2Seconds2

It says something ljke the file or directory \FRST.txt is corrupt or unreadable. Please run the CHKdsk utility when I try to open the file.

Hi Kevin, Yes I am still having trouble. I got the program to run but it only scans a couple of items then stops. Whenever I try to open the txt file that it creates it, it doesn't have anything in it. Sorry for the delay between response. Hope we can continue working to trying to fix this computer. Thanks.

Hi Kevin, Im having trouble getting a Frst text log to appear after running it from the flashdrive. I have entered recovery mode but whenever it wants to run the program it doesnt scan anything. I was able to try another way and when I put the admin password it keeps saying its incorrect. Any further guidance would be appreciated.

Hi Kevin, Thanks for the quick reply. Here is my Malwarebytes log weird that there is more stuff that it found even though i ran it yesterday; maybe it was out of date : Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 6/12/18 Scan Time: 8:33 PM Log File: 64d26d0c-6ea1-11e8-a397-00ffdb3b5879.json Administrator: Yes -Software Information- Version: 3.5.1.2522 Components Version: 1.0.374 Update Package Version: 1.0.5458 License: Trial -System Information- OS: Windows 10 (Build 16299.431) CPU: x64 File System: NTFS User: MJZ-PC\MJZ -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 532379 Threats Detected: 47 Threats Quarantined: 47 Time Elapsed: 6 min, 17 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\PepperFlash, Delete-on-Reboot, [2660], [521697],1.0.5458 Trojan.Yelloader, C:\USERS\MJZ\APPDATA\LOCAL\WMCAGENT, Delete-on-Reboot, [2660], [521697],1.0.5458 File: 45 Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\PepperFlash\pepflashplayer.dll, Delete-on-Reboot, [2660], [521697],1.0.5458 Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\ucrtbase.dll, Delete-on-Reboot, [2660], [521697],1.0.5458 Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\vcruntime140.dll, Delete-on-Reboot, [2660], [521697],1.0.5458 Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\d3dcompiler_43.dll, Delete-on-Reboot, [2660], [521697],1.0.5458 Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\d3dcompiler_47.dll, Delete-on-Reboot, [2660], [521697],1.0.5458 Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-core-file-l1-2-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458 Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-core-file-l2-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458 Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-core-handle-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458 Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-core-heap-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458 Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-core-interlocked-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458 Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-core-libraryloader-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458 Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-core-localization-l1-2-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458 Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-core-memory-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458 Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-core-namedpipe-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458 Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-core-processenvironment-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458 Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-core-processthreads-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458 Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-core-processthreads-l1-1-1.dll, Delete-on-Reboot, [2660], [521697],1.0.5458 Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-core-rtlsupport-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458 Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-core-string-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458 Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-core-synch-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458 Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-core-synch-l1-2-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458 Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-core-sysinfo-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458 Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-core-timezone-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458 Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-core-util-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458 Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-crt-conio-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458 Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-crt-convert-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458 Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-crt-environment-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458 Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-crt-filesystem-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458 Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-crt-heap-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458 Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-crt-locale-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458 Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-crt-math-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458 Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-crt-multibyte-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458 Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-crt-private-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458 Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-crt-process-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458 Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-crt-runtime-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458 Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-crt-stdio-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458 Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-crt-string-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458 Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-crt-time-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458 Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-crt-utility-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458 Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-core-file-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458 Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-core-profile-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458 Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-core-console-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458 Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-core-datetime-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458 Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-core-debug-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458 Trojan.Yelloader, C:\Users\MJZ\AppData\Local\wmcagent\api-ms-win-core-errorhandling-l1-1-0.dll, Delete-on-Reboot, [2660], [521697],1.0.5458 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) Heres the FRST log Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01 Ran by MJZ (administrator) on MJZ-PC (12-06-2018 20:42:22) Running from C:\Users\MJZ\Downloads Loaded Profiles: MJZ (Available Profiles: MJZ & OVRLibraryService & DefaultAppPool) Platform: Windows 10 Pro Version 1709 16299.431 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (TOSHIBA CORPORATION) C:\Windows\System32\wembskcsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (MSI) C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Intel Corporation) C:\Windows\System32\ibtsiva.exe (Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE () C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (Oculus VR) C:\Program Files\Oculus\Support\oculus-runtime\OVRServiceLauncher.exe (Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Windscribe Limited) C:\Program Files (x86)\Windscribe\WindscribeService.exe (DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe (Unified Intents AB) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe (Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe (f.lux Software LLC) C:\Users\MJZ\AppData\Local\FluxSoftware\Flux\flux.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Pushbullet Inc) C:\Users\MJZ\AppData\Local\Pushbullet\bin\pushbullet_client.exe (Unified Intents AB) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Pushbullet Inc) C:\Users\MJZ\AppData\Local\Temp\pushbullet_watchdog.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe (Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe () C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe (Rainmeter) C:\Program Files\Rainmeter\Rainmeter.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe (Plex) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe (Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe (CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\GROOVE.EXE (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe (Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE (Corsair Components, Inc.) C:\Program Files (x86)\corsair\Corsair Utility Engine\CorsairHID.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe (Micro-Star INT'L CO.,LTD.) C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe () C:\Users\MJZ\AppData\Local\cwshvdx\cwshvdx.exe (Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe () C:\Users\MJZ\AppData\Local\containersvc\containersvc.exe () C:\Users\MJZ\AppData\Local\containersvc\fonthtsrv.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.10.0_x64__8wekyb3d8bbwe\WinStore.App.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Piotr Pawlowski) C:\Users\MJZ\Desktop\Music Production\foobar2000\foobar2000.exe () C:\Users\MJZ\AppData\Local\cwshvdx\upebsvh.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe () C:\Users\MJZ\AppData\Local\cwshvdx\upebsvh.exe () C:\Users\MJZ\AppData\Local\cwshvdx\upebsvh.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8466648 2015-05-15] (Realtek Semiconductor) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [14862456 2015-09-01] (Logitech Inc.) HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.) HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [383544 2012-12-14] (Citrix Systems, Inc.) HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-23] (CANON INC.) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3643712 2018-06-04] (Dropbox, Inc.) HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [455304 2016-10-01] (Power Software Ltd) HKLM-x32\...\Run: [Corsair Utility Engine] => C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe [14885552 2016-03-23] (Corsair Components, Inc.) HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [2306984 2017-04-11] (Western Digital Technologies, Inc.) HKLM-x32\...\Run: [Fast Boot] => C:\Program Files (x86)\MSI\Fast Boot\StartFastBoot.exe [759120 2015-04-22] () HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle Corporation) HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1 HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1 HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\Run: [f.lux] => C:\Users\MJZ\AppData\Local\FluxSoftware\Flux\flux.exe [1678840 2017-10-10] (f.lux Software LLC) HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\Run: [Pushbullet] => C:\Program Files (x86)\Pushbullet\pushbullet.exe [64000 2014-12-21] (Pushbullet inc) HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\Run: [Unified Remote V3] => C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe [4340992 2016-07-06] (Unified Intents AB) HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-11-30] (Apple Inc.) HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\Run: [Google Update] => C:\Users\MJZ\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateCore.exe [601680 2018-05-16] (Google Inc.) HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\Run: [Amazon Drive] => C:\Users\MJZ\AppData\Local\Amazon Drive\AmazonDrive.exe [4912304 2017-09-14] (Amazon.com Inc.) HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\Run: [Lync] => C:\Program Files\Microsoft Office\Office15\lync.exe [28169400 2018-05-15] (Microsoft Corporation) HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [15893992 2017-11-14] (Plex, Inc.) HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\Run: [SideSync] => C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe [12476064 2018-03-07] () HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\MountPoints2: D - "D:\setup.exe" HKU\S-1-5-18\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [15893992 2017-11-14] (Plex, Inc.) Startup: C:\Users\MJZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneDrive for Business.lnk [2018-05-12] ShortcutTarget: OneDrive for Business.lnk -> C:\Program Files\Microsoft Office\Office15\GROOVE.EXE (Microsoft Corporation) Startup: C:\Users\MJZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2016-12-03] ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Rainmeter) GroupPolicy: Restriction ? <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\Parameters: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{0584413c-2354-4d6d-9f26-bcc8372c8927}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{0584413c-2354-4d6d-9f26-bcc8372c8927}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{246ed59b-a0a0-435d-9160-2e58544c5e4b}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{256feff6-40f2-46db-bc37-af21ab7b1a75}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{256feff6-40f2-46db-bc37-af21ab7b1a75}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{26d6530b-033b-48a3-a270-7dfaab5fbe0e}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{2a58f74a-b345-4c45-ba20-775852645017}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{aaee4c3b-4576-416c-85d4-15d0a28e5682}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{aecb120e-ba1c-47e4-97b9-7e12866d8a37}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{b9c2b931-e70c-4530-91a0-b88197d47e71}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{db3b5879-7c8e-4005-b08f-cbd425ece60d}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{ee0d1704-33f5-41d2-90f2-b2ea435601ea}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{efbf406b-ecd3-4fd0-ad7c-9debdaa771ac}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{f05feab6-74ba-4588-99bc-6cfa3c030043}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{f76183c5-b42b-11e7-8e9f-806e6f6e6963}: [NameServer] 8.8.8.8 Internet Explorer: ================== BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2018-05-15] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_171\bin\ssv.dll [2018-04-25] (Oracle Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-04-25] (Oracle Corporation) BHO: ExplorerWatcher Class -> {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} -> C:\Program Files (x86)\Clover\TabHelper64.dll [2018-05-22] (EJIE Technology) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-08-24] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\ssv.dll [2018-04-25] (Oracle Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-04-25] (Oracle Corporation) BHO-x32: ExplorerWatcher Class -> {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} -> C:\Program Files (x86)\Clover\TabHelper32.dll [2018-05-22] (EJIE Technology) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation) Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.) Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.) FireFox: ======== FF DefaultProfile: zvd455ud.default-1450755284798-1528730058691 FF ProfilePath: C:\Users\MJZ\AppData\Roaming\Mozilla\Firefox\Profiles\zvd455ud.default-1450755284798-1528730058691 [2018-06-12] FF Homepage: Mozilla\Firefox\Profiles\zvd455ud.default-1450755284798-1528730058691 -> hxxps://duckduckgo.com/ FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\MJZ\AppData\Roaming\Mozilla\Firefox\Profiles\zvd455ud.default-1450755284798-1528730058691\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2018-06-11] FF Extension: (LastPass: Free Password Manager) - C:\Users\MJZ\AppData\Roaming\Mozilla\Firefox\Profiles\zvd455ud.default-1450755284798-1528730058691\Extensions\support@lastpass.com.xpi [2018-06-11] FF Extension: (uBlock Origin) - C:\Users\MJZ\AppData\Roaming\Mozilla\Firefox\Profiles\zvd455ud.default-1450755284798-1528730058691\Extensions\uBlock0@raymondhill.net.xpi [2018-06-11] FF Extension: (TLS 1.3 gradual roll-out fallback-limit) - C:\Users\MJZ\AppData\Roaming\Mozilla\Firefox\Profiles\zvd455ud.default-1450755284798-1528730058691\features\{bac0c2b4-ebdf-4b25-b757-a51076159eaa}\tls13-version-fallback-rollout-bug1462099@mozilla.org.xpi [2018-06-11] [Legacy] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_30_0_0_113.dll [2018-06-08] () FF Plugin: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-04-25] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-04-25] (Oracle Corporation) FF Plugin: @lastpass.com/NPLastPass -> G:\SanDiskSecureAccessV2.0\nplastpass64.dll [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_113.dll [2018-06-08] () FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2012-12-14] (Citrix Systems, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-04-25] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-04-25] (Oracle Corporation) FF Plugin-x32: @lastpass.com/NPLastPass -> G:\SanDiskSecureAccessV2.0\nplastpass64.dll [No File] FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2014-05-19] (Nitro PDF) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-06-01] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-06-01] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-10] (Adobe Systems Inc.) FF Plugin-x32: Web Components -> C:\Program Files (x86)\Web Components\npWebVideoPlugin.dll [2017-07-29] () FF Plugin HKU\S-1-5-21-517441185-2000574432-2814188571-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\MJZ\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-517441185-2000574432-2814188571-1000: @talk.google.com/O1DPlugin -> C:\Users\MJZ\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-517441185-2000574432-2814188571-1000: @tools.google.com/Google Update;version=3 -> C:\Users\MJZ\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.) FF Plugin HKU\S-1-5-21-517441185-2000574432-2814188571-1000: @tools.google.com/Google Update;version=9 -> C:\Users\MJZ\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.) FF Plugin HKU\S-1-5-21-517441185-2000574432-2814188571-1000: tdameritrade.com/thinkorswim -> C:\Program Files\thinkorswim\npthinkorswim.dll [No File] FF Plugin HKU\S-1-5-21-517441185-2000574432-2814188571-1000: tdameritrade.com/tossc -> C:\Program Files\thinkorswim\nptossc.dll [No File] FF Plugin ProgramFiles/Appdata: C:\Users\MJZ\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin ProgramFiles/Appdata: C:\Users\MJZ\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google) Chrome: ======= CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-517441185-2000574432-2814188571-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) HKLM\SYSTEM\CurrentControlSet\Services\estvrom <==== ATTENTION (Rootkit!) