18:11 - 000000000 ____D C:\Users\Tom\Desktop\FRST-OlderVersion
2017-09-28 18:08 - 2017-09-28 18:08 - 000002525 _____ C:\Users\Tom\Desktop\fixlist.txt
2017-09-26 17:09 - 2017-09-28 18:06 - 000101824 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-09-26 17:05 - 2017-09-26 17:05 - 000001080 _____ C:\Users\Tom\Desktop\AdwCleaner[S1].txt
2017-09-26 17:03 - 2017-09-26 17:03 - 000000624 _____ C:\Users\Tom\Desktop\JRT.txt
2017-09-26 16:58 - 2017-09-26 16:58 - 000004596 _____ C:\Users\Tom\Desktop\Rogue.txt
2017-09-26 16:38 - 2017-09-26 16:58 - 000000000 ____D C:\ProgramData\RogueKiller
2017-09-26 16:38 - 2017-09-26 16:38 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-09-26 16:36 - 2017-09-26 16:36 - 000001089 _____ C:\Users\Tom\Desktop\CTR.txt
2017-09-26 16:34 - 2017-09-26 16:34 - 026704968 _____ C:\Users\Tom\Desktop\RogueKiller_portable64.exe
2017-09-26 16:34 - 2017-09-26 16:34 - 008182736 _____ (Malwarebytes) C:\Users\Tom\Desktop\adwcleaner_7.0.2.1.exe
2017-09-26 16:34 - 2017-09-26 16:34 - 001790024 _____ (Malwarebytes) C:\Users\Tom\Desktop\JRT.exe
2017-09-26 16:34 - 2017-09-26 16:32 - 000633386 _____ C:\Users\Tom\Desktop\SupRestric.zip
2017-09-25 17:05 - 2017-09-25 17:05 - 000156625 _____ C:\Users\Tom\Desktop\ZHPDiag.txt
2017-09-25 17:02 - 2017-09-25 17:03 - 000000000 ____D C:\Users\Tom\AppData\Roaming\ZHP
2017-09-25 17:02 - 2017-09-25 17:03 - 000000000 ____D C:\Users\Tom\AppData\Local\ZHP
2017-09-25 17:01 - 2017-09-25 17:01 - 002856832 _____ C:\Users\Tom\Desktop\ZHPDiag3.exe
2017-09-24 18:03 - 2017-09-24 18:03 - 000578404 _____ C:\WINDOWS\Minidump\092417-5015-01.dmp
2017-09-24 18:01 - 2017-09-24 18:01 - 000576684 _____ C:\WINDOWS\Minidump\092417-5000-01.dmp
2017-09-24 18:00 - 2017-09-24 18:00 - 005200384 _____ (AVAST Software) C:\Users\Tom\Desktop\aswmbr.exe
2017-09-24 17:59 - 2017-09-24 17:59 - 000075864 _____ C:\Users\Tom\Desktop\Addition.txt
2017-09-24 17:58 - 2017-09-28 18:11 - 000019242 _____ C:\Users\Tom\Desktop\FRST.txt
2017-09-24 17:58 - 2017-09-28 18:11 - 000000000 ____D C:\FRST
2017-09-24 17:55 - 2017-09-28 18:11 - 002399744 _____ (Farbar) C:\Users\Tom\Desktop\FRST64.exe
2017-09-24 14:40 - 2017-09-26 17:04 - 000000000 ____D C:\AdwCleaner
2017-09-24 14:25 - 2017-09-24 14:25 - 000002351 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-24 14:25 - 2017-09-24 14:25 - 000002339 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-09-24 14:22 - 2017-09-24 14:22 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-09-24 14:22 - 2017-09-24 14:22 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-09-24 14:13 - 2017-09-24 17:03 - 000001065 _____ C:\Users\Tom\Desktop\google.txt
2017-09-24 11:53 - 2017-09-28 18:06 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-09-24 11:53 - 2017-09-28 18:06 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-09-24 11:53 - 2017-09-28 18:06 - 000045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-09-24 11:53 - 2017-09-26 17:09 - 000192960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-09-24 11:53 - 2017-09-24 11:53 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-09-24 11:53 - 2017-08-24 11:27 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-09-22 18:51 - 2017-09-22 18:51 - 000000000 ____D C:\Users\Tom\AppData\LocalLow\2xMilk
2017-09-15 17:21 - 2017-09-15 17:21 - 000000000 ____D C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Screaming Bee
2017-09-15 17:13 - 2017-09-15 17:21 - 000000000 ____D C:\Users\Tom\AppData\Roaming\Screaming Bee
2017-09-15 17:13 - 2017-09-15 17:21 - 000000000 ____D C:\ProgramData\Screaming Bee
2017-09-12 18:32 - 2017-09-05 06:31 - 001596592 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-09-12 18:32 - 2017-09-05 06:31 - 001147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-09-12 18:32 - 2017-09-05 06:31 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-09-12 18:32 - 2017-09-05 06:30 - 000287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-09-12 18:32 - 2017-09-05 06:27 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-09-12 18:32 - 2017-09-05 06:27 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-09-12 18:32 - 2017-09-05 06:26 - 008319904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-09-12 18:32 - 2017-09-05 06:26 - 001930840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-09-12 18:32 - 2017-09-05 06:25 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-09-12 18:32 - 2017-09-05 06:25 - 000159648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-09-12 18:32 - 2017-09-05 06:24 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-09-12 18:32 - 2017-09-05 06:24 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-09-12 18:32 - 2017-09-05 06:23 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-09-12 18:32 - 2017-09-05 06:21 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-09-12 18:32 - 2017-09-05 06:19 - 004848960 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-09-12 18:32 - 2017-09-05 06:19 - 002443168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-09-12 18:32 - 2017-09-05 06:18 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-09-12 18:32 - 2017-09-05 06:18 - 005477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-09-12 18:32 - 2017-09-05 06:18 - 002972552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-09-12 18:32 - 2017-09-05 06:18 - 002647224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-09-12 18:32 - 2017-09-05 06:18 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-09-12 18:32 - 2017-09-05 06:18 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-09-12 18:32 - 2017-09-05 06:17 - 000316320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-09-12 18:32 - 2017-09-05 06:16 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-09-12 18:32 - 2017-09-05 06:16 - 000724200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-09-12 18:32 - 2017-09-05 06:16 - 000546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-09-12 18:32 - 2017-09-05 06:16 - 000410168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-09-12 18:32 - 2017-09-05 06:16 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-09-12 18:32 - 2017-09-05 06:15 - 003116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-09-12 18:32 - 2017-09-05 06:15 - 000871448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-09-12 18:32 - 2017-09-05 06:15 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-09-12 18:32 - 2017-09-05 06:14 - 021352656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-09-12 18:32 - 2017-09-05 06:14 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-09-12 18:32 - 2017-09-05 06:14 - 004708504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-09-12 18:32 - 2017-09-05 06:14 - 001146176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2017-09-12 18:32 - 2017-09-05 06:14 - 000958664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2017-09-12 18:32 - 2017-09-05 06:14 - 000254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-09-12 18:32 - 2017-09-05 06:14 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-09-12 18:32 - 2017-09-05 06:13 - 001619816 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-09-12 18:32 - 2017-09-05 06:12 - 002229152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-09-12 18:32 - 2017-09-05 06:12 - 001854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-09-12 18:32 - 2017-09-05 06:12 - 001462688 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-09-12 18:32 - 2017-09-05 06:12 - 001409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-09-12 18:32 - 2017-09-05 06:12 - 001292880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-09-12 18:32 - 2017-09-05 06:12 - 000855456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-09-12 18:32 - 2017-09-05 06:12 - 000849824 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-09-12 18:32 - 2017-09-05 06:12 - 000699808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-09-12 18:32 - 2017-09-05 06:12 - 000674720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-09-12 18:32 - 2017-09-05 06:12 - 000627080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-09-12 18:32 - 2017-09-05 06:12 - 000081176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2017-09-12 18:32 - 2017-09-05 06:11 - 002675104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-09-12 18:32 - 2017-09-05 06:11 - 000610720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2017-09-12 18:32 - 2017-09-05 06:11 - 000387936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-09-12 18:32 - 2017-09-05 05:53 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-09-12 18:32 - 2017-09-05 05:53 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-09-12 18:32 - 2017-09-05 05:52 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-09-12 18:32 - 2017-09-05 05:50 - 004330920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2017-09-12 18:32 - 2017-09-05 05:46 - 004471888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-09-12 18:32 - 2017-09-05 05:45 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-09-12 18:32 - 2017-09-05 05:45 - 005821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-09-12 18:32 - 2017-09-05 05:45 - 002476712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-09-12 18:32 - 2017-09-05 05:45 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-09-12 18:32 - 2017-09-05 05:45 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-09-12 18:32 - 2017-09-05 05:45 - 000085784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialUIBroker.exe
2017-09-12 18:32 - 2017-09-05 05:44 - 000569264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2017-09-12 18:32 - 2017-09-05 05:43 - 000611096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-09-12 18:32 - 2017-09-05 05:43 - 000359560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-09-12 18:32 - 2017-09-05 05:43 - 000280480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-09-12 18:32 - 2017-09-05 05:43 - 000169376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-09-12 18:32 - 2017-09-05 05:43 - 000042456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbs.dll
2017-09-12 18:32 - 2017-09-05 05:42 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-09-12 18:32 - 2017-09-05 05:42 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-09-12 18:32 - 2017-09-05 05:42 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-09-12 18:32 - 2017-09-05 05:42 - 000291904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2017-09-12 18:32 - 2017-09-05 05:42 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-09-12 18:32 - 2017-09-05 05:41 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-09-12 18:32 - 2017-09-05 05:41 - 006761560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-09-12 18:32 - 2017-09-05 05:41 - 004671832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-09-12 18:32 - 2017-09-05 05:41 - 001106904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2017-09-12 18:32 - 2017-09-05 05:41 - 001013912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2017-09-12 18:32 - 2017-09-05 05:40 - 000052768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2017-09-12 18:32 - 2017-09-05 05:39 - 001517472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-09-12 18:32 - 2017-09-05 05:37 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-09-12 18:32 - 2017-09-05 05:31 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-09-12 18:32 - 2017-09-05 05:30 - 001639936 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-09-12 18:32 - 2017-09-05 05:29 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-09-12 18:32 - 2017-09-05 05:28 - 017371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-09-12 18:32 - 2017-09-05 05:28 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2017-09-12 18:32 - 2017-09-05 05:28 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2017-09-12 18:32 - 2017-09-05 05:27 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-09-12 18:32 - 2017-09-05 05:27 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-09-12 18:32 - 2017-09-05 05:27 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2017-09-12 18:32 - 2017-09-05 05:27 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-09-12 18:32 - 2017-09-05 05:27 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll
2017-09-12 18:32 - 2017-09-05 05:27 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-09-12 18:32 - 2017-09-05 05:26 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-09-12 18:32 - 2017-09-05 05:26 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-09-12 18:32 - 2017-09-05 05:26 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2017-09-12 18:32 - 2017-09-05 05:26 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-09-12 18:32 - 2017-09-05 05:26 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.exe
2017-09-12 18:32 - 2017-09-05 05:26 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe
2017-09-12 18:32 - 2017-09-05 05:25 - 013844480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-09-12 18:32 - 2017-09-05 05:25 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-09-12 18:32 - 2017-09-05 05:25 - 000527872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-09-12 18:32 - 2017-09-05 05:25 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-09-12 18:32 - 2017-09-05 05:25 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-09-12 18:32 - 2017-09-05 05:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2017-09-12 18:32 - 2017-09-05 05:24 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-09-12 18:32 - 2017-09-05 05:24 - 000457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-09-12 18:32 - 2017-09-05 05:24 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
2017-09-12 18:32 - 2017-09-05 05:24 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-09-12 18:32 - 2017-09-05 05:24 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcrecovery.dll
2017-09-12 18:32 - 2017-09-05 05:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-09-12 18:32 - 2017-09-05 05:23 - 020509184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-09-12 18:32 - 2017-09-05 05:23 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2017-09-12 18:32 - 2017-09-05 05:23 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-09-12 18:32 - 2017-09-05 05:23 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2017-09-12 18:32 - 2017-09-05 05:23 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-09-12 18:32 - 2017-09-05 05:22 - 023684608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-09-12 18:32 - 2017-09-05 05:22 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2017-09-12 18:32 - 2017-09-05 05:22 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2017-09-12 18:32 - 2017-09-05 05:22 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
2017-09-12 18:32 - 2017-09-05 05:22 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-09-12 18:32 - 2017-09-05 05:22 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-09-12 18:32 - 2017-09-05 05:22 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-09-12 18:32 - 2017-09-05 05:22 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-09-12 18:32 - 2017-09-05 05:22 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-09-12 18:32 - 2017-09-05 05:22 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2017-09-12 18:32 - 2017-09-05 05:22 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-09-12 18:32 - 2017-09-05 05:22 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-09-12 18:32 - 2017-09-05 05:21 - 006728704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-09-12 18:32 - 2017-09-05 05:21 - 001178624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2017-09-12 18:32 - 2017-09-05 05:21 - 001051136 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2017-09-12 18:32 - 2017-09-05 05:21 - 000946688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2017-09-12 18:32 - 2017-09-05 05:21 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-09-12 18:32 - 2017-09-05 05:21 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-09-12 18:32 - 2017-09-05 05:21 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2017-09-12 18:32 - 2017-09-05 05:21 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2017-09-12 18:32 - 2017-09-05 05:21 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-09-12 18:32 - 2017-09-05 05:21 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.exe
2017-09-12 18:32 - 2017-09-05 05:20 - 007337472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-09-12 18:32 - 2017-09-05 05:20 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-09-12 18:32 - 2017-09-05 05:20 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-09-12 18:32 - 2017-09-05 05:20 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-09-12 18:32 - 2017-09-05 05:20 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-09-12 18:32 - 2017-09-05 05:20 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-09-12 18:32 - 2017-09-05 05:19 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-09-12 18:32 - 2017-09-05 05:19 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-09-12 18:32 - 2017-09-05 05:19 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
2017-09-12 18:32 - 2017-09-05 05:19 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2017-09-12 18:32 - 2017-09-05 05:19 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
2017-09-12 18:32 - 2017-09-05 05:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-09-12 18:32 - 2017-09-05 05:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-09-12 18:32 - 2017-09-05 05:18 - 012801536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-09-12 18:32 - 2017-09-05 05:18 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-09-12 18:32 - 2017-09-05 05:18 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-09-12 18:32 - 2017-09-05 05:18 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2017-09-12 18:32 - 2017-09-05 05:18 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-09-12 18:32 - 2017-09-05 05:18 - 000832000 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2017-09-12 18:32 - 2017-09-05 05:18 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-09-12 18:32 - 2017-09-05 05:18 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2017-09-12 18:32 - 2017-09-05 05:18 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2017-09-12 18:32 - 2017-09-05 05:18 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-09-12 18:32 - 2017-09-05 05:18 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
2017-09-12 18:32 - 2017-09-05 05:18 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-09-12 18:32 - 2017-09-05 05:18 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-09-12 18:32 - 2017-09-05 05:18 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-09-12 18:32 - 2017-09-05 05:18 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-09-12 18:32 - 2017-09-05 05:18 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
2017-09-12 18:32 - 2017-09-05 05:18 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
2017-09-12 18:32 - 2017-09-05 05:17 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-09-12 18:32 - 2017-09-05 05:17 - 008207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-09-12 18:32 - 2017-09-05 05:17 - 002765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-09-12 18:32 - 2017-09-05 05:17 - 001397760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-09-12 18:32 - 2017-09-05 05:17 - 000918528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2017-09-12 18:32 - 2017-09-05 05:17 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
2017-09-12 18:32 - 2017-09-05 05:17 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2017-09-12 18:32 - 2017-09-05 05:17 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2017-09-12 18:32 - 2017-09-05 05:17 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-09-12 18:32 - 2017-09-05 05:16 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-09-12 18:32 - 2017-09-05 05:16 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-09-12 18:32 - 2017-09-05 05:16 - 002680320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2017-09-12 18:32 - 2017-09-05 05:16 - 000844288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2017-09-12 18:32 - 2017-09-05 05:16 - 000563200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2017-09-12 18:32 - 2017-09-05 05:16 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-09-12 18:32 - 2017-09-05 05:16 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-09-12 18:32 - 2017-09-05 05:16 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2017-09-12 18:32 - 2017-09-05 05:15 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-09-12 18:32 - 2017-09-05 05:15 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-09-12 18:32 - 2017-09-05 05:15 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-09-12 18:32 - 2017-09-05 05:15 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-09-12 18:32 - 2017-09-05 05:15 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-09-12 18:32 - 2017-09-05 05:15 - 001736704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2017-09-12 18:32 - 2017-09-05 05:15 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-09-12 18:32 - 2017-09-05 05:15 - 001143296 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-09-12 18:32 - 2017-09-05 05:15 - 001077248 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-09-12 18:32 - 2017-09-05 05:15 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-09-12 18:32 - 2017-09-05 05:15 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-09-12 18:32 - 2017-09-05 05:15 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-09-12 18:32 - 2017-09-05 05:15 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-09-12 18:32 - 2017-09-05 05:15 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-09-12 18:32 - 2017-09-05 05:15 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2017-09-12 18:32 - 2017-09-05 05:14 - 011887104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-09-12 18:32 - 2017-09-05 05:14 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-09-12 18:32 - 2017-09-05 05:14 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-09-12 18:32 - 2017-09-05 05:14 - 002445824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-09-12 18:32 - 2017-09-05 05:14 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-09-12 18:32 - 2017-09-05 05:14 - 002006528 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2017-09-12 18:32 - 2017-09-05 05:14 - 001657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-09-12 18:32 - 2017-09-05 05:14 - 001583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-09-12 18:32 - 2017-09-05 05:14 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-09-12 18:32 - 2017-09-05 05:14 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-09-12 18:32 - 2017-09-05 05:14 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-09-12 18:32 - 2017-09-05 05:14 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-09-12 18:32 - 2017-09-05 05:14 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-09-12 18:32 - 2017-09-05 05:14 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-09-12 18:32 - 2017-09-05 05:13 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-09-12 18:32 - 2017-09-05 05:13 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-09-12 18:32 - 2017-09-05 05:13 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-09-12 18:32 - 2017-09-05 05:13 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-09-12 18:32 - 2017-09-05 05:12 - 006265856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-09-12 18:32 - 2017-09-05 05:12 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-09-12 18:32 - 2017-09-05 05:12 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-09-12 18:32 - 2017-09-05 05:12 - 002153984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-09-12 18:32 - 2017-09-05 05:12 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-09-12 18:32 - 2017-09-05 05:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-09-12 18:32 - 2017-09-05 05:11 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-09-12 18:32 - 2017-09-05 05:11 - 001463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-09-12 18:32 - 2017-09-05 05:11 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-09-12 18:32 - 2017-09-05 05:11 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-09-12 18:32 - 2017-09-05 05:11 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-09-12 18:32 - 2017-09-05 05:11 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-09-12 18:32 - 2017-09-05 05:10 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-09-12 18:32 - 2017-09-05 05:10 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-09-12 18:32 - 2017-09-05 05:10 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-09-12 18:32 - 2017-09-05 05:10 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthHFSrv.dll
2017-09-12 18:32 - 2017-09-05 05:06 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2017-09-12 18:32 - 2017-09-05 05:06 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-09-12 18:32 - 2017-09-05 05:06 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-09-12 18:32 - 2017-09-05 05:04 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-09-12 18:32 - 2017-09-05 05:04 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-09-12 18:32 - 2017-09-01 06:55 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-09-12 18:31 - 2017-09-05 06:31 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-09-12 18:31 - 2017-09-05 06:31 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-09-12 18:31 - 2017-09-05 06:31 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-09-12 18:31 - 2017-09-05 06:31 - 000115792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2017-09-12 18:31 - 2017-09-05 06:23 - 004462120 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2017-09-12 18:31 - 2017-09-05 06:20 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-09-12 18:31 - 2017-09-05 06:18 - 001668344 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2017-09-12 18:31 - 2017-09-05 06:18 - 000685512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2017-09-12 18:31 - 2017-09-05 06:16 - 001320344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-09-12 18:31 - 2017-09-05 06:16 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-09-12 18:31 - 2017-09-05 06:16 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-09-12 18:31 - 2017-09-05 06:16 - 000049720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll
2017-09-12 18:31 - 2017-09-05 06:15 - 000381824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2017-09-12 18:31 - 2017-09-05 06:15 - 000257440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-09-12 18:31 - 2017-09-05 06:13 - 000078240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncAppvPublishingServer.exe
2017-09-12 18:31 - 2017-09-05 06:13 - 000064680 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2017-09-12 18:31 - 2017-09-05 06:12 - 001693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-09-12 18:31 - 2017-09-05 06:12 - 000844704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-09-12 18:31 - 2017-09-05 06:12 - 000774560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-09-12 18:31 - 2017-09-05 06:12 - 000406944 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-09-12 18:31 - 2017-09-05 06:12 - 000235424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2017-09-12 18:31 - 2017-09-05 06:12 - 000203680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamingUX.dll
2017-09-12 18:31 - 2017-09-05 05:30 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-09-12 18:31 - 2017-09-05 05:30 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-09-12 18:31 - 2017-09-05 05:30 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-09-12 18:31 - 2017-09-05 05:30 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-09-12 18:31 - 2017-09-05 05:30 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-09-12 18:31 - 2017-09-05 05:30 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-09-12 18:31 - 2017-09-05 05:30 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-09-12 18:31 - 2017-09-05 05:30 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-09-12 18:31 - 2017-09-05 05:28 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-09-12 18:31 - 2017-09-05 05:27 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CfgSPCellular.dll
2017-09-12 18:31 - 2017-09-05 05:27 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAPNCsp.dll
2017-09-12 18:31 - 2017-09-05 05:27 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-09-12 18:31 - 2017-09-05 05:26 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2017-09-12 18:31 - 2017-09-05 05:26 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\csplte.dll
2017-09-12 18:31 - 2017-09-05 05:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2017-09-12 18:31 - 2017-09-05 05:26 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2017-09-12 18:31 - 2017-09-05 05:26 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-09-12 18:31 - 2017-09-05 05:25 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-09-12 18:31 - 2017-09-05 05:25 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-09-12 18:31 - 2017-09-05 05:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-09-12 18:31 - 2017-09-05 05:24 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
2017-09-12 18:31 - 2017-09-05 05:24 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2017-09-12 18:31 - 2017-09-05 05:24 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
2017-09-12 18:31 - 2017-09-05 05:24 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2017-09-12 18:31 - 2017-09-05 05:23 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2017-09-12 18:31 - 2017-09-05 05:23 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-09-12 18:31 - 2017-09-05 05:23 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-09-12 18:31 - 2017-09-05 05:23 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2017-09-12 18:31 - 2017-09-05 05:23 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
2017-09-12 18:31 - 2017-09-05 05:22 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-09-12 18:31 - 2017-09-05 05:22 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-09-12 18:31 - 2017-09-05 05:22 - 000413184 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-09-12 18:31 - 2017-09-05 05:22 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2017-09-12 18:31 - 2017-09-05 05:22 - 000213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
2017-09-12 18:31 - 2017-09-05 05:21 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2017-09-12 18:31 - 2017-09-05 05:21 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2017-09-12 18:31 - 2017-09-05 05:20 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-09-12 18:31 - 2017-09-05 05:20 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-09-12 18:31 - 2017-09-05 05:20 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-09-12 18:31 - 2017-09-05 05:19 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-09-12 18:31 - 2017-09-05 05:19 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-09-12 18:31 - 2017-09-05 05:19 - 001028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-09-12 18:31 - 2017-09-05 05:19 - 000996864 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2017-09-12 18:31 - 2017-09-05 05:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-09-12 18:31 - 2017-09-05 05:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-09-12 18:31 - 2017-09-05 05:19 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2017-09-12 18:31 - 2017-09-05 05:18 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-09-12 18:31 - 2017-09-05 05:18 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-09-12 18:31 - 2017-09-05 05:18 - 000803328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-09-12 18:31 - 2017-09-05 05:18 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-09-12 18:31 - 2017-09-05 05:18 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-09-12 18:31 - 2017-09-05 05:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-09-12 18:31 - 2017-09-05 05:16 - 000440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2017-09-12 18:31 - 2017-09-05 05:16 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-09-12 18:31 - 2017-09-05 05:15 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-09-12 18:31 - 2017-09-05 05:15 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-09-12 18:31 - 2017-09-05 05:15 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-09-12 18:31 - 2017-09-05 05:15 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-09-12 18:31 - 2017-09-05 05:14 - 000810496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-09-12 18:31 - 2017-09-05 05:13 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-09-12 18:31 - 2017-09-05 05:11 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-09-12 18:31 - 2017-09-05 05:09 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2017-09-12 18:31 - 2017-09-05 05:07 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-09-12 18:31 - 2017-09-05 05:07 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-09-11 17:35 - 2017-09-11 17:35 - 000000000 ___RD C:\Users\Tom\Documents\Downloads (D)
2017-09-10 20:52 - 2017-09-10 20:52 - 000000047 _____ C:\Users\Tom\Desktop\Release Dates.txt
2017-09-09 19:20 - 2017-09-09 19:20 - 000000000 ___RD C:\Users\Tom\AppData\Roaming\Brother
2017-09-09 19:20 - 2017-09-09 19:20 - 000000000 ____D C:\Users\Tom\AppData\LocalLow\Brother
2017-09-04 15:21 - 2017-09-04 15:21 - 000000766 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2017-09-04 13:20 - 2017-09-04 13:20 - 000000000 ____D C:\Users\Tom\AppData\LocalLow\srylain Inc_
2017-09-04 12:58 - 2017-09-04 13:02 - 000000000 ____D C:\Users\Tom\Documents\Guitar Hero III - Copy
2017-09-03 20:17 - 2017-09-03 20:20 - 000000000 ____D C:\Users\Tom\Documents\Volo Airsport
2017-09-03 20:17 - 2017-09-03 20:17 - 000000000 ____D C:\Users\Tom\AppData\LocalLow\Ramjet Anvil
2017-09-01 12:23 - 2017-09-24 18:03 - 000000000 ____D C:\WINDOWS\Minidump
2017-09-01 12:23 - 2017-09-01 12:23 - 000683812 _____ C:\WINDOWS\Minidump\090117-7046-01.dmp
2017-09-01 10:57 - 2017-09-22 21:28 - 000000000 ____D C:\Users\Tom\AppData\Roaming\vlc
2017-09-01 10:46 - 2017-09-01 10:47 - 000000000 ____D C:\Users\Tom\AppData\Roaming\livestreamer
2017-08-31 18:30 - 2017-08-31 18:30 - 000000000 ____D C:\Users\Tom\AppData\LocalLow\Thunder Lotus Games
2017-08-30 11:35 - 2017-07-28 20:51 - 000040736 _____ C:\WINDOWS\system32\Drivers\SteamStreamingMicrophone.sys
2017-08-30 11:35 - 2017-07-21 07:42 - 000040736 _____ C:\WINDOWS\system32\Drivers\SteamStreamingSpeakers.sys
2017-08-29 12:54 - 2017-08-29 12:54 - 000003135 _____ C:\Users\Tom\Desktop\GHTCP.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-28 18:07 - 2016-06-26 17:00 - 000000000 ____D C:\Program Files (x86)\Steam
2017-09-28 18:06 - 2017-07-19 19:42 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-28 18:06 - 2017-07-19 19:37 - 000000000 ____D C:\ProgramData\NVIDIA
2017-09-28 18:06 - 2016-09-18 10:49 - 000000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-09-27 17:18 - 2017-07-19 19:37 - 000000000 ____D C:\Users\Tom
2017-09-27 16:35 - 2017-07-19 19:46 - 001163454 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-09-27 16:32 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-26 17:08 - 2017-03-18 12:40 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2017-09-26 16:54 - 2015-07-10 12:04 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-09-26 16:28 - 2017-03-18 22:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-25 18:03 - 2017-07-16 09:53 - 000000000 ____D C:\Users\Tom\AppData\Roaming\steelseries-engine-3-client
2017-09-25 18:03 - 2017-03-18 22:01 - 000000000 ____D C:\WINDOWS\INF
2017-09-25 17:22 - 2016-06-26 15:04 - 000000000 ____D C:\Users\Tom\AppData\Local\Packages
2017-09-24 14:37 - 2016-06-26 15:05 - 000000000 ___RD C:\Users\Tom\OneDrive
2017-09-24 14:25 - 2016-06-26 19:34 - 000000000 ____D C:\Users\Tom\AppData\Local\Google
2017-09-24 14:22 - 2016-06-26 19:34 - 000000000 ____D C:\Program Files (x86)\Google
2017-09-24 14:19 - 2016-06-26 20:10 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-09-24 13:47 - 2017-02-18 19:28 - 000000000 ____D C:\Users\Tom\AppData\Local\CrashDumps
2017-09-22 19:09 - 2016-09-22 17:07 - 000000000 ____D C:\Program Files (x86)\Overwatch
2017-09-22 19:09 - 2016-09-22 17:06 - 000000000 ____D C:\Users\Tom\AppData\Local\Battle.net
2017-09-22 19:09 - 2016-09-22 17:05 - 000000000 ____D C:\Program Files (x86)\Battle.net
2017-09-15 17:41 - 2017-03-13 18:09 - 000000000 ____D C:\Users\Tom\AppData\Roaming\Audacity
2017-09-13 17:05 - 2016-04-27 07:42 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-09-13 17:04 - 2017-07-19 19:36 - 000388920 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-09-12 20:13 - 2017-03-18 22:03 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-09-12 20:13 - 2017-03-18 22:03 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-09-12 20:13 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2017-09-12 20:13 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-09-12 20:13 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\setup
2017-09-12 20:13 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-09-12 20:13 - 2017-03-18 22:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-09-12 20:13 - 2017-03-18 22:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-09-12 18:35 - 2016-06-26 15:58 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-09-12 18:34 - 2017-03-18 21:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-09-12 18:34 - 2016-06-26 15:58 - 138202976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-09-10 19:07 - 2017-03-12 15:48 - 000000359 _____ C:\WINDOWS\BRRBCOM.INI
2017-09-09 17:18 - 2017-02-25 15:28 - 000000000 ____D C:\Users\Tom\AppData\Local\8BitBoy
2017-09-07 17:45 - 2016-10-29 12:51 - 000000000 ____D C:\Users\Tom\Documents\SavedGames
2017-09-03 14:18 - 2017-07-22 08:54 - 000000000 ____D C:\ProgramData\Remotr
2017-09-02 16:15 - 2017-03-18 22:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-09-02 16:15 - 2017-03-18 22:06 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-09-01 10:57 - 2017-03-03 17:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

