Jump to content

Vahstania

Members
  • Posts

    1
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Malware bytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 12/2/17 Scan Time: 11:06 PM Log File: 7389b264-d7f8-11e7-9b18-54bef75dced3.json Administrator: Yes -Software Information- Version: 3.3.1.2183 Components Version: 1.0.236 Update Package Version: 1.0.3398 License: Trial -System Information- OS: Windows 10 (Build 14393.1884) CPU: x64 File System: NTFS User: THEGRAIL2NDGEN\Shauna -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 401822 Threats Detected: 67 Threats Quarantined: 66 Time Elapsed: 24 min, 5 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 4 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\MONITOR.EXE, Quarantined, [1111], [398206],1.0.3398 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCTRAY.EXE, Quarantined, [1111], [380353],1.0.3398 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, Quarantined, [1111], [380352],1.0.3398 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASC.EXE, Quarantined, [1111], [396386],1.0.3398 Module: 5 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\MONITOR.EXE, Quarantined, [1111], [398206],1.0.3398 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCTRAY.EXE, Quarantined, [1111], [380353],1.0.3398 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, Quarantined, [1111], [380352],1.0.3398 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\OFCOMMON.DLL, Quarantined, [1111], [396386],1.0.3398 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASC.EXE, Quarantined, [1111], [396386],1.0.3398 Registry Key: 2 PUP.Optional.AdvancedSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AdvancedSystemCareService10, Quarantined, [1111], [380352],1.0.3398 PUP.Optional.ArcadeCandy, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Quarantined, [28], [-1],0.0.0 Registry Value: 5 PUP.Optional.AdvancedSystemCare, HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ADVANCED SYSTEMCARE 10, Quarantined, [1111], [380353],1.0.3398 PUP.Optional.ArcadeCandy, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [28], [-1],0.0.0 PUP.Optional.ArcadeCandy, HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [28], [-1],0.0.0 PUP.Optional.ArcadeCandy, HKU\S-1-5-21-3102671110-3783085175-2543185073-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [28], [-1],0.0.0 PUP.Optional.ArcadeCandy, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [28], [-1],0.0.0 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 8 PUP.Optional.ArcadeCandy, C:\Users\lando\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blilioboknjjdglajpbbocipahcglfof, Quarantined, [28], [315549],1.0.3398 PUP.Optional.ArcadeCandy, C:\Users\lando\AppData\Local\Google\Chrome\User Data\Default\Extensions\blilioboknjjdglajpbbocipahcglfof\1.1.111_0\_metadata, Quarantined, [28], [315549],1.0.3398 PUP.Optional.ArcadeCandy, C:\Users\lando\AppData\Local\Google\Chrome\User Data\Default\Extensions\blilioboknjjdglajpbbocipahcglfof\1.1.111_0\icons, Quarantined, [28], [315549],1.0.3398 PUP.Optional.ArcadeCandy, C:\Users\lando\AppData\Local\Google\Chrome\User Data\Default\Extensions\blilioboknjjdglajpbbocipahcglfof\1.1.111_0\css, Quarantined, [28], [315549],1.0.3398 PUP.Optional.ArcadeCandy, C:\Users\lando\AppData\Local\Google\Chrome\User Data\Default\Extensions\blilioboknjjdglajpbbocipahcglfof\1.1.111_0\lib, Quarantined, [28], [315549],1.0.3398 PUP.Optional.ArcadeCandy, C:\Users\lando\AppData\Local\Google\Chrome\User Data\Default\Extensions\blilioboknjjdglajpbbocipahcglfof\1.1.111_0\js, Quarantined, [28], [315549],1.0.3398 PUP.Optional.ArcadeCandy, C:\Users\lando\AppData\Local\Google\Chrome\User Data\Default\Extensions\blilioboknjjdglajpbbocipahcglfof\1.1.111_0, Quarantined, [28], [315549],1.0.3398 PUP.Optional.ArcadeCandy, C:\USERS\LANDO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\BLILIOBOKNJJDGLAJPBBOCIPAHCGLFOF, Quarantined, [28], [315549],1.0.3398 File: 43 Backdoor.Agent, C:\WINDOWS\TEMP\NOTEPAD.EXE, Quarantined, [82], [251521],1.0.3398 PUP.Optional.AdvancedSystemCare, C:\USERS\SHAUNA\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\USER PINNED\TASKBAR\Advanced SystemCare 10.lnk, Quarantined, [1111], [380340],1.0.3398 PUP.Optional.AdvancedSystemCare, C:\WINDOWS\SYSTEM32\TASKS\ASC10_PerformanceMonitor, Quarantined, [1111], [380341],1.0.3398 PUP.Optional.AdvancedSystemCare, C:\WINDOWS\SYSTEM32\TASKS\ASC10_SkipUac_Shauna, Quarantined, [1111], [380341],1.0.3398 PUP.Optional.NewTabTV, C:\USERS\SHAUNA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_search.newtabtvsearch.com_0.localstorage, Quarantined, [2208], [359410],1.0.3398 PUP.Optional.NewTabTV, C:\USERS\SHAUNA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_newtabtv.com_0.localstorage, Quarantined, [2208], [359416],1.0.3398 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\MONITOR.EXE, Delete-on-Reboot, [1111], [398206],1.0.3398 PUP.Optional.MindSpark.Generic, C:\USERS\SHAUNA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_bringmesports.dl.tb.ask.com_0.localstorage, Quarantined, [772], [443123],1.0.3398 PUP.Optional.FullTab, C:\USERS\SHAUNA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_fulltab.com_0.localstorage, Quarantined, [1906], [443392],1.0.3398 PUP.Optional.MindSpark.Generic, C:\USERS\SHAUNA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_getformsonline.dl.tb.ask.com_0.localstorage, Quarantined, [772], [443123],1.0.3398 PUP.Optional.FullTab, C:\USERS\SHAUNA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_search.fulltabsearch.com_0.localstorage, Quarantined, [1906], [443391],1.0.3398 PUP.Optional.MindSpark.Generic, C:\USERS\SHAUNA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_bringmesports.dl.myway.com_0.localstorage, Quarantined, [772], [443124],1.0.3398 PUP.Optional.MindSpark.Generic, C:\USERS\SHAUNA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_getformsonline.dl.myway.com_0.localstorage, Quarantined, [772], [443124],1.0.3398 PUP.Optional.MindSpark.Generic, C:\USERS\SHAUNA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_internetspeedtracker.dl.myway.com_0.localstorage, Quarantined, [772], [443124],1.0.3398 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCTRAY.EXE, Delete-on-Reboot, [1111], [380353],1.0.3398 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, Delete-on-Reboot, [1111], [380352],1.0.3398 Generic.Malware/Suspicious, C:\WINDOWS\WNDSVR.EXE, Quarantined, [0], [392686],1.0.3398 PUP.Optional.ArcadeCandy, C:\USERS\LANDO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Removal Failed, [28], [315549],1.0.3398 PUP.Optional.ArcadeCandy, C:\USERS\LANDO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [28], [315549],1.0.3398 PUP.Optional.ArcadeCandy, C:\Users\lando\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blilioboknjjdglajpbbocipahcglfof\000003.log, Quarantined, [28], [315549],1.0.3398 PUP.Optional.ArcadeCandy, C:\Users\lando\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blilioboknjjdglajpbbocipahcglfof\CURRENT, Quarantined, [28], [315549],1.0.3398 PUP.Optional.ArcadeCandy, C:\Users\lando\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blilioboknjjdglajpbbocipahcglfof\LOCK, Quarantined, [28], [315549],1.0.3398 PUP.Optional.ArcadeCandy, C:\Users\lando\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blilioboknjjdglajpbbocipahcglfof\LOG, Quarantined, [28], [315549],1.0.3398 PUP.Optional.ArcadeCandy, C:\Users\lando\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blilioboknjjdglajpbbocipahcglfof\LOG.old, Quarantined, [28], [315549],1.0.3398 PUP.Optional.ArcadeCandy, C:\Users\lando\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blilioboknjjdglajpbbocipahcglfof\MANIFEST-000001, Quarantined, [28], [315549],1.0.3398 PUP.Optional.ArcadeCandy, C:\USERS\LANDO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\BLILIOBOKNJJDGLAJPBBOCIPAHCGLFOF\1.1.111_0\MANIFEST.JSON, Quarantined, [28], [315549],1.0.3398 PUP.Optional.ArcadeCandy, C:\Users\lando\AppData\Local\Google\Chrome\User Data\Default\Extensions\blilioboknjjdglajpbbocipahcglfof\1.1.111_0\css\style.css, Quarantined, [28], [315549],1.0.3398 PUP.Optional.ArcadeCandy, C:\Users\lando\AppData\Local\Google\Chrome\User Data\Default\Extensions\blilioboknjjdglajpbbocipahcglfof\1.1.111_0\icons\128.png, Quarantined, [28], [315549],1.0.3398 PUP.Optional.ArcadeCandy, C:\Users\lando\AppData\Local\Google\Chrome\User Data\Default\Extensions\blilioboknjjdglajpbbocipahcglfof\1.1.111_0\icons\16.png, Quarantined, [28], [315549],1.0.3398 PUP.Optional.ArcadeCandy, C:\Users\lando\AppData\Local\Google\Chrome\User Data\Default\Extensions\blilioboknjjdglajpbbocipahcglfof\1.1.111_0\icons\19.png, Quarantined, [28], [315549],1.0.3398 PUP.Optional.ArcadeCandy, C:\Users\lando\AppData\Local\Google\Chrome\User Data\Default\Extensions\blilioboknjjdglajpbbocipahcglfof\1.1.111_0\icons\32.png, Quarantined, [28], [315549],1.0.3398 PUP.Optional.ArcadeCandy, C:\Users\lando\AppData\Local\Google\Chrome\User Data\Default\Extensions\blilioboknjjdglajpbbocipahcglfof\1.1.111_0\icons\38.png, Quarantined, [28], [315549],1.0.3398 PUP.Optional.ArcadeCandy, C:\Users\lando\AppData\Local\Google\Chrome\User Data\Default\Extensions\blilioboknjjdglajpbbocipahcglfof\1.1.111_0\icons\48.png, Quarantined, [28], [315549],1.0.3398 PUP.Optional.ArcadeCandy, C:\Users\lando\AppData\Local\Google\Chrome\User Data\Default\Extensions\blilioboknjjdglajpbbocipahcglfof\1.1.111_0\icons\64.png, Quarantined, [28], [315549],1.0.3398 PUP.Optional.ArcadeCandy, C:\Users\lando\AppData\Local\Google\Chrome\User Data\Default\Extensions\blilioboknjjdglajpbbocipahcglfof\1.1.111_0\js\background.js, Quarantined, [28], [315549],1.0.3398 PUP.Optional.ArcadeCandy, C:\Users\lando\AppData\Local\Google\Chrome\User Data\Default\Extensions\blilioboknjjdglajpbbocipahcglfof\1.1.111_0\js\bundle.js, Quarantined, [28], [315549],1.0.3398 PUP.Optional.ArcadeCandy, C:\Users\lando\AppData\Local\Google\Chrome\User Data\Default\Extensions\blilioboknjjdglajpbbocipahcglfof\1.1.111_0\js\document.js, Quarantined, [28], [315549],1.0.3398 PUP.Optional.ArcadeCandy, C:\Users\lando\AppData\Local\Google\Chrome\User Data\Default\Extensions\blilioboknjjdglajpbbocipahcglfof\1.1.111_0\lib\pmjson-src.js, Quarantined, [28], [315549],1.0.3398 PUP.Optional.ArcadeCandy, C:\Users\lando\AppData\Local\Google\Chrome\User Data\Default\Extensions\blilioboknjjdglajpbbocipahcglfof\1.1.111_0\_metadata\computed_hashes.json, Quarantined, [28], [315549],1.0.3398 PUP.Optional.ArcadeCandy, C:\Users\lando\AppData\Local\Google\Chrome\User Data\Default\Extensions\blilioboknjjdglajpbbocipahcglfof\1.1.111_0\_metadata\verified_contents.json, Quarantined, [28], [315549],1.0.3398 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\OFCOMMON.DLL, Delete-on-Reboot, [1111], [396386],1.0.3398 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASC.EXE, Delete-on-Reboot, [1111], [396386],1.0.3398 PUP.Optional.AdvancedSystemCare, C:\WINDOWS\SYSTEM32\REGISTRYDEFRAGBOOTTIME.EXE, Quarantined, [1111], [396386],1.0.3398 Physical Sector: 0 (No malicious items detected) (end) FRST logs: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-11-2017 Ran by Shauna (administrator) on THEGRAIL2NDGEN (02-12-2017 23:45:14) Running from C:\Users\Shauna\Downloads Loaded Profiles: Shauna & (Available Profiles: UpdatusUser & Shauna & lando & Administrator) Platform: Windows 10 Pro Version 1607 14393.1884 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (Intel Corporation) C:\WINDOWS\System32\igfxCUIService.exe (IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (SuperBoost Software) C:\Program Files (x86)\SuperBoost\SuperBoost Software Updater\SuperBoostUpdater.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Tablet Driver) C:\WINDOWS\System32\drivers\WTSrv.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe (IObit) C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (SuperBoost Software) C:\Program Files (x86)\SuperBoost\Superb Game Boost\SuperbGameBoostMain.exe (IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe (Intel Corporation) C:\WINDOWS\System32\igfxEM.exe (Intel Corporation) C:\WINDOWS\System32\igfxHK.exe () C:\WINDOWS\System32\igfxTray.exe (Intel Corporation) C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe (IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Microsoft Corporation) C:\WINDOWS\System32\InstallAgent.exe (Microsoft Corporation) C:\WINDOWS\System32\InstallAgentUserBroker.exe (Microsoft Corporation) C:\WINDOWS\SysWOW64\dllhost.exe (Google Inc.) C:\Users\Shauna\AppData\Local\Google\Update\1.3.33.7\GoogleCrashHandler.exe (Google Inc.) C:\Users\Shauna\AppData\Local\Google\Update\1.3.33.7\GoogleCrashHandler64.exe (Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Microsoft Corporation) C:\WINDOWS\System32\perfmon.exe (Microsoft Corporation) C:\WINDOWS\System32\perfmon.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation) C:\WINDOWS\System32\browser_broker.exe (Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\WINDOWS\System32\smartscreen.exe (Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe (ESET spol. s r.o.) C:\Users\Shauna\Downloads\esetonlinescanner_enu (1).exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16696832 2016-11-18] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1467400 2016-11-18] (Realtek Semiconductor) HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-04] (Synaptics Incorporated) HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-27] (Microsoft Corporation) HKLM\...\Run: [WindowsRM] => C:\Windows\Temp\winrm.exe <==== ATTENTION HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5889824 2015-07-28] (IObit) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.) HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION HKU\S-1-5-21-3102671110-3783085175-2543185073-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131096\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation) HKU\S-1-5-21-3102671110-3783085175-2543185073-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136857\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation) HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\Run: [Google Update] => C:\Users\Shauna\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-14] (Google Inc.) HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\Run: [DesktopCal] => C:\Users\Shauna\AppData\Roaming\DesktopCal\desktopcal.exe [282624 2015-04-13] (DesktopCal, Inc.) HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\MountPoints2: {14331128-dc31-11e5-9ce5-3c77e65cf768} - "E:\setup.exe" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\MountPoints2: {8d2a646e-0459-11e7-9e12-3c77e65cf768} - "G:\LaunchU3.exe" -a HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\MountPoints2: {c3e24010-1b00-11e5-be8e-54bef75dced3} - "F:\setup.exe" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [806400 2016-07-16] (Microsoft Corporation) HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\Run: [Google Update] => C:\Users\Shauna\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-14] (Google Inc.) HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\Run: [DesktopCal] => C:\Users\Shauna\AppData\Roaming\DesktopCal\desktopcal.exe [282624 2015-04-13] (DesktopCal, Inc.) HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\MountPoints2: {14331128-dc31-11e5-9ce5-3c77e65cf768} - "E:\setup.exe" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\MountPoints2: {8d2a646e-0459-11e7-9e12-3c77e65cf768} - "G:\LaunchU3.exe" -a HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\MountPoints2: {c3e24010-1b00-11e5-be8e-54bef75dced3} - "F:\setup.exe" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [806400 2016-07-16] (Microsoft Corporation) HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\Run: [Google Update] => C:\Users\Shauna\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-14] (Google Inc.) HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\Run: [DesktopCal] => C:\Users\Shauna\AppData\Roaming\DesktopCal\desktopcal.exe [282624 2015-04-13] (DesktopCal, Inc.) HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\MountPoints2: {14331128-dc31-11e5-9ce5-3c77e65cf768} - "E:\setup.exe" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\MountPoints2: {8d2a646e-0459-11e7-9e12-3c77e65cf768} - "G:\LaunchU3.exe" -a HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\MountPoints2: {c3e24010-1b00-11e5-be8e-54bef75dced3} - "F:\setup.exe" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [806400 2016-07-16] (Microsoft Corporation) HKU\S-1-5-21-3102671110-3783085175-2543185073-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234132243\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation) HKU\S-1-5-21-3102671110-3783085175-2543185073-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234138078\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation) Startup: C:\Users\Shauna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2017-04-28] ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\Shauna\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook) BootExecute: RegistryDefragBootTime.exeautocheck autochk * SmartDefragBootTime.exe GroupPolicy: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{2ed2bed8-0660-49ee-a396-24b8975abb34}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12 Tcpip\..\Interfaces\{8c87d9e9-1414-43c7-b7b5-edcbae700435}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://rockmelt.com/?via=acer&mt=preload hxxps://www.google.com/ HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://rockmelt.com/?via=acer&mt=preload hxxps://www.google.com/ HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://rockmelt.com/?via=acer&mt=preload hxxps://www.google.com/ BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2016-05-23] (IObit) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-11-25] (Oracle Corporation) BHO-x32: Ads Removal -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} -> C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll [2014-06-11] (Adblock) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-25] (Oracle Corporation) FireFox: ======== FF DefaultProfile: FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2017-11-14] () FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-14] () FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-25] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-25] (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-17] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002: @my.com/Games -> C:\Users\Shauna\AppData\Local\MyComGames\NPMyComDetector.dll [2017-08-28] (MY.COM B.V.) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002: @nsroblox.roblox.com/launcher -> C:\Users\Shauna\AppData\Local\Roblox\Versions\version-aee78a51139946c2\\NPRobloxProxy.dll [2012-12-31] ( ROBLOX Corporation) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002: @nsroblox.roblox.com/launcher64 -> C:\Users\Shauna\AppData\Local\Roblox\Versions\version-aee78a51139946c2\\NPRobloxProxy64.dll [2012-12-31] ( ROBLOX Corporation) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Shauna\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Shauna\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Shauna\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-03-10] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205: @my.com/Games -> C:\Users\Shauna\AppData\Local\MyComGames\NPMyComDetector.dll [2017-08-28] (MY.COM B.V.) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205: @nsroblox.roblox.com/launcher -> C:\Users\Shauna\AppData\Local\Roblox\Versions\version-aee78a51139946c2\\NPRobloxProxy.dll [2012-12-31] ( ROBLOX Corporation) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205: @nsroblox.roblox.com/launcher64 -> C:\Users\Shauna\AppData\Local\Roblox\Versions\version-aee78a51139946c2\\NPRobloxProxy64.dll [2012-12-31] ( ROBLOX Corporation) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205: @tools.google.com/Google Update;version=3 -> C:\Users\Shauna\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205: @tools.google.com/Google Update;version=9 -> C:\Users\Shauna\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Shauna\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-03-10] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932: @my.com/Games -> C:\Users\Shauna\AppData\Local\MyComGames\NPMyComDetector.dll [2017-08-28] (MY.COM B.V.) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932: @nsroblox.roblox.com/launcher -> C:\Users\Shauna\AppData\Local\Roblox\Versions\version-aee78a51139946c2\\NPRobloxProxy.dll [2012-12-31] ( ROBLOX Corporation) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932: @nsroblox.roblox.com/launcher64 -> C:\Users\Shauna\AppData\Local\Roblox\Versions\version-aee78a51139946c2\\NPRobloxProxy64.dll [2012-12-31] ( ROBLOX Corporation) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932: @tools.google.com/Google Update;version=3 -> C:\Users\Shauna\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932: @tools.google.com/Google Update;version=9 -> C:\Users\Shauna\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Shauna\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-03-10] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131997: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\lando\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-07-14] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234137809: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\lando\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-07-14] (Unity Technologies ApS) Chrome: ======= CHR HomePage: Default -> hxxp://www.opportunityvillage.org/pages/halloveen CHR StartupUrls: Default -> "hxxps://www.google.com/" CHR Session Restore: Default -> is enabled. CHR Profile: C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\Default [2017-12-02] CHR Extension: (Slides) - C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12] CHR Extension: (Docs) - C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12] CHR Extension: (Google Drive) - C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-24] CHR Extension: (YouTube) - C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-24] CHR Extension: (Adblock Plus) - C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-09-26] CHR Extension: (Google Search) - C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-04] CHR Extension: (Slither.io Mods, Zoom, Unlock Skins, Bots) - C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogeabecipmckmihpmkgjbghbffcebcf [2017-09-07] CHR Extension: (Sheets) - C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12] CHR Extension: (Google Docs Offline) - C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-27] CHR Extension: (Chrome Web Store Payments) - C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21] CHR Extension: (Gmail) - C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-24] CHR Extension: (Chrome Media Router) - C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433688 2016-01-07] (BlueStack Systems, Inc.) S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413208 2016-01-07] (BlueStack Systems, Inc.) S3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [859672 2016-01-07] (BlueStack Systems, Inc.) S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1369464 2016-01-15] (Disc Soft Ltd) R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [370064 2015-10-13] (Intel Corporation) R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [882464 2015-07-17] (IObit) S3 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [360736 2016-10-28] (IObit) R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2960160 2016-04-22] (IObit) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes) R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-08-17] (NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-08-17] (NVIDIA Corporation) R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-08-09] (NVIDIA Corporation) R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-08-17] (NVIDIA Corporation) S3 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187824 2016-04-18] () S3 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [132864 2016-04-29] (Razer Inc.) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2017-09-15] (Microsoft Corporation) R2 sgbupt; C:\Program Files (x86)\SuperBoost\SuperBoost Software Updater\SuperBoostUpdater.exe [2600256 2016-10-21] (SuperBoost Software) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [249032 2015-06-04] (Synaptics Incorporated) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103704 2017-11-25] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4316456 2016-11-18] (Qualcomm Atheros Communications, Inc.) S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [154680 2016-01-07] (BlueStack Systems) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.) R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-02-26] (Disc Soft Ltd) S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-02-26] (Disc Soft Ltd) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2017-11-01] () R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2015-03-25] (IObit) S3 Hamachi; C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [45680 2017-05-22] (LogMeIn Inc.) R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-11-18] (REALiX(tm)) S4 IObitUnlocker; C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [66824 2017-06-15] (IObit) S3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21360 2013-01-09] (Acer Incorporated) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193464 2017-12-02] (Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2017-12-02] (Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2017-12-02] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2017-12-02] (Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-12-02] (Malwarebytes) R1 MpKsl272aac17; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A5BEDF92-59F2-475D-9D5D-E7686BD5D55C}\MpKsl272aac17.sys [58120 2017-11-26] (Microsoft Corporation) R1 MpKsl69a0050d; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A5BEDF92-59F2-475D-9D5D-E7686BD5D55C}\MpKsl69a0050d.sys [58120 2017-11-30] (Microsoft Corporation) R1 MpKsl82853fd0; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A5BEDF92-59F2-475D-9D5D-E7686BD5D55C}\MpKsl82853fd0.sys [58120 2017-11-26] (Microsoft Corporation) R1 MpKsl876f31ec; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A5BEDF92-59F2-475D-9D5D-E7686BD5D55C}\MpKsl876f31ec.sys [58120 2017-11-27] (Microsoft Corporation) R1 MpKsl9858aa96; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A5BEDF92-59F2-475D-9D5D-E7686BD5D55C}\MpKsl9858aa96.sys [58120 2017-11-26] (Microsoft Corporation) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvacwu.inf_amd64_bdd6ea477d4e2fba\nvlddmkm.sys [14190520 2017-01-17] (NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-08-17] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-08-17] (NVIDIA Corporation) R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-06-20] (NVIDIA Corporation) S3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [15704 2013-01-09] (Acer Incorporated) R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2015-03-25] (IObit.com) R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [44144 2016-03-10] (Razer, Inc.) R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [137840 2016-04-17] (Razer, Inc.) R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [21360 2016-03-22] (IObit) R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2016-02-17] (Synaptics Incorporated) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.) R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2015-03-25] (IObit.com) S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) R2 WinisoCDBus; C:\WINDOWS\System32\drivers\WinisoCDBus.sys [204032 2016-10-20] (WinISO.com) S3 xhunter1; C:\WINDOWS\xhunter1.sys [36832 2017-01-16] (Wellbia.com Co., Ltd.) S3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-12-02 23:59 - 2017-12-03 00:00 - 006968952 _____ (ESET spol. s r.o.) C:\Users\Shauna\Downloads\esetonlinescanner_enu (2).exe 2017-12-02 23:59 - 2017-12-02 23:59 - 006968952 _____ (ESET spol. s r.o.) C:\Users\Shauna\Downloads\esetonlinescanner_enu (3).exe 2017-12-02 23:45 - 2017-12-03 00:00 - 000030563 _____ C:\Users\Shauna\Downloads\FRST.txt 2017-12-02 23:44 - 2017-12-02 23:45 - 000000000 ____D C:\FRST 2017-12-02 23:44 - 2017-12-02 23:44 - 002391552 _____ (Farbar) C:\Users\Shauna\Downloads\FRST64.exe 2017-12-02 23:40 - 2017-12-02 23:40 - 000012316 _____ C:\Users\Shauna\Desktop\malware bytes.txt 2017-12-02 23:39 - 2017-12-02 23:39 - 006968952 _____ (ESET spol. s r.o.) C:\Users\Shauna\Downloads\esetonlinescanner_enu (1).exe 2017-12-02 23:39 - 2017-12-02 23:39 - 000000000 ____D C:\Users\Shauna\AppData\Local\ESET 2017-12-02 23:38 - 2017-12-02 23:38 - 006968952 _____ (ESET spol. s r.o.) C:\Users\Shauna\Downloads\esetonlinescanner_enu.exe 2017-12-02 23:09 - 2017-12-02 23:10 - 010848760 _____ (Piriform Ltd) C:\Users\Shauna\Downloads\ccsetup537pro (2).exe 2017-12-02 23:06 - 2017-12-02 23:06 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2017-12-02 23:05 - 2017-12-02 23:05 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2017-12-02 23:05 - 2017-12-02 23:05 - 000193464 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2017-12-02 23:05 - 2017-12-02 23:05 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2017-12-02 23:05 - 2017-12-02 23:05 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2017-12-02 23:05 - 2017-12-02 23:05 - 000001924 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-12-02 23:05 - 2017-12-02 23:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-12-02 23:05 - 2017-11-01 08:54 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys 2017-12-02 23:04 - 2017-12-02 23:04 - 000000000 ____D C:\ProgramData\MB3CoreBackup 2017-12-02 23:03 - 2017-12-02 23:03 - 000003938 _____ C:\WINDOWS\System32\Tasks\CCleaner Update 2017-12-02 23:03 - 2017-12-02 23:03 - 000002870 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2017-12-02 23:03 - 2017-12-02 23:03 - 000000869 _____ C:\Users\Public\Desktop\CCleaner.lnk 2017-12-02 23:03 - 2017-12-02 23:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2017-12-02 23:03 - 2017-12-02 23:03 - 000000000 ____D C:\Program Files\Malwarebytes 2017-12-02 23:03 - 2017-12-02 23:03 - 000000000 ____D C:\Program Files\CCleaner 2017-12-02 23:02 - 2017-12-02 23:03 - 078346672 _____ (Malwarebytes ) C:\Users\Shauna\Downloads\mb3-setup-consumer-3.3.1.2183.exe 2017-12-02 23:00 - 2017-12-02 23:01 - 010848760 _____ (Piriform Ltd) C:\Users\Shauna\Downloads\ccsetup537pro (1).exe 2017-12-02 23:00 - 2017-12-02 23:00 - 010848760 _____ (Piriform Ltd) C:\Users\Shauna\Downloads\ccsetup537pro.exe 2017-11-30 21:20 - 2017-11-30 21:20 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2017-11-27 18:59 - 2017-11-27 19:00 - 000001268 _____ C:\Users\lando\Desktop\Roblox Studio.lnk 2017-11-26 12:29 - 2017-11-26 12:29 - 000000000 ____D C:\Users\Shauna\Documents\Elysia 2017-11-26 12:14 - 2017-11-26 12:14 - 000000000 ____D C:\Users\Shauna\Desktop\family pictures 2017-11-26 12:13 - 2017-11-26 12:22 - 000000000 ____D C:\Users\Shauna\Desktop\zombie punch pictures 2017-11-26 12:12 - 2017-11-26 12:22 - 000000000 ____D C:\Users\Shauna\Desktop\rars 2017-11-26 12:12 - 2017-11-26 12:12 - 000002701 _____ C:\Users\Shauna\AppData\Local\recently-used.xbel 2017-11-26 11:35 - 2017-11-26 11:55 - 3684157086 _____ C:\Users\Shauna\Downloads\Elysia Online Setup.rar 2017-11-26 02:38 - 2017-11-26 02:45 - 112984064 _____ C:\WINDOWS\system32\config\SOFTWARE 2017-11-26 02:38 - 2017-11-26 02:45 - 000786432 _____ C:\WINDOWS\system32\config\DEFAULT 2017-11-26 02:38 - 2017-11-26 02:45 - 000032768 _____ C:\WINDOWS\system32\config\SECURITY 2017-11-26 02:38 - 2017-11-26 02:38 - 000045056 _____ C:\WINDOWS\system32\config\SAM 2017-11-25 23:53 - 2017-11-25 23:53 - 000231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll 2017-11-25 23:53 - 2017-11-25 23:53 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 023678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 022571008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 022220856 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 020967832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 019415040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 018365952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 013441536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 013107712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 012349440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 012205056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 009129984 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 008119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 007780184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 007626240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 006664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 006474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 006066176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 004749824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 004742144 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 004423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 003662848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 003616256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 003401216 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 002997760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 002641920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 002538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 002529120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 002321408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 002253656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 002187104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 002170712 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 002097664 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2017-11-25 23:48 - 2017-11-25 23:48 - 002032472 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 002028032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2017-11-25 23:48 - 2017-11-25 23:48 - 001988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 001984512 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 001817088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 001670488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 001600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 001578848 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 001518080 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 001478656 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 001470808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 001409880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 001373184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 001285120 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 001231360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 001181528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 001117016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 001102680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 001090912 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 001054040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 001010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000992088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000983904 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000965464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000947552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi 2017-11-25 23:48 - 2017-11-25 23:48 - 000909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000862208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000825688 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000813400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000811864 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000788624 _____ C:\WINDOWS\SysWOW64\locale.nls 2017-11-25 23:48 - 2017-11-25 23:48 - 000788624 _____ C:\WINDOWS\system32\locale.nls 2017-11-25 23:48 - 2017-11-25 23:48 - 000779776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000779608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000766808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000760320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000711168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000704344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000699224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000687968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000678752 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000658272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 000656896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000652344 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000647520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 000635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000635456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000626176 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPTpm12.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000613720 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000612192 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000581048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000569688 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000558424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 000551424 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000538112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPTpm12.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000513368 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000509784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000500576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 000485520 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000484184 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000484184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000482384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000455512 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000453632 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000412504 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000402264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 000399360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000392024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 000389120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000385856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000381792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS 2017-11-25 23:48 - 2017-11-25 23:48 - 000379232 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000341976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000304232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000299360 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinit.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000297984 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000297472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000269152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000259936 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000241496 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000241496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000223584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000206176 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000202584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamingUX.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000199000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 000190296 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000178008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE 2017-11-25 23:48 - 2017-11-25 23:48 - 000169304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\system32\regsvc.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE 2017-11-25 23:48 - 2017-11-25 23:48 - 000144728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000139096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 000124072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000120416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000097120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000089552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000082608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcd.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000082272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000076120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncAppvPublishingServer.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000069120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spbcd.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000067928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCredential.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceCredential.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000034648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mgmtapi.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mgmtapi.