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-03-29] (Apple Inc.) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6877224 2018-06-11] () S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\66.0.3359.12\remoting_host.exe [71000 2018-03-06] (Google Inc.) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-08-03] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-08-03] (Dropbox, Inc.) R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-06-04] (Dropbox, Inc.) R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [5278064 2014-09-10] (Binary Fortress Software) S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [780928 2018-05-26] (EasyAntiCheat Ltd) R2 HCloverService; C:\Program Files (x86)\Clover\CloverSvc.dll [735592 2018-05-22] () R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [542320 2018-01-10] (Intel Corporation) R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [192120 2015-09-01] (Logitech Inc.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes) R2 MSI_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe [111568 2017-04-05] (MSI) R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe [230920 2014-05-19] (Nitro PDF Software) R2 NitroUpdateService; C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [417800 2014-05-19] () R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764896 2018-05-20] (NVIDIA Corporation) R3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764896 2018-05-20] (NVIDIA Corporation) S3 Origin Client Service; C:\ProgramData\Origin\OriginClientService.exe [2122248 2016-09-03] (Electronic Arts) S3 OVRLibraryService; C:\Program Files\Oculus\Support\oculus-librarian\OVRLibraryService.exe [135536 2018-02-01] (Oculus VR, LLC) [File not signed] R2 OVRService; C:\Program Files\Oculus\Support\oculus-runtime\OVRServiceLauncher.exe [477552 2018-02-01] (Oculus VR) [File not signed] R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [2100200 2017-11-14] (Plex, Inc.) R2 RemoteServerWin; C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe [4340992 2016-07-06] (Unified Intents AB) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-11-26] (Microsoft Corporation) R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (DEVGURU Co., LTD.) S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation) R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [331144 2017-04-11] (Western Digital Technologies, Inc.) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\NisSrv.exe [4632736 2018-04-26] (Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MsMpEng.exe [104680 2018-04-26] (Microsoft Corporation) R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [442472 2017-11-13] (Windscribe Limited) R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [18232 2016-10-20] (Intel(R) Corporation) R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.) S4 ESLoadService; "C:\Program Files (x86)\EaseUS\EaseUS MobiMover\bin\ESLoadService.exe" [X] R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r S4 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 ampa; C:\WINDOWS\system32\ampa.sys [38320 2016-12-26] () S3 ampa; C:\WINDOWS\SysWOW64\ampa.sys [38320 2016-12-26] () R2 ASInsHelp; C:\Windows\SysWow64\drivers\AsInsHelp64.sys [11832 2011-10-07] () R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2011-10-07] () S3 CMUACWO; C:\WINDOWS\system32\DRIVERS\CMUACWO.sys [574464 2014-04-17] (C-Media Inc.) R3 CORK70; C:\WINDOWS\system32\drivers\CORK70.sys [25600 2012-10-31] ( ) R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [47840 2016-01-20] (Corsair) R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [21728 2016-01-20] (Corsair) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2017-01-16] (Samsung Electronics Co., Ltd.) R1 epp; C:\EEK\bin64\epp.sys [142448 2018-06-11] (Emsisoft Ltd) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152184 2018-05-24] (Malwarebytes) R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [136128 2018-01-10] (Intel Corporation) R2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [37064 2016-08-24] (Intel Corporation) R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech) R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [68384 2015-06-10] (Logitech Inc.) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [190696 2018-06-12] (Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [112872 2018-06-12] (Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [44768 2018-06-12] (Malwarebytes) R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-06-12] (Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [103656 2018-06-12] (Malwarebytes) S3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7689728 2017-09-29] (Intel Corporation) R3 Netwtw06; C:\WINDOWS\System32\drivers\Netwtw06.sys [8742976 2018-03-22] (Intel Corporation) R3 NTIOLib_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [14288 2017-03-29] (MSI) R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_040c7acb04cee565\nvlddmkm.sys [17195272 2018-06-01] (NVIDIA Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31200 2018-05-20] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [67432 2018-03-15] (NVIDIA Corporation) R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [68112 2018-04-27] (NVIDIA Corporation) R3 Oculus_ViGEmBus; C:\WINDOWS\System32\drivers\Oculus_ViGEmBus.sys [32856 2018-03-07] (Facebook Inc.) S3 ptun0901; C:\WINDOWS\System32\drivers\ptun0901.sys [27136 2016-06-15] (The OpenVPN Project) R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] () S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] () S3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [898296 2016-01-13] (Realtek ) S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14024 2017-08-27] () S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-10-18] () R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [259584 2017-09-29] (Microsoft Corporation) S4 SMR521; C:\WINDOWS\System32\drivers\SMR521.SYS [119888 2018-05-21] (Symantec Corporation) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2017-01-16] (Samsung Electronics Co., Ltd.) S3 ss_conn_usb_driver; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver.sys [43648 2017-01-16] (Samsung Electronics Co., Ltd.) R3 SteamStreamingMicrophone; C:\WINDOWS\system32\drivers\SteamStreamingMicrophone.sys [40736 2017-07-28] () R3 SteamStreamingSpeakers; C:\WINDOWS\system32\drivers\SteamStreamingSpeakers.sys [40736 2017-07-21] () R3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [54896 2017-04-21] (The OpenVPN Project) S3 usbaudio2; C:\WINDOWS\system32\DRIVERS\usbaudio2.sys [239616 2017-09-29] (Microsoft Corporation) R3 uvhid; C:\WINDOWS\System32\drivers\uvhid.sys [27064 2016-07-06] (Windows (R) Win 7 DDK provider) R3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [203328 2018-02-26] (Oracle Corporation) R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [213632 2018-02-26] (Oracle Corporation) R1 veracrypt; C:\WINDOWS\System32\drivers\veracrypt.sys [631200 2017-12-25] (IDRIX) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2018-04-26] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [313888 2018-04-26] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61472 2018-04-26] (Microsoft Corporation) R1 Win10Pcap; C:\WINDOWS\system32\DRIVERS\Win10Pcap.sys [50304 2015-10-07] (Daiyuu Nobori, University of Tsukuba, Japan) S3 WinRing0_1_2_0; C:\Program Files (x86)\Steam\steamapps\common\EVGA PrecisionX\WinRing0\WinRing0x64.sys [14536 2017-10-13] (OpenLibSys.org) R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2018-06-11] (Zemana Ltd.) R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2018-06-11] (Zemana Ltd.) R3 behlor; system32\drivers\hkoruy.sys [X] S4 GPU-Z; \??\C:\Users\MJZ\AppData\Local\Temp\GPU-Z.sys [X] <==== ATTENTION S4 vmci; \SystemRoot\System32\drivers\vmci.sys [X] S4 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X] S4 VMnetBridge; system32\DRIVERS\vmnetbridge.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-06-12 20:42 - 2018-06-12 20:42 - 000035484 _____ C:\Users\MJZ\Downloads\FRST.txt 2018-06-12 20:42 - 2018-06-12 20:42 - 000000000 ____D C:\FRST 2018-06-12 20:41 - 2018-06-12 20:41 - 002413056 _____ (Farbar) C:\Users\MJZ\Downloads\FRST64.exe 2018-06-12 20:41 - 2018-06-12 20:41 - 000007399 _____ C:\Users\MJZ\Desktop\Malwarebytes Report.txt 2018-06-12 20:32 - 2018-06-12 20:32 - 077609632 _____ (Malwarebytes ) C:\Users\MJZ\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.374-1.0.5448.exe 2018-06-12 20:32 - 2018-06-12 20:32 - 000190696 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2018-06-12 20:32 - 2018-06-12 20:32 - 000112872 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2018-06-12 20:32 - 2018-06-12 20:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-06-11 22:41 - 2018-06-11 22:41 - 002870984 _____ (ESET) C:\Users\MJZ\Downloads\esetsmartinstaller_enu.exe 2018-06-11 22:41 - 2018-06-11 22:41 - 000000000 ____D C:\Program Files (x86)\ESET 2018-06-11 22:36 - 2018-06-11 22:36 - 000000000 ____D C:\Users\MJZ\AppData\Local\psdxahe 2018-06-11 22:34 - 2018-06-11 22:34 - 000142672 ____N C:\WINDOWS\system32\Drivers\reiruxae.sys 2018-06-11 22:30 - 2018-06-12 20:42 - 002501493 _____ C:\WINDOWS\ZAM_Guard.krnl.trace 2018-06-11 22:30 - 2018-06-12 20:32 - 000496381 _____ C:\WINDOWS\ZAM.krnl.trace 2018-06-11 22:30 - 2018-06-11 22:30 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys 2018-06-11 22:30 - 2018-06-11 22:30 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys 2018-06-11 22:30 - 2018-06-11 22:30 - 000001217 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk 2018-06-11 22:30 - 2018-06-11 22:30 - 000000000 ____D C:\Users\MJZ\AppData\Local\Zemana 2018-06-11 22:30 - 2018-06-11 22:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware 2018-06-11 22:30 - 2018-06-11 22:30 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware 2018-06-11 22:29 - 2018-06-11 22:29 - 006625600 _____ (Zemana Ltd. ) C:\Users\MJZ\Downloads\Zemana.AntiMalware.Setup.exe 2018-06-11 22:22 - 2018-06-11 22:22 - 011609024 _____ (SurfRight B.V.) C:\Users\MJZ\Downloads\hitmanpro_x64(1).exe 2018-06-11 22:20 - 2018-06-11 22:20 - 083351952 _____ (R Core Team ) C:\Users\MJZ\Downloads\R-3.5.0-win.exe 2018-06-11 22:17 - 2018-06-11 22:19 - 000000000 ____D C:\Users\MJZ\AppData\Roaming\RStudio 2018-06-11 22:17 - 2018-06-11 22:17 - 000000000 ____D C:\Users\MJZ\AppData\Local\RStudio-Desktop 2018-06-11 22:16 - 2018-06-11 22:16 - 000000000 ____D C:\Users\MJZ\AppData\Local\timncdr 2018-06-11 21:56 - 2018-06-11 21:56 - 000000000 ____D C:\Users\MJZ\AppData\Local\aungcip 2018-06-11 20:56 - 2018-06-11 20:56 - 000000000 ____D C:\Users\MJZ\AppData\Local\dtiolbs 2018-06-11 18:49 - 2018-06-11 18:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RStudio 2018-06-11 18:49 - 2018-06-11 18:49 - 000000000 ____D C:\Program Files\RStudio 2018-06-11 18:48 - 2018-06-11 18:49 - 089992256 _____ (RStudio, Inc.) C:\Users\MJZ\Downloads\RStudio-1.1.453.exe 2018-06-11 17:30 - 2018-06-11 17:30 - 000002619 _____ C:\Users\Public\Desktop\PatchCleaner.lnk 2018-06-11 17:30 - 2018-06-11 17:30 - 000000000 ____D C:\Users\MJZ\AppData\Local\HomeDev 2018-06-11 17:30 - 2018-06-11 17:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HomeDev 2018-06-11 17:30 - 2018-06-11 17:30 - 000000000 ____D C:\Program Files (x86)\HomeDev 2018-06-11 17:29 - 2018-06-11 17:29 - 001317684 _____ (Igor Pavlov) C:\Users\MJZ\Downloads\PatchCleaner_1.4.2.0.exe 2018-06-11 17:19 - 2018-06-11 17:19 - 000001533 _____ C:\Users\MJZ\Downloads\iTunes64Setup.exe - Shortcut.lnk 2018-06-11 16:58 - 2018-06-11 16:58 - 003345464 _____ (Antibody Software ) C:\Users\MJZ\Downloads\wiztree_3_23_setup.exe 2018-06-11 16:58 - 2018-06-11 16:58 - 000000849 _____ C:\Users\MJZ\Desktop\WizTree.lnk 2018-06-11 16:58 - 2018-06-11 16:58 - 000000000 ____D C:\Users\MJZ\AppData\Roaming\WizTree3 2018-06-11 16:58 - 2018-06-11 16:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WizTree 2018-06-11 16:58 - 2018-06-11 16:58 - 000000000 ____D C:\Program Files\WizTree 2018-06-11 12:30 - 2018-06-11 12:30 - 000000000 ____D C:\Users\MJZ\AppData\Local\siobnhm 2018-06-11 11:37 - 2018-06-11 12:14 - 000000000 ____D C:\EEK 2018-06-11 11:35 - 2018-06-11 11:36 - 338518048 _____ C:\Users\MJZ\Downloads\EmsisoftEmergencyKit.exe 2018-06-11 11:14 - 2018-06-11 11:14 - 000000000 ____D C:\Users\MJZ\Desktop\Old Firefox Data 2018-06-11 10:38 - 2018-06-11 10:38 - 000313560 _____ (Mozilla) C:\Users\MJZ\Downloads\Firefox Installer (1).exe 2018-06-11 10:38 - 2018-06-11 10:38 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2018-06-11 10:36 - 2018-06-11 10:36 - 000000000 ____D C:\Users\MJZ\AppData\Local\spclrut 2018-06-10 16:43 - 2018-06-10 16:43 - 031748923 _____ C:\Users\MJZ\Downloads\Spirit Island rulebook (from eProof).pdf 2018-06-10 13:23 - 2018-06-10 13:23 - 000000000 ____D C:\Users\MJZ\AppData\Local\spcuoiw 2018-06-10 13:12 - 2018-06-01 04:47 - 000132680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe 2018-06-10 13:10 - 2018-06-01 23:04 - 040346536 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll 2018-06-10 13:10 - 2018-06-01 23:04 - 035250624 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll 2018-06-10 13:10 - 2018-06-01 23:04 - 013727800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll 2018-06-10 13:10 - 2018-06-01 23:04 - 011272944 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll 2018-06-10 13:10 - 2018-06-01 23:04 - 004349864 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll 2018-06-10 13:10 - 2018-06-01 23:04 - 003760392 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll 2018-06-10 13:10 - 2018-06-01 23:04 - 002014144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6439811.dll 2018-06-10 13:10 - 2018-06-01 23:04 - 001563224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll 2018-06-10 13:10 - 2018-06-01 23:04 - 001468272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6439811.dll 2018-06-10 13:10 - 2018-06-01 23:04 - 001418664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll 2018-06-10 13:10 - 2018-06-01 23:04 - 001216424 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll 2018-06-10 13:10 - 2018-06-01 23:04 - 001092360 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll 2018-06-10 13:10 - 2018-06-01 23:04 - 000750016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll 2018-06-10 13:10 - 2018-06-01 23:04 - 000627056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll 2018-06-10 13:10 - 2018-06-01 23:04 - 000608520 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll 2018-06-10 13:10 - 2018-06-01 23:04 - 000518000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll 2018-06-10 13:10 - 2018-06-01 23:03 - 031278400 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll 2018-06-10 13:10 - 2018-06-01 23:03 - 025991456 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll 2018-06-10 13:10 - 2018-06-01 23:03 - 015195256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll 2018-06-10 13:10 - 2018-06-01 23:03 - 001356824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll 2018-06-10 13:10 - 2018-06-01 23:03 - 001347696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll 2018-06-10 13:10 - 2018-06-01 23:03 - 001069608 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll 2018-06-10 13:10 - 2018-06-01 23:03 - 001063224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll 2018-06-10 13:10 - 2018-06-01 23:03 - 000904720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll 2018-06-10 13:10 - 2018-06-01 23:03 - 000814432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll 2018-06-10 13:10 - 2018-06-01 23:03 - 000652352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll 2018-06-10 13:10 - 2018-06-01 23:03 - 000634792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll 2018-06-10 12:26 - 2018-06-10 12:26 - 000000000 ____D C:\Users\MJZ\AppData\Local\tiklnpc 2018-06-10 00:06 - 2018-06-10 00:06 - 000000000 ____D C:\Users\MJZ\AppData\Local\mbbdrzg 2018-06-09 23:42 - 2018-06-09 23:42 - 000000000 ____D C:\Users\MJZ\AppData\Local\cohvnkl 2018-06-09 23:38 - 2018-06-09 23:38 - 000000000 ____D C:\Users\MJZ\AppData\Local\CrashReportClient 2018-06-09 21:47 - 2018-06-09 21:47 - 000000000 ____D C:\Users\MJZ\AppData\Local\mbrctwa 2018-06-09 02:09 - 2018-06-09 02:10 - 001204720 _____ (Adobe Systems Incorporated) C:\Users\MJZ\Downloads\flashplayer30ppau_ha_install.exe 2018-06-09 02:09 - 2018-06-09 02:09 - 000000000 ____D C:\Users\MJZ\AppData\Local\conltbi 2018-06-08 20:08 - 2018-06-08 20:08 - 000000000 ____D C:\Users\MJZ\AppData\Local\containersvc 2018-06-08 20:05 - 2018-06-08 20:05 - 000000000 ____D C:\Users\MJZ\AppData\Local\tiiadzn 2018-06-07 20:42 - 2018-06-07 20:42 - 000000000 ____D C:\Users\MJZ\AppData\Local\msmwuze 2018-06-07 20:18 - 2018-06-07 20:18 - 000000000 ____D C:\Users\MJZ\AppData\Local\iahokxe 2018-06-07 20:15 - 2018-06-07 20:15 - 000019380 _____ C:\WINDOWS\system32\.crusader 2018-06-07 19:47 - 2018-06-11 22:24 - 000055232 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys 2018-06-07 19:46 - 2018-06-07 19:47 - 011609024 _____ (SurfRight B.V.) C:\Users\MJZ\Downloads\hitmanpro_x64.exe 2018-06-07 19:44 - 2018-06-07 19:44 - 000000000 ____D C:\Users\MJZ\AppData\Local\rtsuxbh 2018-06-07 19:41 - 2018-06-07 19:41 - 007372496 _____ (Malwarebytes) C:\Users\MJZ\Downloads\adwcleaner_7.2.0.exe 2018-06-07 19:40 - 