==================== Files in the root of some directories =======

2016-11-12 19:32 - 2016-11-12 19:32 - 000002606 _____ () C:\Users\Tom\AppData\Roaming\TargetInvocationLog.txt
2017-06-02 14:17 - 2017-06-02 14:17 - 000000000 _____ () C:\Users\Tom\AppData\Local\BlackstarMarketing.log
2017-06-02 15:21 - 2017-06-02 15:38 - 000000326 _____ () C:\Users\Tom\AppData\Local\insider.log
2017-07-31 13:21 - 2017-07-31 13:21 - 000007069 _____ () C:\Users\Tom\AppData\Local\recently-used.xbel
2017-06-27 19:16 - 2017-06-27 19:16 - 000007589 _____ () C:\Users\Tom\AppData\Local\Resmon.ResmonCfg
2017-07-19 19:37 - 2017-07-19 19:37 - 000000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
2017-09-26 16:38 - 2017-09-05 06:26 - 001930840 _____ (Microsoft Corporation) C:\Users\Tom\AppData\Local\Temp\dllnt_dump.dll
2017-09-24 14:18 - 2006-05-25 01:10 - 000455600 _____ (Macrovision Corporation) C:\Users\Tom\AppData\Local\Temp\_is365B.exe
2017-09-15 17:17 - 2006-05-25 01:10 - 000455600 _____ (Macrovision Corporation) C:\Users\Tom\AppData\Local\Temp\_is6467.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-30 14:34

==================== End of FRST.txt ============================

SecurityCheck by glax24 & Severnyj v.1.4.0.52 [25.07.17]
WebSite: www.safezone.cc
DateLog: 28.09.2017 18:14:53
Path starting: C:\Users\Tom\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: Tom
VersionXML: 4.64is-23.09.2017
___________________________________________________________________________