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll 2017-11-25 22:35 - 2017-11-25 22:35 - 000835568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2017-11-25 22:35 - 2017-11-25 22:35 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2017-11-25 05:22 - 2017-11-25 05:22 - 000000000 ____D C:\Program Files (x86)\AnonymizerGadget 2017-11-23 16:19 - 2017-11-23 16:19 - 000000074 _____ C:\Users\Shauna\Desktop\girl3.vmt 2017-11-23 16:06 - 2017-11-23 16:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VTFEdit 2017-11-23 16:06 - 2017-11-23 16:06 - 000000000 ____D C:\Program Files (x86)\VTFEdit 2017-11-22 13:53 - 2017-11-22 13:53 - 000000000 ____D C:\Users\Shauna\AppData\Roaming\AGData 2017-11-13 17:29 - 2017-11-13 17:29 - 000002428 _____ C:\Users\Shauna\Desktop\LittleNightmares Secrets of the Maw.lnk 2017-11-13 17:27 - 2017-11-13 17:27 - 000001088 _____ C:\Users\Shauna\Desktop\Secrets of the Maw.lnk 2017-11-13 17:27 - 2017-11-13 17:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secrets of the Maw 2017-11-13 17:22 - 2017-11-13 17:22 - 000003434 _____ C:\WINDOWS\System32\Tasks\WindowsMediaSharing 2017-11-13 16:42 - 2017-11-13 17:22 - 000000000 ____D C:\Users\Shauna\Downloads\Little Nightmares Secrets of The Maw-Ch1 2017-11-12 20:03 - 2017-12-02 23:53 - 000000000 ____D C:\Program Files (x86)\Steam 2017-11-12 20:03 - 2017-11-12 20:03 - 000001040 _____ C:\Users\Public\Desktop\Steam.lnk 2017-11-12 20:03 - 2017-11-12 20:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2017-11-12 19:15 - 2017-11-12 19:17 - 1075296456 _____ C:\Users\Shauna\Desktop\Starbound.rar 2017-11-12 18:24 - 2017-11-12 18:28 - 000000000 ____D C:\Users\Shauna\Desktop\Terraria 2017-11-12 18:23 - 2017-11-12 18:26 - 000000000 ____D C:\Users\Shauna\Desktop\Starbound 2017-11-12 12:20 - 2017-11-12 12:20 - 000001271 _____ C:\Users\Public\Desktop\IObit Unlocker.lnk 2017-11-12 12:20 - 2017-11-12 12:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Unlocker 2017-11-12 10:39 - 2017-11-12 10:40 - 000000000 ____D C:\Users\Shauna\Desktop\New folder 2017-11-05 20:28 - 2017-11-05 20:28 - 000002751 _____ C:\Users\lando\AppData\Local\recently-used.xbel 2017-11-05 20:27 - 2017-11-05 20:28 - 000000000 ____D C:\Users\lando\AppData\Local\gtk-2.0 ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-12-02 23:49 - 2017-01-25 20:42 - 000007594 _____ C:\Users\Shauna\AppData\Local\Resmon.ResmonCfg 2017-12-02 23:21 - 2017-01-13 22:22 - 000000000 ____D C:\Users\Shauna\AppData\Roaming\uTorrent 2017-12-02 23:20 - 2016-07-16 03:47 - 000000000 ____D C:\WINDOWS\AppReadiness 2017-12-02 23:13 - 2016-12-14 19:39 - 000000000 ____D C:\Users\Shauna\AppData\Local\CrashDumps 2017-12-02 23:05 - 2015-10-24 20:59 - 000000000 ____D C:\ProgramData\Malwarebytes 2017-12-02 22:48 - 2017-03-17 01:48 - 001863322 _____ C:\WINDOWS\system32\perfh011.dat 2017-12-02 22:48 - 2017-03-17 01:48 - 000487552 _____ C:\WINDOWS\system32\perfc011.dat 2017-12-02 22:48 - 2016-11-20 10:51 - 004750944 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-12-02 22:45 - 2016-11-20 10:41 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2017-12-02 12:25 - 2016-06-03 02:43 - 000000000 ____D C:\ProgramData\NVIDIA 2017-12-02 09:23 - 2015-10-24 12:09 - 000000000 ____D C:\ProgramData\ProductData 2017-12-02 05:59 - 2015-09-11 08:30 - 000002561 _____ C:\Users\Shauna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome Canary.lnk 2017-12-02 05:59 - 2015-09-11 08:30 - 000002552 _____ C:\Users\Shauna\Desktop\Google Chrome Canary.lnk 2017-12-02 03:27 - 2016-07-16 03:36 - 000000000 ____D C:\WINDOWS\CbsTemp 2017-12-02 01:03 - 2016-07-16 03:45 - 000000000 ____D C:\WINDOWS\INF 2017-12-01 20:41 - 2016-07-16 03:47 - 000000000 ____D C:\WINDOWS\rescache 2017-11-30 21:20 - 2015-07-24 20:47 - 000000000 __SHD C:\Users\Shauna\IntelGraphicsProfiles 2017-11-30 21:16 - 2016-11-20 10:41 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-11-28 19:32 - 2017-02-10 16:58 - 000000000 ____D C:\Users\Shauna 2017-11-27 22:38 - 2017-02-10 16:58 - 000000000 ____D C:\Users\lando 2017-11-27 19:00 - 2017-07-21 16:24 - 000001465 _____ C:\Users\lando\Desktop\roblox player.lnk 2017-11-27 19:00 - 2016-07-01 15:54 - 000001465 _____ C:\Users\lando\Desktop\ROBLOX Player - Copy.lnk 2017-11-27 19:00 - 2016-05-22 19:05 - 000000000 ____D C:\Users\lando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox 2017-11-27 18:59 - 2017-01-06 20:11 - 000000000 ____D C:\Users\lando\AppData\Local\CrashDumps 2017-11-27 18:58 - 2016-11-20 10:54 - 000000000 __RHD C:\Users\Public\AccountPictures 2017-11-27 18:58 - 2016-05-22 17:41 - 000000000 __SHD C:\Users\lando\IntelGraphicsProfiles 2017-11-26 16:43 - 2015-10-24 11:58 - 000000000 ____D C:\ProgramData\IObit 2017-11-26 15:39 - 2015-08-26 13:40 - 000000000 ____D C:\Users\Shauna\AppData\Local\ElevatedDiagnostics 2017-11-26 12:08 - 2014-07-02 22:36 - 000000000 ____D C:\Users\Shauna\.gimp-2.8 2017-11-26 02:47 - 2016-11-20 10:40 - 000484168 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-11-26 02:45 - 2016-07-15 22:04 - 002097152 _____ C:\WINDOWS\system32\config\BBI 2017-11-26 02:41 - 2016-07-16 03:47 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2017-11-26 02:41 - 2016-07-16 03:47 - 000000000 ___RD C:\Program Files\Windows Defender 2017-11-26 02:41 - 2016-07-16 03:47 - 000000000 ____D C:\WINDOWS\system32\oobe 2017-11-26 02:41 - 2016-07-16 03:47 - 000000000 ____D C:\WINDOWS\system32\appraiser 2017-11-26 02:41 - 2016-07-16 03:47 - 000000000 ____D C:\WINDOWS\ShellExperiences 2017-11-26 02:41 - 2016-07-16 03:47 - 000000000 ____D C:\Program Files (x86)\Windows Defender 2017-11-26 02:38 - 2017-03-20 21:16 - 112734208 _____ C:\WINDOWS\system32\config\SOFTWARE.iodefrag.bak 2017-11-26 02:38 - 2017-03-20 21:16 - 000569344 _____ C:\WINDOWS\system32\config\DEFAULT.iodefrag.bak 2017-11-26 02:38 - 2017-03-20 21:16 - 000045056 _____ C:\WINDOWS\system32\config\SAM.iodefrag.bak 2017-11-26 02:38 - 2017-03-20 21:16 - 000032768 _____ C:\WINDOWS\system32\config\SECURITY.iodefrag.bak 2017-11-23 15:58 - 2015-12-19 13:33 - 000000000 ____D C:\Users\Shauna\AppData\Local\gtk-2.0 2017-11-22 13:52 - 2015-09-27 21:47 - 000000000 ____D C:\ProgramData\Skype 2017-11-21 21:58 - 2016-07-16 03:47 - 000000000 ____D C:\WINDOWS\system32\NDF 2017-11-17 07:13 - 2017-02-10 17:24 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2017-11-17 07:13 - 2017-02-10 17:24 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2017-11-14 22:33 - 2017-02-10 17:24 - 000004386 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2017-11-14 22:33 - 2016-07-16 03:47 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2017-11-14 22:33 - 2016-07-16 03:47 - 000000000 ____D C:\WINDOWS\system32\Macromed 2017-11-14 21:37 - 2017-04-07 03:15 - 000003712 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3102671110-3783085175-2543185073-1002UA1d2af9041b0587e 2017-11-14 21:37 - 2017-04-07 03:15 - 000003444 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3102671110-3783085175-2543185073-1002Core1d2af9041990718 2017-11-13 17:23 - 2017-05-12 17:17 - 000000000 ____D C:\Program Files (x86)\Little Nightmares 2017-11-13 17:21 - 2017-05-13 14:28 - 000000000 ____D C:\Users\Shauna\AppData\LocalLow\uTorrent 2017-11-13 16:55 - 2016-03-04 17:20 - 000002278 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-11-12 19:40 - 2014-06-08 19:51 - 000000000 ____D C:\Users\Shauna\Desktop\games 2017-11-12 12:20 - 2015-10-24 11:57 - 000000000 ____D C:\Program Files (x86)\IObit 2017-11-12 09:34 - 2016-12-25 21:08 - 000000000 ____D C:\Users\Shauna\AppData\Roaming\.minecraft 2017-11-05 22:14 - 2017-04-09 11:38 - 000000000 ____D C:\Users\lando\.gimp-2.8 2017-11-05 20:27 - 2016-06-01 19:04 - 000000000 ____D C:\Users\lando\Documents\My games ==================== Files in the root of some directories ======= 2016-01-07 18:24 - 2016-01-07 18:22 - 000012005 _____ () C:\Users\Shauna\AppData\Roaming\alsoft.ini 2015-08-26 22:50 - 2015-08-26 22:50 - 000000000 ___SH () C:\Users\Shauna\AppData\Local\LumaEmu 2017-11-26 12:12 - 2017-11-26 12:12 - 000002701 _____ () C:\Users\Shauna\AppData\Local\recently-used.xbel 2017-01-25 20:42 - 2017-12-02 23:49 - 000007594 _____ () C:\Users\Shauna\AppData\Local\Resmon.ResmonCfg Some files in TEMP: ==================== 2017-04-18 18:07 - 2017-04-18 18:07 - 000739904 _____ (Oracle Corporation) C:\Users\lando\AppData\Local\Temp\jre-8u131-windows-au.exe 2017-03-02 19:29 - 2017-06-16 16:25 - 058684896 _____ (Skype Technologies S.A.) C:\Users\lando\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-12-02 21:59 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-11-2017 Ran by Shauna (03-12-2017 00:04:58) Running from C:\Users\Shauna\Downloads Windows 10 Pro Version 1607 14393.1884 (X64) (2017-02-11 01:41:28) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3102671110-3783085175-2543185073-500 - Administrator - Disabled) => C:\Users\Administrator DefaultAccount (S-1-5-21-3102671110-3783085175-2543185073-503 - Limited - Disabled) Guest (S-1-5-21-3102671110-3783085175-2543185073-501 - Limited - Disabled) lando (S-1-5-21-3102671110-3783085175-2543185073-1003 - Limited - Enabled) => C:\Users\lando Shauna (S-1-5-21-3102671110-3783085175-2543185073-1002 - Administrator - Enabled) => C:\Users\Shauna UpdatusUser (S-1-5-21-3102671110-3783085175-2543185073-1001 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\uTorrent) (Version: 3.5.0.44090 - BitTorrent Inc.) µTorrent (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\uTorrent) (Version: 3.5.0.44090 - BitTorrent Inc.) µTorrent (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\uTorrent) (Version: 3.5.0.44090 - BitTorrent Inc.) 7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov) AbiWord 2.8.6 (HKLM-x32\...\AbiWord2) (Version: 2.8.6 - AbiSource Developers) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated) Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated) Advanced SystemCare 10 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 10.1.0 - IObit) Aion (HKLM-x32\...\{B9291CA2-6FA5-44EA-8EE0-923EB32ADAAB}) (Version: 4.0.0.3 - NC Interactive, LLC) Alice Madness Returns - The Complete Collection (HKLM-x32\...\Alice Madness Returns - The Complete Collection_is1) (Version: - ) Allods Online EN (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\Allods Online EN) (Version: 1.126 - My.com B.V.) Allods Online EN (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\Allods Online EN) (Version: 1.126 - My.com B.V.) Allods Online EN (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\Allods Online EN) (Version: 1.126 - My.com B.V.) American McGee's Alice(tm) (HKLM-x32\...\{77B5AD60-8F14-11D4-9BC9-0050041A1090}) (Version: - ) AnonymizerGadget (HKU\.DEFAULT\...\AnonymizerGadget) (Version: 1 - Jetico lim) <==== ATTENTION Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 376.33 - NVIDIA Corporation) Hidden Apowersoft Free Audio Recorder V3.0.5 (HKLM-x32\...\{E35F91E4-C68C-43E8-BE90-35CDEE4E5730}_is1) (Version: 3.0.5 - APOWERSOFT LIMITED) Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) BlueStacks App Player (HKLM-x32\...\{4047E0FE-CBD8-4915-BBB1-45F6CBF417AC}) (Version: 2.0.4.5627 - BlueStack Systems, Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.37 - Piriform) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.2.0.0115 - Disc Soft Ltd) Desktop Calendar 2.2.1.3583 (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\DesktopCal) (Version: 2.2.1.3583 - DesktopCal, Inc.) Desktop Calendar 2.2.1.3583 (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\DesktopCal) (Version: 2.2.1.3583 - DesktopCal, Inc.) Desktop Calendar 2.2.1.3583 (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\DesktopCal) (Version: 2.2.1.3583 - DesktopCal, Inc.) Dolphin (HKLM-x32\...\Dolphin) (Version: 5.0 - Dolphin Team) Equalizer APO (HKLM\...\EqualizerAPO) (Version: 1.1.1 - ) Exodus Online (HKLM-x32\...\{552FD7D8-896C-4211-9460-886FB7E21158}) (Version: 1.0.0 - Exodus Online) Facebook Gameroom 1.3.1.3 (HKLM-x32\...\{7E155A45-DE1A-46E0-A6B2-10FE1D8501FC}) (Version: 1.3.1.3 - Facebook) Fiesta Online EN (HKLM-x32\...\Fiesta Online EN) (Version: 1.05.039 - Gamigo games) FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.) Free Internet Window Washer (HKLM-x32\...\Free Internet Window Washer) (Version: - ) Free Webcam Recorder (HKLM-x32\...\{EDA2F047-79B6-46E2-8323-28086E1BA51D}) (Version: 1.0.0 - freepicturesolutions) GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team) Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.) Google Chrome Canary (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\Google Chrome SxS) (Version: 64.0.3282.3 - Google Inc.) Google Chrome Canary (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\Google Chrome SxS) (Version: 64.0.3282.3 - Google Inc.) Google Chrome Canary (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\Google Chrome SxS) (Version: 64.0.3282.3 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4248 - Intel Corporation) IObit Malware Fighter 3 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 3.3 - IObit) IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 6.1.0.510 - IObit) IObit Unlocker (HKLM-x32\...\IObit Unlocker_is1) (Version: 1.1.2 - IObit) Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation) League of Legends (HKLM-x32\...\{79BF4901-1EC4-4726-B3C2-A7859706C6E7}) (Version: 3.0.1 - Riot Games) Hidden League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games) Little Nightmares (HKLM-x32\...\Little Nightmares_is1) (Version: - ) Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes) Micro Machines World Series (HKLM-x32\...\Micro Machines World Series_is1) (Version: - ) Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3102671110-3783085175-2543185073-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131997\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3102671110-3783085175-2543185073-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234137809\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang) MouseRecorder v1.0.51 (HKLM-x32\...\MouseRecorder_is1) (Version: 1.0.51 - Bartels Media GmbH) Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 47.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla) My.com Game Center (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\MyComGames) (Version: 3.210 - My.com B.V.) My.com Game Center (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\MyComGames) (Version: 3.210 - My.com B.V.) My.com Game Center (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\MyComGames) (Version: 3.210 - My.com B.V.) NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT) Novicorp WinToFlash Lite version 1.4.0000 (HKLM-x32\...\{A1A1FF24-34C6-4B77-BDB7-A689979F018C}_is1) (Version: 1.4.0000 - Novicorp) NVIDIA GeForce Experience 3.2.2.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.2.2.49 - NVIDIA Corporation) NVIDIA Graphics Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation) NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation) NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.2.2.49 - NVIDIA Corporation) Hidden NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.0.2.1 - NVIDIA Corporation) Hidden NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.2 - NVIDIA Corporation) Hidden Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - ) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation) Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version: - ) Project64 version 2.3.0.210 (HKLM-x32\...\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1) (Version: 2.3.0.210 - ) QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements) QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.) Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 7.2.16.12597 - Razer Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7930 - Realtek Semiconductor Corp.) Roblox Player for lando (HKU\S-1-5-21-3102671110-3783085175-2543185073-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131997\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - Roblox Corporation) Roblox Player for lando (HKU\S-1-5-21-3102671110-3783085175-2543185073-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234137809\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - Roblox Corporation) ROBLOX Player for Shauna (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation) ROBLOX Player for Shauna (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation) ROBLOX Player for Shauna (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation) Roblox Studio for lando (HKU\S-1-5-21-3102671110-3783085175-2543185073-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131997\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - Roblox Corporation) Roblox Studio for lando (HKU\S-1-5-21-3102671110-3783085175-2543185073-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234137809\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - Roblox Corporation) Secret World Legends (HKLM-x32\...\Secret World Legends_is1) (Version: 1.0.0 - Funcom) Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft) SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0351 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.2.2.49 - NVIDIA Corporation) Hidden skyforge_mycom (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\skyforge_mycom) (Version: 1.35 - My.com B.V.) skyforge_mycom (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\skyforge_mycom) (Version: 1.35 - My.com B.V.) skyforge_mycom (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\skyforge_mycom) (Version: 1.35 - My.com B.V.) Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.) Smart Defrag 5 (HKLM-x32\...\Smart Defrag_is1) (Version: 5.5.0 - IObit) SpaceEngine version 0.9.8.0 (HKLM-x32\...\{6E7A40FA-86CE-4844-A7DC-F8769F21A62F}_is1) (Version: 0.9.8.0 - SpaceEngine) SpywareBlaster 5.2 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.2.0 - BrightFort LLC) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Superb Game Boost 3.1 (HKLM-x32\...\SuperbGameBoost_is1) (Version: 3.1 - ) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.9.4 - Synaptics Incorporated) System Shock 2 (HKLM-x32\...\GOGPACKSSHOCK2_is1) (Version: 2.0.0.9 - GOG.com) The Secret World (HKLM-x32\...\The Secret World_is1) (Version: 1.0.0 - Funcom) Touchpad Blocker (HKLM-x32\...\Touchpad Blocker) (Version: 2.9 - KARPOLAN) Trove North America (HKLM-x32\...\Glyph Trove North America) (Version: - Trion Worlds, Inc.) Unity Web Player (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\UnityWebPlayer) (Version: 5.3.4f1 - Unity Technologies ApS) Unity Web Player (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\UnityWebPlayer) (Version: 5.3.4f1 - Unity Technologies ApS) Unity Web Player (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\UnityWebPlayer) (Version: 5.3.4f1 - Unity Technologies ApS) Unity Web Player (HKU\S-1-5-21-3102671110-3783085175-2543185073-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131997\...\UnityWebPlayer) (Version: 5.3.6f1 - Unity Technologies ApS) Unity Web Player (HKU\S-1-5-21-3102671110-3783085175-2543185073-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234137809\...\UnityWebPlayer) (Version: 5.3.6f1 - Unity Technologies ApS) Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS) Update for Skype for Business 2015 (KB4011046) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{4948A05E-E21F-4A6F-BF2A-7D106E339C9B}) (Version: - Microsoft) Update for Skype for Business 2015 (KB4011046) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{4948A05E-E21F-4A6F-BF2A-7D106E339C9B}) (Version: - Microsoft) Update for Skype for Business 2015 (KB4011046) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{4948A05E-E21F-4A6F-BF2A-7D106E339C9B}) (Version: - Microsoft) Vampire - The Masquerade Bloodlines (HKLM-x32\...\{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}) (Version: 1.00.0000 - Activision) Hidden Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.) VitalSource Bookshelf (HKLM-x32\...\{4bb6f5ce-1e01-41b1-833d-ffa2297df6f4}) (Version: 6.08.0017 - Ingram Content Group) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN) VTFEdit 1.2.5 (HKLM-x32\...\VTFEdit_is1) (Version: - Neil Jedrzejewski & Ryan Gregg) Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinISO (HKLM-x32\...\WinISO) (Version: 6.4.1.6137 - WinISO Computing Inc.) WinRAR 5.30 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.4 - win.rar GmbH) WizTree v2.01 (HKLM-x32\...\WizTree_is1) (Version: - Antibody Software) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Shauna\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Shauna\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.) ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit) ContextMenuHandlers1: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2015-01-09] (IObit) ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2016-05-23] (IObit) ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit) ContextMenuHandlers1: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2015-07-15] (IObit) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-09-13] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-09-13] (Alexander Roshal) ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit) ContextMenuHandlers4: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2015-01-09] (IObit) ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2016-05-23] (IObit) ContextMenuHandlers4: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2015-07-15] (IObit) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-10-13] (Intel Corporation) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-12-29] (NVIDIA Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) ContextMenuHandlers6: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2015-01-09] (IObit) ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2016-05-23] (IObit) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes) ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit) ContextMenuHandlers6: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2015-07-15] (IObit) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-09-13] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-09-13] (Alexander Roshal) ContextMenuHandlers1_S-1-5-21-3102671110-3783085175-2543185073-1002: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File ContextMenuHandlers5_S-1-5-21-3102671110-3783085175-2543185073-1002: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {04B6D5CE-4459-4CF6-9280-76CA0FE0EB88} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe [2017-02-17] (IObit) Task: {0E80A276-D1E7-4ABF-BCE4-2F706D0CB3AF} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-11-08] (Piriform Ltd) Task: {0EC67150-54B2-4B64-8406-C51303D4436D} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-08-17] (NVIDIA Corporation) Task: {114E4D25-4D0A-4542-9D7C-2DB6A66AD2FC} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [2017-02-17] (IObit) Task: {13FB2D35-27B8-44E5-A2D5-7DE963BD54D2} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-08-17] (NVIDIA Corporation) Task: {146705A4-D49A-4AC1-9F29-2BF2E38C7197} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation) Task: {26EE86E7-860A-46AE-9AB7-14B5ADF65E63} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation) Task: {2F251320-BCCC-49E5-AAAA-058358E98F26} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3102671110-3783085175-2543185073-1002UA1d2af9041b0587e => C:\Users\Shauna\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-11] (Google Inc.) Task: {3267C51B-F554-4BA9-BC0A-062E7D6FC248} - \ASC10_SkipUac_Shauna -> No File <==== ATTENTION Task: {3C3CAE4A-EAFD-4C6A-808B-94580FF76365} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3102671110-3783085175-2543185073-1002Core => C:\Users\Shauna\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-11] (Google Inc.) Task: {4B3E2004-0C65-4F62-8465-AB25AD159676} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-08-17] (NVIDIA Corporation) Task: {4CD307D7-9CB7-4B77-9C89-EBCF6F8D2EF1} - System32\Tasks\{69AC7384-0B56-436A-AE1F-26490289EFF5} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\EA GAMES\American McGee's Alice\Alice.exe" -d "C:\Program Files (x86)\EA GAMES\American McGee's Alice" Task: {53A21AC5-31F2-48A5-ABCA-44D0D79EAEA2} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-08-17] (NVIDIA Corporation) Task: {54924F83-4E2A-485E-9FFC-95F578C8CF71} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-04] (Google Inc.) Task: {5824E64A-2C09-445A-88E5-E6CBC7867F23} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3102671110-3783085175-2543185073-1002Core1d2af9041990718 => C:\Users\Shauna\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-11] (Google Inc.) Task: {5F3E65D1-C054-450C-BE6B-BDC45509D018} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-11-25] (Microsoft Corporation) Task: {658563B1-DD68-4D8A-88AD-9789DBA65F6A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-11-08] (Piriform Ltd) Task: {6ACFD528-B315-4607-B6C2-987C29F075F4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-11-25] (Microsoft Corporation) Task: {7A1A668B-354B-4FA9-8C9E-935096458A09} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3102671110-3783085175-2543185073-1002UA => C:\Users\Shauna\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-11] (Google Inc.) Task: {7AAA787B-030F-4FF6-9B5C-F9EF725A0A51} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated) Task: {89654F84-8EE3-4C5F-9BAF-536367841D03} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [2016-06-06] (IObit) Task: {A4D7DD49-E6E1-4466-9B88-79CEABCBEC5D} - System32\Tasks\Uninstaller_SkipUac_Shauna => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-12-15] (IObit) Task: {AA251C1D-989E-4B17-8A84-E01E0A55F146} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe Task: {B0627F85-E960-4E5A-ACAD-375BEE7AACD7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-11-25] (Microsoft Corporation) Task: {B11323BD-8721-4917-9DCB-427DA4E51B93} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-04] (Google Inc.) Task: {B3A55724-0EC6-411D-B8F2-E01E626B5A87} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-14] (Adobe Systems Incorporated) Task: {C913BE21-4182-4CEC-84EA-A1B2A17A7119} - System32\Tasks\SuperbGameBoost => C:\Program Files (x86)\SuperBoost\Superb Game Boost\SuperbGameBoostMain.exe [2016-11-28] (SuperBoost Software) Task: {D05852DA-B97A-437B-9415-A1B0566832E1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-11-08] (Piriform Ltd) Task: {D20B0ECA-2D1D-49F7-9060-4012D90CD6A3} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-08-17] (NVIDIA Corporation) Task: {D7706776-8610-479A-8FAD-B0A908C80119} - System32\Tasks\{8DFA961D-C189-41F7-82E5-231DE0E723A1} => C:\WINDOWS\system32\pcalua.exe -a D:\setup.exe -d D:\ Task: {DD1E5FC3-FBEA-42A7-A38A-5618904CE470} - System32\Tasks\WindowsMediaSharing => C:\windows\wndsvr.exe Task: {E1C3D66F-BB91-41A3-AB9B-B1CF030E69C4} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-08-17] (NVIDIA Corporation) Task: {E953EA30-E0E7-472E-879D-C7F77BF29B86} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-11-25] (Microsoft Corporation) Task: {EAE73CB3-46B5-4565-9756-03ACCD362375} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-08-17] (NVIDIA Corporation) Task: {F2592FCC-F500-435E-9556-3B83E430EB49} - System32\Tasks\IObitSelfCheckTask => C:\Program Files (x86)\IObit\Smart Defrag\IObitSelfCheck.exe [2016-10-18] (IObit) Task: {F8261426-AB14-404C-8742-1A08CEF622B5} - \ASC10_PerformanceMonitor -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Shauna.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Shauna\Favorites\Acer\Acer.lnk -> hxxp://www.acer.com ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 03:42 - 2016-07-16 03:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2017-09-15 18:14 - 2017-09-15 18:14 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2017-02-10 16:52 - 2016-12-29 05:16 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2016-11-25 22:23 - 2017-08-17 20:36 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll 2017-02-23 07:29 - 2017-02-23 07:29 - 008909512 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2016-11-20 10:11 - 2016-11-20 10:11 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2017-03-14 20:22 - 2017-03-03 22:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2015-10-13 22:47 - 2015-10-13 22:47 - 000415128 _____ () C:\WINDOWS\system32\igfxTray.exe 2017-03-14 20:20 - 2017-03-03 22:12 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-03-14 20:20 - 2017-03-03 22:05 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-03-14 20:20 - 2017-03-03 22:05 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2017-10-30 23:58 - 2017-10-30 23:58 - 001033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2017-10-30 23:58 - 2017-10-30 23:58 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2017-10-30 23:58 - 2017-10-30 23:58 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2017-08-22 15:22 - 2017-08-22 15:23 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2017-08-22 15:22 - 2017-08-22 15:23 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2017-08-22 15:22 - 2017-08-22 15:23 - 036162048 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2017-08-22 15:22 - 2017-08-22 15:23 - 002237952 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\skypert.dll 2017-12-02 23:05 - 2017-11-01 08:55 - 002299344 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2017-12-02 23:05 - 2017-11-01 08:54 - 002358736 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2017-11-13 16:55 - 2017-11-10 01:57 - 004135768 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libglesv2.dll 2017-11-13 16:55 - 2017-11-10 01:57 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libegl.dll 2015-10-24 11:57 - 2015-01-09 17:46 - 000517408 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\sqlite3.dll 2015-10-24 12:09 - 2014-10-16 09:26 - 000622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll 2012-12-20 22:12 - 2012-12-20 22:12 - 000275840 _____ () C:\WINDOWS\SYSTEM32\WinTab32.DLL 2017-08-23 23:36 - 2016-08-18 17:43 - 000442144 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madExcept_.bpl 2017-08-23 23:36 - 2016-08-18 17:43 - 000210720 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madBasic_.bpl 2017-08-23 23:36 - 2016-08-18 17:43 - 000059680 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madDisAsm_.bpl 2017-08-23 23:36 - 2016-11-01 09:11 - 000078624 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\GetProcessDLL.dll 2017-04-06 11:01 - 2016-01-11 16:03 - 000899872 _____ () C:\Program Files (x86)\IObit\Smart Defrag\webres.dll 2017-04-06 11:00 - 2016-01-11 16:02 - 000630048 _____ () C:\Program Files (x86)\IObit\Smart Defrag\ProductStatistics.dll 2016-12-18 22:07 - 2016-08-16 14:53 - 000796480 _____ () C:\Program Files (x86)\SuperBoost\Superb Game Boost\GA_IG.dll 2016-12-18 22:07 - 2016-01-29 18:03 - 000337216 _____ () C:\Program Files (x86)\SuperBoost\Superb Game Boost\taskMgr.dll 2016-12-18 22:07 - 2016-02-02 09:53 - 000629056 _____ () C:\Program Files (x86)\SuperBoost\Superb Game Boost\SgbStatistics.dll 2016-12-18 22:07 - 2016-08-16 09:20 - 000510272 _____ () C:\Program Files (x86)\SuperBoost\Superb Game Boost\GA_ID.dll 2016-12-18 22:07 - 2016-01-29 15:21 - 000276800 _____ () C:\Program Files (x86)\SuperBoost\Superb Game Boost\D3DX8Wrapper.dll 2016-12-18 22:07 - 2016-08-16 09:20 - 000286016 _____ () c:\program files (x86)\superboost\superb game boost\GA_CheackDx.dll 2017-01-04 20:41 - 2016-06-21 19:30 - 000442144 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl 2017-01-04 20:41 - 2016-06-21 19:29 - 000210720 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl 2017-01-04 20:41 - 2016-06-21 19:29 - 000059680 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl 2017-01-04 20:41 - 2015-12-28 13:50 - 000899872 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\webres.dll 2017-01-04 20:41 - 2016-09-26 13:59 - 000631072 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll 2017-08-23 23:36 - 2015-12-28 12:50 - 000899872 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\webres.dll 2017-08-23 23:36 - 2017-05-17 12:45 - 000631584 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStatistics.dll 2015-10-24 11:57 - 2015-03-27 14:39 - 000182080 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\unrar.dll 2015-10-24 11:57 - 2015-01-09 17:46 - 000145184 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\zlibwapi.dll 2015-10-24 12:09 - 2014-10-16 09:26 - 000622880 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\ProductStatistics.dll 2017-08-23 23:36 - 2017-07-24 14:34 - 001364256 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\Scan.dll 2017-02-23 07:29 - 2017-02-23 07:29 - 008909512 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [127] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\0411dd.com -> 0411dd.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\0511zfhl.com -> 0511zfhl.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\0632qyw.com -> 0632qyw.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\1001movie.com -> 1001movie.com There are 6127 more sites. IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\0411dd.com -> 0411dd.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\0511zfhl.com -> 0511zfhl.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\0632qyw.com -> 0632qyw.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\1001movie.com -> 1001movie.com There are 6127 more sites. IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\0411dd.com -> 0411dd.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\0511zfhl.com -> 0511zfhl.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\0632qyw.com -> 0632qyw.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\1001movie.com -> 1001movie.com There are 6127 more sites. ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-07-24 20:07 - 2015-07-24 20:05 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3102671110-3783085175-2543185073-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131096\Control Panel\Desktop\\Wallpaper -> HKU\S-1-5-21-3102671110-3783085175-2543185073-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136857\Control Panel\Desktop\\Wallpaper -> HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\Control Panel\Desktop\\Wallpaper -> C:\Program Files (x86)\Little Nightmares\Little Nightmares Wallpaper\LittleNightmares_Wallpaper02_2560x1440.jpg HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\Control Panel\Desktop\\Wallpaper -> C:\Program Files (x86)\Little Nightmares\Little Nightmares Wallpaper\LittleNightmares_Wallpaper02_2560x1440.jpg HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\Control Panel\Desktop\\Wallpaper -> C:\Program Files (x86)\Little Nightmares\Little Nightmares Wallpaper\LittleNightmares_Wallpaper02_2560x1440.jpg HKU\S-1-5-21-3102671110-3783085175-2543185073-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131997\Control Panel\Desktop\\Wallpaper -> C:\Users\lando\Downloads\alice_madness_returns_cheshire_cat-wallpaper-1600x900.jpg HKU\S-1-5-21-3102671110-3783085175-2543185073-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234137809\Control Panel\Desktop\\Wallpaper -> C:\Users\lando\Downloads\alice_madness_returns_cheshire_cat-wallpaper-1600x900.jpg HKU\S-1-5-21-3102671110-3783085175-2543185073-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234132243\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg HKU\S-1-5-21-3102671110-3783085175-2543185073-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234138078\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\Run: => "AvastUI.exe" HKLM\...\StartupApproved\Run32: => "APSDaemon" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\StartupApproved\Run: => "MyComGames" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\StartupApproved\Run: => "Google Update" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\StartupApproved\Run: => "DesktopCal" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\StartupApproved\Run: => "MyComGames" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\StartupApproved\Run: => "Google Update" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\StartupApproved\Run: => "DesktopCal" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\StartupApproved\Run: => "MyComGames" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\StartupApproved\Run: => "Google Update" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\StartupApproved\Run: => "DesktopCal" HKU\S-1-5-21-3102671110-3783085175-2543185073-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131997\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-3102671110-3783085175-2543185073-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234137809\...\StartupApproved\Run: => "OneDrive" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [UDP Query User{53B509F3-6B23-4E25-8272-B24C4D64D4E1}C:\users\shauna\desktop\games\hello neighbor\helloneighbor\helloneighbour\binaries\win64\helloneighbour-win64-shipping.exe] => (Block) C:\users\shauna\desktop\games\hello neighbor\helloneighbor\helloneighbour\binaries\win64\helloneighbour-win64-shipping.exe FirewallRules: [TCP Query User{393D0224-4406-4141-8ED5-D5341FD3CDB3}C:\users\shauna\desktop\games\hello neighbor\helloneighbor\helloneighbour\binaries\win64\helloneighbour-win64-shipping.exe] => (Block) C:\users\shauna\desktop\games\hello neighbor\helloneighbor\helloneighbour\binaries\win64\helloneighbour-win64-shipping.exe FirewallRules: [{526D571E-A5A2-4880-9DC6-2FBEF7EB99C6}] => (Allow) C:\Users\Shauna\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{A4B96E29-5800-4CDB-B177-93723212D8EA}] => (Allow) C:\Users\Shauna\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{467473A4-65D8-4D8F-A793-D6F61CDA860D}] => (Allow) C:\Users\Shauna\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{23C110DF-ABF7-4BB8-A1C6-E9A45CAF3D7D}] => (Allow) C:\Users\Shauna\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{4EBAAF10-409B-4BAE-892E-CDB4E65A06EC}] => (Allow) C:\Users\Shauna\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{E71A79FE-0243-473B-B458-F5362812E75B}] => (Allow) C:\Users\Shauna\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{F1D1046C-2AE4-4358-A67E-42D52F8E0E6F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RESIDENT EVIL REVELATIONS 2\rerev2.exe FirewallRules: [{7AB13CCB-5CD1-40BB-94F4-EF93E78F4FBC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RESIDENT EVIL REVELATIONS 2\rerev2.exe FirewallRules: [UDP Query User{BCB3EDAD-2992-4F71-AD92-DDB4E02B8F83}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [TCP Query User{75DB9FDF-CD3B-4D89-8EC3-5ACB0258C03D}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [{97B67474-B2EE-4512-8FE3-31FF65EF1239}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe FirewallRules: [UDP Query User{A9609216-E4C0-4765-9913-078D77615012}C:\program files (x86)\ea games\american mcgee's alice\alice.exe] => (Block) C:\program files (x86)\ea games\american mcgee's alice\alice.exe FirewallRules: [TCP Query User{EBC79678-B6D0-427D-8155-BAFCAA08ADEF}C:\program files (x86)\ea games\american mcgee's alice\alice.exe] => (Block) C:\program files (x86)\ea games\american mcgee's alice\alice.exe FirewallRules: [{6E7E7F70-84A5-4604-A483-7E245F34DD6E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{C9B1DA6C-3D83-41C8-B80C-CD367A529A6B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{E745E0D8-C450-4A49-A8E1-42B5786887A2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe FirewallRules: [{B242C698-FD00-4267-AEC3-1F3FEF1D6840}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe FirewallRules: [{3F8750B5-BC88-4D23-966B-1354A12CEC61}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe FirewallRules: [{37DA79D0-6217-45AA-A864-A642F85666D4}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe FirewallRules: [UDP Query User{8937A2B4-6ED6-499A-8709-997352628BE5}C:\users\shauna\desktop\games\terrariaserver.exe] => (Allow) C:\users\shauna\desktop\games\terrariaserver.exe FirewallRules: [TCP Query User{C5A69E2D-1698-4DB7-8932-78EFB95A6054}C:\users\shauna\desktop\games\terrariaserver.exe] => (Allow) C:\users\shauna\desktop\games\terrariaserver.exe FirewallRules: [UDP Query User{4F27BAB4-E03C-49B8-A627-3BEC9BC54CFD}C:\program files (x86)\electronic arts\alice madness returns - the complete collection\game\alice2\binaries\win32\alicemadnessreturns.exe] => (Block) C:\program files (x86)\electronic arts\alice madness returns - the complete collection\game\alice2\binaries\win32\alicemadnessreturns.exe FirewallRules: [TCP Query User{56266D1B-C42A-417B-A006-E976B6814960}C:\program files (x86)\electronic arts\alice madness returns - the complete collection\game\alice2\binaries\win32\alicemadnessreturns.exe] => (Block) C:\program files (x86)\electronic arts\alice madness returns - the complete collection\game\alice2\binaries\win32\alicemadnessreturns.exe FirewallRules: [{B7AF1FC3-84F6-45DF-AE83-B311A261BC07}] => (Allow) LPort=1900 FirewallRules: [{62EC681B-FEEB-411E-A684-352F227D2FA4}] => (Allow) LPort=2869 FirewallRules: [{EA9E65EE-154C-4559-9920-70BB35730154}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [UDP Query User{5586C496-ED98-4ED5-93CE-42B46E6C66AB}C:\users\shauna\downloads\tshock-4.3.8-rel (1)\terrariaserver.exe] => (Allow) C:\users\shauna\downloads\tshock-4.3.8-rel (1)\terrariaserver.exe FirewallRules: [TCP Query User{C04B199A-1EB4-41F7-82CC-16C98551BFB9}C:\users\shauna\downloads\tshock-4.3.8-rel (1)\terrariaserver.exe] => (Allow) C:\users\shauna\downloads\tshock-4.3.8-rel (1)\terrariaserver.exe FirewallRules: [{679CE7D9-B82C-43EB-855F-29BC354CA4D6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{573B97A3-C7A3-4BB8-8D70-438FE6766A1C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{9A730924-74BD-498B-B05E-97FC9BA20016}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{842CFDA5-6548-4CD8-B890-863AFAFE759B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [TCP