2018-06-07 19:40 - 000000000 ____D C:\Users\MJZ\AppData\Local\nvaclxt 2018-06-06 23:44 - 2018-06-06 23:44 - 000000000 ____D C:\Users\MJZ\AppData\Local\mbilvkc 2018-06-06 16:30 - 2018-06-06 16:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2018-06-06 16:20 - 2018-06-06 16:20 - 000000000 ____D C:\Users\MJZ\AppData\Local\svnladw 2018-06-05 11:28 - 2018-06-05 11:28 - 000000000 ____D C:\Users\MJZ\AppData\Local\wmdkpvo 2018-06-04 06:18 - 2018-06-04 06:18 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe 2018-06-04 06:18 - 2018-06-04 06:18 - 000050232 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys 2018-06-04 06:18 - 2018-06-04 06:18 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys 2018-06-04 06:18 - 2018-06-04 06:18 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys 2018-06-02 11:40 - 2018-06-02 11:40 - 000000000 ____D C:\Users\MJZ\AppData\Local\sihkanc 2018-06-02 10:20 - 2018-06-02 10:20 - 000000000 ____D C:\Users\MJZ\AppData\Local\cwmnzkp 2018-06-01 14:00 - 2018-06-01 14:00 - 000000000 ____D C:\Users\MJZ\AppData\Local\dwealgb 2018-05-31 12:18 - 2018-05-31 12:18 - 000888999 _____ C:\Users\MJZ\Downloads\FloorPlan_SinglePage-english.v1-170330.pdf 2018-05-30 13:25 - 2018-06-10 13:12 - 000000000 ____D C:\Program Files (x86)\VulkanRT 2018-05-30 13:24 - 2018-06-01 23:03 - 017784624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll 2018-05-30 13:24 - 2018-06-01 23:03 - 004125056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll 2018-05-30 13:24 - 2018-06-01 23:03 - 001157216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll 2018-05-30 13:24 - 2018-05-23 14:21 - 002013784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6439793.dll 2018-05-30 13:24 - 2018-05-23 14:21 - 001467808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6439793.dll 2018-05-30 13:24 - 2018-05-22 18:00 - 000047648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll 2018-05-30 12:54 - 2018-05-30 12:54 - 000003976 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2018-05-30 12:54 - 2018-05-30 12:54 - 000003940 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2018-05-30 12:54 - 2018-05-30 12:54 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2018-05-30 12:54 - 2018-05-30 12:54 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2018-05-30 12:54 - 2018-05-30 12:54 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2018-05-30 12:54 - 2018-05-20 13:36 - 002496480 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll 2018-05-30 12:54 - 2018-05-20 13:36 - 002164192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll 2018-05-30 12:54 - 2018-05-20 13:36 - 001312224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll 2018-05-29 10:53 - 2018-05-29 10:53 - 000000000 ____D C:\Users\MJZ\AppData\Local\usekdpx 2018-05-28 10:53 - 2018-05-28 10:53 - 000000000 ____D C:\Users\MJZ\AppData\Local\excnipg 2018-05-27 23:15 - 2018-05-27 23:15 - 000000000 ____D C:\Users\MJZ\AppData\Local\cokradz 2018-05-27 12:03 - 2018-05-27 12:03 - 000000000 ____D C:\Users\MJZ\AppData\Local\siahlcz 2018-05-26 14:30 - 2018-05-26 14:30 - 000000000 ____D C:\Users\MJZ\AppData\Local\cgkuwzr 2018-05-26 13:44 - 2018-05-26 13:44 - 000000000 __SHD C:\82ace7d6-0197-474d-bf4b-a2043e72329b 2018-05-26 13:44 - 2018-05-25 13:42 - 000000228 ___SH C:\Users\Public\Libraries.ini 2018-05-26 13:40 - 2018-05-26 13:40 - 000000000 ____D C:\Users\MJZ\AppData\Local\FortniteGame 2018-05-26 13:40 - 2018-05-26 13:40 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat 2018-05-26 13:14 - 2018-05-26 13:14 - 000001270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk 2018-05-26 13:14 - 2018-05-26 13:14 - 000001258 _____ C:\Users\Public\Desktop\Epic Games Launcher.lnk 2018-05-26 13:14 - 2018-05-26 13:14 - 000000000 ____D C:\Users\MJZ\AppData\Local\UnrealEngineLauncher 2018-05-26 13:14 - 2018-05-26 13:14 - 000000000 ____D C:\Users\MJZ\AppData\Local\EpicGamesLauncher 2018-05-26 13:14 - 2018-05-26 13:14 - 000000000 ____D C:\ProgramData\Epic 2018-05-26 13:14 - 2018-05-26 13:14 - 000000000 ____D C:\Program Files (x86)\Epic Games 2018-05-26 13:13 - 2018-05-26 13:13 - 032362496 _____ C:\Users\MJZ\Downloads\EpicInstaller-7.9.2-fortnite-98bd4e1df43c42dfbd9f75c4e116a301.msi 2018-05-26 12:51 - 2018-05-26 12:51 - 000000000 ____D C:\Users\MJZ\AppData\Local\atkdehx 2018-05-25 09:54 - 2018-05-25 09:54 - 000000000 ____D C:\Users\MJZ\AppData\Local\vdknxbh 2018-05-25 01:16 - 2018-06-12 01:08 - 000000000 ____D C:\Users\MJZ\AppData\Roaming\Plane9 2018-05-25 01:16 - 2018-05-25 01:16 - 027878152 _____ C:\Users\MJZ\Downloads\Plane9-2.5.1.3.exe 2018-05-25 01:16 - 2018-05-25 01:16 - 000000000 ____D C:\Users\MJZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plane9 2018-05-25 01:16 - 2018-05-25 01:16 - 000000000 ____D C:\Program Files (x86)\Plane9 2018-05-24 22:31 - 2018-05-24 22:31 - 031149296 _____ C:\Users\MJZ\Downloads\DAYTONA.zip 2018-05-24 11:00 - 2018-05-24 11:00 - 000000000 ____D C:\Users\MJZ\AppData\Local\sniraku 2018-05-23 20:47 - 2018-05-23 20:47 - 000000000 ____D C:\Users\MJZ\Documents\steamvr 2018-05-23 12:32 - 2018-05-23 12:32 - 000000000 ____D C:\Users\MJZ\AppData\Roaming\Alteryx 2018-05-23 12:31 - 2018-05-23 12:31 - 000000000 __HDC C:\Users\MJZ\AppData\Local\{CC1BE488-E85D-4BE6-8792-19DCF2C2CD0B} 2018-05-23 12:30 - 2018-05-23 12:31 - 000000000 ____D C:\Users\MJZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\R 2018-05-23 12:29 - 2018-05-23 12:33 - 000000000 ____D C:\Users\MJZ\AppData\Roaming\SRC 2018-05-23 12:29 - 2018-05-23 12:33 - 000000000 ____D C:\ProgramData\SRC 2018-05-23 12:29 - 2018-05-23 12:33 - 000000000 ____D C:\ProgramData\Alteryx 2018-05-23 12:29 - 2018-05-23 12:29 - 000001188 _____ C:\Users\MJZ\Desktop\Alteryx Designer 2018.1 x64 (User).lnk 2018-05-23 12:29 - 2018-05-23 12:29 - 000000000 __HDC C:\Users\MJZ\AppData\Local\{379EA173-BAC8-4FCF-ACF9-3E1F4464D9A2} 2018-05-23 12:28 - 2018-05-23 12:43 - 000000000 ____D C:\Users\MJZ\AppData\Local\Alteryx 2018-05-23 12:28 - 2018-05-23 12:29 - 000000000 ____D C:\Users\MJZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Alteryx 2018.1 (User) 2018-05-23 12:28 - 2018-05-23 12:28 - 000000000 ____D C:\Users\MJZ\AppData\Local\PackageAware 2018-05-23 10:49 - 2018-05-23 10:49 - 000000000 ____D C:\Users\MJZ\AppData\Local\reakhlt 2018-05-22 22:42 - 2018-05-22 22:42 - 000001390 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tableau Public 2018.1.lnk 2018-05-22 22:42 - 2018-05-22 22:42 - 000001378 _____ C:\Users\Public\Desktop\Tableau Public 2018.1.lnk 2018-05-22 22:42 - 2018-05-22 22:42 - 000000000 ____D C:\Users\MJZ\.Tableau Public 2018-05-22 22:42 - 2018-05-22 22:42 - 000000000 ____D C:\Users\MJZ\.QtWebEngineProcess 2018-05-22 22:38 - 2018-05-22 22:38 - 000000000 ____D C:\Users\MJZ\AppData\Local\rthepas 2018-05-22 21:38 - 2018-06-11 23:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clover 2018-05-22 19:47 - 2018-05-22 19:47 - 000000000 ____D C:\Users\MJZ\AppData\Local\uphlcdm 2018-05-22 19:43 - 2018-05-22 19:43 - 000214298 _____ C:\Users\MJZ\Downloads\winfilefolder.DiagCab 2018-05-22 19:41 - 2018-05-22 19:41 - 000182511 _____ C:\Users\MJZ\Downloads\The.Matrix.1999.2160p.BluRay.HEVC.TrueHD.7.1.Atmos-COASTER-[rarbg.to].torrent 2018-05-22 18:59 - 2018-05-22 18:59 - 000000000 ____D C:\Users\MJZ\AppData\Local\seruxdl 2018-05-22 00:19 - 2018-05-22 00:19 - 016219928 _____ C:\Users\MJZ\Downloads\ZeroNet-win-dist.zip 2018-05-21 22:56 - 2018-05-21 22:56 - 000000000 ____D C:\Users\MJZ\AppData\Local\wmhibgu 2018-05-21 22:27 - 2018-05-22 18:58 - 000000000 ____D C:\Users\MJZ\AppData\Local\NPE 2018-05-21 22:27 - 2018-05-21 22:54 - 000007582 _____ C:\WINDOWS\system32\Drivers\SMR521.dat 2018-05-21 22:27 - 2018-05-21 22:27 - 009497720 _____ (Symantec Corporation) C:\Users\MJZ\Downloads\NPE.exe 2018-05-21 22:27 - 2018-05-21 22:27 - 000119888 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SMR521.SYS 2018-05-21 22:27 - 2018-05-21 22:27 - 000000000 ____D C:\ProgramData\Norton 2018-05-21 22:23 - 2018-05-21 22:23 - 000000000 ____D C:\Users\MJZ\AppData\Local\aubvzgm 2018-05-21 22:21 - 2018-05-21 22:21 - 007271632 _____ (Malwarebytes) C:\Users\MJZ\Downloads\adwcleaner_7.1.1.exe 2018-05-21 00:40 - 2018-05-21 00:40 - 000000000 ____D C:\Users\MJZ\AppData\Local\scewvzo 2018-05-18 11:21 - 2018-05-04 05:37 - 000278448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Notifier.exe 2018-05-18 11:19 - 2018-05-18 11:19 - 000000000 ____D C:\Users\MJZ\AppData\Local\aurbtzi 2018-05-17 11:31 - 2018-05-17 11:31 - 000000000 ____D C:\Users\MJZ\AppData\Local\vdsiapb 2018-05-17 00:30 - 2018-05-17 00:30 - 000000000 ____D C:\Users\MJZ\AppData\Local\avoplce 2018-05-16 23:57 - 2018-05-16 23:57 - 000000000 ____D C:\Users\MJZ\AppData\Local\schnzve 2018-05-16 22:31 - 2018-05-16 22:31 - 000000222 _____ C:\Users\MJZ\Desktop\Endless Space 2.url 2018-05-16 21:50 - 2018-05-16 21:50 - 016592322 _____ (The qBittorrent project) C:\Users\MJZ\Downloads\qbittorrent_4.1.0_setup.exe 2018-05-16 21:50 - 2018-05-16 21:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent 2018-05-16 12:20 - 2018-05-16 12:20 - 000000000 ____D C:\Users\MJZ\AppData\Local\aticpln 2018-05-16 00:36 - 2018-05-16 00:36 - 000000000 ____D C:\Users\MJZ\AppData\Local\rtsxgbd 2018-05-15 19:01 - 2018-05-15 19:01 - 000000000 ____D C:\Users\MJZ\AppData\Local\reobctd 2018-05-14 12:35 - 2018-05-14 12:35 - 002660771 _____ C:\Users\MJZ\Downloads\drive-download-20180330T172124Z-001.zip 2018-05-13 11:32 - 2018-05-13 11:32 - 000070047 _____ C:\Users\MJZ\Downloads\MichalZajac_Resume.pdf ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-06-12 20:32 - 2018-05-09 22:56 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2018-06-12 20:32 - 2018-05-09 22:56 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2018-06-12 20:32 - 2017-10-17 10:18 - 000103656 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2018-06-12 20:32 - 2017-10-17 10:18 - 000044768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2018-06-12 20:20 - 2014-12-22 00:50 - 000000000 ____D C:\Program Files (x86)\Steam 2018-06-12 20:11 - 2017-10-18 12:45 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2018-06-12 18:57 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\AppReadiness 2018-06-12 12:25 - 2018-02-10 19:22 - 000000000 ____D C:\ProgramData\NVIDIA 2018-06-12 10:03 - 2018-05-09 23:00 - 000000000 ____D C:\Users\MJZ\AppData\Local\cwshvdx 2018-06-11 23:47 - 2015-04-08 23:28 - 000000000 ____D C:\Program Files (x86)\Clover 2018-06-11 22:40 - 2017-10-18 12:47 - 004792572 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2018-06-11 22:35 - 2016-12-11 23:09 - 000000000 ____D C:\Users\MJZ\AppData\LocalLow\Mozilla 2018-06-11 22:35 - 2015-03-13 03:19 - 000000000 ____D C:\Users\MJZ\AppData\Local\Pushbullet 2018-06-11 22:34 - 2018-05-09 22:59 - 002888704 _____ (TOSHIBA CORPORATION) C:\WINDOWS\system32\wembskcsvc.exe 2018-06-11 22:34 - 2017-10-18 12:58 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2018-06-11 22:34 - 2017-09-29 04:45 - 024379392 _____ C:\WINDOWS\system32\config\HARDWARE 2018-06-11 22:34 - 2017-09-29 04:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2018-06-11 22:11 - 2017-10-18 12:58 - 000002296 _____ C:\WINDOWS\System32\Tasks\SidebarExecute 2018-06-11 21:55 - 2015-10-18 15:38 - 000000000 ___RD C:\Users\MJZ\Google Drive 2018-06-11 21:54 - 2017-12-12 00:12 - 000000000 ____D C:\Users\MJZ\Desktop\Travel 2018-06-11 21:47 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization 2018-06-11 21:46 - 2017-09-29 09:37 - 000000000 ____D C:\WINDOWS\CbsTemp 2018-06-11 21:00 - 2017-09-29 09:46 - 000000000 ___HD C:\Program Files\WindowsApps 2018-06-11 17:22 - 2014-12-01 23:39 - 000000000 ____D C:\Users\MJZ\AppData\Roaming\vlc 2018-06-11 17:20 - 2017-07-25 22:55 - 000000000 ____D C:\Users\MJZ\AppData\LocalLow\Clover 2018-06-11 17:11 - 2016-11-02 18:21 - 000000000 ____D C:\Users\MJZ\Desktop\Pics Mikes Phone 2018-06-11 17:07 - 2017-11-03 18:14 - 000000000 ____D C:\Users\MJZ\Downloads\Operating Systems 2018-06-11 17:06 - 2018-04-23 20:11 - 000000000 ____D C:\Users\MJZ\Downloads\Captain America - The First Avenger (2011) 2018-06-11 17:04 - 2014-12-01 18:16 - 000001139 _____ C:\Users\Public\Desktop\VLC media player.lnk 2018-06-11 17:03 - 2017-04-22 01:06 - 000000000 ____D C:\Users\MJZ\Downloads\Torrents 2018-06-11 17:02 - 2018-03-11 21:02 - 000000000 ____D C:\Users\MJZ\Downloads\VR Games 2018-06-11 12:42 - 2016-11-28 15:47 - 000007600 _____ C:\Users\MJZ\AppData\Local\Resmon.ResmonCfg 2018-06-11 12:40 - 2017-10-18 12:52 - 000000000 ____D C:\Users\MJZ\AppData\Local\Packages 2018-06-11 12:28 - 2015-01-15 23:52 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2018-06-11 12:14 - 2016-08-27 01:34 - 000000000 ____D C:\Users\MJZ\Downloads\ZIPS 2018-06-11 11:40 - 2018-05-09 22:55 - 000000000 ____D C:\Program Files (x86)\fitzmaurice 2018-06-11 11:40 - 2017-10-18 12:51 - 000000000 ____D C:\Users\MJZ 2018-06-11 11:38 - 2018-01-27 23:47 - 000000000 ____D C:\ProgramData\Emsisoft 2018-06-11 11:12 - 2014-12-01 17:39 - 000000000 ____D C:\Users\MJZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps 2018-06-11 11:12 - 2014-12-01 17:38 - 000000000 ____D C:\Program Files (x86)\Google 2018-06-11 10:38 - 2018-05-12 22:08 - 000000993 _____ C:\Users\Public\Desktop\Firefox.lnk 2018-06-11 10:38 - 2018-05-12 22:08 - 000000000 ____D C:\Program Files\Mozilla Firefox 2018-06-11 10:35 - 2015-03-16 20:06 - 000000000 ____D C:\ProgramData\Unified Remote 2018-06-10 15:43 - 2018-02-10 19:22 - 000000000 ____D C:\Users\MJZ\AppData\Local\NVIDIA 2018-06-10 13:23 - 2015-07-17 20:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2018-06-10 13:17 - 2014-12-15 17:16 - 000000000 ____D C:\Users\MJZ\AppData\Local\CrashDumps 2018-06-10 13:13 - 2018-01-24 21:34 - 000000000 ____D C:\temp 2018-06-10 13:13 - 2017-09-29 09:44 - 000000000 ____D C:\WINDOWS\INF 2018-06-10 13:13 - 2017-04-25 21:35 - 000000000 ____D C:\ProgramData\NVIDIA Corporation 2018-06-09 23:56 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\NDF 2018-06-09 21:50 - 2017-10-18 12:58 - 000004518 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier 2018-06-09 21:50 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2018-06-09 21:50 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\Macromed 2018-06-07 20:15 - 2015-05-26 03:05 - 000000000 ____D C:\ProgramData\HitmanPro 2018-06-07 19:37 - 2018-05-09 22:55 - 000000000 ____D C:\Program Files (x86)\Vichy 2018-06-07 01:06 - 2014-12-01 19:44 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2018-06-07 01:01 - 2009-07-13 22:34 - 000000541 _____ C:\WINDOWS\win.ini 2018-06-06 16:30 - 2016-08-03 18:38 - 000000000 ____D C:\Program Files (x86)\Dropbox 2018-06-05 19:24 - 2017-12-15 17:30 - 000835056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2018-06-05 19:24 - 2017-12-15 17:30 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2018-06-01 23:03 - 2017-10-12 22:13 - 004855032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll 2018-06-01 14:04 - 2017-10-23 22:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google 2018-06-01 14:04 - 2014-12-01 18:16 - 000002073 _____ C:\Users\Public\Desktop\Google Slides.lnk 2018-06-01 13:59 - 2017-04-25 21:35 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2018-06-01 06:16 - 2018-02-10 19:30 - 000044277 _____ C:\WINDOWS\system32\nvinfo.pb 2018-06-01 04:39 - 2018-02-10 19:32 - 005947976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll 2018-06-01 04:39 - 2018-02-10 19:32 - 002612352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll 2018-06-01 04:39 - 2018-02-10 19:32 - 001767552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll 2018-06-01 04:39 - 2018-02-10 19:32 - 000634152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll 2018-06-01 04:39 - 2018-02-10 19:32 - 000450856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll 2018-06-01 04:39 - 2018-02-10 19:32 - 000124304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll 2018-06-01 04:39 - 2018-02-10 19:32 - 000083528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll 2018-06-01 00:18 - 2014-12-01 18:26 - 000000000 ____D C:\Users\MJZ\AppData\Roaming\qBittorrent 2018-05-31 05:44 - 2018-02-10 19:32 - 008193252 _____ C:\WINDOWS\system32\nvcoproc.bin 2018-05-30 13:04 - 2018-01-06 05:02 - 000000000 ____D C:\Program Files\PowerShell 2018-05-30 12:54 - 2018-04-02 19:45 - 000004106 _____ C:\WINDOWS\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2018-05-30 12:54 - 2018-02-10 19:22 - 000001443 _____ C:\Users\Public\Desktop\GeForce Experience.lnk 2018-05-30 12:54 - 2017-10-18 12:58 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2018-05-30 12:54 - 2017-10-18 12:58 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2018-05-30 12:54 - 2017-10-18 12:58 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2018-05-30 12:54 - 2017-10-18 12:58 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2018-05-30 12:54 - 2017-10-18 12:58 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2018-05-30 12:54 - 2017-04-25 21:35 - 000000000 ____D C:\Program Files\NVIDIA Corporation 2018-05-26 13:40 - 2016-07-19 00:46 - 000000000 ____D C:\Users\MJZ\AppData\Local\UnrealEngine 2018-05-26 13:40 - 2015-07-17 20:36 - 000000000 ____D C:\Users\MJZ\AppData\Local\NVIDIA Corporation 2018-05-26 13:29 - 2016-12-10 01:22 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2018-05-26 13:26 - 2016-01-12 22:52 - 000000000 ____D C:\ProgramData\VMware 2018-05-26 13:26 - 2016-01-12 22:52 - 000000000 ____D C:\Program Files (x86)\VMware 2018-05-26 13:14 - 2014-12-01 18:22 - 000000000 ____D C:\ProgramData\Package Cache 2018-05-24 13:44 - 2018-02-10 19:22 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat 2018-05-24 06:55 - 2017-10-17 10:18 - 000152184 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2018-05-23 22:32 - 2014-12-01 19:00 - 000000000 ___RD C:\Users\MJZ\Dropbox 2018-05-23 22:15 - 2016-11-06 14:14 - 000000000 ____D C:\Users\MJZ\Downloads\Python 2018-05-23 20:48 - 2018-03-07 01:54 - 000000000 ____D C:\Program Files\Revive 2018-05-22 22:41 - 2017-04-22 15:12 - 000000000 ____D C:\Program Files\Tableau 2018-05-22 21:16 - 2017-07-01 11:35 - 000000000 ___RD C:\Users\MJZ\Desktop\Pc Tools 2018-05-22 21:14 - 2017-12-26 18:53 - 000000000 ____D C:\Users\MJZ\AppData\Local\Deployment 2018-05-22 19:44 - 2015-05-13 02:03 - 000000000 ____D C:\Users\MJZ\AppData\Local\ElevatedDiagnostics 2018-05-22 19:19 - 2018-04-20 12:07 - 000000000 ____D C:\Program Files (x86)\Overwatch 2018-05-22 19:19 - 2015-09-18 19:01 - 000000000 ____D C:\Program Files (x86)\Battle.net 2018-05-22 19:18 - 2015-09-18 19:01 - 000000000 ____D C:\Users\MJZ\AppData\Local\Battle.net 2018-05-22 19:17 - 2018-05-02 15:26 - 000313517 _____ C:\Users\MJZ\save.Save 2018-05-22 18:00 - 2018-04-02 19:51 - 001688848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll 2018-05-22 18:00 - 2018-04-02 19:51 - 000227928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys 2018-05-22 01:08 - 2017-11-04 20:49 - 000000000 ____D C:\WINDOWS\SysWOW64\directx 2018-05-22 00:19 - 2014-12-01 16:57 - 000000000 ____D C:\Users\MJZ\AppData\Local\VirtualStore 2018-05-21 00:49 - 2018-01-04 16:50 - 000000000 ____D C:\Users\MJZ\AppData\Local\Power Query Telemetry 2018-05-21 00:39 - 2016-08-03 18:38 - 000000916 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job 2018-05-21 00:39 - 2016-08-03 18:38 - 000000912 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job 2018-05-20 11:30 - 2018-02-10 19:22 - 000001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat 2018-05-18 21:58 - 2017-10-18 12:58 - 000003976 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA 2018-05-18 21:58 - 2017-10-18 12:58 - 000003744 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore 2018-05-17 11:32 - 2017-10-18 12:58 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2018-05-17 11:32 - 2017-10-18 12:58 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2018-05-17 00:29 - 2017-10-18 12:51 - 000000000 ____D C:\Users\DefaultAppPool 2018-05-16 21:50 - 2017-10-16 20:54 - 000000000 ____D C:\Program Files (x86)\qBittorrent 2018-05-16 17:26 - 2017-10-18 12:58 - 000003674 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-517441185-2000574432-2814188571-1000UA 2018-05-16 17:26 - 2017-10-18 12:58 - 000003406 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-517441185-2000574432-2814188571-1000Core 2018-05-16 12:31 - 2017-10-18 12:58 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2018-05-16 12:31 - 2015-12-18 03:36 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2018-05-14 21:49 - 2014-12-13 14:48 - 000000000 ____D C:\Users\MJZ\AppData\Local\DisplayFusion 2018-05-14 21:42 - 2015-05-29 11:19 - 000000000 ____D C:\Users\MJZ\AppData\Roaming\Nitro PDF 2018-05-13 04:13 - 2018-05-09 23:16 - 000000000 ____D C:\Users\MJZ\AppData\Local\wmsgixp 2018-05-13 00:28 - 2017-10-18 18:39 - 000000000 ____D C:\WINDOWS\Minidump ==================== Files in the root of some directories ======= 2017-01-08 19:15 - 2017-01-08 19:15 - 021874200 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe 2016-08-09 04:49 - 2016-08-09 04:49 - 000000073 _____ () C:\Users\MJZ\AppData\Roaming\Camdata.ini 2016-08-09 04:49 - 2016-08-09 04:49 - 000000408 _____ () C:\Users\MJZ\AppData\Roaming\CamLayout.ini 2016-08-09 04:49 - 2016-08-09 04:49 - 000000408 _____ () C:\Users\MJZ\AppData\Roaming\CamShapes.ini 2016-08-09 03:08 - 2016-08-09 03:08 - 000000096 _____ () C:\Users\MJZ\AppData\Roaming\version2.xml 2015-04-08 23:19 - 2017-10-15 17:57 - 001790976 _____ () C:\Users\MJZ\AppData\Local\file__0.localstorage 2015-03-15 23:10 - 2017-11-30 22:02 - 000000600 _____ () C:\Users\MJZ\AppData\Local\PUTTY.RND 2016-11-28 15:47 - 2018-06-11 12:42 - 000007600 _____ () C:\Users\MJZ\AppData\Local\Resmon.ResmonCfg Some files in TEMP: ==================== 2018-06-10 13:10 - 2018-05-22 16:09 - 000395048 _____ (NVIDIA Corporation) C:\Users\MJZ\AppData\Local\Temp\nvStInst.exe 2018-05-12 11:30 - 2016-10-27 00:12 - 000006144 ____N (Pushbullet Inc) C:\Users\MJZ\AppData\Local\Temp\pushbullet_watchdog.exe 2018-06-11 17:04 - 2018-06-11 17:04 - 040184976 _____ () C:\Users\MJZ\AppData\Local\Temp\vlc-3.0.3-win32.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed C:\WINDOWS\system32\drivers\reiruxae.sys -> Access Denied <======= ATTENTION LastRegBack: 2018-06-11 14:28 ==================== End of FRST.txt ============================ Then Additional.txt: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01 Ran by MJZ (12-06-2018 20:43:10) Running from C:\Users\MJZ\Downloads Windows 10 Pro Version 1709 16299.431 (X64) (2017-10-18 17:01:04) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-517441185-2000574432-2814188571-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-517441185-2000574432-2814188571-503 - Limited - Disabled) Guest (S-1-5-21-517441185-2000574432-2814188571-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-517441185-2000574432-2814188571-1002 - Limited - Enabled) MJZ (S-1-5-21-517441185-2000574432-2814188571-1000 - Administrator - Enabled) => C:\Users\MJZ WDAGUtilityAccount (S-1-5-21-517441185-2000574432-2814188571-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) ${{arpDisplayName}} (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_cufft_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden Active Directory Authentication Library for SQL Server (HKLM\...\{32C0D7B2-1046-43AC-98AD-B748E1910916}) (Version: 13.0.1601.5 - Microsoft Corporation) Active Directory Authentication Library for SQL Server (x86) (HKLM-x32\...\{F40FA676-46B1-4609-85EF-D2F1F79E0C0E}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden Active Disk (HKLM-x32\...\Active Disk) (Version: - ) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated) Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.1 - Adobe Systems Incorporated) Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.113 - Adobe Systems Incorporated) Adobe Flash Player 30 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 30.0.0.113 - Adobe Systems Incorporated) Alteryx 2018.1 x64 (User) (HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\Alteryx 2018.1 x64 (User)) (Version: 2018.1.3.42973 - Alteryx) Alteryx Predictive Tools with R 3.3.2 (User) (HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\Alteryx Predictive Tools with R 3.3.2 (User)) (Version: 3.3.2 - R Development Core Team) AlteryxProductName (HKLM\...\{2E60F15F-3451-465C-B6A2-62A3BA5AA56A}) (Version: 2018.1.3.42973 - Alteryx) Hidden AlteryxRProductName (HKLM\...\{75E7E186-8B9A-46B3-83A2-43656D524F11}) (Version: 3.3.2 - R Development Core Team) Hidden Amazon Drive (HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\Amazon Drive) (Version: 4.0.19 - Amazon.com, Inc.) Anki (HKLM-x32\...\Anki) (Version: - ) AOMEI Partition Assistant Standard Edition 6.6 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version: - AOMEI Technology Co., Ltd.) Apple Application Support (32-bit) (HKLM-x32\...\{543F829B-4591-4B2F-AF63-6E6E6AE59EB2}) (Version: 6.4 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{0ECA3BB5-4410-414B-B226-241FF1C12CD0}) (Version: 6.4 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{9E005AAA-81A3-478E-8944-532D350952EE}) (Version: 11.3.1.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.) Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{0E4C791E-B78E-477D-BD5A-CDD0985BA6EC}) (Version: 7.0.20622.1 - Microsoft Corporation) ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach) Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology) Atom (HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\atom) (Version: 1.22.0 - GitHub Inc.) Azure AD Authentication Connected Service (HKLM-x32\...\{8A1AD070-269F-4A15-AAB5-76AB896EF195}) (Version: 14.0.25420 - Microsoft Corporation) Hidden AzureTools.Notifications (HKLM-x32\...\{1E5CA362-39B6-4BD0-B9C0-69CF15F0FEA2}) (Version: 2.7.30611.1601 - Microsoft Corporation) Hidden Backup and Sync from Google (HKLM\...\{AEFBDB5B-899F-4AE6-B789-BA56A652A476}) (Version: 3.42.9858.3671 - Google, Inc.) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version: - ) Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.) Chrome Remote Desktop Host (HKLM-x32\...\{FBB43A99-0B72-461A-A6D2-2F1B54D36B69}) (Version: 66.0.3359.12 - Google Inc.) Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.4.0.25 - Citrix Systems, Inc.) Civilization VI - Nubia Civilization and Scenario Pack (HKLM-x32\...\Civilization VI - Nubia Civilization and Scenario Pack_is1) (Version: - ) Clover V3.4 (HKLM-x32\...\Clover) (Version: 3.4.3.04081 - 易捷科技) CMEDIA USB2.0 Audio Device (HKLM-x32\...\{9445E4B8-E875-470A-928A-A665D3F973B4}) (Version: 1.00.0005 - C-Media Electronics, Inc.) Corsair K70 Firmware Update Application (HKLM-x32\...\{8C9DA353-2101-4658-BAA7-53F88EA0D3AB}_is1) (Version: - ) Corsair Utility Engine (HKLM-x32\...\{46A3EEB3-8F6F-4BC4-9A53-CDE33D089D08}) (Version: 1.16.42 - Corsair) CPUID CPU-Z 1.83 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.83 - CPUID, Inc.) CPUID HWMonitor 1.34 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.34 - ) CUBLAS Development (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_cublas_dev_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden CUBLAS Runtime (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_cublas_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden CUDA Documentation (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_documentation_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden CUDA Profiler Tools (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_nvprof_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden CUDA Toolkit (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_CUDAToolkit_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden CUDA Version (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_CUDAVersion_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden CUDART Runtime (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_cudart_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden CUFFT Development (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_cufft_dev_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden cuobjdump (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_cuobjdump_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden CUPTI (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_cupti_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden CURAND Development (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_curand_dev_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden CURAND Runtime (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_curand_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden CUSOLVER Development (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_cusolver_dev_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden CUSOLVER Runtime (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_cusolver_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden CUSPARSE Development (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_cusparse_dev_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden CUSPARSE Runtime (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_cusparse_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden Demo Suite (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_demo_suite_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden Disassembler (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_nvdisasm_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 398.11 - NVIDIA Corporation) Hidden DisplayFusion 6.1.2 (HKLM-x32\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 6.1.2.0 - Binary Fortress Software) Dotfuscator and Analytics Community Edition 5.22.0 (HKLM-x32\...\{60018889-9E0F-43E8-9B89-29E8C828B40A}) (Version: 5.22.0.3788 - PreEmptive Solutions) Hidden Dropbox (HKLM-x32\...\Dropbox) (Version: 51.4.66 - Dropbox, Inc.) Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.75.1 - Dropbox, Inc.) Hidden Entity Framework 6.1.3 Tools for Visual Studio 2015 Update 1 (HKLM-x32\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation) Epic Games Launcher (HKLM-x32\...\{93BFE5DF-776E-436F-8693-DF1F72C0E3C1}) (Version: 1.1.151.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Equalizer APO (HKLM\...\EqualizerAPO) (Version: 1.1.2 - ) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) f.lux (HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\Flux) (Version: - f.lux Software LLC) FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version: - Image-Line) foobar2000 v1.3.15 (HKLM-x32\...\foobar2000) (Version: 1.3.15 - Peter Pawlowski) Fortran Examples (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_fortran_examples_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden Git version 2.8.1 (HKLM\...\Git_is1) (Version: 2.8.1 - The Git Development Community) GitHub (HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\5f7eb300e2ea4ebf) (Version: 3.3.4.0 - GitHub, Inc.) Gitter (HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\{03C07717-35D4-40B2-B4F2-05A0EF1B9F6F}_is1) (Version: - Troupe Technology Limited) Google Cloud SDK (HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\Google Cloud SDK) (Version: - Google Inc.) Google Earth Pro (HKLM\...\{D9EF644E-2FAE-493B-8180-5617CC774C4F}) (Version: 7.3.1.4507 - Google) Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden GPU Library Advisor (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_gpu-library-advisor_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden HellBlazers Maps Pack v12 (HKLM-x32\...\{868D1888-EA61-46C1-A8E8-FEEB78B1412F}) (Version: 12 - HellBlazer) Heroku CLI (HKLM-x32\...\Heroku) (Version: - Heroku, Inc) HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz) iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.) IIS 10.0 Express (HKLM\...\{13FD7E30-D2F1-498D-ABC2-A4242DB6610E}) (Version: 10.0.1736 - Microsoft Corporation) IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version: - ) IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version: - ) Intel Extreme Tuning Utility (HKLM-x32\...\{41E5D953-530A-441B-98D3-92B5D6B80AEB}) (Version: 6.2.0.17 - Intel Corporation) Hidden Intel Extreme Tuning Utility (HKLM-x32\...\{fde8aa07-3912-4bdf-ad35-ff1231bfd00d}) (Version: 6.2.0.17 - Intel Corporation) Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden Intel(R) Network Connections 22.9.16.0 (HKLM\...\PROSetDX) (Version: 22.9.16.0 - Intel) Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{3A55D9C8-17B6-41F9-B9C2-4B1532DCD016}) (Version: 19.10.1635.0483 - Intel Corporation) itch (HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\itch) (Version: 23.6.3 - Itch Corp) Java 8 Update 171 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180171F0}) (Version: 8.0.1710.11 - Oracle Corporation) Java 8 Update 171 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180171F0}) (Version: 8.0.1710.11 - Oracle Corporation) LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass) Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Learn IDE 3 (HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\learn_ide_3) (Version: 3.0.0 - GitHub Inc.) Litecoin Core (64-bit) (HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\Litecoin Core (64-bit)) (Version: 0.14.2 - Litecoin Core project) Logitech Gaming Software 8.72 (HKLM\...\Logitech Gaming Software) (Version: 8.72.107 - Logitech Inc.) Mail Attachment Downloader v3.2 (HKLM-x32\...\{2B263955-187B-42ED-A97B-2EAE3F9BD58D}) (Version: 3.2.0991 - Gearmage) Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes) MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.) MEMCHECK (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_memcheck_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation) Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation) Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation) Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation) Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Azure Storage Explorer version 0.9. (HKLM-x32\...\{8E14ADF3-1B18-4711-87BD-E3827D395466}_is1) (Version: 0.9. - Microsoft Corporation) Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation) Microsoft Keyboard Layout Creator 1.4 (HKLM-x32\...\{99E66BC9-E4B6-485F-ABFC-31EFCE36DFDF}) (Version: 1.4.6000 - Microsoft Corp.) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Power BI Desktop (x64) (HKLM\...\{89A52314-C097-401F-A45B-14C8B67702FA}) (Version: 2.56.5023.942 - Microsoft Corporation) Microsoft Power Query for Excel (x64) (HKLM\...\{90693CA5-9830-45AC-8A87-7C1206C0DCBC}) (Version: 2.51.4885.721 - Microsoft Corporation) Microsoft Report Viewer for SQL Server 2016 (HKLM-x32\...\{6ECB5D2E-AF2E-4E1B-A311-3CD800DF2A5F}) (Version: 13.0.1601.5 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{E534493E-80D2-4E37-8020-3ECAC55D9DB5}) (Version: 10.53.6000.34 - Microsoft Corporation) Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2016 Management Objects (HKLM-x32\...\{0F1C8E2F-199A-4946-B3BF-0906DACFD032}) (Version: 13.0.1601.5 - Microsoft Corporation) Microsoft SQL Server 2016 Management Objects (x64) (HKLM\...\{20EA85AA-2A1D-4F11-B09F-4BA2BF3C8989}) (Version: 13.0.1601.5 - Microsoft Corporation) Microsoft SQL Server 2016 T-SQL Language Service (HKLM\...\{FE3BF1DD-677E-4793-9770-C07AECC88882}) (Version: 13.0.14500.10 - Microsoft Corporation) Microsoft SQL Server 2016 T-SQL Language Service (HKLM-x32\...\{8BFDE775-C5B8-46DB-84EF-43FFC8A2E8AD}) (Version: 13.0.14500.10 - Microsoft Corporation) Microsoft SQL Server 2016 T-SQL ScriptDom (HKLM\...\{D091DE8C-EA0F-49AF-8DE3-BD6C79737C6E}) (Version: 13.0.1601.5 - Microsoft Corporation) Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation) Microsoft SQL Server Data Tools - enu (14.0.60519.0) (HKLM-x32\...\{4E27B0EF-7BAB-432A-AF3D-3FC8F3F7353F}) (Version: 14.0.60519.0 - Microsoft Corporation) Microsoft SQL Server Data-Tier Application Framework (x86) (HKLM-x32\...\{DBCB046A-1288-41C2-9BAF-90127F740B6E}) (Version: 13.0.3432.1 - Microsoft Corporation) Microsoft Support and Recovery Assistant for Office 365 (HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\dacae1bed46e81d5) (Version: 16.0.2250.6 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{96EB5054-C775-4BEF-B7B9-AA96A295EDCD}) (Version: 13.0.1601.5 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2016 (HKLM-x32\...\{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2015 Shell (Isolated) (HKLM-x32\...\{d2981c27-a434-4c9a-96c7-0209e97c4eac}) (Version: 14.0.23107.10 - Microsoft Corporation) Microsoft Visual Studio Community 2015 with Updates (HKLM-x32\...\{79b486b9-c5f0-4096-a00c-8351f59587c2}) (Version: 14.0.25420.1 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2015 (HKLM-x32\...