Windows 10(6.3.15063) (x64) Professional Release: 1703 Lang: English(0409)
Installation date OS: 19.07.2017 18:44:18
LicenseStatus: Office 16, Office16O365ProPlusR_Subscription1 edition Timebased activation will expire :44698 minutes
LicenseStatus: Windows(R), Professional edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
SystemDrive: C: FS: [NTFS] Capacity: [223.1 Gb] Used: [197.9 Gb] Free: [25.2 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.608.15063.0 [+]
User Account Control enabled
Automatically download and schedule installation
Windows Update (wuauserv) - The service is running
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Windows Defender (enabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Firewall (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Windows Defender (enabled and up to date)
-------------------------- [ SecurityUtilities ] --------------------------
Malwarebytes version 3.2.2.2029 v.3.2.2.2029
--------------------------- [ OtherUtilities ] ----------------------------
7-Zip 16.02 (x64) v.16.02 Warning! Download Update
Uninstall old version and install new one.
WinRAR 5.40 (64-bit) v.5.40.0 Warning! Download Update
Microsoft Silverlight v.5.1.50907.0
VLC media player v.2.2.6
--------------------------------- [ IM ] ----------------------------------
Skype™ 7.35 v.7.35.103 Warning! Download Update
--------------------------- [ AppleProduction ] ---------------------------
Bonjour v.3.1.0.1
iTunes v.12.5.5.5 Warning! Download Update
^Please use Apple Software Update tool.^
Bonjour Service (Bonjour Service) - The service is running
------------------------------- [ Browser ] -------------------------------
Google Chrome v.61.0.3163.100
------------------ [ AntivirusFirewallProcessServices ] -------------------
D:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe v.3.0.0.1169
Malwarebytes Service (MBAMService) - The service is running
D:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe v.3.1.0.556
C:\Program Files\Windows Defender\MsMpEng.exe v.4.11.15063.447
C:\Program Files\Windows Defender\NisSrv.exe v.4.11.15063.0
C:\Program Files\Windows Defender\MSASCuiL.exe v.4.11.15063.0
Windows Defender Antivirus Service (WinDefend) - The service is running
Windows Defender Antivirus Network Inspection Service (WdNisSvc) - The service is running
----------------------------- [ End of Log ] ------------------------------

I dont know what the ADS fix report is so i dont have it
I also didnt reset my router as it is a family router and i think ill only do it if it is absolutely necessary
The problems appear to have gone but im not sure
I will update you if they remain

Tom Ashton · Sep 28, 2017

*Update*
They're still here

Malnutrition · Sep 28, 2017

You did not run the FRST fix, you posted a new FRST log after a scan...

FRST Fix.

Click Here To Download Fixlist.

Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Zemana Deep Scan

- Right click on Zemana and run as admin.
- Click the Cog/Sproket Wheel, at the top right of Zemana
- Select Advanced - I have read the warning and wish to proceed.
- Place a tick next to Detect Suspicious (Root CA) Certificates.
- Then click the house icon in Zemana.
- Then hit your start button at the lower left hand corner of your desktop.
- Then left click on Computer.
- Drag Local Disk C: or whichever drive you decide to check first.
- Into the area of Zemana that reads Drag and drop files here to scan them.
- Once the scan has completed click graph icon on the top right of the programs User interface.
- Double click to open the latest log-file.
- Copy it to your clipboard.
- Post the log here in your next reply.

Malnutrition · Sep 28, 2017

Download ResetBrowser To your desktop.
Now close all open browsers.
Right click and run as administrator.
Click on Chrome. -- Allow completion.
Now reboot the machine and tell me if the issue persist.

Can you also tell me if it is just Chrome that is having the issue?

Malnutrition · Sep 28, 2017

Tom Ashton said:
I dont know what the ADS fix report is so i dont have it

Disable Windows Defender, Firewall & Antivirus prior to running this tool!!
Save AdsFix to your desktop.
Right Click & Run As Administrator.
With an infected machine, it could take several seconds to be charged.
You will then be prompted to install Certificates.
Install then click OK.
Right Click & Run As Administrator Again.

Click Options then select Unlock the deletion.
Then click on clean.
Enter your country
Don’t use the machine while scanning and be patient
Once the scan has completed, please copy and paste the report in your next reply.
The report will be C:\AdsFix_date_hour.txt or on your dektop with the same name.

Tom Ashton · Sep 29, 2017

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-09-2017 01
Ran by Tom (29-09-2017 16:41:25) Run:1
Running from D:\Downloads (D)
Loaded Profiles: Tom (Available Profiles: Tom)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
Closeprocesses:
Emptytemp:
RemoveProxy:
HKU\S-1-5-21-2235556512-3620655794-2756196336-1001\...\Run: [BingSvc] => C:\Users\Tom\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (� 2015 Microsoft Corporation)
AutoConfigURL: [S-1-5-21-2235556512-3620655794-2756196336-1001] => hxxp://accessunlimitedweb.com/wpad.dat?eba26c9b7e75eb6c2021304adf1dc75435690757
ManualProxies: 0hxxp://accessunlimitedweb.com/wpad.dat?eba26c9b7e75eb6c2021304adf1dc75435690757
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms}
CHR Extension: (Qmee) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbaanpgkpkoamihninlcegnjclcpibde [2017-09-24]
CHR Extension: (Chrome Media Router) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-24]
R1 MpKsl7aecbb60; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0BA0659A-5067-4713-9DE0-A817833F65C5}\MpKsl7aecbb60.sys [44928 2017-09-24] (Microsoft Corporation)
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0BA0659A-5067-4713-9DE0-A817833F65C5}\MpKsl7aecbb60.sys
Zip: C:\WINDOWS\Minidump
C:\Users\Tom\AppData\Local\Temp\_is365B.exe
C:\Users\Tom\AppData\Local\Temp\_is6467.exe
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => -> No File
CustomCLSID: HKU\S-1-5-21-2235556512-3620655794-2756196336-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Tom\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2235556512-3620655794-2756196336-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Tom\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2235556512-3620655794-2756196336-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Tom\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileSyncShell64.dll => No File
C:\WINDOWS\system32\Drivers\etc\hosts
Hosts:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state On
CMD: ipconfig /flushdns
reboot:
end
*****************

Restore point was successfully created.
Processes closed successfully.

========= RemoveProxy: =========

HKU\S-1-5-21-2235556512-3620655794-2756196336-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2235556512-3620655794-2756196336-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2235556512-3620655794-2756196336-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

HKU\S-1-5-21-2235556512-3620655794-2756196336-1001\Software\Microsoft\Windows\CurrentVersion\Run\\BingSvc => value removed successfully
HKU\S-1-5-21-2235556512-3620655794-2756196336-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => value not found.
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
Chrome DefaultSuggestURL => removed successfully
CHR Extension: (Qmee) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbaanpgkpkoamihninlcegnjclcpibde [2017-09-24] => Error: No automatic fix found for this entry.
CHR Extension: (Chrome Media Router) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-24] => Error: No automatic fix found for this entry.
MpKsl7aecbb60 => service not found.
"C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0BA0659A-5067-4713-9DE0-A817833F65C5}\MpKsl7aecbb60.sys" => not found.
================== Zip: ===================
C:\WINDOWS\Minidump -> copied successfully to C:\Users\Tom\Desktop\29.09.2017_16.41.33.zip
=========== Zip: End ===========
C:\Users\Tom\AppData\Local\Temp\_is365B.exe => moved successfully
C:\Users\Tom\AppData\Local\Temp\_is6467.exe => moved successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => key removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxDTCM => key removed successfully
HKLM\Software\Classes\CLSID\{9B5F5829-A529-4B12-814A-E81BCB8D93FC} => key not found.
HKU\S-1-5-21-2235556512-3620655794-2756196336-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => key removed successfully
HKU\S-1-5-21-2235556512-3620655794-2756196336-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => key removed successfully
HKU\S-1-5-21-2235556512-3620655794-2756196336-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => key removed successfully
C:\WINDOWS\system32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= netsh advfirewall reset =========

Ok.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state On =========

Ok.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 86344007 B
Java, Flash, Steam htmlcache => 346023371 B
Windows/system/drivers => 18217506 B
Edge => 37261021 B
Chrome => 382816087 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 4830 B
NetworkService => 733004 B
Tom => 1247380473 B

RecycleBin => 0 B
EmptyTemp: => 2 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 16:42:29 ====

My C Drive:

Zemana AntiMalware 2.74.2.150 (Installed)

-------------------------------------------------------
Scan Result : Completed
Scan Date : 2017/9/29
Operating System : Windows 10 64-bit
Processor : 4X Intel(R) Core(TM) i3-6100 CPU @ 3.70GHz
BIOS Mode : Legacy
CUID : 122A28AEB59F31361D0402
Scan Type : Custom Scan
Duration : 16m 56s
Scanned Objects : 441201
Detected Objects : 6
Excluded Objects : 0
Read Level : Normal
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

ld.exe
Status : Scanned
Object : %localappdata%\arduino15\packages\arduino\tools\avr-gcc\4.8.1-arduino5\avr\bin\ld.exe
MD5 : 89FABAA027C5FD2534CC5EDE076CDCD2
Publisher : -
Size : 1084416
Version : -
Detection : Malware:Win32/Vorniac.A!Tktk
Cleaning Action : Quarantine
Related Objects :
File - %localappdata%\arduino15\packages\arduino\tools\avr-gcc\4.8.1-arduino5\avr\bin\ld.exe

ld.bfd.exe
Status : Scanned
Object : %localappdata%\arduino15\packages\arduino\tools\avr-gcc\4.8.1-arduino5\avr\bin\ld.bfd.exe
MD5 : 89FABAA027C5FD2534CC5EDE076CDCD2
Publisher : -
Size : 1084416
Version : -
Detection : Malware:Win32/Vorniac.A!Tktk
Cleaning Action : Quarantine
Related Objects :
File - %localappdata%\arduino15\packages\arduino\tools\avr-gcc\4.8.1-arduino5\avr\bin\ld.bfd.exe

avr-ld.bfd.exe
Status : Scanned
Object : %localappdata%\arduino15\packages\arduino\tools\avr-gcc\4.8.1-arduino5\bin\avr-ld.bfd.exe
MD5 : 89FABAA027C5FD2534CC5EDE076CDCD2
Publisher : -
Size : 1084416
Version : -
Detection : Malware:Win32/Vorniac.A!Tktk
Cleaning Action : Quarantine
Related Objects :
File - %localappdata%\arduino15\packages\arduino\tools\avr-gcc\4.8.1-arduino5\bin\avr-ld.bfd.exe

avr-ld.exe
Status : Scanned
Object : %localappdata%\arduino15\packages\arduino\tools\avr-gcc\4.8.1-arduino5\bin\avr-ld.exe
MD5 : 89FABAA027C5FD2534CC5EDE076CDCD2
Publisher : -
Size : 1084416
Version : -
Detection : Malware:Win32/Vorniac.A!Tktk
Cleaning Action : Quarantine
Related Objects :
File - %localappdata%\arduino15\packages\arduino\tools\avr-gcc\4.8.1-arduino5\bin\avr-ld.exe

INK.exe
Status : Scanned
Object : %programfiles%\steam\steamapps\common\ink\ink.exe
MD5 : 53D3FFB4D83C8DE75185527DC235D2F8
Publisher : -
Size : 14396928
Version : 1.0.0.1
Detection : Heur.Malicious!Pc
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\steam\steamapps\common\ink\ink.exe

winwb.exe
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\fraqbc8wsa\5.5.6310.18878\winwb.exe
MD5 : ED2F7A31369BC899B32002A03BDDACFA
Publisher : Web Bar Media
Size : 197352
Version : 5.5.6310.18878
Detection : Adware:Win32/WebBar!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\fraqbc8wsa\5.5.6310.18878\winwb.exe