Query User{6D378934-B304-4425-95E3-F20F1585873B}C:\users\shauna\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\shauna\appdata\local\mycomgames\mycomgames.exe FirewallRules: [UDP Query User{C1A68DC5-CD50-45B1-BDAA-35E2F1823F64}C:\users\shauna\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\shauna\appdata\local\mycomgames\mycomgames.exe FirewallRules: [{04B76664-230C-4732-9191-4A9677204ACD}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{73B69AF3-5932-4A11-9BA1-B3E982E71B8C}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{5B5D7426-0F36-45FC-B47F-83FDEADB8F64}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{475B82FA-D4D6-4794-BCA0-EC118AF78E57}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{22EA59C9-656F-4479-B5D4-C0260A10372C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{A2BB3EC1-0C84-452D-AE17-C66B0F9E6535}] => (Allow) LPort=1689 FirewallRules: [{1635646B-5A0C-4404-B489-A6ED8AFD2212}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe FirewallRules: [{E011C5A8-E199-47BF-B78A-B1B5C0653170}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe FirewallRules: [TCP Query User{1B3335CE-4E5D-439C-B7DC-EEB76C106A28}C:\users\shauna\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\shauna\appdata\local\google\chrome sxs\application\chrome.exe FirewallRules: [UDP Query User{DFD62ACD-A3FF-4E12-82A1-6480828C1960}C:\users\shauna\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\shauna\appdata\local\google\chrome sxs\application\chrome.exe FirewallRules: [{C8B9BBCB-051E-4795-8DF8-DBB12D6155A1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{DE259962-AB59-4EF7-B5FC-CFC6016A5A51}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{B63074FC-C5D2-483A-B0F9-2461BAE317FF}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Free Audio Recorder\Apowersoft Free Audio Recorder.exe FirewallRules: [{E008C583-68FD-4FAF-B4C7-AC5A06FB41D3}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Free Audio Recorder\Apowersoft Free Audio Recorder.exe FirewallRules: [TCP Query User{4D663066-0A0F-4034-BDE5-ED305F08A6D3}C:\users\shauna\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\shauna\appdata\local\google\chrome sxs\application\chrome.exe FirewallRules: [UDP Query User{2C89FC18-54ED-45D4-BA96-B895B302F400}C:\users\shauna\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\shauna\appdata\local\google\chrome sxs\application\chrome.exe FirewallRules: [TCP Query User{0C19D64E-9D25-4676-8615-539E47329FE1}C:\program files (x86)\ea games\american mcgee's alice\alice.exe] => (Allow) C:\program files (x86)\ea games\american mcgee's alice\alice.exe FirewallRules: [UDP Query User{E61EAD72-1B0D-4274-9D53-830A7785862D}C:\program files (x86)\ea games\american mcgee's alice\alice.exe] => (Allow) C:\program files (x86)\ea games\american mcgee's alice\alice.exe FirewallRules: [{67FE6D2C-4BBA-4512-A7D8-AD79B8285B6B}] => (Allow) C:\Program Files (x86)\MouseRecorder\MouseRecorder.exe FirewallRules: [TCP Query User{75401DA7-F5AB-452E-946A-A4063334647B}C:\users\lando\desktop\new folder\terrariaserver.exe] => (Allow) C:\users\lando\desktop\new folder\terrariaserver.exe FirewallRules: [UDP Query User{4B8491CA-91F2-4403-97FD-AD5BB85BFE66}C:\users\lando\desktop\new folder\terrariaserver.exe] => (Allow) C:\users\lando\desktop\new folder\terrariaserver.exe FirewallRules: [{149A4F99-460D-48A3-9D17-D59F0E860144}] => (Allow) C:\Program Files (x86)\Little Nightmares\Atlas\Binaries\Win64\LittleNightmares.exe FirewallRules: [{9FA5DD3D-ABA7-45EF-8959-94D168A2B105}] => (Allow) C:\Program Files (x86)\Little Nightmares\Atlas\Binaries\Win64\LittleNightmares.exe FirewallRules: [{08AE0CD4-B612-4B4D-A4A5-24FD1C36779F}] => (Allow) C:\Program Files (x86)\Little Nightmares\Atlas\Binaries\Win64\LittleNightmares.exe FirewallRules: [{89A6A241-7CEE-4660-A21F-A34A4A554CE3}] => (Allow) C:\Program Files (x86)\Little Nightmares\Atlas\Binaries\Win64\LittleNightmares.exe FirewallRules: [{7E5592B6-9185-4C4F-A28A-6D6664B2ADEA}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{744CDC8A-DA77-482A-8B15-B04222D21314}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{19AAB0A8-2799-455B-9C55-A28881078979}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{5D7A81E9-6848-4413-BE42-1552D5738EC6}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{95C210F2-858D-41AD-9305-7E183B85C842}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe FirewallRules: [{28EF7731-1315-45C5-84C0-BA915B603BD7}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe FirewallRules: [{27CBB826-7104-4124-8E9E-D56360DCBD82}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe FirewallRules: [{414C1AF1-84A9-4578-82E9-269059388C63}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe FirewallRules: [{0F248277-23AF-4844-926B-0B0ECF06004F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{1396CAD5-DC8E-4CBC-A977-08EE2FB40CF3}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{812F16E8-3C08-4B1D-8320-B711DD1178F4}] => (Allow) C:\Program Files (x86)\Funcom\Secret World Legends\ClientPatcher.exe FirewallRules: [{EBA74C0E-E4AF-44D2-8E40-332272A77FA6}] => (Allow) C:\Program Files (x86)\Funcom\Secret World Legends\ClientPatcher.exe FirewallRules: [{8DB80544-B9D6-4650-8B92-0ACC1B739CF1}] => (Allow) C:\Program Files (x86)\Funcom\The Secret World\ClientPatcher.exe FirewallRules: [{3CF66E2A-F957-4515-8E36-40BEF1B9CB5D}] => (Allow) C:\Program Files (x86)\Funcom\The Secret World\ClientPatcher.exe FirewallRules: [{90DCE0B9-F6F4-4CDF-B6D6-526FDEDAD39C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe FirewallRules: [{E9265E6D-AA8C-4F37-BBB8-ADB35C11B57D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe FirewallRules: [{DB5C347C-C71F-4C53-9FE9-AEF62D6D2034}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe FirewallRules: [{62BA7C52-F80D-423C-9489-37D9656255BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe FirewallRules: [{CC50C14A-410E-4DC7-B6F7-390FC2E6D372}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe FirewallRules: [{07AD4742-2481-48AF-A729-5CEA53832D29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe FirewallRules: [{11184E52-CC1A-4186-855A-138D4C49B8EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe FirewallRules: [{30CF326C-4C8D-42BE-80BE-B207510FB190}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe FirewallRules: [{358A9934-7533-41D6-923A-B12E032A1591}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe FirewallRules: [{A57BCB1F-F2D9-4F27-B22A-541C261263E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe FirewallRules: [{C191B6D2-37D2-413A-8FC2-C46DF5C6D99E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base 2007\hl2.exe FirewallRules: [{C4A87100-78E4-4564-8F9D-EE4F608FD345}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base 2007\hl2.exe FirewallRules: [{E01405EF-421D-45C6-BC9D-D5A0ED90F4D6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 01-12-2017 19:10:08 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (12/02/2017 11:24:45 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (12/02/2017 11:24:42 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (12/02/2017 11:23:33 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (12/02/2017 11:23:31 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (12/02/2017 11:22:32 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (12/02/2017 11:22:31 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (12/02/2017 11:10:40 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (12/02/2017 11:10:38 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (12/02/2017 11:06:05 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (12/02/2017 11:05:39 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) System errors: ============= Error: (12/03/2017 12:01:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (12/03/2017 12:01:44 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Shauna\AppData\Local\Temp\ehdrv.sys Error: (12/03/2017 12:01:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (12/03/2017 12:01:43 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Shauna\AppData\Local\Temp\ehdrv.sys Error: (12/03/2017 12:01:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (12/03/2017 12:01:43 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Shauna\AppData\Local\Temp\ehdrv.sys Error: (12/03/2017 12:01:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (12/03/2017 12:01:43 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Shauna\AppData\Local\Temp\ehdrv.sys Error: (12/03/2017 12:01:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (12/03/2017 12:01:42 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Shauna\AppData\Local\Temp\ehdrv.sys CodeIntegrity: =================================== Date: 2017-12-02 23:04:17.647 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements. Date: 2017-11-30 22:08:49.896 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\DriverStore\FileRepository\nvacwu.inf_amd64_bdd6ea477d4e2fba\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-11-30 22:08:49.471 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-11-27 22:17:40.812 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\DriverStore\FileRepository\nvacwu.inf_amd64_bdd6ea477d4e2fba\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-11-27 22:17:40.292 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-11-27 17:06:31.783 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\DriverStore\FileRepository\nvacwu.inf_amd64_bdd6ea477d4e2fba\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-11-27 17:06:30.211 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-11-22 22:21:52.322 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\DriverStore\FileRepository\nvacwu.inf_amd64_bdd6ea477d4e2fba\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-11-22 22:21:52.006 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-11-21 11:15:34.356 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\DriverStore\FileRepository\nvacwu.inf_amd64_bdd6ea477d4e2fba\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-4702MQ CPU @ 2.20GHz Percentage of memory in use: 70% Total physical RAM: 8072.27 MB Available physical RAM: 2363.23 MB Total Virtual: 16264.27 MB Available Virtual: 9133.59 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:912.35 GB) (Free:439.01 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D033E306) Partition: GPT. ==================== End of Addition.txt ============================ Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-11-2017 Ran by Shauna (administrator) on THEGRAIL2NDGEN (03-12-2017 00:10:55) Running from C:\Users\Shauna\Downloads Loaded Profiles: Shauna & (Available Profiles: UpdatusUser & Shauna & lando & Administrator) Platform: Windows 10 Pro Version 1607 14393.1884 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (Intel Corporation) C:\WINDOWS\System32\igfxCUIService.exe (IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (SuperBoost Software) C:\Program Files (x86)\SuperBoost\SuperBoost Software Updater\SuperBoostUpdater.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Tablet Driver) C:\WINDOWS\System32\drivers\WTSrv.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe (IObit) C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (SuperBoost Software) C:\Program Files (x86)\SuperBoost\Superb Game Boost\SuperbGameBoostMain.exe (IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe (Intel Corporation) C:\WINDOWS\System32\igfxEM.exe (Intel Corporation) C:\WINDOWS\System32\igfxHK.exe () C:\WINDOWS\System32\igfxTray.exe (Intel Corporation) C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe (IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Microsoft Corporation) C:\WINDOWS\System32\InstallAgent.exe (Microsoft Corporation) C:\WINDOWS\System32\InstallAgentUserBroker.exe (Microsoft Corporation) C:\WINDOWS\SysWOW64\dllhost.exe (Google Inc.) C:\Users\Shauna\AppData\Local\Google\Update\1.3.33.7\GoogleCrashHandler.exe (Google Inc.) C:\Users\Shauna\AppData\Local\Google\Update\1.3.33.7\GoogleCrashHandler64.exe (Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation) C:\WINDOWS\System32\browser_broker.exe (Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\WINDOWS\System32\smartscreen.exe (Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\WINDOWS\System32\perfmon.exe (ESET spol. s r.o.) C:\Users\Shauna\Downloads\esetonlinescanner_enu (2).exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16696832 2016-11-18] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1467400 2016-11-18] (Realtek Semiconductor) HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-04] (Synaptics Incorporated) HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-27] (Microsoft Corporation) HKLM\...\Run: [WindowsRM] => C:\Windows\Temp\winrm.exe <==== ATTENTION HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5889824 2015-07-28] (IObit) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.) HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION HKU\S-1-5-21-3102671110-3783085175-2543185073-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131096\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation) HKU\S-1-5-21-3102671110-3783085175-2543185073-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136857\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation) HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\Run: [Google Update] => C:\Users\Shauna\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-14] (Google Inc.) HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\Run: [DesktopCal] => C:\Users\Shauna\AppData\Roaming\DesktopCal\desktopcal.exe [282624 2015-04-13] (DesktopCal, Inc.) HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\MountPoints2: {14331128-dc31-11e5-9ce5-3c77e65cf768} - "E:\setup.exe" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\MountPoints2: {8d2a646e-0459-11e7-9e12-3c77e65cf768} - "G:\LaunchU3.exe" -a HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\MountPoints2: {c3e24010-1b00-11e5-be8e-54bef75dced3} - "F:\setup.exe" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [806400 2016-07-16] (Microsoft Corporation) HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\Run: [Google Update] => C:\Users\Shauna\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-14] (Google Inc.) HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\Run: [DesktopCal] => C:\Users\Shauna\AppData\Roaming\DesktopCal\desktopcal.exe [282624 2015-04-13] (DesktopCal, Inc.) HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\MountPoints2: {14331128-dc31-11e5-9ce5-3c77e65cf768} - "E:\setup.exe" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\MountPoints2: {8d2a646e-0459-11e7-9e12-3c77e65cf768} - "G:\LaunchU3.exe" -a HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\MountPoints2: {c3e24010-1b00-11e5-be8e-54bef75dced3} - "F:\setup.exe" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [806400 2016-07-16] (Microsoft Corporation) HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\Run: [Google Update] => C:\Users\Shauna\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-14] (Google Inc.) HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\Run: [DesktopCal] => C:\Users\Shauna\AppData\Roaming\DesktopCal\desktopcal.exe [282624 2015-04-13] (DesktopCal, Inc.) HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\MountPoints2: {14331128-dc31-11e5-9ce5-3c77e65cf768} - "E:\setup.exe" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\MountPoints2: {8d2a646e-0459-11e7-9e12-3c77e65cf768} - "G:\LaunchU3.exe" -a HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\MountPoints2: {c3e24010-1b00-11e5-be8e-54bef75dced3} - "F:\setup.exe" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [806400 2016-07-16] (Microsoft Corporation) HKU\S-1-5-21-3102671110-3783085175-2543185073-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234132243\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation) HKU\S-1-5-21-3102671110-3783085175-2543185073-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234138078\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation) Startup: C:\Users\Shauna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2017-04-28] ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\Shauna\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook) BootExecute: RegistryDefragBootTime.exeautocheck autochk * SmartDefragBootTime.exe GroupPolicy: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{2ed2bed8-0660-49ee-a396-24b8975abb34}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12 Tcpip\..\Interfaces\{8c87d9e9-1414-43c7-b7b5-edcbae700435}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://rockmelt.com/?via=acer&mt=preload hxxps://www.google.com/ HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://rockmelt.com/?via=acer&mt=preload hxxps://www.google.com/ HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://rockmelt.com/?via=acer&mt=preload hxxps://www.google.com/ BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2016-05-23] (IObit) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-11-25] (Oracle Corporation) BHO-x32: Ads Removal -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} -> C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll [2014-06-11] (Adblock) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-25] (Oracle Corporation) FireFox: ======== FF DefaultProfile: FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2017-11-14] () FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-14] () FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-25] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-25] (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-17] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002: @my.com/Games -> C:\Users\Shauna\AppData\Local\MyComGames\NPMyComDetector.dll [2017-08-28] (MY.COM B.V.) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002: @nsroblox.roblox.com/launcher -> C:\Users\Shauna\AppData\Local\Roblox\Versions\version-aee78a51139946c2\\NPRobloxProxy.dll [2012-12-31] ( ROBLOX Corporation) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002: @nsroblox.roblox.com/launcher64 -> C:\Users\Shauna\AppData\Local\Roblox\Versions\version-aee78a51139946c2\\NPRobloxProxy64.dll [2012-12-31] ( ROBLOX Corporation) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Shauna\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Shauna\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Shauna\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-03-10] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205: @my.com/Games -> C:\Users\Shauna\AppData\Local\MyComGames\NPMyComDetector.dll [2017-08-28] (MY.COM B.V.) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205: @nsroblox.roblox.com/launcher -> C:\Users\Shauna\AppData\Local\Roblox\Versions\version-aee78a51139946c2\\NPRobloxProxy.dll [2012-12-31] ( ROBLOX Corporation) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205: @nsroblox.roblox.com/launcher64 -> C:\Users\Shauna\AppData\Local\Roblox\Versions\version-aee78a51139946c2\\NPRobloxProxy64.dll [2012-12-31] ( ROBLOX Corporation) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205: @tools.google.com/Google Update;version=3 -> C:\Users\Shauna\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205: @tools.google.com/Google Update;version=9 -> C:\Users\Shauna\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Shauna\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-03-10] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932: @my.com/Games -> C:\Users\Shauna\AppData\Local\MyComGames\NPMyComDetector.dll [2017-08-28] (MY.COM B.V.) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932: @nsroblox.roblox.com/launcher -> C:\Users\Shauna\AppData\Local\Roblox\Versions\version-aee78a51139946c2\\NPRobloxProxy.dll [2012-12-31] ( ROBLOX Corporation) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932: @nsroblox.roblox.com/launcher64 -> C:\Users\Shauna\AppData\Local\Roblox\Versions\version-aee78a51139946c2\\NPRobloxProxy64.dll [2012-12-31] ( ROBLOX Corporation) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932: @tools.google.com/Google Update;version=3 -> C:\Users\Shauna\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932: @tools.google.com/Google Update;version=9 -> C:\Users\Shauna\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Shauna\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-03-10] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131997: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\lando\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-07-14] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234137809: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\lando\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-07-14] (Unity Technologies ApS) Chrome: ======= CHR HomePage: Default -> hxxp://www.opportunityvillage.org/pages/halloveen CHR StartupUrls: Default -> "hxxps://www.google.com/" CHR Session Restore: Default -> is enabled. CHR Profile: C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\Default [2017-12-03] CHR Extension: (Slides) - C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12] CHR Extension: (Docs) - C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12] CHR Extension: (Google Drive) - C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-24] CHR Extension: (YouTube) - C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-24] CHR Extension: (Adblock Plus) - C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-09-26] CHR Extension: (Google Search) - C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-04] CHR Extension: (Slither.io Mods, Zoom, Unlock Skins, Bots) - C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogeabecipmckmihpmkgjbghbffcebcf [2017-09-07] CHR Extension: (Sheets) - C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12] CHR Extension: (Google Docs Offline) - C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-27] CHR Extension: (Chrome Web Store Payments) - C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21] CHR Extension: (Gmail) - C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-24] CHR Extension: (Chrome Media Router) - C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433688 2016-01-07] (BlueStack Systems, Inc.) S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413208 2016-01-07] (BlueStack Systems, Inc.) S3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [859672 2016-01-07] (BlueStack Systems, Inc.) S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1369464 2016-01-15] (Disc Soft Ltd) R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [370064 2015-10-13] (Intel Corporation) R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [882464 2015-07-17] (IObit) S3 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [360736 2016-10-28] (IObit) R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2960160 2016-04-22] (IObit) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes) R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-08-17] (NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-08-17] (NVIDIA Corporation) R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-08-09] (NVIDIA Corporation) R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-08-17] (NVIDIA Corporation) S3 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187824 2016-04-18] () S3 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [132864 2016-04-29] (Razer Inc.) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2017-09-15] (Microsoft Corporation) R2 sgbupt; C:\Program Files (x86)\SuperBoost\SuperBoost Software Updater\SuperBoostUpdater.exe [2600256 2016-10-21] (SuperBoost Software) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [249032 2015-06-04] (Synaptics Incorporated) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103704 2017-11-25] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4316456 2016-11-18] (Qualcomm Atheros Communications, Inc.) S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [154680 2016-01-07] (BlueStack Systems) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.) R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-02-26] (Disc Soft Ltd) S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-02-26] (Disc Soft Ltd) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2017-11-01] () R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2015-03-25] (IObit) S3 Hamachi; C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [45680 2017-05-22] (LogMeIn Inc.) R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-11-18] (REALiX(tm)) S4 IObitUnlocker; C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [66824 2017-06-15] (IObit) S3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21360 2013-01-09] (Acer Incorporated) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193464 2017-12-02] (Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2017-12-02] (Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2017-12-02] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2017-12-02] (Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-12-02] (Malwarebytes) R1 MpKsl272aac17; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A5BEDF92-59F2-475D-9D5D-E7686BD5D55C}\MpKsl272aac17.sys [58120 2017-11-26] (Microsoft Corporation) R1 MpKsl69a0050d; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A5BEDF92-59F2-475D-9D5D-E7686BD5D55C}\MpKsl69a0050d.sys [58120 2017-11-30] (Microsoft Corporation) R1 MpKsl82853fd0; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A5BEDF92-59F2-475D-9D5D-E7686BD5D55C}\MpKsl82853fd0.sys [58120 2017-11-26] (Microsoft Corporation) R1 MpKsl876f31ec; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A5BEDF92-59F2-475D-9D5D-E7686BD5D55C}\MpKsl876f31ec.sys [58120 2017-11-27] (Microsoft Corporation) R1 MpKsl9858aa96; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A5BEDF92-59F2-475D-9D5D-E7686BD5D55C}\MpKsl9858aa96.sys [58120 2017-11-26] (Microsoft Corporation) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvacwu.inf_amd64_bdd6ea477d4e2fba\nvlddmkm.sys [14190520 2017-01-17] (NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-08-17] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-08-17] (NVIDIA Corporation) R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-06-20] (NVIDIA Corporation) S3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [15704 2013-01-09] (Acer Incorporated) R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2015-03-25] (IObit.com) R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [44144 2016-03-10] (Razer, Inc.) R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [137840 2016-04-17] (Razer, Inc.) R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [21360 2016-03-22] (IObit) R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2016-02-17] (Synaptics Incorporated) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.) R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2015-03-25] (IObit.com) S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) R2 WinisoCDBus; C:\WINDOWS\System32\drivers\WinisoCDBus.sys [204032 2016-10-20] (WinISO.com) S3 xhunter1; C:\WINDOWS\xhunter1.sys [36832 2017-01-16] (Wellbia.com Co., Ltd.) S3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-12-03 00:04 - 2017-12-03 00:10 - 000079021 _____ C:\Users\Shauna\Downloads\Addition.txt 2017-12-02 23:59 - 2017-12-03 00:00 - 006968952 _____ (ESET spol. s r.o.) C:\Users\Shauna\Downloads\esetonlinescanner_enu (2).exe 2017-12-02 23:59 - 2017-12-02 23:59 - 006968952 _____ (ESET spol. s r.o.) C:\Users\Shauna\Downloads\esetonlinescanner_enu (3).exe 2017-12-02 23:45 - 2017-12-03 00:13 - 000030363 _____ C:\Users\Shauna\Downloads\FRST.txt 2017-12-02 23:44 - 2017-12-03 00:10 - 000000000 ____D C:\FRST 2017-12-02 23:44 - 2017-12-02 23:44 - 002391552 _____ (Farbar) C:\Users\Shauna\Downloads\FRST64.exe 2017-12-02 23:40 - 2017-12-02 23:40 - 000012316 _____ C:\Users\Shauna\Desktop\malware bytes.txt 2017-12-02 23:39 - 2017-12-02 23:39 - 006968952 _____ (ESET spol. s r.o.) C:\Users\Shauna\Downloads\esetonlinescanner_enu (1).exe 2017-12-02 23:39 - 2017-12-02 23:39 - 000000000 ____D C:\Users\Shauna\AppData\Local\ESET 2017-12-02 23:38 - 2017-12-02 23:38 - 006968952 _____ (ESET spol. s r.o.) C:\Users\Shauna\Downloads\esetonlinescanner_enu.exe 2017-12-02 23:09 - 2017-12-02 23:10 - 010848760 _____ (Piriform Ltd) C:\Users\Shauna\Downloads\ccsetup537pro (2).exe 2017-12-02 23:06 - 2017-12-02 23:06 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2017-12-02 23:05 - 2017-12-02 23:05 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2017-12-02 23:05 - 2017-12-02 23:05 - 000193464 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2017-12-02 23:05 - 2017-12-02 23:05 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2017-12-02 23:05 - 2017-12-02 23:05 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2017-12-02 23:05 - 2017-12-02 23:05 - 000001924 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-12-02 23:05 - 2017-12-02 23:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-12-02 23:05 - 2017-11-01 08:54 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys 2017-12-02 23:04 - 2017-12-02 23:04 - 000000000 ____D C:\ProgramData\MB3CoreBackup 2017-12-02 23:03 - 2017-12-02 23:03 - 000003938 _____ C:\WINDOWS\System32\Tasks\CCleaner Update 2017-12-02 23:03 - 2017-12-02 23:03 - 000002870 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2017-12-02 23:03 - 2017-12-02 23:03 - 000000869 _____ C:\Users\Public\Desktop\CCleaner.lnk 2017-12-02 23:03 - 2017-12-02 23:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2017-12-02 23:03 - 2017-12-02 23:03 - 000000000 ____D C:\Program Files\Malwarebytes 2017-12-02 23:03 - 2017-12-02 23:03 - 000000000 ____D C:\Program Files\CCleaner 2017-12-02 23:02 - 2017-12-02 23:03 - 078346672 _____ (Malwarebytes ) C:\Users\Shauna\Downloads\mb3-setup-consumer-3.3.1.2183.exe 2017-12-02 23:00 - 2017-12-02 23:01 - 010848760 _____ (Piriform Ltd) C:\Users\Shauna\Downloads\ccsetup537pro (1).exe 2017-12-02 23:00 - 2017-12-02 23:00 - 010848760 _____ (Piriform Ltd) C:\Users\Shauna\Downloads\ccsetup537pro.exe 2017-11-30 21:20 - 2017-11-30 21:20 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2017-11-27 18:59 - 2017-11-27 19:00 - 000001268 _____ C:\Users\lando\Desktop\Roblox Studio.lnk 2017-11-26 12:29 - 2017-11-26 12:29 - 000000000 ____D C:\Users\Shauna\Documents\Elysia 2017-11-26 12:14 - 2017-11-26 12:14 - 000000000 ____D C:\Users\Shauna\Desktop\family pictures 2017-11-26 12:13 - 2017-11-26 12:22 - 000000000 ____D C:\Users\Shauna\Desktop\zombie punch pictures 2017-11-26 12:12 - 2017-11-26 12:22 - 000000000 ____D C:\Users\Shauna\Desktop\rars 2017-11-26 12:12 - 2017-11-26 12:12 - 000002701 _____ C:\Users\Shauna\AppData\Local\recently-used.xbel 2017-11-26 11:35 - 2017-11-26 11:55 - 3684157086 _____ C:\Users\Shauna\Downloads\Elysia Online Setup.rar 2017-11-26 02:38 - 2017-11-26 02:45 - 112984064 _____ C:\WINDOWS\system32\config\SOFTWARE 2017-11-26 02:38 - 2017-11-26 02:45 - 000786432 _____ C:\WINDOWS\system32\config\DEFAULT 2017-11-26 02:38 - 2017-11-26 02:45 - 000032768 _____ C:\WINDOWS\system32\config\SECURITY 2017-11-26 02:38 - 2017-11-26 02:38 - 000045056 _____ C:\WINDOWS\system32\config\SAM 2017-11-25 23:53 - 2017-11-25 23:53 - 000231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll 2017-11-25 23:53 - 2017-11-25 23:53 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 023678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 022571008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 022220856 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 020967832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 019415040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 018365952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 013441536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 013107712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 012349440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 012205056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 009129984 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 008119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 007780184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 007626240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 006664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 006474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 006066176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 004749824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 004742144 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 004423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 003662848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 003616256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 003401216 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 002997760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 002641920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 002538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 002529120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 002321408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 002253656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 002187104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 002170712 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 002097664 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2017-11-25 23:48 - 2017-11-25 23:48 - 002032472 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 002028032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2017-11-25 23:48 - 2017-11-25 23:48 - 001988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 001984512 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 001817088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 001670488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 001600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 001578848 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 001518080 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 001478656 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 001470808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 001409880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 001373184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 001285120 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 001231360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 001181528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 001117016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 001102680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 001090912 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 001054040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 001010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000992088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000983904 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000965464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000947552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi 2017-11-25 23:48 - 2017-11-25 23:48 - 000909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000862208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000825688 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000813400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000811864 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000788624 _____ C:\WINDOWS\SysWOW64\locale.nls 2017-11-25 23:48 - 2017-11-25 23:48 - 000788624 _____ C:\WINDOWS\system32\locale.nls 2017-11-25 23:48 - 2017-11-25 23:48 - 000779776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000779608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000766808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000760320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000711168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000704344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000699224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000687968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000678752 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000658272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 000656896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000652344 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000647520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 000635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000635456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000626176 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPTpm12.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000613720 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000612192 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000581048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000569688 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000558424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 000551424 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000538112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPTpm12.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000513368 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000509784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000500576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 000485520 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000484184 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000484184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000482384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000455512 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000453632 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000412504 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000402264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 000399360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000392024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 000389120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000385856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000381792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS 2017-11-25 23:48 - 2017-11-25 23:48 - 000379232 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000341976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000304232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000299360 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinit.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000297984 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000297472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000269152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000259936 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000241496 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000241496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000223584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000206176 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000202584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamingUX.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000199000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 000190296 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000178008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE 2017-11-25 23:48 - 2017-11-25 23:48 - 000169304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\system32\regsvc.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE 2017-11-25 23:48 - 2017-11-25 23:48 - 000144728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000139096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 000124072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000120416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000097120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000089552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000082608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcd.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000082272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000076120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncAppvPublishingServer.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000069120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spbcd.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000067928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCredential.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceCredential.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000034648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mgmtapi.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mgmtapi.