\{ab213ab7-4792-4c6f-a3fa-8485d06c3475}) (Version: 14.0.23829 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2015 Language Support (HKLM-x32\...\{353253a9-15a3-4727-b415-79b4e6be765e}) (Version: 14.0.23107.10 - Microsoft Corporation) Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) MiniTool Partition Wizard Free 10.2.2 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.) Mozilla Firefox 60.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 60.0.2 (x64 en-US)) (Version: 60.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0.2 - Mozilla) MSBuild/NuGet Integration 14.0 (x86) (HKLM-x32\...\{128C1654-3B9E-4959-8BFB-CE6F09C0A01D}) (Version: 14.0.25420 - Microsoft Corporation) Hidden MSI Afterburner 4.4.2 (HKLM-x32\...\Afterburner) (Version: 4.4.2 - MSI Co., LTD) MSI Fast Boot (HKLM-x32\...\{0F212E7A-65EB-4668-A8D7-749026A64F8E}_is1) (Version: 1.0.1.12 - MSI) Multi-Device Hybrid Apps using C# - Templates - ENU (HKLM-x32\...\{12D99739-FFD3-3761-8AA6-F929E0FE407E}) (Version: 14.0.23107 - Microsoft Corporation) Hidden MySQL Connector/ODBC 5.3 (HKLM\...\{EB0CFCBD-B0C8-4F0F-ACF4-8B674A19B459}) (Version: 5.3.8 - Oracle Corporation) Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.14 - Black Tree Gaming) Nitro Pro 9 (HKLM\...\{6DC0850D-DCCA-4E75-8A4A-E374EB38C2B4}) (Version: 9.5.1.5 - Nitro) Node.js (HKLM\...\{4219DF19-09C9-47A4-88C0-49778E491E54}) (Version: 8.9.4 - Node.js Foundation) Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.6 - Notepad++ Team) NPP Development (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_npp_dev_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden NPP Runtime (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_npp_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden nvcc (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_nvcc_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden NVGRAPH Development (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_nvgraph_dev_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden NVGRAPH Runtime (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_nvgraph_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden NVIDIA 3D Vision Controller Driver 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation) NVIDIA 3D Vision Driver 398.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 398.11 - NVIDIA Corporation) NVIDIA CUDA Development 9.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_CUDADevelopment_9.1) (Version: 9.1 - NVIDIA Corporation) NVIDIA CUDA Documentation 9.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_CUDADocument_9.1) (Version: 9.1 - NVIDIA Corporation) NVIDIA CUDA Runtime 9.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_CUDARuntimes_9.1) (Version: 9.1 - NVIDIA Corporation) NVIDIA CUDA Samples 9.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_samples_9.1) (Version: 9.1 - NVIDIA Corporation) NVIDIA CUDA Visual Studio Integration 9.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_visual_studio_integration_9.1) (Version: 9.1 - NVIDIA Corporation) NVIDIA GeForce Experience 3.14.0.139 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.14.0.139 - NVIDIA Corporation) NVIDIA Graphics Driver 398.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 398.11 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.37.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.37.4 - NVIDIA Corporation) NVIDIA Nsight Visual Studio Edition 5.4.0.17229 (HKLM\...\{3C2B7A30-1441-4418-8222-2A647ECF1C07}) (Version: 5.4.0.17229 - NVIDIA Corporation) NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation) NVIDIA Tools Extension SDK (NVTX) - 64 bit (HKLM\...\{B56D2F88-8865-40FD-B7AC-F074EE4D201D}) (Version: 1.00.00.00 - NVIDIA Corporation) NVM for Windows 1.1.6 (HKLM\...\40078385-F676-4C61-9A9C-F9028599D6D3_is1) (Version: 1.1.6 - Ecor Ventures LLC) NVML Development (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_nvml_dev_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden nvprune (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_nvprune_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden NVRTC Development (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_nvrtc_dev_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden NVRTC Runtime (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_nvrtc_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden Occupancy Calculator (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_occupancy_calculator_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden Oculus (HKLM\...\Oculus) (Version: ❤️ - Oculus VR, LLC) Online Plug-in (HKLM-x32\...\{7BD3DC6D-A2BE-4345-B6EE-D146193DB18F}) (Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden Oracle VM VirtualBox 5.2.8 (HKLM\...\{A7F49FA5-9FCA-4936-8652-CD00206D9300}) (Version: 5.2.8 - Oracle Corporation) Origin (HKLM-x32\...\Origin) (Version: 9.12.2.60376 - Electronic Arts, Inc.) Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment) PatchCleaner (HKLM-x32\...\{727DA176-50BB-452C-8DB5-96EE0A573ED4}) (Version: 1.4.20 - HomeDev) Peace (HKLM\...\Peace) (Version: 1.4.0.1 - P.E. Verbeek) Plane9 v2.5.1.3 (HKLM-x32\...\Plane9) (Version: v2.5.1.3 - Joakim Dahl / Planestate Software) Plex Media Server (HKLM-x32\...\{5C768A2E-CC32-4AF3-BDF8-A0659872915A}) (Version: 1.9.7460 - Plex, Inc.) Hidden Plex Media Server (HKLM-x32\...\{a2e22d95-0134-4c6f-a056-3443179ba2bb}) (Version: 1.9.7.4460 - Plex, Inc.) PowerISO (HKLM-x32\...\PowerISO) (Version: 6.7 - Power Software Ltd) PowerShell 6-preview-x64 (HKLM\...\{3C3D1E90-8F22-4712-B134-10C49501AA47}) (Version: 6.1.0.2 - Microsoft Corporation) PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{436A18DD-5F2C-4B3C-985E-AD3C13B0CC25}) (Version: 1.2.5134.1 - PreEmptive Solutions) Hidden Prerequisites for SSDT (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation) Prerequisites for SSDT (HKLM-x32\...\{B7E94916-7AE6-4F7F-A377-7A410A42BA19}) (Version: 13.0.1601.5 - Microsoft Corporation) Project Highrise - Las Vegas (HKLM-x32\...\2116077629_is1) (Version: 1.5.5.3.[50328382035041383] - GOG.com) Project Highrise - Miami Malls (HKLM-x32\...\1840309235_is1) (Version: 1.5.5.3.[50328382035041383] - GOG.com) psqlODBC_x64 (HKLM\...\{3D4F4C5A-28C7-441D-81DC-2AA2C1A61B6A}) (Version: 09.06.0201 - PostgreSQL Global Development Group) Pushbullet version 312 (HKLM-x32\...\{7578F204-49E7-4830-B051-14C23F408BFE}_is1) (Version: 312 - Pushbullet Inc) PuTTY version 0.63 (HKLM-x32\...\PuTTY_is1) (Version: 0.63 - Simon Tatham) Python 2.7.12 (Anaconda2 4.1.1 64-bit) (HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\Python 2.7.12 (Anaconda2 4.1.1 64-bit)) (Version: 4.1.1 - Continuum Analytics, Inc.) Python 2.7.9 (64-bit) (HKLM\...\{79F081BF-7454-43DB-BD8F-9EE596813233}) (Version: 2.7.9150 - Python Software Foundation) Python 3.6.1 (64-bit) (HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\{5984d629-979e-4439-b893-accde1a00a68}) (Version: 3.6.1150.0 - Python Software Foundation) Python 3.6.1 Add to Path (64-bit) (HKLM\...\{079FEF6F-9E83-4694-897D-69C30389B772}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden Python 3.6.1 Core Interpreter (64-bit) (HKLM\...\{27133190-078A-4A46-81B0-FF476EAEBF2A}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden Python 3.6.1 Development Libraries (64-bit) (HKLM\...\{953B4007-8312-48CA-817E-29B43988EB35}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden Python 3.6.1 Documentation (64-bit) (HKLM\...\{41626EAD-257F-401F-8531-51C5A7D4CA6C}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden Python 3.6.1 Executables (64-bit) (HKLM\...\{9139037B-B991-4022-946F-DAA9A9FDC7EE}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden Python 3.6.1 pip Bootstrap (64-bit) (HKLM\...\{5F9A36CA-767E-4922-84AB-73E61264FE5C}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden Python 3.6.1 Standard Library (64-bit) (HKLM\...\{B7A716F0-78C1-4CB9-8756-0E51C5DD7622}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden Python 3.6.1 Tcl/Tk Support (64-bit) (HKLM\...\{AC60D963-1CE4-429B-AB29-F973DC55A918}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden Python 3.6.1 Test Suite (64-bit) (HKLM\...\{A298B2DB-1F21-476D-9BD7-4ECC23101C90}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden Python 3.6.1 Utility Scripts (64-bit) (HKLM\...\{7CB8460F-55AD-4C70-8D04-72947C46C85E}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden Python 3.6.4 (Anaconda3 5.1.0 64-bit) (HKLM\...\Python 3.6.4 (Anaconda3 5.1.0 64-bit)) (Version: 5.1.0 - Anaconda, Inc.) Python Launcher (HKLM-x32\...\{3B2D9AEB-40B2-4502-85BE-0B07C2AC4A91}) (Version: 3.7.6133.0 - Python Software Foundation) qBittorrent 4.1.0 (HKLM-x32\...\qBittorrent) (Version: 4.1.0 - The qBittorrent project) Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.0 beta r2720 - ) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7512 - Realtek Semiconductor Corp.) REAPER (x64) (HKLM\...\REAPER) (Version: - ) Revive Dashboard (HKLM-x32\...\Revive) (Version: - ) Room EQ Wizard (HKLM-x32\...\RoomEQWizardV5.1) (Version: - John Mulcahy) Roslyn Language Services - x86 (HKLM-x32\...\{6970C7E1-F99D-388D-8903-DF8FCE677FED}) (Version: 14.0.25431 - Microsoft Corporation) Hidden Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden RStudio (HKLM-x32\...\RStudio) (Version: 1.1.453 - RStudio) SADPTool (HKLM-x32\...\{7D9B79C2-B1B2-433B-844F-F4299B86F26E}) (Version: 3.0.0.10 - hikvision) Samsung SideSync (HKLM-x32\...\Samsung SideSync) (Version: 4.7.5.235 - Samsung Electronics Co., Ltd.) Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.) SanDisk SSD Toolkit 1.0.0.1 (HKLM-x32\...\{26326B5B-3D62-4C12-8841-6B55A19B552D}_is1) (Version: 1.0.0.1 - SanDisk Corporation) SD Card Formatter (HKLM-x32\...\{10C16E01-F739-4093-89A7-E570589FA0F6}) (Version: 5.0.0 - SD Association) Self-service Plug-in (HKLM-x32\...\{EF269F8D-1DFE-4C3B-9CE9-09C5773C0CF9}) (Version: 3.4.0.33684 - Citrix Systems, Inc.) Hidden Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft) Simple Shutdown Timer (HKLM-x32\...\Simple Shutdown Timer1.1.2) (Version: 1.1.2 - PcWinTech.com) Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Stopping Plex (HKLM-x32\...\{A68C70CF-1473-4E04-8646-297B2F90C296}) (Version: 1.9.7460 - Plex, Inc.) Hidden Tableau Public 2018.1 (20181.18.0510.1418) (HKLM\...\{ACF37D3B-C421-4EF1-8FCD-01331AFCCBA0}) (Version: 18.1.1036 - Tableau Software) Hidden Tableau Public 2018.1 (20181.18.0510.1418) (HKLM-x32\...\{f19a0588-efdb-47e1-8fa7-73ac05b31f04}) (Version: 18.1.1036 - Tableau Software) Team Explorer for Microsoft Visual Studio 2015 Update 3.1 (HKLM-x32\...\{7A95671A-759E-3B83-B763-4289D1D24D73}) (Version: 14.102.25619 - Microsoft) Hidden TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp) Telegram Desktop version 1.2.6 (HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.2.6 - Telegram Messenger LLP) Test Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{9EABBFE1-7EED-47D9-8FB8-21D7E4808057}) (Version: 14.0.23107 - Microsoft Corporation) Hidden TI Connect™ (HKLM-x32\...\{D06BA64C-4447-49B4-B99D-E85BEA9E1035}) (Version: 4.0.0.218 - Texas Instruments Inc.) TypeScript Power Tool (HKLM-x32\...\{465ACA24-B8D6-4FEC-A42D-9EFCB92CD560}) (Version: 1.8.34.0 - Microsoft Corporation) Hidden TypeScript Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{BA5762C7-D35F-4725-A4BD-525854127018}) (Version: 1.8.36.0 - Microsoft Corporation) Hidden UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden Unified Remote (HKLM-x32\...\{415B4714-4F8C-49C6-B310-881EAF892CFB}_is1) (Version: 3.4.1 - Unified Intents AB) Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation) Update for Skype for Business 2015 (KB4022170) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{623DC402-8FDC-490D-9881-E60F5337036E}) (Version: - Microsoft) Update for Skype for Business 2015 (KB4022170) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{623DC402-8FDC-490D-9881-E60F5337036E}) (Version: - Microsoft) Update for Skype for Business 2015 (KB4022170) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{623DC402-8FDC-490D-9881-E60F5337036E}) (Version: - Microsoft) Uplay (HKLM-x32\...\Uplay) (Version: 44.0 - Ubisoft) USB Disk Storage Format Tool 5.3 (HKLM\...\USB Disk Storage Format Tool_is1) (Version: - Authorsoft Corporation) Vagrant (HKLM-x32\...\{69366E88-77F9-4358-891E-DC369C211601}) (Version: 2.0.0 - HashiCorp) VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.21 - IDRIX) Visual Studio 2015 Update 3 (KB3022398) (HKLM-x32\...\{7a68448b-9cf2-4049-bd73-5875f1aa7ba2}) (Version: 14.0.25420 - Microsoft Corporation) VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.3 - VideoLAN) VS Update core components (HKLM-x32\...\{B2918D01-1D89-34D3-87EF-A28121BC6EB7}) (Version: 14.0.25431 - Microsoft Corporation) Hidden vs_update3notification (HKLM-x32\...\{AB3DF932-C990-34D4-BF43-970F760DA3CD}) (Version: 14.0.25431 - Microsoft Corporation) Hidden WCF Data Services 5.6.4 Runtime (HKLM-x32\...\{DB85E7BD-B2DD-43D4-B3C0-23D7B527B597}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden WCF Data Services Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{0A3B508E-5638-4471-BCC9-954E1868CB86}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden WD Drive Utilities (HKLM-x32\...\{2db219ff-e483-403b-9374-aea609abaf1d}) (Version: 1.4.3.13 - Western Digital Technologies, Inc.) Hidden WD Drive Utilities (HKLM-x32\...\{546D15D7-D6AF-422B-B4E5-05AF20BA8573}) (Version: 1.4.3.13 - Western Digital Technologies, Inc.) Hidden Web Components (HKLM-x32\...\{03B13AF8-9625-478A-AF0E-205337B9415A}_is1) (Version: 3.0.6.27 - ) Win10Pcap (HKLM-x32\...\{B5B58F8A-1984-4F3E-B400-235A6E005002}) (Version: 10.2.5002 - Daiyuu Nobori, University of Tsukuba, Japan) Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers) Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0) (HKLM\...\EC3E466026556D3EB760B01C4772277614354E11) (Version: 06/11/2009 1.0.0.0 - Texas Instruments Inc.) Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1) (HKLM\...\7511B29C86C398B4D11A0B0E4176CAD68D1B7057) (Version: 09/02/2009 1.0.0.1 - Texas Instruments Inc.) Windscribe (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.80 Build 33 - Windscribe Limited) WinRAR 5.20 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.4 - win.rar GmbH) WizTree v3.23 (HKLM\...\WizTree_is1) (Version: - Antibody Software) XAMPP (HKLM-x32\...\xampp) (Version: 7.1.1-0 - Bitnami) Xming 6.9.0.31 (HKLM-x32\...\Xming_is1) (Version: 6.9.0.31 - Colin Harrison) Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-517441185-2000574432-2814188571-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\MJZ\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-517441185-2000574432-2814188571-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\MJZ\AppData\Local\Microsoft\OneDrive\17.3.7294.0108\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-517441185-2000574432-2814188571-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\MJZ\AppData\Local\Microsoft\OneDrive\17.3.7294.0108\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-517441185-2000574432-2814188571-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\MJZ\AppData\Local\Microsoft\OneDrive\17.3.7294.0108\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-517441185-2000574432-2814188571-1000_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\MJZ\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-517441185-2000574432-2814188571-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\MJZ\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-517441185-2000574432-2814188571-1000_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\MJZ\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll (Google Inc.) ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google) ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.) ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-06-11] () ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2016-10-15] () ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.) ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-05-30] (Google) ContextMenuHandlers1: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Nitro\PRO9~1\NPSHEL~1.DLL [2014-05-19] (Nitro PDF) ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2015-11-30] (Apple Inc.) ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-10-01] (Power Software Ltd) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-11-28] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-11-28] (Alexander Roshal) ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.) ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-05-30] (Google) ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-10-01] (Power Software Ltd) ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll -> No File ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.) ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-06-01] (NVIDIA Corporation) ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-06-11] () ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-10-01] (Power Software Ltd) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-11-28] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-11-28] (Alexander Roshal) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {014E3824-5A08-4876-8EFA-2DC4E8F78AA6} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe [2018-05-04] (Microsoft Corporation) Task: {047CB2C5-B331-4709-BBCF-02A43A49D33A} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-05-20] (NVIDIA Corporation) Task: {09CC747F-9077-4E40-A3E4-2356ADB2DA73} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {17F17249-06E1-45A1-B17F-9655CBCF100B} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {1E683F90-74FE-4D96-A610-46418B53BFD2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-517441185-2000574432-2814188571-1000Core => C:\Users\MJZ\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-04] (Google Inc.) Task: {2CFD8CCB-F42B-42B7-AB02-FF2B29BFE646} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [2015-11-20] (Intel Corporation) Task: {3AE96515-5D7B-421F-BEF8-74C2620432E9} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe Task: {3C6B767D-F9B4-485E-9352-ABD3A63B8C67} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-05-20] (NVIDIA Corporation) Task: {3E440623-BF0E-439C-8FCC-14EFBA4A7C72} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated) Task: {3F53B23D-F988-4BBE-B233-D72D49DF360B} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe Task: {430867E1-EC7E-41CB-8E8F-46863891E682} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-05-20] (NVIDIA Corporation) Task: {495C12E6-3730-46EC-9E8A-D3EE4A8E58C1} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe Task: {4DCAAC1D-8B69-4906-AF11-46FED2710B81} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe Task: {55A4BB57-62C2-473C-9783-FD7E262FE503} - System32\Tasks\User_Feed_Synchronization-{9CA02D3E-14C1-44A9-AFD2-DC7A95884CE0} Task: {5680E6EB-C87D-43EE-AF6A-4E54F60C6E6A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {5A222FD9-F88F-463F-AF31-3D1859A0E584} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {5CAB38B4-7EA7-48AF-B496-BBFC7D7D7BD2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.) Task: {5FE56E59-A553-4742-B027-8AEC73A9B234} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe Task: {60554D06-0FBB-45B4-B4B4-F47904FBE48B} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-20] (NVIDIA Corporation) Task: {626DA919-86CC-482F-A41A-B8669A243524} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {6444F6EA-ACF1-42BF-A7B9-3A4EBDA32AD3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-06-09] (Adobe Systems Incorporated) Task: {646817C2-81A6-4267-8B90-975EF56D0FF3} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-05-20] (NVIDIA Corporation) Task: {6C9CFE15-4FF9-4500-9224-CBC880029801} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_113_pepper.exe [2018-06-09] (Adobe Systems Incorporated) Task: {723CFDA2-F320-4F24-8ABC-2C7F61D2327F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {7314C99E-4609-4527-9764-1489B0EA1739} - System32\Tasks\Wake => cmd.exe /c “exit” Task: {74814085-133A-419C-8168-46EDF05301DE} - System32\Tasks\Alarm Clock => Command(1): C:\Users\MJZ\Desktop\Music Production\foobar2000\foobar2000.exe [2015-03-26] (Piotr Pawlowski) Task: {74814085-133A-419C-8168-46EDF05301DE} - System32\Tasks\Alarm Clock => Command(2): foobar2000.exe -> /playlist-activate:"All Music" /play /rand Task: {757DD069-E63C-4EC0-AABC-6DAB6D750275} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-20] (NVIDIA Corporation) Task: {76537D2F-6AE6-4B31-A35C-BCB27BC5B5EE} - System32\Tasks\Microsoft Office 15 Sync Maintenance for MJZ-PC-MJZ MJZ-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2016-02-09] (Microsoft Corporation) Task: {7C0283F1-F501-4EEA-B47A-9607BA4F8A76} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-08-03] (Dropbox, Inc.) Task: {7CE4DB5F-380E-4D95-BE0D-0559F88BD3F8} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe Task: {810EC0E7-BF21-4C8D-A4BF-7C2E2F40B969} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {83835D17-6724-44F4-A852-630C15AD9894} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-04-26] (Microsoft Corporation) Task: {86DD8425-228F-4EDE-8011-CD50A99A6C1E} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe Task: {890EBD8F-535B-4159-A251-148AB4E0F067} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {8C15903F-A260-4A70-A4DD-795FA2A223E5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-517441185-2000574432-2814188571-1000UA => C:\Users\MJZ\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-04] (Google Inc.) Task: {8D8013E9-340A-47AC-B0A8-80A75DA3A06F} - System32\Tasks\Sleep => C:\Users\MJZ\Desktop\sleep.bat [2016-08-07] () <==== ATTENTION Task: {93A4974D-B5E7-4A54-BF07-B0A62D467CDD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-23] (Google Inc.) Task: {98F0F56C-363B-4898-AB3D-4E85D95F0A05} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe Task: {99FC46B2-3EA7-4377-B593-81CD59CFB06B} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation) Task: {9BC4BCB3-DA30-43D2-AD67-7905F802B3AE} - System32\Tasks\Microsoft\Windows\Windows Subsystem for Linux\AptPackageIndexUpdate => C:\WINDOWS\System32\LxRun.exe [2018-03-29] (Microsoft Corporation) Task: {9D1C8F5E-F862-48C8-8F02-ACD7888FC316} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-05-20] (NVIDIA Corporation) Task: {A0B54252-CBD5-4D25-ACC5-FDC1FBDCEF90} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe Task: {A21067BF-BB77-4FA8-8D6E-AAC8F56557C4} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {A641EFE9-E9E3-4809-9467-588042FC9D85} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-08-03] (Dropbox, Inc.) Task: {A6D673CA-EF17-4A07-87B8-450808462295} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe Task: {AB67642A-3E54-4141-B902-2A8D04F32AF7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-23] (Google Inc.) Task: {AFDDF86B-7B6C-4520-9395-882FD987AA36} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe Task: {B61DA7A0-1E5A-4A76-BAB8-17F964D468AD} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-05-20] (NVIDIA Corporation) Task: {B641C8D8-C07A-48A2-B2B0-42BA2E565EE6} - System32\Tasks\SpeedTest => C:\Utils\Run.bat [2017-12-17] () <==== ATTENTION Task: {C381AC5A-8F90-496E-957B-5DEF1E401EEA} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {CF708DAA-8612-41DA-8FE3-C0E577265941} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-04-26] (Microsoft Corporation) Task: {D18B14D7-1044-44D9-8AA0-AFECC0113985} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-20] (NVIDIA Corporation) Task: {D1E97D95-D96E-4FC0-BF3A-6BA69FA66670} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe Task: {D36A8377-1BC7-4F3E-859D-3F7ED7B16F2D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {E1D89EF4-1ECC-4122-A19C-3306BCB9B036} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-04-26] (Microsoft Corporation) Task: {E3DED01F-B4C4-4D37-84AC-D7915FEC456E} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe Task: {E8E2A9D2-FC19-4D49-A434-E926244A9B3B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {F0511A30-4DFE-43EF-BFFD-A33AB45C039B} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-06-20] (Microsoft Corporation) Task: {F240D076-A76B-4539-901D-5823ABAD0917} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-05-20] (NVIDIA Corporation) Task: {F45A4664-828F-42C4-8A0E-AF0D7F2F864C} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe Task: {F64F2E61-1A4F-4891-A49C-A512FB3CF36C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-04-26] (Microsoft Corporation) Task: {FB20F90F-7A9C-4288-B1C2-1A3974022CCA} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-20] (NVIDIA Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\MJZ\Desktop\Pc Tools\Valley Benchmark 1.0.lnk -> C:\Program Files (x86)\Unigine\Valley Benchmark 1.0\valley.bat (No File) Shortcut: C:\Users\MJZ\Desktop\Pc Tools\Overlocking Tools\Heaven Benchmark 4.0.lnk -> C:\Program Files (x86)\Unigine\Heaven Benchmark 4.0\heaven.bat (No File) ShortcutWithArgument: C:\Users\MJZ\Desktop\Google Cloud SDK Shell.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k ""C:\Users\MJZ\AppData\Local\Google\Cloud SDK\cloud_env.bat"" ShortcutWithArgument: C:\Users\MJZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Cloud SDK\Google Cloud SDK Shell.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k ""C:\Users\MJZ\AppData\Local\Google\Cloud SDK\cloud_env.bat"" ShortcutWithArgument: C:\Users\MJZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda2 (64-bit)\Anaconda Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> "/K" C:\Users\MJZ\Anaconda2\Scripts\activate.bat C:\Users\MJZ\Anaconda2 ==================== Loaded Modules (Whitelisted) ============== 2017-09-29 09:41 - 2017-09-29 09:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll 2018-03-16 15:19 - 2018-03-16 15:19 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2018-03-16 15:19 - 2018-03-16 15:19 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2014-05-19 13:27 - 2014-05-19 13:27 - 000417800 _____ () c:\program files\nitro\pro 9\nitro_updateservice.exe 2018-05-30 12:54 - 2018-05-20 13:36 - 001315296 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll 2018-03-20 20:53 - 2018-03-22 21:39 - 000165616 _____ () C:\WINDOWS\system32\IntelWifiIhv06.dll 2017-02-23 08:29 - 2017-02-23 08:29 - 008909512 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2018-04-23 23:04 - 2018-02-21 20:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2018-04-23 23:04 - 2018-02-21 20:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2015-03-06 20:07 - 2015-03-06 20:07 - 000908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll 2015-09-01 14:27 - 2015-09-01 14:27 - 001095448 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll 2015-03-06 20:07 - 2015-03-06 20:07 - 000060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll 2015-09-01 14:27 - 2015-09-01 14:27 - 000240408 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll 2018-05-30 12:54 - 2018-05-20 13:36 - 095437792 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll 2018-05-30 12:54 - 2018-05-20 13:36 - 003029472 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\swiftshader\libglesv2.dll 2018-05-30 12:54 - 2018-05-20 13:36 - 000149984 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\swiftshader\libegl.dll 2018-03-07 03:24 - 2018-03-07 03:24 - 012476064 _____ () C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe 2016-11-27 09:29 - 2016-11-27 09:29 - 000093696 _____ () C:\Program Files\Rainmeter\Plugins\Process.DLL 2016-11-27 09:29 - 2016-11-27 09:29 - 000173568 _____ () C:\Program Files\Rainmeter\Plugins\AudioLevel.DLL 2017-08-03 12:36 - 2017-08-03 12:36 - 000556032 _____ () C:\Users\MJZ\AppData\Roaming\Rainmeter\Plugins\SpotifyPlugin.dll 2018-06-11 22:30 - 2018-06-11 22:30 - 000155504 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll 2018-05-19 10:39 - 2018-05-19 10:39 - 000084992 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.10.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll 2018-05-08 02:54 - 2018-05-08 02:54 - 001873120 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.10.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2018-06-07 15:27 - 2018-06-07 15:29 - 000478720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe 2018-06-07 15:27 - 2018-06-07 15:29 - 067232256 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll 2017-10-12 22:01 - 2017-10-12 22:06 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll 2018-05-26 07:49 - 2018-05-26 07:49 - 000010752 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll 2018-05-26 07:49 - 2018-05-26 07:49 - 004214784 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll 2018-05-04 09:44 - 2018-05-04 09:44 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\ImagePipelineNative.dll 2018-05-26 07:49 - 2018-05-26 07:49 - 000035840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll 2018-03-29 14:04 - 2018-03-29 14:05 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll 2018-06-07 15:27 - 2018-06-07 15:29 - 014851072 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll 2018-05-26 07:49 - 2018-05-26 07:49 - 004058624 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\MediaEngine.dll 2018-06-07 15:27 - 2018-06-07 15:29 - 003266048 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll 2018-05-26 07:49 - 2018-05-26 07:49 - 001393664 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll 2018-05-26 07:49 - 2018-05-26 07:49 - 004218080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2018-05-26 07:49 - 2018-05-26 07:49 - 000103424 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\BendRealityNode.dll 2018-05-26 07:49 - 2018-05-26 07:49 - 000872448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll 2018-03-29 14:04 - 2018-03-29 14:05 - 000043008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll 2018-06-07 15:27 - 2018-06-07 15:29 - 000165376 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\SKU.dll 2018-05-09 22:56 - 2018-04-25 13:16 - 002297040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2018-05-09 22:56 - 2018-05-30 09:22 - 002493648 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2017-09-03 14:45 - 2018-05-22 21:38 - 000735592 _____ () c:\program files (x86)\clover\cloversvc.dll 2017-11-14 03:03 - 2017-11-14 03:03 - 000083432 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll 2017-11-14 03:03 - 2017-11-14 03:03 - 000203240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll 2018-02-10 19:22 - 2018-05-20 13:36 - 001033184 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll 2018-03-16 15:20 - 2018-03-16 15:20 - 001042232 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2018-03-16 15:20 - 2018-03-16 15:20 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2018-03-16 15:19 - 2018-03-16 15:19 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll 2017-11-14 03:03 - 2017-11-14 03:03 - 001083368 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll 2017-11-14 03:03 - 2017-11-14 03:03 - 000115688 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll 2017-11-14 03:03 - 2017-11-14 03:03 - 000059880 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll 2017-11-14 03:03 - 2017-11-14 03:03 - 000772072 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll 2017-11-14 03:03 - 2017-11-14 03:03 - 001741288 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc2411.dll 2017-11-14 03:03 - 2017-11-14 03:03 - 001962984 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_core2411.dll 2017-11-14 03:03 - 2017-11-14 03:03 - 000025576 _____ () C:\Program Files (x86)\Plex\Plex Media Server\lyric_lite.dll 2017-11-14 03:03 - 2017-11-14 03:03 - 001549104 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libstdc++-6.dll 2017-11-14 03:03 - 2017-11-14 03:03 - 000127136 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libgcc_s_dw2-1.dll 2017-11-14 03:03 - 2017-11-14 03:03 - 000050152 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd 2017-11-14 03:03 - 2017-11-14 03:03 - 000071656 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd 2017-11-14 03:03 - 2017-11-14 03:03 - 000024552 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd 2017-11-14 03:03 - 2017-11-14 03:03 - 000041448 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd 2017-11-14 03:03 - 2017-11-14 03:03 - 000930280 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd 2017-11-14 03:03 - 2017-11-14 03:03 - 000074728 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll 2017-11-14 03:03 - 2017-11-14 03:03 - 000190952 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll 2017-11-14 03:03 - 2017-11-14 03:03 - 000218088 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd 2017-11-14 03:03 - 2017-11-14 03:03 - 000018920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd 2017-11-14 03:03 - 2017-11-14 03:03 - 000095720 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd 2017-11-14 03:03 - 2017-11-14 03:03 - 000143336 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd 2017-11-14 03:03 - 2017-11-14 03:03 - 000694248 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd 2018-03-07 03:45 - 2018-03-07 03:45 - 002661536 _____ () C:\Program Files (x86)\Samsung\SideSync4\NativeSideSyncFramework.dll 2018-03-07 03:53 - 2018-03-07 03:53 - 005038752 _____ () C:\Program Files (x86)\Samsung\SideSync4\SLocales.dll 2018-03-07 03:49 - 2018-03-07 03:49 - 000861344 _____ () C:\Program Files (x86)\Samsung\SideSync4\SCommon.dll 2016-05-04 05:15 - 2016-05-04 05:15 - 001289216 _____ () C:\Program Files (x86)\Samsung\SideSync4\cairo.dll 2016-05-04 05:15 - 2016-05-04 05:15 - 000100352 _____ () C:\Program Files (x86)\Samsung\SideSync4\zlib1.dll 2016-05-04 05:15 - 2016-05-04 05:15 - 000230529 _____ () C:\Program Files (x86)\Samsung\SideSync4\libpng14-14.dll 2016-05-04 05:15 - 2016-05-04 05:15 - 000091136 _____ () C:\Program Files (x86)\Samsung\SideSync4\ThoughtWorks.QRCode.dll 2017-11-14 03:03 - 2017-11-14 03:03 - 000064488 _____ () C:\Program Files (x86)\Plex\Plex Media Server\TeVii.dll 2018-06-06 16:30 - 2018-06-04 06:18 - 001107272 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll 2018-06-06 16:30 - 2018-06-04 06:18 - 002079048 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll 2017-07-13 15:47 - 2018-06-04 06:21 - 000106816 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd 2017-07-13 15:47 - 2018-06-04 06:20 - 000025408 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd 2017-07-13 15:47 - 2018-06-04 06:20 - 000020808 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd 2017-07-13 15:47 - 2018-06-04 06:21 - 000042312 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd 2017-07-13 15:47 - 2018-06-04 06:20 - 000700736 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd 2018-06-06 16:30 - 2018-06-04 06:19 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd 2017-07-13 15:47 - 2018-06-04 06:21 - 000137032 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd 2018-06-06 16:30 - 2018-06-04 06:19 - 001845600 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd 2018-06-06 16:30 - 2018-06-04 06:19 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd 2018-06-06 16:30 - 2018-06-04 06:20 - 000123200 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll 2017-07-13 15:47 - 2018-06-04 06:20 - 000112448 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd 2017-07-13 15:47 - 2018-06-04 06:21 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd 2018-06-06 16:30 - 2018-06-04 06:19 - 000063312 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd 2017-07-13 15:47 - 2018-06-04 06:20 - 000031040 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd 2018-06-06 16:30 - 2018-06-04 06:19 - 000077120 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd 2018-06-06 16:30 - 2018-06-04 06:20 - 000399168 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll 2017-07-13 15:47 - 2018-06-04 06:21 - 000049984 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd 2018-06-06 16:30 - 2018-06-04 06:19 - 000027456 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd 2017-07-13 15:47 - 2018-06-04 06:20 - 000131392 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd 2017-07-13 15:47 - 2018-06-04 06:21 - 000120648 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd 2017-07-13 15:47 - 2018-06-04 06:20 - 000392520 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd 2017-07-13 15:47 - 2018-06-04 06:21 - 000028000 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd 2017-07-13 15:47 - 2018-06-04 06:20 - 000030536 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd 2017-07-13 15:47 - 2018-06-04 06:20 - 000182080 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd 2017-07-13 15:47 - 2018-06-04 06:20 - 