Cleaning Result
-------------------------------------------------------
Cleaned : 6
Reported as safe : 0
Failed : 0

My D Drive:

Zemana AntiMalware 2.74.2.150 (Installed)

-------------------------------------------------------
Scan Result : Completed
Scan Date : 2017/9/29
Operating System : Windows 10 64-bit
Processor : 4X Intel(R) Core(TM) i3-6100 CPU @ 3.70GHz
BIOS Mode : Legacy
CUID : 122A28AEB59F31361D0402
Scan Type : Custom Scan
Duration : 4m 52s
Scanned Objects : 27554
Detected Objects : 4
Excluded Objects : 0
Read Level : Normal
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

ld.exe
Status : Scanned
Object : D:\Program Files (x86)\Arduino\hardware\tools\avr\avr\bin\ld.exe
MD5 : 89FABAA027C5FD2534CC5EDE076CDCD2
Publisher : -
Size : 1084416
Version : -
Detection : Malware:Win32/Vorniac.A!Tktk
Cleaning Action : Quarantine
Related Objects :
File - D:\Program Files (x86)\Arduino\hardware\tools\avr\avr\bin\ld.exe

ld.bfd.exe
Status : Scanned
Object : D:\Program Files (x86)\Arduino\hardware\tools\avr\avr\bin\ld.bfd.exe
MD5 : 89FABAA027C5FD2534CC5EDE076CDCD2
Publisher : -
Size : 1084416
Version : -
Detection : Malware:Win32/Vorniac.A!Tktk
Cleaning Action : Quarantine
Related Objects :
File - D:\Program Files (x86)\Arduino\hardware\tools\avr\avr\bin\ld.bfd.exe

avr-ld.exe
Status : Scanned
Object : D:\Program Files (x86)\Arduino\hardware\tools\avr\bin\avr-ld.exe
MD5 : 89FABAA027C5FD2534CC5EDE076CDCD2
Publisher : -
Size : 1084416
Version : -
Detection : Malware:Win32/Vorniac.A!Tktk
Cleaning Action : Quarantine
Related Objects :
File - D:\Program Files (x86)\Arduino\hardware\tools\avr\bin\avr-ld.exe

avr-ld.bfd.exe
Status : Scanned
Object : D:\Program Files (x86)\Arduino\hardware\tools\avr\bin\avr-ld.bfd.exe
MD5 : 89FABAA027C5FD2534CC5EDE076CDCD2
Publisher : -
Size : 1084416
Version : -
Detection : Malware:Win32/Vorniac.A!Tktk
Cleaning Action : Quarantine
Related Objects :
File - D:\Program Files (x86)\Arduino\hardware\tools\avr\bin\avr-ld.bfd.exe

Cleaning Result
-------------------------------------------------------
Cleaned : 4
Reported as safe : 0
Failed : 0

I dont use anything besides chrome so i dont know if the issue is there
ive done everything apart from the ads fix as it appears to have gone but if it is still here then i will do that and give you the report
If i have not seen anything to do with the adware in a couple of days then i will update you

Malnutrition · Sep 29, 2017

Tom Ashton said:
If i have not seen anything to do with the adware in a couple of days then i will update you

I'd like to see a fresh set of FRST logs for review please. Post them as you did when this thread first started, I want to check if I have missed anything.

Tom Ashton · Sep 30, 2017

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-09-2017
Ran by Tom (administrator) on DESKTOP-VFLINGR (30-09-2017 15:30:07)
Running from C:\Users\Tom\Desktop
Loaded Profiles: Tom (Available Profiles: Tom)
Platform: Windows 10 Pro Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Copyright 2017.) D:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Copyright 2017.) D:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8822016 2016-06-26] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17494136 2017-04-06] (Logitech Inc.)
HKLM\...\Run: [ZAM] => D:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2013-12-05] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.)
HKU\S-1-5-21-2235556512-3620655794-2756196336-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3074336 2017-09-27] (Valve Corporation)
HKU\S-1-5-21-2235556512-3620655794-2756196336-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27793888 2017-05-05] (Skype Technologies S.A.)
HKU\S-1-5-21-2235556512-3620655794-2756196336-1001\...\Run: [Spotify] => C:\Users\Tom\AppData\Roaming\Spotify\Spotify.exe [15849072 2017-07-17] (Spotify Ltd)
HKU\S-1-5-21-2235556512-3620655794-2756196336-1001\...\Run: [Spotify Web Helper] => C:\Users\Tom\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1579120 2017-07-17] (Spotify Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2017-09-25]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)
Startup: C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2017-08-02]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9592b15e-0986-4b06-82d9-a04d32ecc759}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{9592b15e-0986-4b06-82d9-a04d32ecc759}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2235556512-3620655794-2756196336-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2017-09-28] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-09-28] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-09-28] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-09-28] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-28] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-09-28] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-09-28] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-09-28] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-09-28] (Microsoft Corporation)

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-09-28] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-09-28] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-09-28] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-09-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-09-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

Chrome:
=======
CHR HomePage: Default -> msn.com
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms}
CHR Profile: C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default [2017-09-30]
CHR Extension: (Google Slides) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-09-29]
CHR Extension: (Google Docs) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-09-29]
CHR Extension: (Google Drive) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-29]
CHR Extension: (YouTube) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-29]
CHR Extension: (Steam Powered) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\chnfggpncfadofhgkekcppnonikpgbjm [2017-09-29]
CHR Extension: (Lumin PDF - Beautiful PDF Editor) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbkidnlfklnjanneifjjojofckpcogcl [2017-09-29]
CHR Extension: (Google Sheets) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-09-29]
CHR Extension: (Google Docs Offline) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-29]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-09-29]
CHR Extension: (Qmee) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbaanpgkpkoamihninlcegnjclcpibde [2017-09-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-29]
CHR Extension: (Enhanced Steam) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2017-09-29]
CHR Extension: (Gmail) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-29]
CHR Extension: (Chrome Media Router) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-29]
CHR HKU\S-1-5-21-2235556512-3620655794-2756196336-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2235556512-3620655794-2756196336-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ijahobfejgeblmkpcmgpelfibgnnjpil] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2017-08-02] (Adobe Systems) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4122824 2017-09-08] (Microsoft Corporation)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [227104 2016-09-22] (EasyAntiCheat Ltd)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-09-15] (Hi-Rez Studios) [File not signed]
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-04-06] (Logitech Inc.)
S2 MBAMService; D:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-07-26] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-07-26] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-07-26] (NVIDIA Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-19] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
R2 ZAMSvc; D:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ladfGSS; C:\WINDOWS\system32\drivers\ladfGSS.sys [54552 2017-04-05] (Logitech Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2017-04-06] (Logitech Inc.)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [253888 2017-09-30] (Malwarebytes)
R1 MpKslde0c992c; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{31EDB3C0-9559-4FFC-BB07-714850693E35}\MpKslde0c992c.sys [58120 2017-09-30] (Microsoft Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_f9309145156afb40\nvlddmkm.sys [14456912 2017-05-19] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-07-26] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-07-26] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-07-26] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [46408 2017-06-02] (SteelSeries ApS)
R3 sshid; C:\WINDOWS\System32\drivers\sshid.sys [45936 2017-08-15] (SteelSeries ApS)
R3 SteamStreamingMicrophone; C:\WINDOWS\system32\drivers\SteamStreamingMicrophone.sys [40736 2017-07-28] ()
R3 SteamStreamingSpeakers; C:\WINDOWS\system32\drivers\SteamStreamingSpeakers.sys [40736 2017-07-21] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-09-29] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-09-29] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-30 14:06 - 2017-09-30 14:06 - 000031433 _____ C:\Users\Tom\Downloads\test.exe.zip
2017-09-30 13:59 - 2017-09-30 14:05 - 000000416 _____ C:\Users\Tom\Desktop\test.bat
2017-09-29 17:35 - 2017-09-29 17:35 - 000000000 ____D C:\AdsFix
2017-09-29 17:33 - 2017-09-29 17:33 - 005964200 _____ (SosVirus) C:\Users\Tom\Desktop\AdsFix.exe
2017-09-29 17:32 - 2017-09-29 17:32 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-09-29 17:32 - 2017-09-29 17:32 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-09-29 17:32 - 2017-09-29 17:32 - 000002275 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-29 17:32 - 2017-09-29 17:32 - 000002263 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-09-29 16:52 - 2017-09-29 16:50 - 001622528 _____ C:\Users\Tom\Desktop\ResetBrowser.exe
2017-09-29 16:47 - 2017-09-30 15:30 - 000134111 _____ C:\WINDOWS\ZAM.krnl.trace
2017-09-29 16:47 - 2017-09-30 15:30 - 000106682 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-09-29 16:47 - 2017-09-29 16:47 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-09-29 16:47 - 2017-09-29 16:47 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-09-29 16:47 - 2017-09-29 16:47 - 000000913 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-09-29 16:47 - 2017-09-29 16:47 - 000000000 ____D C:\Users\Tom\AppData\Local\Zemana
2017-09-29 16:47 - 2017-09-29 16:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-09-29 16:44 - 2017-09-29 16:42 - 000007029 _____ C:\Users\Tom\Desktop\Fixlog.txt
2017-09-29 16:41 - 2017-09-29 16:41 - 000455719 _____ C:\Users\Tom\Desktop\29.09.2017_16.41.33.zip
2017-09-28 18:52 - 2017-09-28 18:52 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2017-09-28 18:16 - 2017-09-28 18:16 - 000007502 _____ C:\Users\Tom\Desktop\SecurityCheck.txt
2017-09-28 18:14 - 2017-09-28 18:14 - 000515639 _____ (glax24 (safezone.cc)) C:\Users\Tom\Desktop\SecurityCheck.exe
2017-09-28 18:14 - 2017-09-28 18:14 - 000000000 ____D C:\SecurityCheck
2017-09-28 18:11 - 2017-09-30 15:29 - 000000000 ____D C:\Users\Tom\Desktop\FRST-OlderVersion
2017-09-28 18:11 - 2017-09-28 18:11 - 000068381 _____ C:\Users\Tom\Desktop\FRST2.txt
2017-09-28 18:08 - 2017-09-28 18:08 - 000002525 _____ C:\Users\Tom\Desktop\fixlist.txt
2017-09-26 17:05 - 2017-09-26 17:05 - 000001080 _____ C:\Users\Tom\Desktop\AdwCleaner[S1].txt
2017-09-26 17:03 - 2017-09-26 17:03 - 000000624 _____ C:\Users\Tom\Desktop\JRT.txt
2017-09-26 16:58 - 2017-09-26 16:58 - 000004596 _____ C:\Users\Tom\Desktop\Rogue.txt
2017-09-26 16:38 - 2017-09-26 16:58 - 000000000 ____D C:\ProgramData\RogueKiller
2017-09-26 16:38 - 2017-09-26 16:38 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-09-26 16:36 - 2017-09-26 16:36 - 000001089 _____ C:\Users\Tom\Desktop\CTR.txt
2017-09-26 16:34 - 2017-09-26 16:34 - 026704968 _____ C:\Users\Tom\Desktop\RogueKiller_portable64.exe
2017-09-26 16:34 - 2017-09-26 16:34 - 008182736 _____ (Malwarebytes) C:\Users\Tom\Desktop\adwcleaner_7.0.2.1.exe
2017-09-26 16:34 - 2017-09-26 16:34 - 001790024 _____ (Malwarebytes) C:\Users\Tom\Desktop\JRT.exe
2017-09-26 16:34 - 2017-09-26 16:32 - 000633386 _____ C:\Users\Tom\Desktop\SupRestric.zip
2017-09-25 17:05 - 2017-09-25 17:05 - 000156625 _____ C:\Users\Tom\Desktop\ZHPDiag.txt
2017-09-25 17:02 - 2017-09-25 17:03 - 000000000 ____D C:\Users\Tom\AppData\Roaming\ZHP
2017-09-25 17:02 - 2017-09-25 17:03 - 000000000 ____D C:\Users\Tom\AppData\Local\ZHP
2017-09-25 17:01 - 2017-09-25 17:01 - 002856832 _____ C:\Users\Tom\Desktop\ZHPDiag3.exe
2017-09-24 18:03 - 2017-09-24 18:03 - 000578404 _____ C:\WINDOWS\Minidump\092417-5015-01.dmp
2017-09-24 18:01 - 2017-09-24 18:01 - 000576684 _____ C:\WINDOWS\Minidump\092417-5000-01.dmp
2017-09-24 18:00 - 2017-09-24 18:00 - 005200384 _____ (AVAST Software) C:\Users\Tom\Desktop\aswmbr.exe
2017-09-24 17:59 - 2017-09-24 17:59 - 000075864 _____ C:\Users\Tom\Desktop\Addition.txt
2017-09-24 17:58 - 2017-09-30 15:30 - 000018616 _____ C:\Users\Tom\Desktop\FRST.txt
2017-09-24 17:58 - 2017-09-30 15:30 - 000000000 ____D C:\FRST
2017-09-24 17:55 - 2017-09-30 15:29 - 002399744 _____ (Farbar) C:\Users\Tom\Desktop\FRST64.exe
2017-09-24 14:40 - 2017-09-26 17:04 - 000000000 ____D C:\AdwCleaner
2017-09-24 14:13 - 2017-09-24 17:03 - 000001065 _____ C:\Users\Tom\Desktop\google.txt
2017-09-24 11:53 - 2017-09-30 14:01 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-09-24 11:53 - 2017-09-30 10:46 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-09-24 11:53 - 2017-09-30 10:46 - 000045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-09-24 11:53 - 2017-09-30 10:23 - 000192960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-09-24 11:53 - 2017-09-24 11:53 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-09-24 11:53 - 2017-08-24 11:27 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-09-22 18:51 - 2017-09-22 18:51 - 000000000 ____D C:\Users\Tom\AppData\LocalLow\2xMilk
2017-09-15 17:21 - 2017-09-15 17:21 - 000000000 ____D C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Screaming Bee
2017-09-15 17:13 - 2017-09-15 17:21 - 000000000 ____D C:\Users\Tom\AppData\Roaming\Screaming Bee
2017-09-15 17:13 - 2017-09-15 17:21 - 000000000 ____D C:\ProgramData\Screaming Bee
2017-09-12 18:32 - 2017-09-05 06:31 - 001596592 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-09-12 18:32 - 2017-09-05 06:31 - 001147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-09-12 18:32 - 2017-09-05 06:31 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-09-12 18:32 - 2017-09-05 06:30 - 000287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-09-12 18:32 - 2017-09-05 06:27 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-09-12 18:32 - 2017-09-05 06:27 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-09-12 18:32 - 2017-09-05 06:26 - 008319904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-09-12 18:32 - 2017-09-05 06:26 - 001930840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-09-12 18:32 - 2017-09-05 06:25 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-09-12 18:32 - 2017-09-05 06:25 - 000159648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-09-12 18:32 - 2017-09-05 06:24 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-09-12 18:32 - 2017-09-05 06:24 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-09-12 18:32 - 2017-09-05 06:23 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-09-12 18:32 - 2017-09-05 06:21 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-09-12 18:32 - 2017-09-05 06:19 - 004848960 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-09-12 18:32 - 2017-09-05 06:19 - 002443168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-09-12 18:32 - 2017-09-05 06:18 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-09-12 18:32 - 2017-09-05 06:18 - 005477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-09-12 18:32 - 2017-09-05 06:18 - 002972552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-09-12 18:32 - 2017-09-05 06:18 - 002647224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-09-12 18:32 - 2017-09-05 06:18 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-09-12 18:32 - 2017-09-05 06:18 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-09-12 18:32 - 2017-09-05 06:17 - 000316320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-09-12 18:32 - 2017-09-05 06:16 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-09-12 18:32 - 2017-09-05 06:16 - 000724200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-09-12 18:32 - 2017-09-05 06:16 - 000546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-09-12 18:32 - 2017-09-05 06:16 - 000410168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-09-12 18:32 - 2017-09-05 06:16 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-09-12 18:32 - 2017-09-05 06:15 - 003116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-09-12 18:32 - 2017-09-05 06:15 - 000871448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-09-12 18:32 - 2017-09-05 06:15 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-09-12 18:32 - 2017-09-05 06:14 - 021352656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-09-12 18:32 - 2017-09-05 06:14 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-09-12 18:32 - 2017-09-05 06:14 - 004708504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-09-12 18:32 - 2017-09-05 06:14 - 001146176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2017-09-12 18:32 - 2017-09-05 06:14 - 000958664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2017-09-12 18:32 - 2017-09-05 06:14 - 000254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-09-12 18:32 - 2017-09-05 06:14 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-09-12 18:32 - 2017-09-05 06:13 - 001619816 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-09-12 18:32 - 2017-09-05 06:12 - 002229152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-09-12 18:32 - 2017-09-05 06:12 - 001854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-09-12 18:32 - 2017-09-05 06:12 - 001462688 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-09-12 18:32 - 2017-09-05 06:12 - 001409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-09-12 18:32 - 2017-09-05 06:12 - 001292880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-09-12 18:32 - 2017-09-05 06:12 - 000855456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-09-12 18:32 - 2017-09-05 06:12 - 000849824 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-09-12 18:32 - 2017-09-05 06:12 - 000699808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-09-12 18:32 - 2017-09-05 06:12 - 000674720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-09-12 18:32 - 2017-09-05 06:12 - 000627080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-09-12 18:32 - 2017-09-05 06:12 - 000081176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2017-09-12 18:32 - 2017-09-05 06:11 - 002675104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-09-12 18:32 - 2017-09-05 06:11 - 000610720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2017-09-12 18:32 - 2017-09-05 06:11 - 000387936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-09-12 18:32 - 2017-09-05 05:53 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-09-12 18:32 - 2017-09-05 05:53 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-09-12 18:32 - 2017-09-05 05:52 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-09-12 18:32 - 2017-09-05 05:50 - 004330920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2017-09-12 18:32 - 2017-09-05 05:46 - 004471888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-09-12 18:32 - 2017-09-05 05:45 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-09-12 18:32 - 2017-09-05 05:45 - 005821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-09-12 18:32 - 2017-09-05 05:45 - 002476712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-09-12 18:32 - 2017-09-05 05:45 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-09-12 18:32 - 2017-09-05 05:45 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-09-12 18:32 - 2017-09-05 05:45 - 000085784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialUIBroker.exe
2017-09-12 18:32 - 2017-09-05 05:44 - 000569264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2017-09-12 18:32 - 2017-09-05 05:43 - 000611096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-09-12 18:32 - 2017-09-05 05:43 - 000359560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-09-12 18:32 - 2017-09-05 05:43 - 000280480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-09-12 18:32 - 2017-09-05 05:43 - 000169376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-09-12 18:32 - 2017-09-05 05:43 - 000042456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbs.dll
2017-09-12 18:32 - 2017-09-05 05:42 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-09-12 18:32 - 2017-09-05 05:42 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-09-12 18:32 - 2017-09-05 05:42 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-09-12 18:32 - 2017-09-05 05:42 - 000291904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2017-09-12 18:32 - 2017-09-05 05:42 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-09-12 18:32 - 2017-09-05 05:41 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-09-12 18:32 - 2017-09-05 05:41 - 006761560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-09-12 18:32 - 2017-09-05 05:41 - 004671832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-09-12 18:32 - 2017-09-05 05:41 - 001106904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2017-09-12 18:32 - 2017-09-05 05:41 - 001013912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2017-09-12 18:32 - 2017-09-05 05:40 - 000052768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2017-09-12 18:32 - 2017-09-05 05:39 - 001517472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-09-12 18:32 - 2017-09-05 05:37 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-09-12 18:32 - 2017-09-05 05:31 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-09-12 18:32 - 2017-09-05 05:30 - 001639936 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-09-12 18:32 - 2017-09-05 05:29 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-09-12 18:32 - 2017-09-05 05:28 - 017371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-09-12 18:32 - 2017-09-05 05:28 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2017-09-12 18:32 - 2017-09-05 05:28 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2017-09-12 18:32 - 2017-09-05 05:27 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-09-12 18:32 - 2017-09-05 05:27 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-09-12 18:32 - 2017-09-05 05:27 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2017-09-12 18:32 - 2017-09-05 05:27 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-09-12 18:32 - 2017-09-05 05:27 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll
2017-09-12 18:32 - 2017-09-05 05:27 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-09-12 18:32 - 2017-09-05 05:26 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-09-12 18:32 - 2017-09-05 05:26 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-09-12 18:32 - 2017-09-05 05:26 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2017-09-12 18:32 - 2017-09-05 05:26 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-09-12 18:32 - 2017-09-05 05:26 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.exe
2017-09-12 18:32 - 2017-09-05 05:26 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe
2017-09-12 18:32 - 2017-09-05 05:25 - 013844480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-09-12 18:32 - 2017-09-05 05:25 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-09-12 18:32 - 2017-09-05 05:25 - 000527872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-09-12 18:32 - 2017-09-05 05:25 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-09-12 18:32 - 2017-09-05 05:25 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-09-12 18:32 - 2017-09-05 05:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2017-09-12 18:32 - 2017-09-05 05:24 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-09-12 18:32 - 2017-09-05 05:24 - 000457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-09-12 18:32 - 2017-09-05 05:24 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
2017-09-12 18:32 - 2017-09-05 05:24 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-09-12 18:32 - 2017-09-05 05:24 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcrecovery.dll
2017-09-12 18:32 - 2017-09-05 05:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-09-12 18:32 - 2017-09-05 05:23 - 020509184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-09-12 18:32 - 2017-09-05 05:23 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2017-09-12 18:32 - 2017-09-05 05:23 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-09-12 18:32 - 2017-09-05 05:23 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2017-09-12 18:32 - 2017-09-05 05:23 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-09-12 18:32 - 2017-09-05 05:22 - 023684608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-09-12 18:32 - 2017-09-05 05:22 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2017-09-12 18:32 - 2017-09-05 05:22 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2017-09-12 18:32 - 2017-09-05 05:22 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