000036672 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd 2017-10-16 19:52 - 2018-06-04 06:20 - 000032576 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd 2017-07-13 15:47 - 2018-06-04 06:21 - 000055104 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd 2017-07-13 15:47 - 2018-06-04 06:20 - 000064320 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd 2017-10-16 19:52 - 2018-06-04 06:21 - 000023376 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd 2018-06-06 16:30 - 2018-06-04 06:19 - 000021840 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd 2018-06-06 16:30 - 2018-06-04 06:19 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd 2017-07-13 15:47 - 2018-06-04 06:21 - 000066400 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd 2017-07-13 15:47 - 2018-06-04 06:21 - 000025440 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd 2018-06-06 16:30 - 2018-06-04 06:19 - 000152384 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd 2018-06-06 16:30 - 2018-06-04 06:20 - 003863880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd 2017-07-13 15:47 - 2018-06-04 06:20 - 000091448 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd 2018-06-06 16:30 - 2018-06-04 06:20 - 001798464 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd 2018-06-06 16:30 - 2018-06-04 06:20 - 001959232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd 2017-07-13 15:47 - 2018-06-04 06:21 - 000035136 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd 2018-06-06 16:30 - 2018-06-04 06:20 - 000155472 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd 2018-06-06 16:30 - 2018-06-04 06:20 - 000521544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd 2018-06-06 16:30 - 2018-06-04 06:20 - 000051024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd 2018-06-06 16:30 - 2018-06-04 06:20 - 000043336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd 2018-06-06 16:30 - 2018-06-04 06:20 - 000131400 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd 2018-06-06 16:30 - 2018-06-04 06:20 - 000219984 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd 2018-06-06 16:30 - 2018-06-04 06:20 - 000204104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd 2017-07-13 15:47 - 2018-06-04 06:21 - 000067392 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd 2017-07-13 15:47 - 2018-06-04 06:21 - 000054616 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd 2017-07-13 15:47 - 2018-06-04 06:21 - 000030528 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd 2017-07-13 15:47 - 2018-06-04 06:21 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd 2017-07-13 15:47 - 2018-06-04 06:21 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd 2017-07-13 15:47 - 2018-06-04 06:21 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd 2017-07-13 15:47 - 2018-06-04 06:21 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd 2018-06-06 16:30 - 2018-06-04 06:19 - 000027496 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd 2017-07-13 15:47 - 2018-06-04 06:21 - 000355648 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd 2018-06-06 16:30 - 2018-06-04 06:20 - 000101704 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd 2017-07-13 15:47 - 2018-06-04 06:21 - 000023904 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd 2018-06-06 16:30 - 2018-06-04 06:19 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd 2018-06-06 16:30 - 2018-06-04 06:18 - 000036312 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll 2018-06-06 16:30 - 2018-06-04 06:19 - 000032608 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd 2018-06-06 16:30 - 2018-06-04 06:18 - 000293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll 2018-01-11 14:59 - 2018-06-04 06:21 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.pyd 2018-06-06 16:30 - 2018-06-04 06:19 - 000181064 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL 2017-07-13 15:47 - 2018-06-04 06:21 - 000030544 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd 2018-06-06 16:30 - 2018-06-04 06:19 - 000024384 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL 2018-06-06 16:30 - 2018-06-04 06:19 - 001638208 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll 2017-07-13 15:47 - 2018-06-04 06:21 - 000087904 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd 2017-07-13 15:47 - 2018-06-04 06:21 - 000026464 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd 2018-06-06 16:30 - 2018-06-04 06:20 - 000546632 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd 2018-06-06 16:30 - 2018-06-04 06:20 - 000359744 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd 2016-03-23 11:04 - 2016-03-23 11:04 - 000091136 _____ () C:\Program Files (x86)\corsair\Corsair Utility Engine\LuaQtWrapperLibrary.dll 2016-03-23 11:02 - 2016-03-23 11:02 - 000224256 _____ () C:\Program Files (x86)\corsair\Corsair Utility Engine\quazip.dll 2016-03-23 11:02 - 2016-03-23 11:02 - 000200704 _____ () C:\Program Files (x86)\corsair\Corsair Utility Engine\lua52.dll 2013-05-04 07:57 - 2013-05-04 07:57 - 000095712 _____ () C:\Users\MJZ\Desktop\Music Production\foobar2000\zlib1.dll 2015-03-26 03:45 - 2015-03-26 03:45 - 000160528 _____ () C:\Users\MJZ\Desktop\Music Production\foobar2000\shared.dll 2015-05-19 00:08 - 2013-12-06 17:44 - 000271872 _____ () C:\Users\MJZ\Desktop\Music Production\foobar2000\user-components\foo_uie_library_tree\foo_uie_library_tree.dll 2015-05-19 00:08 - 2013-12-08 07:21 - 000241664 _____ () C:\Users\MJZ\Desktop\Music Production\foobar2000\user-components\foo_uie_vis_channel_spectrum\foo_uie_vis_channel_spectrum.dll 2015-03-26 03:45 - 2015-03-26 03:45 - 001401120 _____ () C:\Users\MJZ\Desktop\Music Production\foobar2000\components\foo_input_std.dll 2016-08-15 00:04 - 2016-08-15 00:04 - 000923136 _____ () C:\Users\MJZ\Desktop\Music Production\foobar2000\user-components\foo_scheduler\foo_scheduler.dll 2015-05-19 00:08 - 2013-12-06 08:48 - 000452608 _____ () C:\Users\MJZ\Desktop\Music Production\foobar2000\user-components\foo_uie_elplaylist\foo_uie_elplaylist.dll 2015-05-19 00:08 - 2013-12-08 17:24 - 000337920 _____ () C:\Users\MJZ\Desktop\Music Production\foobar2000\user-components\foo_uie_biography\foo_uie_biography.dll 2016-08-14 12:50 - 2016-08-14 12:50 - 000730112 _____ () C:\Users\MJZ\Desktop\Music Production\foobar2000\user-components\foo_uie_lyrics3\foo_uie_lyrics3.dll 2015-05-19 00:08 - 2014-01-20 19:00 - 000423424 _____ () C:\Users\MJZ\Desktop\Music Production\foobar2000\user-components\foo_queuecontents\foo_queuecontents.dll 2015-06-25 14:41 - 2015-06-25 14:41 - 000183296 _____ () C:\Users\MJZ\Desktop\Music Production\foobar2000\user-components\foo_out_asio\foo_out_asio.dll 2016-03-25 22:14 - 2016-03-25 22:14 - 000132096 _____ () C:\Users\MJZ\Desktop\Music Production\foobar2000\user-components\foo_cad\foo_cad.dll 2015-05-19 00:08 - 2011-02-27 16:22 - 001608192 _____ () C:\Users\MJZ\Desktop\Music Production\foobar2000\components\foo_ui_columns.dll 2015-05-19 00:08 - 2013-12-19 08:51 - 000356352 _____ () C:\Users\MJZ\Desktop\Music Production\foobar2000\user-components\foo_uie_panel_splitter\foo_uie_panel_splitter.dll 2016-08-14 12:50 - 2016-08-14 12:50 - 000209408 _____ () C:\Users\MJZ\Desktop\Music Production\foobar2000\user-components\foo_random_pools\foo_random_pools.dll 2015-05-19 00:08 - 2011-08-18 12:06 - 001767936 _____ () C:\Users\MJZ\Desktop\Music Production\foobar2000\user-components\foo_facets\foo_facets.dll 2016-08-14 12:50 - 2016-08-14 12:50 - 000264704 _____ () C:\Users\MJZ\Desktop\Music Production\foobar2000\user-components\foo_dsp_effect\foo_dsp_effect.dll 2015-03-26 03:45 - 2015-03-26 03:45 - 001087272 _____ () C:\Users\MJZ\Desktop\Music Production\foobar2000\components\foo_ui_std.dll 2016-08-14 12:49 - 2016-08-14 12:49 - 001905152 _____ () C:\Users\MJZ\Desktop\Music Production\foobar2000\user-components\foo_upnp\foo_upnp.dll 2015-05-19 00:08 - 2014-01-21 19:38 - 000250368 _____ () C:\Users\MJZ\Desktop\Music Production\foobar2000\user-components\foo_covdow\foo_covdow.dll 2015-05-19 00:08 - 2013-12-07 12:21 - 000147456 _____ () C:\Users\MJZ\Desktop\Music Production\foobar2000\user-components\foo_out_wasapi\foo_out_wasapi.dll 2015-05-19 00:08 - 2013-12-22 17:55 - 000327680 _____ () C:\Users\MJZ\Desktop\Music Production\foobar2000\user-components\foo_masstag\foo_masstag.dll 2015-05-19 00:08 - 2013-12-08 16:41 - 000946176 _____ () C:\Users\MJZ\Desktop\Music Production\foobar2000\user-components\foo_uie_wsh_panel_mod\foo_uie_wsh_panel_mod.dll 2016-08-15 00:07 - 2016-08-15 00:07 - 000186368 _____ () C:\Users\MJZ\Desktop\Music Production\foobar2000\user-components\foo_runcmd\foo_runcmd.dll 2015-05-19 00:08 - 2013-12-08 18:22 - 000188416 _____ () C:\Users\MJZ\Desktop\Music Production\foobar2000\user-components\foo_audioscrobbler\foo_audioscrobbler.dll 2016-08-14 12:50 - 2016-08-14 12:50 - 000248320 _____ () \\?\C:\Users\MJZ\Desktop\Music Production\foobar2000\user-components\foo_wave_seekbar\frontend_direct2d.dll 2016-08-14 12:50 - 2016-08-14 12:50 - 000310784 _____ () \\?\C:\Users\MJZ\Desktop\Music Production\foobar2000\user-components\foo_wave_seekbar\frontend_direct3d9.dll 2014-12-22 00:51 - 2018-06-08 17:38 - 000788256 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2014-12-22 00:51 - 2018-06-08 19:39 - 002632992 _____ () C:\Program Files (x86)\Steam\video.dll 2015-05-19 15:31 - 2018-06-08 17:42 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll 2017-12-13 23:06 - 2018-06-08 17:40 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll 2017-12-13 23:06 - 2018-06-08 17:40 - 000695584 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll 2017-12-13 23:06 - 2018-06-08 17:40 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll 2017-12-13 23:06 - 2018-06-08 17:40 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll 2017-12-13 23:06 - 2018-06-08 17:40 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll 2015-05-19 15:31 - 2018-06-08 17:40 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2015-05-19 15:31 - 2018-06-08 17:40 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2014-12-22 00:51 - 2018-06-08 19:38 - 000979744 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2016-05-04 15:05 - 2018-06-08 17:40 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll 2017-06-28 12:07 - 2018-06-08 17:39 - 000788256 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll 2016-12-18 02:53 - 2018-06-08 17:39 - 083524384 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll 2015-05-19 15:30 - 2018-06-08 17:42 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll 2017-07-28 14:05 - 2018-06-08 17:39 - 002253600 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\swiftshader\libglesv2.dll 2017-07-28 14:05 - 2018-06-08 17:39 - 000109856 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\swiftshader\libegl.dll 2017-02-23 08:29 - 2017-02-23 08:29 - 008909512 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData:395C04BE53263E9E [1] AlternateDataStreams: C:\ProgramData:482EE99B1E21CE8C [1] AlternateDataStreams: C:\Windows:nlsPreferences [386] AlternateDataStreams: C:\Users\All Users:395C04BE53263E9E [1] AlternateDataStreams: C:\Users\All Users:482EE99B1E21CE8C [1] AlternateDataStreams: C:\ProgramData\Application Data:395C04BE53263E9E [1] AlternateDataStreams: C:\ProgramData\Application Data:482EE99B1E21CE8C [1] AlternateDataStreams: C:\Users\Public\AppData:CSM [466] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\sharepoint.com -> hxxps://avaapcorp-files.sharepoint.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2018-05-09 23:13 - 000000053 _____ C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-517441185-2000574432-2814188571-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\MJZ\AppData\Local\DisplayFusion\Wallpaper_1.png DNS Servers: 8.8.8.8 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: Razer Game Manager Service => 2 MSCONFIG\Services: Razer Game Scanner Service => 2 MSCONFIG\Services: RzActionSvc => 2 MSCONFIG\Services: XblAuthManager => 3 MSCONFIG\Services: XblGameSave => 3 MSCONFIG\Services: XboxGipSvc => 3 MSCONFIG\Services: XboxNetApiSvc => 3 MSCONFIG\startupfolder: C:^Users^MJZ^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup MSCONFIG\startupreg: BitTorrent Sync => "C:\Program Files (x86)\BitTorrent Sync\BTSync.exe" /MINIMIZED MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe MSCONFIG\startupreg: Plex Media Server => "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe" MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: Spotify => "C:\Users\MJZ\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\MJZ\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun MSCONFIG\startupreg: vmware-tray.exe => "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe" HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run: => "tvncontrol" HKLM\...\StartupApproved\Run: => "Bulldozers" HKLM\...\StartupApproved\Run: => "Upwelling" HKLM\...\StartupApproved\Run: => "Underprepared" HKLM\...\StartupApproved\Run32: => "RzWizard" HKLM\...\StartupApproved\Run32: => "Hecht" HKLM\...\StartupApproved\Run32: => "Lampooned" HKLM\...\StartupApproved\Run32: => "Kemal" HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\StartupApproved\StartupFolder: => "OneDrive for Business.lnk" HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\StartupApproved\Run: => "Gitter" HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\StartupApproved\Run: => "BlueStacks Agent" HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\StartupApproved\Run: => "Amazon Drive" HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\StartupApproved\Run: => "electron.app.Zazu" HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\StartupApproved\Run: => "USB Guard" HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\StartupApproved\Run: => "Lync" HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\StartupApproved\Run: => "Spotify" HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\StartupApproved\Run: => "Prime95" HKU\S-1-5-21-517441185-2000574432-2814188571-1000\...\StartupApproved\Run: => "indolent" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [TCP Query User{77CCFE49-58ED-47CD-A7A4-3D385B6CBB39}E:\steam games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) E:\steam games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe FirewallRules: [UDP Query User{92108CDC-9DBF-407C-9B70-92532131EC37}E:\steam games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) E:\steam games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe FirewallRules: [TCP Query User{42C4E68C-C378-4A4D-B436-B0FEC07A70C2}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe FirewallRules: [UDP Query User{67AE5F5A-3952-45FB-AA6A-317FC5E33FE4}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe FirewallRules: [TCP Query User{00C61AEF-836D-46E8-A416-7332101A31DA}C:\program files (x86)\plex\plex media server\plex media server.exe] => (Allow) C:\program files (x86)\plex\plex media server\plex media server.exe FirewallRules: [UDP Query User{77EFAD25-B2BF-429B-A92F-7F52889D77A8}C:\program files (x86)\plex\plex media server\plex media server.exe] => (Allow) C:\program files (x86)\plex\plex media server\plex media server.exe FirewallRules: [TCP Query User{EF77E755-B9DF-424B-A160-689ED4928FD3}C:\program files (x86)\samsung\sidesync4\sidesync.exe] => (Allow) C:\program files (x86)\samsung\sidesync4\sidesync.exe FirewallRules: [UDP Query User{A06AF092-1111-4883-8379-159A040C86ED}C:\program files (x86)\samsung\sidesync4\sidesync.exe] => (Allow) C:\program files (x86)\samsung\sidesync4\sidesync.exe FirewallRules: [TCP Query User{17F1F025-6D43-4848-A4B9-05FDDA17574A}C:\program files (x86)\plex\plex media server\plex dlna server.exe] => (Allow) C:\program files (x86)\plex\plex media server\plex dlna server.exe FirewallRules: [UDP Query User{077ECBA3-EFD2-46BD-9433-B44BCE6D8247}C:\program files (x86)\plex\plex media server\plex dlna server.exe] => (Allow) C:\program files (x86)\plex\plex media server\plex dlna server.exe FirewallRules: [TCP Query User{953467CA-5864-45D7-8FEE-2ABBFDE2661B}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe FirewallRules: [UDP Query User{96507CC8-6B9C-4D32-BEAA-31C378EFFF96}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe FirewallRules: [TCP Query User{9E134752-C57C-4474-9118-1B211959B1EB}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe FirewallRules: [UDP Query User{502682D8-7679-43C4-B57F-3B750326B1C5}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe FirewallRules: [{A3EFFE73-996C-437D-87A5-DA53B3AB1C75}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{9E929AA1-F2A3-4B12-8B23-643E40299445}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{8EF453E5-06D2-41AD-B699-C69D6254F9EC}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe FirewallRules: [UDP Query User{DEA58A4B-F6BA-4D0A-96E3-E594C28E43EE}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe FirewallRules: [{4D67D1C1-24F8-4A18-A1D8-FE4FB26C6167}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{16C9986C-9EDD-46A7-BE1B-2FA30AA9B710}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{CC9D5355-04F1-4C79-8CBE-4BAB76C31F4B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{4134C0FB-5BE1-49FD-AAB5-CE616C6097B1}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{7015670C-B5D6-46B9-BF8F-E4EE33B547EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hacknet\Hacknet.exe FirewallRules: [{5D5497E1-29B4-421A-80B8-00C8086784D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hacknet\Hacknet.exe FirewallRules: [{E2387D64-7123-4E7E-9E6B-CD11CFCCD8D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe FirewallRules: [{9D89C43F-23B3-4EEC-A6F8-AFBA538972FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe FirewallRules: [{2F7C58D7-034F-450C-9BF7-2E2EB97584FB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bigscreen\Bigscreen.exe FirewallRules: [{B6727107-5938-42C2-90D8-933A8F624F70}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bigscreen\Bigscreen.exe FirewallRules: [{63CC9D10-B255-4EF4-ABEF-5301E254C878}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Space Pirate Trainer VR\SpacePirateVR.exe FirewallRules: [{679D0D17-D8D0-414F-88A6-50BF5C406C93}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Space Pirate Trainer VR\SpacePirateVR.exe FirewallRules: [{D0A64C67-A261-4E51-A00E-7381D87A9962}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Lab\TheLab\win64\TheLab.exe FirewallRules: [{2E8394C8-58D8-4406-81E7-BF1563F2B076}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Lab\TheLab\win64\TheLab.exe ==================== Restore Points ========================= ==================== Faulty Device Manager Devices ============= Name: Standard PS/2 Keyboard Description: Standard PS/2 Keyboard Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard keyboards) Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Microsoft PS/2 Mouse Description: Microsoft PS/2 Mouse Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (06/12/2018 07:48:00 PM) (Source: ESENT) (EventID: 544) (User: ) Description: svchost (4732,D,27) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 70254592 (0x0000000004300000) (database page 17151 (0x42FF)) for 4096 (0x00001000) bytes failed verification due to a persisted lost flush detection timestamp mismatch. The read operation will fail with error -1119 (0xfffffba1). The flush state on database page 17151 (0x42FF) was 0 while the flush state on flush map page 0 (0x0) was 1. If this condition persists, restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. Error: (06/12/2018 07:48:00 PM) (Source: ESENT) (EventID: 476) (User: ) Description: svchost (4732,D,27) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 70254592 (0x0000000004300000) (database page 17151 (0x42FF)) for 4096 (0x00001000) bytes failed verification because it contains no page data. The read operation will fail with error -1019 (0xfffffc05). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. Error: (06/12/2018 06:48:00 PM) (Source: ESENT) (EventID: 544) (User: ) Description: svchost (4732,D,27) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 70254592 (0x0000000004300000) (database page 17151 (0x42FF)) for 4096 (0x00001000) bytes failed verification due to a persisted lost flush detection timestamp mismatch. The read operation will fail with error -1119 (0xfffffba1). The flush state on database page 17151 (0x42FF) was 0 while the flush state on flush map page 0 (0x0) was 1. If this condition persists, restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. Error: (06/12/2018 06:48:00 PM) (Source: ESENT) (EventID: 476) (User: ) Description: svchost (4732,D,27) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 70254592 (0x0000000004300000) (database page 17151 (0x42FF)) for 4096 (0x00001000) bytes failed verification because it contains no page data. The read operation will fail with error -1019 (0xfffffc05). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. Error: (06/12/2018 05:48:00 PM) (Source: ESENT) (EventID: 544) (User: ) Description: svchost (4732,D,27) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 70254592 (0x0000000004300000) (database page 17151 (0x42FF)) for 4096 (0x00001000) bytes failed verification due to a persisted lost flush detection timestamp mismatch. The read operation will fail with error -1119 (0xfffffba1). The flush state on database page 17151 (0x42FF) was 0 while the flush state on flush map page 0 (0x0) was 1. If this condition persists, restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. Error: (06/12/2018 05:48:00 PM) (Source: ESENT) (EventID: 476) (User: ) Description: svchost (4732,D,27) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 70254592 (0x0000000004300000) (database page 17151 (0x42FF)) for 4096 (0x00001000) bytes failed verification because it contains no page data. The read operation will fail with error -1019 (0xfffffc05). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. Error: (06/12/2018 04:48:00 PM) (Source: ESENT) (EventID: 544) (User: ) Description: svchost (4732,D,27) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 70254592 (0x0000000004300000) (database page 17151 (0x42FF)) for 4096 (0x00001000) bytes failed verification due to a persisted lost flush detection timestamp mismatch. The read operation will fail with error -1119 (0xfffffba1). The flush state on database page 17151 (0x42FF) was 0 while the flush state on flush map page 0 (0x0) was 1. If this condition persists, restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. Error: (06/12/2018 04:48:00 PM) (Source: ESENT) (EventID: 476) (User: ) Description: svchost (4732,D,27) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 70254592 (0x0000000004300000) (database page 17151 (0x42FF)) for 4096 (0x00001000) bytes failed verification because it contains no page data. The read operation will fail with error -1019 (0xfffffc05). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. System errors: ============= Error: (06/12/2018 08:43:01 PM) (Source: DCOM) (EventID: 10010) (User: MJZ-PC) Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout. Error: (06/12/2018 08:41:01 PM) (Source: DCOM) (EventID: 10010) (User: MJZ-PC) Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout. Error: (06/12/2018 08:39:06 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk0\DR0. Error: (06/12/2018 08:39:06 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk0\DR0. Error: (06/12/2018 08:39:06 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk0\DR0. Error: (06/12/2018 08:39:06 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk0\DR0. Error: (06/12/2018 08:39:06 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk0\DR0. Error: (06/12/2018 08:39:06 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk0\DR0. Windows Defender: =================================== Date: 2018-05-09 22:58:48.311 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/Linkhortry!blnk&threatid=235116&enterprise=0 Name: BrowserModifier:Win32/Linkhortry!blnk ID: 235116 Severity: High Category: Browser Modifier Path: containerfile:_C:\Users\MJZ\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk;file:_C:\Users\MJZ\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk->[CMDEmbedded] Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\ProgramData\Subair\Subair.exe Signature Version: AV: 1.267.1090.0, AS: 1.267.1090.0, NIS: 1.267.1090.0 Engine Version: AM: 1.1.14800.3, NIS: 1.1.14800.3 Date: 2018-05-09 22:58:15.746 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Tiggre!rfn&threatid=2147723625&enterprise=0 Name: Trojan:Win32/Tiggre!rfn ID: 2147723625 Severity: Severe Category: Trojan Path: file:_C:\Program Files (x86)\foldershare\uninstaller.exe;file:_C:\Users\MJZ\AppData\Local\Temp\cfvljamq.uwl\Pub1.exe;regkey:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\foldershare;uninstall:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\foldershare Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Program Files\Nexus Mod Manager\YYAXJWB7RFDEBHE75I6YL5C5OJCC4ZJEVZ90ONFE0Z5FM6N\UhM_KV-S0N.exe Signature Version: AV: 1.267.1090.0, AS: 1.267.1090.0, NIS: 1.267.1090.0 Engine Version: AM: 1.1.14800.3, NIS: 1.1.14800.3 Date: 2018-05-09 22:58:00.003 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/Linkhortry!blnk&threatid=235116&enterprise=0 Name: BrowserModifier:Win32/Linkhortry!blnk ID: 235116 Severity: High Category: Browser Modifier Path: file:_C:\Users\MJZ\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk->[CMDEmbedded] Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\ProgramData\Subair\Subair.exe Signature Version: AV: 1.267.1090.0, AS: 1.267.1090.0, NIS: 1.267.1090.0 Engine Version: AM: 1.1.14800.3, NIS: 1.1.14800.3 Date: 2018-05-09 22:57:40.067 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuerboos.C!cl&threatid=2147723654&enterprise=0 Name: Trojan:Win32/Fuerboos.C!cl ID: 2147723654 Severity: Severe Category: Trojan Path: file:_C:\Program Files\Nexus Mod Manager\YYAXJWB7RFDEBHE75I6YL5C5OJCC4ZJEVZ90ONFE0Z5FM6N\CNO+MkKç5z.exe;file:_C:\Users\MJZ\AppData\Local\Temp\yclkey2d.ic2\system.exe Detection Origin: Local machine Detection Type: FastPath Detection Source: Real-Time Protection Process Name: C:\Program Files\Nexus Mod Manager\YYAXJWB7RFDEBHE75I6YL5C5OJCC4ZJEVZ90ONFE0Z5FM6N\UhM_KV-S0N.exe Signature Version: AV: 1.267.1090.0, AS: 1.267.1090.0, NIS: 1.267.1090.0 Engine Version: AM: 1.1.14800.3, NIS: 1.1.14800.3 Date: 2018-05-09 22:57:31.604 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuerboos.C!cl&threatid=2147723654&enterprise=0 Name: Trojan:Win32/Fuerboos.C!cl ID: 2147723654 Severity: Severe Category: Trojan Path: file:_C:\Program Files\Nexus Mod Manager\YYAXJWB7RFDEBHE75I6YL5C5OJCC4ZJEVZ90ONFE0Z5FM6N\CNO+MkKç5z.exe;file:_C:\Users\MJZ\AppData\Local\Temp\yclkey2d.ic2\system.exe Detection Origin: Local machine Detection Type: FastPath Detection Source: Real-Time Protection Process Name: C:\Program Files\Nexus Mod Manager\YYAXJWB7RFDEBHE75I6YL5C5OJCC4ZJEVZ90ONFE0Z5FM6N\UhM_KV-S0N.exe Signature Version: AV: 1.267.1090.0, AS: 1.267.1090.0, NIS: 1.267.1090.0 Engine Version: AM: 1.1.14800.3, NIS: 1.1.14800.3 CodeIntegrity: =================================== Date: 2018-06-12 20:35:12.899 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2018-06-12 20:35:12.898 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2018-06-12 20:14:24.664 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2018-06-12 20:14:24.663 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2018-06-12 19:50:12.560 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2018-06-12 19:50:12.559 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2018-06-12 19:50:03.942 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2018-06-12 19:50:03.941 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-7700K CPU @ 4.20GHz Percentage of memory in use: 47% Total physical RAM: 16341.19 MB Available physical RAM: 8585.38 MB Total Virtual: 17365.19 MB Available Virtual: 5522.67 MB ==================== Drives ================================ Drive ? () (Fixed) (Total:446.69 GB) (Free:144.74 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive e: (New Volume) (Fixed) (Total:902.63 GB) (Free:883.94 GB) NTFS \\?\Volume{07f00399-0000-0000-0000-30ac6f000000}\ () (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 447.1 GB) (Disk ID: 07F00399) Partition 1: (Active) - (Size=446.7 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=450 MB) - (Type=27) ======================================================== Disk: 1 (Size: 931.5 GB) (Disk ID: 516D590C) Partition 1: (Active) - (Size=487 MB) - (Type=82) Partition 2: (Not Active) - (Size=28.4 GB) - (Type=05) Partition 3: (Not Active) - (Size=902.6 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================

Hi all, Im having trouble with my computer, it looks like there is some hidden process running in the background causing my GPU to render my graphics at a lower rate. I cant seem to find the malware that has infected my computer. Help would be greatly appreciated. Thanks in advance.!

Hi, I have ran the test again. Im already seeing a difference in performance on my end. Thanks for your help. I have attached the two files below. Addition.txt FRST.txt

Thank you for being with me this whole time Heres the Adw Cleaner log # AdwCleaner 7.0.3.1 - Logfile created on Fri Oct 20 15:59:45 2017 # Updated on 2017/29/09 by Malwarebytes # Running on Windows 10 Pro (X64) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services deleted. ***** [ Folders ] ***** Deleted: C:\Windows\System32\\SSL Deleted: C:\Windows\SysWOW64\\SSL Deleted: C:\Users\MJZ\AppData\Local\llssoft Deleted: C:\Users\MJZ\AppData\Local\ntuserlitelist Deleted: C:\Program Files (x86)\Microleaves ***** [ Files ] ***** No malicious files deleted. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks deleted. ***** [ Registry ] ***** Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d16fk4ms6rqz1v.cloudfront.net Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d16fk4ms6rqz1v.cloudfront.net Deleted: [Key] - HKLM\SOFTWARE\Microsoft\DMunversion Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{E4ADC61E-D06A-4E0E-8582-78C809CC8450} Deleted: [Value] - HKU\S-1-5-21-517441185-2000574432-2814188571-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|WinResSync Deleted: [Key] - HKCU\SOFTWARE\Classes\Software\AppDataLow\Software\Amazon\Amazon1ButtonApp Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\Amazon1ButtonBrowserHelper.dll Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application Deleted: [Key] - HKLM\SOFTWARE\Microsoft\{6711eba6-cf08-4edw-9528-86004fa424bb} ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** Plugin deleted: SoundCloud Downloader Free - ************************* ::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[C0].txt - [5896 B] - [2017/4/1 23:2:20] C:/AdwCleaner/AdwCleaner[S0].txt - [5430 B] - [2017/4/1 23:1:18] C:/AdwCleaner/AdwCleaner[S1].txt - [2838 B] - [2017/10/20 15:59:19] ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt ########## And heres the Roguekiller log : RogueKiller V12.11.20.0 (x64) [Oct 16 2017] (Free) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : https://forum.adlice.com Website : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 10 (10.0.16299) 64 bits version Started in : Normal mode User : MJZ [Administrator] Started from : C:\Program Files\RogueKiller\RogueKiller64.exe Mode : Delete -- Date : 10/20/2017 12:05:34 (Duration : 00:57:10) ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 1 ¤¤¤ [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{dfd01e1a-4db0-4926-831f-275b4a03fee3} | DhcpNameServer : 10.111.66.1 ([]) -> Replaced () ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 1 ¤¤¤ [PUP.Gen0][Chrome:Addon] Default : Honey [bmnlcjabgnpnenekpadlanbbkooimhnj] -> Deleted ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: SanDisk SDSSDXPS480G +++++ --- User --- [MBR] 55842d4d7274166968401be13d41a96b [BSP] 82884164bdce42178547937ca2e85543 : Windows Vista/7/8|VT.Unknown MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 457410 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 936777728 | Size: 450 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: SanDisk Cruzer Glide USB Device +++++ --- User --- [MBR] 343a9850bc3b8280b4b6463633440686 [BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code Partition table: 0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 32 | Size: 14906 MB User = LL1 ... OK Error reading LL2 MBR! ([32] The request is not supported. )

I ran the test again. Here are the results Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 10/20/17 Scan Time: 10:57 AM Log File: f897f0c0-b5a6-11e7-b353-5404a6c2423a.json Administrator: Yes -Software Information- Version: 3.2.2.2029 Components Version: 1.0.212 Update Package Version: 1.0.3056 License: Free -System Information- OS: Windows 10 (Build 16299.19) CPU: x64 File System: NTFS User: MJZ-PC\MJZ -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 683503 Threats Detected: 7 Threats Quarantined: 7 Time Elapsed: 7 min, 58 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 1 PUP.Optional.BrowseFox, C:\PROGRAM FILES (X86)\CLOVER\UTILWND.DLL, Quarantined, [1745], [99605],1.0.3056 Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 6 PUP.Optional.BrowseFox, C:\PROGRAM FILES (X86)\CLOVER\UTILWND.DLL, Delete-on-Reboot, [1745], [99605],1.0.3056 PUP.Optional.BrowseFox, C:\PROGRAM FILES (X86)\CLOVER\CLVHELPER.EXE, Delete-on-Reboot, [1745], [99605],1.0.3056 PUP.Optional.BrowseFox, C:\PROGRAM FILES (X86)\CLOVER\CLVUTIL.EXE, Delete-on-Reboot, [1745], [99605],1.0.3056 PUP.Optional.BrowseFox, C:\PROGRAM FILES (X86)\CLOVER\SOFTUPD.EXE, Delete-on-Reboot, [1745], [99605],1.0.3056 PUP.Optional.BrowseFox, C:\PROGRAM FILES (X86)\CLOVER\CLVASSIST.EXE, Delete-on-Reboot, [1745], [99605],1.0.3056 PUP.Optional.BrowseFox, C:\USERS\MJZ\DOWNLOADS\SETUP_CLOVER@3.4.0.EXE, Delete-on-Reboot, [1745], [99605],1.0.3056 Physical Sector: 0 (No malicious items detected) (end)

Hi , Aura After running the scan, it found over 54,000 different errors so I wasn't able to export the summary as it froze my computer when it was done scanning (10+ hours). Is there another way to do so ?

Thank you Yoan, appreciate the kind words. I have ran the scan and here are the results ; copy and pasted as you suggested in your comment. Malwarebytes Anti-Rootkit BETA 1.10.2.1001 www.malwarebytes.org Database version: main: v2017.10.16.11 rootkit: v2017.10.14.01 Windows 10 x64 NTFS Internet Explorer 11.674.15063.0 MJZ :: MJZ-PC [administrator] 10/16/2017 7:49:03 PM mbar-log-2017-10-16 (19-49-03).txt Scan type: Scan options enabled: Anti-Rootkit | Drivers | MBR Scan options disabled: Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Objects scanned: 452 Time elapsed: 25 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\WINDOWS\SYSTEM32\drivers\ndistpr64.sys (Rootkit.Agent.PUA) -> Delete on reboot. [a1184d89fddc3c481bce6ecc1384a192] Physical Sectors Detected: 0 (No malicious items detected) (end)

Hi I recently noticed a decrease speed in my PC and noticed that I have a process running in the background that I cant remove. I also havent been able to install MBAM Chameleon . I would love some help as to what my next best choice would be. Thank you in advance ! Addition.txt FRST.txt

Thanks for the information. After not working several times , the simplest option at the pit of desperation finally worked an enabled me to get into recovery. Here is the file. Thanks, 2Sec FRST.txt

Hi Kevin Thanks for the response. After having a little bit of trouble resetting into safe mode, I found one way to do so is to enter using system configuration in Administrative Tools> Boot in safe mode.This was myway of getting into recovery since I wasn't able to get the recovery options menu using the shift+restart trick but I did enter into safe mode as it stated so right above the Cortana search bar. I then plugged in my flash drive and ran the program under the scan option. Here are the files. Thanks, 2Seconds2 FRST.txt Addition.txt

I recently tried to download some programs and came across some malware. I tried to run the several anti-malware programs and they all give me the same error. It has also hijacked my ability to use google and therefore I have resorted to using Edge. (yuck) . I have ran Frar as the previous users have done so. What exactly am I looking for in these files when looking to fix and edit the text files? I would love some guidance so I can then offer to help those in need, in future uses. Thanks for the help, this is a great forum wish I stumbled upon it a little sooner. FRST.txt Addition.txt