2017-09-12 18:32 - 2017-09-05 05:22 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-09-12 18:32 - 2017-09-05 05:22 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-09-12 18:32 - 2017-09-05 05:22 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-09-12 18:32 - 2017-09-05 05:22 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-09-12 18:32 - 2017-09-05 05:22 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-09-12 18:32 - 2017-09-05 05:22 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2017-09-12 18:32 - 2017-09-05 05:22 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-09-12 18:32 - 2017-09-05 05:22 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-09-12 18:32 - 2017-09-05 05:21 - 006728704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-09-12 18:32 - 2017-09-05 05:21 - 001178624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2017-09-12 18:32 - 2017-09-05 05:21 - 001051136 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2017-09-12 18:32 - 2017-09-05 05:21 - 000946688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2017-09-12 18:32 - 2017-09-05 05:21 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-09-12 18:32 - 2017-09-05 05:21 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-09-12 18:32 - 2017-09-05 05:21 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2017-09-12 18:32 - 2017-09-05 05:21 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2017-09-12 18:32 - 2017-09-05 05:21 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-09-12 18:32 - 2017-09-05 05:21 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.exe
2017-09-12 18:32 - 2017-09-05 05:20 - 007337472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-09-12 18:32 - 2017-09-05 05:20 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-09-12 18:32 - 2017-09-05 05:20 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-09-12 18:32 - 2017-09-05 05:20 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-09-12 18:32 - 2017-09-05 05:20 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-09-12 18:32 - 2017-09-05 05:20 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-09-12 18:32 - 2017-09-05 05:19 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-09-12 18:32 - 2017-09-05 05:19 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-09-12 18:32 - 2017-09-05 05:19 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
2017-09-12 18:32 - 2017-09-05 05:19 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2017-09-12 18:32 - 2017-09-05 05:19 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
2017-09-12 18:32 - 2017-09-05 05:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-09-12 18:32 - 2017-09-05 05:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-09-12 18:32 - 2017-09-05 05:18 - 012801536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-09-12 18:32 - 2017-09-05 05:18 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-09-12 18:32 - 2017-09-05 05:18 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-09-12 18:32 - 2017-09-05 05:18 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2017-09-12 18:32 - 2017-09-05 05:18 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-09-12 18:32 - 2017-09-05 05:18 - 000832000 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2017-09-12 18:32 - 2017-09-05 05:18 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-09-12 18:32 - 2017-09-05 05:18 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2017-09-12 18:32 - 2017-09-05 05:18 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2017-09-12 18:32 - 2017-09-05 05:18 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-09-12 18:32 - 2017-09-05 05:18 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
2017-09-12 18:32 - 2017-09-05 05:18 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-09-12 18:32 - 2017-09-05 05:18 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-09-12 18:32 - 2017-09-05 05:18 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-09-12 18:32 - 2017-09-05 05:18 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-09-12 18:32 - 2017-09-05 05:18 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
2017-09-12 18:32 - 2017-09-05 05:18 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
2017-09-12 18:32 - 2017-09-05 05:17 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-09-12 18:32 - 2017-09-05 05:17 - 008207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-09-12 18:32 - 2017-09-05 05:17 - 002765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-09-12 18:32 - 2017-09-05 05:17 - 001397760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-09-12 18:32 - 2017-09-05 05:17 - 000918528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2017-09-12 18:32 - 2017-09-05 05:17 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
2017-09-12 18:32 - 2017-09-05 05:17 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2017-09-12 18:32 - 2017-09-05 05:17 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2017-09-12 18:32 - 2017-09-05 05:17 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-09-12 18:32 - 2017-09-05 05:16 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-09-12 18:32 - 2017-09-05 05:16 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-09-12 18:32 - 2017-09-05 05:16 - 002680320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2017-09-12 18:32 - 2017-09-05 05:16 - 000844288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2017-09-12 18:32 - 2017-09-05 05:16 - 000563200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2017-09-12 18:32 - 2017-09-05 05:16 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-09-12 18:32 - 2017-09-05 05:16 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-09-12 18:32 - 2017-09-05 05:16 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2017-09-12 18:32 - 2017-09-05 05:15 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-09-12 18:32 - 2017-09-05 05:15 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-09-12 18:32 - 2017-09-05 05:15 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-09-12 18:32 - 2017-09-05 05:15 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-09-12 18:32 - 2017-09-05 05:15 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-09-12 18:32 - 2017-09-05 05:15 - 001736704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2017-09-12 18:32 - 2017-09-05 05:15 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-09-12 18:32 - 2017-09-05 05:15 - 001143296 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-09-12 18:32 - 2017-09-05 05:15 - 001077248 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-09-12 18:32 - 2017-09-05 05:15 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-09-12 18:32 - 2017-09-05 05:15 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-09-12 18:32 - 2017-09-05 05:15 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-09-12 18:32 - 2017-09-05 05:15 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-09-12 18:32 - 2017-09-05 05:15 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-09-12 18:32 - 2017-09-05 05:15 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2017-09-12 18:32 - 2017-09-05 05:14 - 011887104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-09-12 18:32 - 2017-09-05 05:14 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-09-12 18:32 - 2017-09-05 05:14 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-09-12 18:32 - 2017-09-05 05:14 - 002445824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-09-12 18:32 - 2017-09-05 05:14 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-09-12 18:32 - 2017-09-05 05:14 - 002006528 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2017-09-12 18:32 - 2017-09-05 05:14 - 001657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-09-12 18:32 - 2017-09-05 05:14 - 001583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-09-12 18:32 - 2017-09-05 05:14 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-09-12 18:32 - 2017-09-05 05:14 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-09-12 18:32 - 2017-09-05 05:14 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-09-12 18:32 - 2017-09-05 05:14 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-09-12 18:32 - 2017-09-05 05:14 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-09-12 18:32 - 2017-09-05 05:14 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-09-12 18:32 - 2017-09-05 05:13 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-09-12 18:32 - 2017-09-05 05:13 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-09-12 18:32 - 2017-09-05 05:13 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-09-12 18:32 - 2017-09-05 05:13 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-09-12 18:32 - 2017-09-05 05:12 - 006265856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-09-12 18:32 - 2017-09-05 05:12 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-09-12 18:32 - 2017-09-05 05:12 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-09-12 18:32 - 2017-09-05 05:12 - 002153984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-09-12 18:32 - 2017-09-05 05:12 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-09-12 18:32 - 2017-09-05 05:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-09-12 18:32 - 2017-09-05 05:11 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-09-12 18:32 - 2017-09-05 05:11 - 001463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-09-12 18:32 - 2017-09-05 05:11 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-09-12 18:32 - 2017-09-05 05:11 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-09-12 18:32 - 2017-09-05 05:11 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-09-12 18:32 - 2017-09-05 05:11 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-09-12 18:32 - 2017-09-05 05:10 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-09-12 18:32 - 2017-09-05 05:10 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-09-12 18:32 - 2017-09-05 05:10 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-09-12 18:32 - 2017-09-05 05:10 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthHFSrv.dll
2017-09-12 18:32 - 2017-09-05 05:06 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2017-09-12 18:32 - 2017-09-05 05:06 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-09-12 18:32 - 2017-09-05 05:06 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-09-12 18:32 - 2017-09-05 05:04 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-09-12 18:32 - 2017-09-05 05:04 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-09-12 18:32 - 2017-09-01 06:55 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-09-12 18:31 - 2017-09-05 06:31 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-09-12 18:31 - 2017-09-05 06:31 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-09-12 18:31 - 2017-09-05 06:31 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-09-12 18:31 - 2017-09-05 06:31 - 000115792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2017-09-12 18:31 - 2017-09-05 06:23 - 004462120 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2017-09-12 18:31 - 2017-09-05 06:20 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-09-12 18:31 - 2017-09-05 06:18 - 001668344 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2017-09-12 18:31 - 2017-09-05 06:18 - 000685512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2017-09-12 18:31 - 2017-09-05 06:16 - 001320344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-09-12 18:31 - 2017-09-05 06:16 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-09-12 18:31 - 2017-09-05 06:16 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-09-12 18:31 - 2017-09-05 06:16 - 000049720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll
2017-09-12 18:31 - 2017-09-05 06:15 - 000381824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2017-09-12 18:31 - 2017-09-05 06:15 - 000257440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-09-12 18:31 - 2017-09-05 06:13 - 000078240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncAppvPublishingServer.exe
2017-09-12 18:31 - 2017-09-05 06:13 - 000064680 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2017-09-12 18:31 - 2017-09-05 06:12 - 001693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-09-12 18:31 - 2017-09-05 06:12 - 000844704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-09-12 18:31 - 2017-09-05 06:12 - 000774560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-09-12 18:31 - 2017-09-05 06:12 - 000406944 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-09-12 18:31 - 2017-09-05 06:12 - 000235424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2017-09-12 18:31 - 2017-09-05 06:12 - 000203680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamingUX.dll
2017-09-12 18:31 - 2017-09-05 05:30 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-09-12 18:31 - 2017-09-05 05:30 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-09-12 18:31 - 2017-09-05 05:30 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-09-12 18:31 - 2017-09-05 05:30 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-09-12 18:31 - 2017-09-05 05:30 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-09-12 18:31 - 2017-09-05 05:30 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-09-12 18:31 - 2017-09-05 05:30 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-09-12 18:31 - 2017-09-05 05:30 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-09-12 18:31 - 2017-09-05 05:28 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-09-12 18:31 - 2017-09-05 05:27 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CfgSPCellular.dll
2017-09-12 18:31 - 2017-09-05 05:27 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAPNCsp.dll
2017-09-12 18:31 - 2017-09-05 05:27 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-09-12 18:31 - 2017-09-05 05:26 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2017-09-12 18:31 - 2017-09-05 05:26 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\csplte.dll
2017-09-12 18:31 - 2017-09-05 05:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2017-09-12 18:31 - 2017-09-05 05:26 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2017-09-12 18:31 - 2017-09-05 05:26 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-09-12 18:31 - 2017-09-05 05:25 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-09-12 18:31 - 2017-09-05 05:25 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-09-12 18:31 - 2017-09-05 05:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-09-12 18:31 - 2017-09-05 05:24 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
2017-09-12 18:31 - 2017-09-05 05:24 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2017-09-12 18:31 - 2017-09-05 05:24 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
2017-09-12 18:31 - 2017-09-05 05:24 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2017-09-12 18:31 - 2017-09-05 05:23 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2017-09-12 18:31 - 2017-09-05 05:23 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-09-12 18:31 - 2017-09-05 05:23 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-09-12 18:31 - 2017-09-05 05:23 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2017-09-12 18:31 - 2017-09-05 05:23 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
2017-09-12 18:31 - 2017-09-05 05:22 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-09-12 18:31 - 2017-09-05 05:22 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-09-12 18:31 - 2017-09-05 05:22 - 000413184 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-09-12 18:31 - 2017-09-05 05:22 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2017-09-12 18:31 - 2017-09-05 05:22 - 000213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
2017-09-12 18:31 - 2017-09-05 05:21 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2017-09-12 18:31 - 2017-09-05 05:21 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2017-09-12 18:31 - 2017-09-05 05:20 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-09-12 18:31 - 2017-09-05 05:20 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-09-12 18:31 - 2017-09-05 05:20 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-09-12 18:31 - 2017-09-05 05:19 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-09-12 18:31 - 2017-09-05 05:19 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-09-12 18:31 - 2017-09-05 05:19 - 001028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-09-12 18:31 - 2017-09-05 05:19 - 000996864 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2017-09-12 18:31 - 2017-09-05 05:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-09-12 18:31 - 2017-09-05 05:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-09-12 18:31 - 2017-09-05 05:19 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2017-09-12 18:31 - 2017-09-05 05:18 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-09-12 18:31 - 2017-09-05 05:18 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-09-12 18:31 - 2017-09-05 05:18 - 000803328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-09-12 18:31 - 2017-09-05 05:18 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-09-12 18:31 - 2017-09-05 05:18 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-09-12 18:31 - 2017-09-05 05:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-09-12 18:31 - 2017-09-05 05:16 - 000440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2017-09-12 18:31 - 2017-09-05 05:16 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-09-12 18:31 - 2017-09-05 05:15 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-09-12 18:31 - 2017-09-05 05:15 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-09-12 18:31 - 2017-09-05 05:15 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-09-12 18:31 - 2017-09-05 05:15 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-09-12 18:31 - 2017-09-05 05:14 - 000810496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-09-12 18:31 - 2017-09-05 05:13 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-09-12 18:31 - 2017-09-05 05:11 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-09-12 18:31 - 2017-09-05 05:09 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2017-09-12 18:31 - 2017-09-05 05:07 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-09-12 18:31 - 2017-09-05 05:07 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-09-11 17:35 - 2017-09-11 17:35 - 000000000 ___RD C:\Users\Tom\Documents\Downloads (D)
2017-09-10 20:52 - 2017-09-10 20:52 - 000000047 _____ C:\Users\Tom\Desktop\Release Dates.txt
2017-09-09 19:20 - 2017-09-09 19:20 - 000000000 ___RD C:\Users\Tom\AppData\Roaming\Brother
2017-09-09 19:20 - 2017-09-09 19:20 - 000000000 ____D C:\Users\Tom\AppData\LocalLow\Brother
2017-09-04 15:21 - 2017-09-04 15:21 - 000000766 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2017-09-04 13:20 - 2017-09-04 13:20 - 000000000 ____D C:\Users\Tom\AppData\LocalLow\srylain Inc_
2017-09-04 12:58 - 2017-09-04 13:02 - 000000000 ____D C:\Users\Tom\Documents\Guitar Hero III - Copy
2017-09-03 20:17 - 2017-09-03 20:20 - 000000000 ____D C:\Users\Tom\Documents\Volo Airsport
2017-09-03 20:17 - 2017-09-03 20:17 - 000000000 ____D C:\Users\Tom\AppData\LocalLow\Ramjet Anvil
2017-09-01 12:23 - 2017-09-24 18:03 - 000000000 ____D C:\WINDOWS\Minidump
2017-09-01 12:23 - 2017-09-01 12:23 - 000683812 _____ C:\WINDOWS\Minidump\090117-7046-01.dmp
2017-09-01 10:57 - 2017-09-30 15:14 - 000000000 ____D C:\Users\Tom\AppData\Roaming\vlc
2017-09-01 10:46 - 2017-09-01 10:47 - 000000000 ____D C:\Users\Tom\AppData\Roaming\livestreamer
2017-08-31 18:30 - 2017-08-31 18:30 - 000000000 ____D C:\Users\Tom\AppData\LocalLow\Thunder Lotus Games

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-30 14:11 - 2016-06-26 17:00 - 000000000 ____D C:\Program Files (x86)\Steam
2017-09-30 12:25 - 2017-07-19 19:37 - 000000000 ____D C:\ProgramData\NVIDIA
2017-09-30 10:52 - 2017-07-19 19:46 - 001223990 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-09-30 10:49 - 2017-07-19 19:37 - 000000000 ____D C:\Users\Tom
2017-09-30 10:46 - 2017-07-19 19:42 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-30 10:46 - 2016-09-18 10:49 - 000000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-09-30 10:26 - 2017-03-18 12:40 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2017-09-29 17:35 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\Web
2017-09-29 17:31 - 2016-06-26 19:34 - 000000000 ____D C:\Program Files (x86)\Google
2017-09-29 17:07 - 2017-07-21 20:17 - 000000000 ____D C:\Program Files\Microsoft Office
2017-09-29 16:55 - 2017-03-18 22:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-29 16:55 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-29 16:42 - 2017-04-03 07:21 - 000000000 ____D C:\Users\Tom\AppData\LocalLow\Temp
2017-09-28 18:52 - 2017-03-18 22:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-09-28 18:52 - 2017-03-18 22:03 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-09-28 18:31 - 2016-06-29 20:21 - 000000000 ____D C:\Users\Tom\Documents\_homework
2017-09-28 18:22 - 2016-06-26 15:04 - 000000000 ____D C:\Users\Tom\AppData\Local\Packages
2017-09-26 16:54 - 2015-07-10 12:04 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-09-25 18:03 - 2017-07-16 09:53 - 000000000 ____D C:\Users\Tom\AppData\Roaming\steelseries-engine-3-client
2017-09-25 18:03 - 2017-03-18 22:01 - 000000000 ____D C:\WINDOWS\INF
2017-09-24 14:37 - 2016-06-26 15:05 - 000000000 ___RD C:\Users\Tom\OneDrive
2017-09-24 14:25 - 2016-06-26 19:34 - 000000000 ____D C:\Users\Tom\AppData\Local\Google
2017-09-24 14:19 - 2016-06-26 20:10 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-09-24 13:47 - 2017-02-18 19:28 - 000000000 ____D C:\Users\Tom\AppData\Local\CrashDumps
2017-09-22 19:09 - 2016-09-22 17:07 - 000000000 ____D C:\Program Files (x86)\Overwatch
2017-09-22 19:09 - 2016-09-22 17:06 - 000000000 ____D C:\Users\Tom\AppData\Local\Battle.net
2017-09-22 19:09 - 2016-09-22 17:05 - 000000000 ____D C:\Program Files (x86)\Battle.net
2017-09-15 17:41 - 2017-03-13 18:09 - 000000000 ____D C:\Users\Tom\AppData\Roaming\Audacity
2017-09-13 17:05 - 2016-04-27 07:42 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-09-13 17:04 - 2017-07-19 19:36 - 000388920 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-09-12 20:13 - 2017-03-18 22:03 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-09-12 20:13 - 2017-03-18 22:03 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-09-12 20:13 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2017-09-12 20:13 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-09-12 20:13 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\setup
2017-09-12 20:13 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-09-12 20:13 - 2017-03-18 22:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-09-12 20:13 - 2017-03-18 22:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-09-12 18:35 - 2016-06-26 15:58 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-09-12 18:34 - 2017-03-18 21:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-09-12 18:34 - 2016-06-26 15:58 - 138202976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-09-10 19:07 - 2017-03-12 15:48 - 000000359 _____ C:\WINDOWS\BRRBCOM.INI
2017-09-09 17:18 - 2017-02-25 15:28 - 000000000 ____D C:\Users\Tom\AppData\Local\8BitBoy
2017-09-07 17:45 - 2016-10-29 12:51 - 000000000 ____D C:\Users\Tom\Documents\SavedGames
2017-09-03 14:18 - 2017-07-22 08:54 - 000000000 ____D C:\ProgramData\Remotr
2017-09-02 16:15 - 2017-03-18 22:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-09-02 16:15 - 2017-03-18 22:06 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-09-01 10:57 - 2017-03-03 17:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

==================== Files in the root of some directories =======

2016-11-12 19:32 - 2016-11-12 19:32 - 000002606 _____ () C:\Users\Tom\AppData\Roaming\TargetInvocationLog.txt
2017-06-02 14:17 - 2017-06-02 14:17 - 000000000 _____ () C:\Users\Tom\AppData\Local\BlackstarMarketing.log
2017-06-02 15:21 - 2017-06-02 15:38 - 000000326 _____ () C:\Users\Tom\AppData\Local\insider.log
2017-07-31 13:21 - 2017-07-31 13:21 - 000007069 _____ () C:\Users\Tom\AppData\Local\recently-used.xbel
2017-06-27 19:16 - 2017-06-27 19:16 - 000007589 _____ () C:\Users\Tom\AppData\Local\Resmon.ResmonCfg
2017-07-19 19:37 - 2017-07-19 19:37 - 000000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-30 14:34

==================== End of FRST.txt ============================

There you go
Had no problems since my last post so its looking good

Malnutrition · Sep 30, 2017

Logs look ok, glad all is well for now.

Can you upload the following file in your next reply. >>>>>>> C:\Users\Tom\Desktop\29.09.2017_16.41.33.zip

Make sure and update all of your old programs with Patch My PC. Then post a new Security check log as well.

We are close to wrapping this up, so long as you have no more issues.

Tom Ashton · Oct 1, 2017

Patch My PC 3.2.5.1 | Definitions: 30-Sep-2017 | 01/10/2017 12:20:17
Operating System: Microsoft Windows 10 Pro x64

Downloading iTunes x64 (239.98 MB)
iTunes x64 Downloaded Successfully
Installing iTunes x64 Silently
Install Successful for iTunes x64

Downloading 7Zip (1.59 MB)
7Zip Downloaded Successfully
Installing 7Zip Silently
Install Successful for 7Zip

Downloading WinRAR x64 (2.12 MB)
WinRAR x64 Downloaded Successfully
Installing WinRAR x64 Silently
Install Successful for WinRAR x64

Downloading Discord (51.82 MB)
Discord Downloaded Successfully
Installing Discord Silently
Install Successful for Discord

Downloading Skype (56.15 MB)
Skype Downloaded Successfully
Installing Skype Silently
Install Successful for Skype

Downloading TeamSpeak (74.45 MB)
TeamSpeak Downloaded Successfully
Installing TeamSpeak Silently
Install Successful for TeamSpeak

Downloading Nvidia PhysX (27.54 MB)
Nvidia PhysX Downloaded Successfully
Installing Nvidia PhysX Silently
Install Successful for Nvidia PhysX

Patch My PC Update Complete 01/10/2017 12:27:56

Is that good?

Tom Ashton

Tom Ashton

jmarket

PCHF's Almighty Ruler

Malnutrition

Malnurished Mod

Tom Ashton

Malnutrition

Malnurished Mod

Malnutrition

Malnurished Mod

Tom Ashton

Malnutrition

Malnurished Mod

Malnutrition

Malnurished Mod

Attachments

Tom Ashton

Tom Ashton

Malnutrition

Malnurished Mod

Malnutrition

Malnurished Mod

Malnutrition

Malnurished Mod

Tom Ashton

Malnutrition

Malnurished Mod

Tom Ashton

Malnutrition

Malnurished Mod

Tom Ashton

Attachments

Search

Search

Solved Help with removing adware

We value your privacy