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll 2017-11-25 22:35 - 2017-11-25 22:35 - 000835568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2017-11-25 22:35 - 2017-11-25 22:35 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2017-11-25 05:22 - 2017-11-25 05:22 - 000000000 ____D C:\Program Files (x86)\AnonymizerGadget 2017-11-23 16:19 - 2017-11-23 16:19 - 000000074 _____ C:\Users\Shauna\Desktop\girl3.vmt 2017-11-23 16:06 - 2017-11-23 16:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VTFEdit 2017-11-23 16:06 - 2017-11-23 16:06 - 000000000 ____D C:\Program Files (x86)\VTFEdit 2017-11-22 13:53 - 2017-11-22 13:53 - 000000000 ____D C:\Users\Shauna\AppData\Roaming\AGData 2017-11-13 17:29 - 2017-11-13 17:29 - 000002428 _____ C:\Users\Shauna\Desktop\LittleNightmares Secrets of the Maw.lnk 2017-11-13 17:27 - 2017-11-13 17:27 - 000001088 _____ C:\Users\Shauna\Desktop\Secrets of the Maw.lnk 2017-11-13 17:27 - 2017-11-13 17:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secrets of the Maw 2017-11-13 17:22 - 2017-11-13 17:22 - 000003434 _____ C:\WINDOWS\System32\Tasks\WindowsMediaSharing 2017-11-13 16:42 - 2017-11-13 17:22 - 000000000 ____D C:\Users\Shauna\Downloads\Little Nightmares Secrets of The Maw-Ch1 2017-11-12 20:03 - 2017-12-02 23:53 - 000000000 ____D C:\Program Files (x86)\Steam 2017-11-12 20:03 - 2017-11-12 20:03 - 000001040 _____ C:\Users\Public\Desktop\Steam.lnk 2017-11-12 20:03 - 2017-11-12 20:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2017-11-12 19:15 - 2017-11-12 19:17 - 1075296456 _____ C:\Users\Shauna\Desktop\Starbound.rar 2017-11-12 18:24 - 2017-11-12 18:28 - 000000000 ____D C:\Users\Shauna\Desktop\Terraria 2017-11-12 18:23 - 2017-11-12 18:26 - 000000000 ____D C:\Users\Shauna\Desktop\Starbound 2017-11-12 12:20 - 2017-11-12 12:20 - 000001271 _____ C:\Users\Public\Desktop\IObit Unlocker.lnk 2017-11-12 12:20 - 2017-11-12 12:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Unlocker 2017-11-12 10:39 - 2017-11-12 10:40 - 000000000 ____D C:\Users\Shauna\Desktop\New folder 2017-11-05 20:28 - 2017-11-05 20:28 - 000002751 _____ C:\Users\lando\AppData\Local\recently-used.xbel 2017-11-05 20:27 - 2017-11-05 20:28 - 000000000 ____D C:\Users\lando\AppData\Local\gtk-2.0 ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-12-02 23:49 - 2017-01-25 20:42 - 000007594 _____ C:\Users\Shauna\AppData\Local\Resmon.ResmonCfg 2017-12-02 23:21 - 2017-01-13 22:22 - 000000000 ____D C:\Users\Shauna\AppData\Roaming\uTorrent 2017-12-02 23:20 - 2016-07-16 03:47 - 000000000 ____D C:\WINDOWS\AppReadiness 2017-12-02 23:13 - 2016-12-14 19:39 - 000000000 ____D C:\Users\Shauna\AppData\Local\CrashDumps 2017-12-02 23:05 - 2015-10-24 20:59 - 000000000 ____D C:\ProgramData\Malwarebytes 2017-12-02 22:48 - 2017-03-17 01:48 - 001863322 _____ C:\WINDOWS\system32\perfh011.dat 2017-12-02 22:48 - 2017-03-17 01:48 - 000487552 _____ C:\WINDOWS\system32\perfc011.dat 2017-12-02 22:48 - 2016-11-20 10:51 - 004750944 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-12-02 22:45 - 2016-11-20 10:41 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2017-12-02 12:25 - 2016-06-03 02:43 - 000000000 ____D C:\ProgramData\NVIDIA 2017-12-02 09:23 - 2015-10-24 12:09 - 000000000 ____D C:\ProgramData\ProductData 2017-12-02 05:59 - 2015-09-11 08:30 - 000002561 _____ C:\Users\Shauna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome Canary.lnk 2017-12-02 05:59 - 2015-09-11 08:30 - 000002552 _____ C:\Users\Shauna\Desktop\Google Chrome Canary.lnk 2017-12-02 03:27 - 2016-07-16 03:36 - 000000000 ____D C:\WINDOWS\CbsTemp 2017-12-02 01:03 - 2016-07-16 03:45 - 000000000 ____D C:\WINDOWS\INF 2017-12-01 20:41 - 2016-07-16 03:47 - 000000000 ____D C:\WINDOWS\rescache 2017-11-30 21:20 - 2015-07-24 20:47 - 000000000 __SHD C:\Users\Shauna\IntelGraphicsProfiles 2017-11-30 21:16 - 2016-11-20 10:41 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-11-28 19:32 - 2017-02-10 16:58 - 000000000 ____D C:\Users\Shauna 2017-11-27 22:38 - 2017-02-10 16:58 - 000000000 ____D C:\Users\lando 2017-11-27 19:00 - 2017-07-21 16:24 - 000001465 _____ C:\Users\lando\Desktop\roblox player.lnk 2017-11-27 19:00 - 2016-07-01 15:54 - 000001465 _____ C:\Users\lando\Desktop\ROBLOX Player - Copy.lnk 2017-11-27 19:00 - 2016-05-22 19:05 - 000000000 ____D C:\Users\lando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox 2017-11-27 18:59 - 2017-01-06 20:11 - 000000000 ____D C:\Users\lando\AppData\Local\CrashDumps 2017-11-27 18:58 - 2016-11-20 10:54 - 000000000 __RHD C:\Users\Public\AccountPictures 2017-11-27 18:58 - 2016-05-22 17:41 - 000000000 __SHD C:\Users\lando\IntelGraphicsProfiles 2017-11-26 16:43 - 2015-10-24 11:58 - 000000000 ____D C:\ProgramData\IObit 2017-11-26 15:39 - 2015-08-26 13:40 - 000000000 ____D C:\Users\Shauna\AppData\Local\ElevatedDiagnostics 2017-11-26 12:08 - 2014-07-02 22:36 - 000000000 ____D C:\Users\Shauna\.gimp-2.8 2017-11-26 02:47 - 2016-11-20 10:40 - 000484168 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-11-26 02:45 - 2016-07-15 22:04 - 002097152 _____ C:\WINDOWS\system32\config\BBI 2017-11-26 02:41 - 2016-07-16 03:47 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2017-11-26 02:41 - 2016-07-16 03:47 - 000000000 ___RD C:\Program Files\Windows Defender 2017-11-26 02:41 - 2016-07-16 03:47 - 000000000 ____D C:\WINDOWS\system32\oobe 2017-11-26 02:41 - 2016-07-16 03:47 - 000000000 ____D C:\WINDOWS\system32\appraiser 2017-11-26 02:41 - 2016-07-16 03:47 - 000000000 ____D C:\WINDOWS\ShellExperiences 2017-11-26 02:41 - 2016-07-16 03:47 - 000000000 ____D C:\Program Files (x86)\Windows Defender 2017-11-26 02:38 - 2017-03-20 21:16 - 112734208 _____ C:\WINDOWS\system32\config\SOFTWARE.iodefrag.bak 2017-11-26 02:38 - 2017-03-20 21:16 - 000569344 _____ C:\WINDOWS\system32\config\DEFAULT.iodefrag.bak 2017-11-26 02:38 - 2017-03-20 21:16 - 000045056 _____ C:\WINDOWS\system32\config\SAM.iodefrag.bak 2017-11-26 02:38 - 2017-03-20 21:16 - 000032768 _____ C:\WINDOWS\system32\config\SECURITY.iodefrag.bak 2017-11-23 15:58 - 2015-12-19 13:33 - 000000000 ____D C:\Users\Shauna\AppData\Local\gtk-2.0 2017-11-22 13:52 - 2015-09-27 21:47 - 000000000 ____D C:\ProgramData\Skype 2017-11-21 21:58 - 2016-07-16 03:47 - 000000000 ____D C:\WINDOWS\system32\NDF 2017-11-17 07:13 - 2017-02-10 17:24 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2017-11-17 07:13 - 2017-02-10 17:24 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2017-11-14 22:33 - 2017-02-10 17:24 - 000004386 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2017-11-14 22:33 - 2016-07-16 03:47 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2017-11-14 22:33 - 2016-07-16 03:47 - 000000000 ____D C:\WINDOWS\system32\Macromed 2017-11-14 21:37 - 2017-04-07 03:15 - 000003712 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3102671110-3783085175-2543185073-1002UA1d2af9041b0587e 2017-11-14 21:37 - 2017-04-07 03:15 - 000003444 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3102671110-3783085175-2543185073-1002Core1d2af9041990718 2017-11-13 17:23 - 2017-05-12 17:17 - 000000000 ____D C:\Program Files (x86)\Little Nightmares 2017-11-13 17:21 - 2017-05-13 14:28 - 000000000 ____D C:\Users\Shauna\AppData\LocalLow\uTorrent 2017-11-13 16:55 - 2016-03-04 17:20 - 000002278 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-11-12 19:40 - 2014-06-08 19:51 - 000000000 ____D C:\Users\Shauna\Desktop\games 2017-11-12 12:20 - 2015-10-24 11:57 - 000000000 ____D C:\Program Files (x86)\IObit 2017-11-12 09:34 - 2016-12-25 21:08 - 000000000 ____D C:\Users\Shauna\AppData\Roaming\.minecraft 2017-11-05 22:14 - 2017-04-09 11:38 - 000000000 ____D C:\Users\lando\.gimp-2.8 2017-11-05 20:27 - 2016-06-01 19:04 - 000000000 ____D C:\Users\lando\Documents\My games ==================== Files in the root of some directories ======= 2016-01-07 18:24 - 2016-01-07 18:22 - 000012005 _____ () C:\Users\Shauna\AppData\Roaming\alsoft.ini 2015-08-26 22:50 - 2015-08-26 22:50 - 000000000 ___SH () C:\Users\Shauna\AppData\Local\LumaEmu 2017-11-26 12:12 - 2017-11-26 12:12 - 000002701 _____ () C:\Users\Shauna\AppData\Local\recently-used.xbel 2017-01-25 20:42 - 2017-12-02 23:49 - 000007594 _____ () C:\Users\Shauna\AppData\Local\Resmon.ResmonCfg Some files in TEMP: ==================== 2017-04-18 18:07 - 2017-04-18 18:07 - 000739904 _____ (Oracle Corporation) C:\Users\lando\AppData\Local\Temp\jre-8u131-windows-au.exe 2017-03-02 19:29 - 2017-06-16 16:25 - 058684896 _____ (Skype Technologies S.A.) C:\Users\lando\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-12-02 21:59 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-11-2017 Ran by Shauna (03-12-2017 00:15:15) Running from C:\Users\Shauna\Downloads Windows 10 Pro Version 1607 14393.1884 (X64) (2017-02-11 01:41:28) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3102671110-3783085175-2543185073-500 - Administrator - Disabled) => C:\Users\Administrator DefaultAccount (S-1-5-21-3102671110-3783085175-2543185073-503 - Limited - Disabled) Guest (S-1-5-21-3102671110-3783085175-2543185073-501 - Limited - Disabled) lando (S-1-5-21-3102671110-3783085175-2543185073-1003 - Limited - Enabled) => C:\Users\lando Shauna (S-1-5-21-3102671110-3783085175-2543185073-1002 - Administrator - Enabled) => C:\Users\Shauna UpdatusUser (S-1-5-21-3102671110-3783085175-2543185073-1001 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\uTorrent) (Version: 3.5.0.44090 - BitTorrent Inc.) µTorrent (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\uTorrent) (Version: 3.5.0.44090 - BitTorrent Inc.) µTorrent (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\uTorrent) (Version: 3.5.0.44090 - BitTorrent Inc.) 7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov) AbiWord 2.8.6 (HKLM-x32\...\AbiWord2) (Version: 2.8.6 - AbiSource Developers) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated) Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated) Advanced SystemCare 10 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 10.1.0 - IObit) Aion (HKLM-x32\...\{B9291CA2-6FA5-44EA-8EE0-923EB32ADAAB}) (Version: 4.0.0.3 - NC Interactive, LLC) Alice Madness Returns - The Complete Collection (HKLM-x32\...\Alice Madness Returns - The Complete Collection_is1) (Version: - ) Allods Online EN (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\Allods Online EN) (Version: 1.126 - My.com B.V.) Allods Online EN (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\Allods Online EN) (Version: 1.126 - My.com B.V.) Allods Online EN (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\Allods Online EN) (Version: 1.126 - My.com B.V.) American McGee's Alice(tm) (HKLM-x32\...\{77B5AD60-8F14-11D4-9BC9-0050041A1090}) (Version: - ) AnonymizerGadget (HKU\.DEFAULT\...\AnonymizerGadget) (Version: 1 - Jetico lim) <==== ATTENTION Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 376.33 - NVIDIA Corporation) Hidden Apowersoft Free Audio Recorder V3.0.5 (HKLM-x32\...\{E35F91E4-C68C-43E8-BE90-35CDEE4E5730}_is1) (Version: 3.0.5 - APOWERSOFT LIMITED) Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) BlueStacks App Player (HKLM-x32\...\{4047E0FE-CBD8-4915-BBB1-45F6CBF417AC}) (Version: 2.0.4.5627 - BlueStack Systems, Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.37 - Piriform) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.2.0.0115 - Disc Soft Ltd) Desktop Calendar 2.2.1.3583 (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\DesktopCal) (Version: 2.2.1.3583 - DesktopCal, Inc.) Desktop Calendar 2.2.1.3583 (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\DesktopCal) (Version: 2.2.1.3583 - DesktopCal, Inc.) Desktop Calendar 2.2.1.3583 (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\DesktopCal) (Version: 2.2.1.3583 - DesktopCal, Inc.) Dolphin (HKLM-x32\...\Dolphin) (Version: 5.0 - Dolphin Team) Equalizer APO (HKLM\...\EqualizerAPO) (Version: 1.1.1 - ) Exodus Online (HKLM-x32\...\{552FD7D8-896C-4211-9460-886FB7E21158}) (Version: 1.0.0 - Exodus Online) Facebook Gameroom 1.3.1.3 (HKLM-x32\...\{7E155A45-DE1A-46E0-A6B2-10FE1D8501FC}) (Version: 1.3.1.3 - Facebook) Fiesta Online EN (HKLM-x32\...\Fiesta Online EN) (Version: 1.05.039 - Gamigo games) FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.) Free Internet Window Washer (HKLM-x32\...\Free Internet Window Washer) (Version: - ) Free Webcam Recorder (HKLM-x32\...\{EDA2F047-79B6-46E2-8323-28086E1BA51D}) (Version: 1.0.0 - freepicturesolutions) GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team) Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.) Google Chrome Canary (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\Google Chrome SxS) (Version: 64.0.3282.3 - Google Inc.) Google Chrome Canary (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\Google Chrome SxS) (Version: 64.0.3282.3 - Google Inc.) Google Chrome Canary (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\Google Chrome SxS) (Version: 64.0.3282.3 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4248 - Intel Corporation) IObit Malware Fighter 3 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 3.3 - IObit) IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 6.1.0.510 - IObit) IObit Unlocker (HKLM-x32\...\IObit Unlocker_is1) (Version: 1.1.2 - IObit) Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation) League of Legends (HKLM-x32\...\{79BF4901-1EC4-4726-B3C2-A7859706C6E7}) (Version: 3.0.1 - Riot Games) Hidden League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games) Little Nightmares (HKLM-x32\...\Little Nightmares_is1) (Version: - ) Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes) Micro Machines World Series (HKLM-x32\...\Micro Machines World Series_is1) (Version: - ) Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3102671110-3783085175-2543185073-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131997\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3102671110-3783085175-2543185073-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234137809\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang) MouseRecorder v1.0.51 (HKLM-x32\...\MouseRecorder_is1) (Version: 1.0.51 - Bartels Media GmbH) Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 47.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla) My.com Game Center (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\MyComGames) (Version: 3.210 - My.com B.V.) My.com Game Center (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\MyComGames) (Version: 3.210 - My.com B.V.) My.com Game Center (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\MyComGames) (Version: 3.210 - My.com B.V.) NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT) Novicorp WinToFlash Lite version 1.4.0000 (HKLM-x32\...\{A1A1FF24-34C6-4B77-BDB7-A689979F018C}_is1) (Version: 1.4.0000 - Novicorp) NVIDIA GeForce Experience 3.2.2.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.2.2.49 - NVIDIA Corporation) NVIDIA Graphics Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation) NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation) NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.2.2.49 - NVIDIA Corporation) Hidden NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.0.2.1 - NVIDIA Corporation) Hidden NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.2 - NVIDIA Corporation) Hidden Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - ) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation) Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version: - ) Project64 version 2.3.0.210 (HKLM-x32\...\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1) (Version: 2.3.0.210 - ) QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements) QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.) Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 7.2.16.12597 - Razer Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7930 - Realtek Semiconductor Corp.) Roblox Player for lando (HKU\S-1-5-21-3102671110-3783085175-2543185073-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131997\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - Roblox Corporation) Roblox Player for lando (HKU\S-1-5-21-3102671110-3783085175-2543185073-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234137809\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - Roblox Corporation) ROBLOX Player for Shauna (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation) ROBLOX Player for Shauna (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation) ROBLOX Player for Shauna (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation) Roblox Studio for lando (HKU\S-1-5-21-3102671110-3783085175-2543185073-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131997\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - Roblox Corporation) Roblox Studio for lando (HKU\S-1-5-21-3102671110-3783085175-2543185073-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234137809\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - Roblox Corporation) Secret World Legends (HKLM-x32\...\Secret World Legends_is1) (Version: 1.0.0 - Funcom) Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft) SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0351 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.2.2.49 - NVIDIA Corporation) Hidden skyforge_mycom (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\skyforge_mycom) (Version: 1.35 - My.com B.V.) skyforge_mycom (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\skyforge_mycom) (Version: 1.35 - My.com B.V.) skyforge_mycom (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\skyforge_mycom) (Version: 1.35 - My.com B.V.) Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.) Smart Defrag 5 (HKLM-x32\...\Smart Defrag_is1) (Version: 5.5.0 - IObit) SpaceEngine version 0.9.8.0 (HKLM-x32\...\{6E7A40FA-86CE-4844-A7DC-F8769F21A62F}_is1) (Version: 0.9.8.0 - SpaceEngine) SpywareBlaster 5.2 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.2.0 - BrightFort LLC) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Superb Game Boost 3.1 (HKLM-x32\...\SuperbGameBoost_is1) (Version: 3.1 - ) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.9.4 - Synaptics Incorporated) System Shock 2 (HKLM-x32\...\GOGPACKSSHOCK2_is1) (Version: 2.0.0.9 - GOG.com) The Secret World (HKLM-x32\...\The Secret World_is1) (Version: 1.0.0 - Funcom) Touchpad Blocker (HKLM-x32\...\Touchpad Blocker) (Version: 2.9 - KARPOLAN) Trove North America (HKLM-x32\...\Glyph Trove North America) (Version: - Trion Worlds, Inc.) Unity Web Player (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\UnityWebPlayer) (Version: 5.3.4f1 - Unity Technologies ApS) Unity Web Player (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\UnityWebPlayer) (Version: 5.3.4f1 - Unity Technologies ApS) Unity Web Player (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\UnityWebPlayer) (Version: 5.3.4f1 - Unity Technologies ApS) Unity Web Player (HKU\S-1-5-21-3102671110-3783085175-2543185073-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131997\...\UnityWebPlayer) (Version: 5.3.6f1 - Unity Technologies ApS) Unity Web Player (HKU\S-1-5-21-3102671110-3783085175-2543185073-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234137809\...\UnityWebPlayer) (Version: 5.3.6f1 - Unity Technologies ApS) Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS) Update for Skype for Business 2015 (KB4011046) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{4948A05E-E21F-4A6F-BF2A-7D106E339C9B}) (Version: - Microsoft) Update for Skype for Business 2015 (KB4011046) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{4948A05E-E21F-4A6F-BF2A-7D106E339C9B}) (Version: - Microsoft) Update for Skype for Business 2015 (KB4011046) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{4948A05E-E21F-4A6F-BF2A-7D106E339C9B}) (Version: - Microsoft) Vampire - The Masquerade Bloodlines (HKLM-x32\...\{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}) (Version: 1.00.0000 - Activision) Hidden Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.) VitalSource Bookshelf (HKLM-x32\...\{4bb6f5ce-1e01-41b1-833d-ffa2297df6f4}) (Version: 6.08.0017 - Ingram Content Group) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN) VTFEdit 1.2.5 (HKLM-x32\...\VTFEdit_is1) (Version: - Neil Jedrzejewski & Ryan Gregg) Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinISO (HKLM-x32\...\WinISO) (Version: 6.4.1.6137 - WinISO Computing Inc.) WinRAR 5.30 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.4 - win.rar GmbH) WizTree v2.01 (HKLM-x32\...\WizTree_is1) (Version: - Antibody Software) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Shauna\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Shauna\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.) ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit) ContextMenuHandlers1: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2015-01-09] (IObit) ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2016-05-23] (IObit) ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit) ContextMenuHandlers1: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2015-07-15] (IObit) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-09-13] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-09-13] (Alexander Roshal) ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit) ContextMenuHandlers4: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2015-01-09] (IObit) ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2016-05-23] (IObit) ContextMenuHandlers4: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2015-07-15] (IObit) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-10-13] (Intel Corporation) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-12-29] (NVIDIA Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) ContextMenuHandlers6: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2015-01-09] (IObit) ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2016-05-23] (IObit) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes) ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit) ContextMenuHandlers6: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2015-07-15] (IObit) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-09-13] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-09-13] (Alexander Roshal) ContextMenuHandlers1_S-1-5-21-3102671110-3783085175-2543185073-1002: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File ContextMenuHandlers5_S-1-5-21-3102671110-3783085175-2543185073-1002: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {04B6D5CE-4459-4CF6-9280-76CA0FE0EB88} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe [2017-02-17] (IObit) Task: {0E80A276-D1E7-4ABF-BCE4-2F706D0CB3AF} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-11-08] (Piriform Ltd) Task: {0EC67150-54B2-4B64-8406-C51303D4436D} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-08-17] (NVIDIA Corporation) Task: {114E4D25-4D0A-4542-9D7C-2DB6A66AD2FC} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [2017-02-17] (IObit) Task: {13FB2D35-27B8-44E5-A2D5-7DE963BD54D2} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-08-17] (NVIDIA Corporation) Task: {146705A4-D49A-4AC1-9F29-2BF2E38C7197} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation) Task: {26EE86E7-860A-46AE-9AB7-14B5ADF65E63} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation) Task: {2F251320-BCCC-49E5-AAAA-058358E98F26} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3102671110-3783085175-2543185073-1002UA1d2af9041b0587e => C:\Users\Shauna\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-11] (Google Inc.) Task: {3267C51B-F554-4BA9-BC0A-062E7D6FC248} - \ASC10_SkipUac_Shauna -> No File <==== ATTENTION Task: {3C3CAE4A-EAFD-4C6A-808B-94580FF76365} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3102671110-3783085175-2543185073-1002Core => C:\Users\Shauna\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-11] (Google Inc.) Task: {4B3E2004-0C65-4F62-8465-AB25AD159676} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-08-17] (NVIDIA Corporation) Task: {4CD307D7-9CB7-4B77-9C89-EBCF6F8D2EF1} - System32\Tasks\{69AC7384-0B56-436A-AE1F-26490289EFF5} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\EA GAMES\American McGee's Alice\Alice.exe" -d "C:\Program Files (x86)\EA GAMES\American McGee's Alice" Task: {53A21AC5-31F2-48A5-ABCA-44D0D79EAEA2} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-08-17] (NVIDIA Corporation) Task: {54924F83-4E2A-485E-9FFC-95F578C8CF71} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-04] (Google Inc.) Task: {5824E64A-2C09-445A-88E5-E6CBC7867F23} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3102671110-3783085175-2543185073-1002Core1d2af9041990718 => C:\Users\Shauna\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-11] (Google Inc.) Task: {5F3E65D1-C054-450C-BE6B-BDC45509D018} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-11-25] (Microsoft Corporation) Task: {658563B1-DD68-4D8A-88AD-9789DBA65F6A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-11-08] (Piriform Ltd) Task: {6ACFD528-B315-4607-B6C2-987C29F075F4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-11-25] (Microsoft Corporation) Task: {7A1A668B-354B-4FA9-8C9E-935096458A09} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3102671110-3783085175-2543185073-1002UA => C:\Users\Shauna\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-11] (Google Inc.) Task: {7AAA787B-030F-4FF6-9B5C-F9EF725A0A51} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated) Task: {89654F84-8EE3-4C5F-9BAF-536367841D03} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [2016-06-06] (IObit) Task: {A4D7DD49-E6E1-4466-9B88-79CEABCBEC5D} - System32\Tasks\Uninstaller_SkipUac_Shauna => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-12-15] (IObit) Task: {AA251C1D-989E-4B17-8A84-E01E0A55F146} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe Task: {B0627F85-E960-4E5A-ACAD-375BEE7AACD7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-11-25] (Microsoft Corporation) Task: {B11323BD-8721-4917-9DCB-427DA4E51B93} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-04] (Google Inc.) Task: {B3A55724-0EC6-411D-B8F2-E01E626B5A87} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-14] (Adobe Systems Incorporated) Task: {C913BE21-4182-4CEC-84EA-A1B2A17A7119} - System32\Tasks\SuperbGameBoost => C:\Program Files (x86)\SuperBoost\Superb Game Boost\SuperbGameBoostMain.exe [2016-11-28] (SuperBoost Software) Task: {D05852DA-B97A-437B-9415-A1B0566832E1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-11-08] (Piriform Ltd) Task: {D20B0ECA-2D1D-49F7-9060-4012D90CD6A3} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-08-17] (NVIDIA Corporation) Task: {D7706776-8610-479A-8FAD-B0A908C80119} - System32\Tasks\{8DFA961D-C189-41F7-82E5-231DE0E723A1} => C:\WINDOWS\system32\pcalua.exe -a D:\setup.exe -d D:\ Task: {DD1E5FC3-FBEA-42A7-A38A-5618904CE470} - System32\Tasks\WindowsMediaSharing => C:\windows\wndsvr.exe Task: {E1C3D66F-BB91-41A3-AB9B-B1CF030E69C4} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-08-17] (NVIDIA Corporation) Task: {E953EA30-E0E7-472E-879D-C7F77BF29B86} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-11-25] (Microsoft Corporation) Task: {EAE73CB3-46B5-4565-9756-03ACCD362375} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-08-17] (NVIDIA Corporation) Task: {F2592FCC-F500-435E-9556-3B83E430EB49} - System32\Tasks\IObitSelfCheckTask => C:\Program Files (x86)\IObit\Smart Defrag\IObitSelfCheck.exe [2016-10-18] (IObit) Task: {F8261426-AB14-404C-8742-1A08CEF622B5} - \ASC10_PerformanceMonitor -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Shauna.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Shauna\Favorites\Acer\Acer.lnk -> hxxp://www.acer.com ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 03:42 - 2016-07-16 03:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2017-09-15 18:14 - 2017-09-15 18:14 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2017-02-10 16:52 - 2016-12-29 05:16 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2016-11-25 22:23 - 2017-08-17 20:36 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll 2017-02-23 07:29 - 2017-02-23 07:29 - 008909512 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2016-11-20 10:11 - 2016-11-20 10:11 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2017-03-14 20:22 - 2017-03-03 22:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2015-10-13 22:47 - 2015-10-13 22:47 - 000415128 _____ () C:\WINDOWS\system32\igfxTray.exe 2017-03-14 20:20 - 2017-03-03 22:12 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-03-14 20:20 - 2017-03-03 22:05 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-03-14 20:20 - 2017-03-03 22:05 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2017-10-30 23:58 - 2017-10-30 23:58 - 001033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2017-10-30 23:58 - 2017-10-30 23:58 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2017-10-30 23:58 - 2017-10-30 23:58 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2017-08-22 15:22 - 2017-08-22 15:23 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2017-08-22 15:22 - 2017-08-22 15:23 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2017-08-22 15:22 - 2017-08-22 15:23 - 036162048 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2017-08-22 15:22 - 2017-08-22 15:23 - 002237952 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\skypert.dll 2017-12-02 23:05 - 2017-11-01 08:55 - 002299344 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2017-12-02 23:05 - 2017-11-01 08:54 - 002358736 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2017-11-13 16:55 - 2017-11-10 01:57 - 004135768 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libglesv2.dll 2017-11-13 16:55 - 2017-11-10 01:57 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libegl.dll 2015-10-24 11:57 - 2015-01-09 17:46 - 000517408 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\sqlite3.dll 2015-10-24 12:09 - 2014-10-16 09:26 - 000622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll 2012-12-20 22:12 - 2012-12-20 22:12 - 000275840 _____ () C:\WINDOWS\SYSTEM32\WinTab32.DLL 2017-08-23 23:36 - 2016-08-18 17:43 - 000442144 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madExcept_.bpl 2017-08-23 23:36 - 2016-08-18 17:43 - 000210720 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madBasic_.bpl 2017-08-23 23:36 - 2016-08-18 17:43 - 000059680 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madDisAsm_.bpl 2017-08-23 23:36 - 2016-11-01 09:11 - 000078624 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\GetProcessDLL.dll 2017-04-06 11:01 - 2016-01-11 16:03 - 000899872 _____ () C:\Program Files (x86)\IObit\Smart Defrag\webres.dll 2017-04-06 11:00 - 2016-01-11 16:02 - 000630048 _____ () C:\Program Files (x86)\IObit\Smart Defrag\ProductStatistics.dll 2016-12-18 22:07 - 2016-08-16 14:53 - 000796480 _____ () C:\Program Files (x86)\SuperBoost\Superb Game Boost\GA_IG.dll 2016-12-18 22:07 - 2016-01-29 18:03 - 000337216 _____ () C:\Program Files (x86)\SuperBoost\Superb Game Boost\taskMgr.dll 2016-12-18 22:07 - 2016-02-02 09:53 - 000629056 _____ () C:\Program Files (x86)\SuperBoost\Superb Game Boost\SgbStatistics.dll 2016-12-18 22:07 - 2016-08-16 09:20 - 000510272 _____ () C:\Program Files (x86)\SuperBoost\Superb Game Boost\GA_ID.dll 2016-12-18 22:07 - 2016-01-29 15:21 - 000276800 _____ () C:\Program Files (x86)\SuperBoost\Superb Game Boost\D3DX8Wrapper.dll 2016-12-18 22:07 - 2016-08-16 09:20 - 000286016 _____ () c:\program files (x86)\superboost\superb game boost\GA_CheackDx.dll 2017-01-04 20:41 - 2016-06-21 19:30 - 000442144 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl 2017-01-04 20:41 - 2016-06-21 19:29 - 000210720 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl 2017-01-04 20:41 - 2016-06-21 19:29 - 000059680 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl 2017-01-04 20:41 - 2015-12-28 13:50 - 000899872 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\webres.dll 2017-01-04 20:41 - 2016-09-26 13:59 - 000631072 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll 2017-08-23 23:36 - 2015-12-28 12:50 - 000899872 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\webres.dll 2017-08-23 23:36 - 2017-05-17 12:45 - 000631584 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStatistics.dll 2015-10-24 11:57 - 2015-03-27 14:39 - 000182080 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\unrar.dll 2015-10-24 11:57 - 2015-01-09 17:46 - 000145184 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\zlibwapi.dll 2015-10-24 12:09 - 2014-10-16 09:26 - 000622880 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\ProductStatistics.dll 2017-08-23 23:36 - 2017-07-24 14:34 - 001364256 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\Scan.dll 2017-02-23 07:29 - 2017-02-23 07:29 - 008909512 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [127] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\0411dd.com -> 0411dd.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\0511zfhl.com -> 0511zfhl.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\0632qyw.com -> 0632qyw.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\1001movie.com -> 1001movie.com There are 6127 more sites. IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\0411dd.com -> 0411dd.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\0511zfhl.com -> 0511zfhl.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\0632qyw.com -> 0632qyw.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\1001movie.com -> 1001movie.com There are 6127 more sites. IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\0411dd.com -> 0411dd.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\0511zfhl.com -> 0511zfhl.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\0632qyw.com -> 0632qyw.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\1001movie.com -> 1001movie.com There are 6127 more sites. ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-07-24 20:07 - 2015-07-24 20:05 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3102671110-3783085175-2543185073-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131096\Control Panel\Desktop\\Wallpaper -> HKU\S-1-5-21-3102671110-3783085175-2543185073-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136857\Control Panel\Desktop\\Wallpaper -> HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\Control Panel\Desktop\\Wallpaper -> C:\Program Files (x86)\Little Nightmares\Little Nightmares Wallpaper\LittleNightmares_Wallpaper02_2560x1440.jpg HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\Control Panel\Desktop\\Wallpaper -> C:\Program Files (x86)\Little Nightmares\Little Nightmares Wallpaper\LittleNightmares_Wallpaper02_2560x1440.jpg HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\Control Panel\Desktop\\Wallpaper -> C:\Program Files (x86)\Little Nightmares\Little Nightmares Wallpaper\LittleNightmares_Wallpaper02_2560x1440.jpg HKU\S-1-5-21-3102671110-3783085175-2543185073-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131997\Control Panel\Desktop\\Wallpaper -> C:\Users\lando\Downloads\alice_madness_returns_cheshire_cat-wallpaper-1600x900.jpg HKU\S-1-5-21-3102671110-3783085175-2543185073-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234137809\Control Panel\Desktop\\Wallpaper -> C:\Users\lando\Downloads\alice_madness_returns_cheshire_cat-wallpaper-1600x900.jpg HKU\S-1-5-21-3102671110-3783085175-2543185073-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234132243\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg HKU\S-1-5-21-3102671110-3783085175-2543185073-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234138078\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\Run: => "AvastUI.exe" HKLM\...\StartupApproved\Run32: => "APSDaemon" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\StartupApproved\Run: => "MyComGames" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\StartupApproved\Run: => "Google Update" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\StartupApproved\Run: => "DesktopCal" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\StartupApproved\Run: => "MyComGames" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\StartupApproved\Run: => "Google Update" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\StartupApproved\Run: => "DesktopCal" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\StartupApproved\Run: => "MyComGames" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\StartupApproved\Run: => "Google Update" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\StartupApproved\Run: => "DesktopCal" HKU\S-1-5-21-3102671110-3783085175-2543185073-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131997\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-3102671110-3783085175-2543185073-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234137809\...\StartupApproved\Run: => "OneDrive" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [UDP Query User{53B509F3-6B23-4E25-8272-B24C4D64D4E1}C:\users\shauna\desktop\games\hello neighbor\helloneighbor\helloneighbour\binaries\win64\helloneighbour-win64-shipping.exe] => (Block) C:\users\shauna\desktop\games\hello neighbor\helloneighbor\helloneighbour\binaries\win64\helloneighbour-win64-shipping.exe FirewallRules: [TCP Query User{393D0224-4406-4141-8ED5-D5341FD3CDB3}C:\users\shauna\desktop\games\hello neighbor\helloneighbor\helloneighbour\binaries\win64\helloneighbour-win64-shipping.exe] => (Block) C:\users\shauna\desktop\games\hello neighbor\helloneighbor\helloneighbour\binaries\win64\helloneighbour-win64-shipping.exe FirewallRules: [{526D571E-A5A2-4880-9DC6-2FBEF7EB99C6}] => (Allow) C:\Users\Shauna\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{A4B96E29-5800-4CDB-B177-93723212D8EA}] => (Allow) C:\Users\Shauna\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{467473A4-65D8-4D8F-A793-D6F61CDA860D}] => (Allow) C:\Users\Shauna\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{23C110DF-ABF7-4BB8-A1C6-E9A45CAF3D7D}] => (Allow) C:\Users\Shauna\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{4EBAAF10-409B-4BAE-892E-CDB4E65A06EC}] => (Allow) C:\Users\Shauna\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{E71A79FE-0243-473B-B458-F5362812E75B}] => (Allow) C:\Users\Shauna\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{F1D1046C-2AE4-4358-A67E-42D52F8E0E6F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RESIDENT EVIL REVELATIONS 2\rerev2.exe FirewallRules: [{7AB13CCB-5CD1-40BB-94F4-EF93E78F4FBC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RESIDENT EVIL REVELATIONS 2\rerev2.exe FirewallRules: [UDP Query User{BCB3EDAD-2992-4F71-AD92-DDB4E02B8F83}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [TCP Query User{75DB9FDF-CD3B-4D89-8EC3-5ACB0258C03D}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [{97B67474-B2EE-4512-8FE3-31FF65EF1239}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe FirewallRules: [UDP Query User{A9609216-E4C0-4765-9913-078D77615012}C:\program files (x86)\ea games\american mcgee's alice\alice.exe] => (Block) C:\program files (x86)\ea games\american mcgee's alice\alice.exe FirewallRules: [TCP Query User{EBC79678-B6D0-427D-8155-BAFCAA08ADEF}C:\program files (x86)\ea games\american mcgee's alice\alice.exe] => (Block) C:\program files (x86)\ea games\american mcgee's alice\alice.exe FirewallRules: [{6E7E7F70-84A5-4604-A483-7E245F34DD6E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{C9B1DA6C-3D83-41C8-B80C-CD367A529A6B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{E745E0D8-C450-4A49-A8E1-42B5786887A2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe FirewallRules: [{B242C698-FD00-4267-AEC3-1F3FEF1D6840}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe FirewallRules: [{3F8750B5-BC88-4D23-966B-1354A12CEC61}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe FirewallRules: [{37DA79D0-6217-45AA-A864-A642F85666D4}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe FirewallRules: [UDP Query User{8937A2B4-6ED6-499A-8709-997352628BE5}C:\users\shauna\desktop\games\terrariaserver.exe] => (Allow) C:\users\shauna\desktop\games\terrariaserver.exe FirewallRules: [TCP Query User{C5A69E2D-1698-4DB7-8932-78EFB95A6054}C:\users\shauna\desktop\games\terrariaserver.exe] => (Allow) C:\users\shauna\desktop\games\terrariaserver.exe FirewallRules: [UDP Query User{4F27BAB4-E03C-49B8-A627-3BEC9BC54CFD}C:\program files (x86)\electronic arts\alice madness returns - the complete collection\game\alice2\binaries\win32\alicemadnessreturns.exe] => (Block) C:\program files (x86)\electronic arts\alice madness returns - the complete collection\game\alice2\binaries\win32\alicemadnessreturns.exe FirewallRules: [TCP Query User{56266D1B-C42A-417B-A006-E976B6814960}C:\program files (x86)\electronic arts\alice madness returns - the complete collection\game\alice2\binaries\win32\alicemadnessreturns.exe] => (Block) C:\program files (x86)\electronic arts\alice madness returns - the complete collection\game\alice2\binaries\win32\alicemadnessreturns.exe FirewallRules: [{B7AF1FC3-84F6-45DF-AE83-B311A261BC07}] => (Allow) LPort=1900 FirewallRules: [{62EC681B-FEEB-411E-A684-352F227D2FA4}] => (Allow) LPort=2869 FirewallRules: [{EA9E65EE-154C-4559-9920-70BB35730154}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [UDP Query User{5586C496-ED98-4ED5-93CE-42B46E6C66AB}C:\users\shauna\downloads\tshock-4.3.8-rel (1)\terrariaserver.exe] => (Allow) C:\users\shauna\downloads\tshock-4.3.8-rel (1)\terrariaserver.exe FirewallRules: [TCP Query User{C04B199A-1EB4-41F7-82CC-16C98551BFB9}C:\users\shauna\downloads\tshock-4.3.8-rel (1)\terrariaserver.exe] => (Allow) C:\users\shauna\downloads\tshock-4.3.8-rel (1)\terrariaserver.exe FirewallRules: [{679CE7D9-B82C-43EB-855F-29BC354CA4D6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{573B97A3-C7A3-4BB8-8D70-438FE6766A1C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{9A730924-74BD-498B-B05E-97FC9BA20016}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{842CFDA5-6548-4CD8-B890-863AFAFE759B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [TCP Query User{6D378934-B304-4425-95E3-F20F1585873B}C:\users\shauna\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\shauna\appdata\local\mycomgames\mycomgames.exe FirewallRules: [UDP Query User{C1A68DC5-CD50-45B1-BDAA-35E2F1823F64}C:\users\shauna\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\shauna\appdata\local\mycomgames\mycomgames.exe FirewallRules: [{04B76664-230C-4732-9191-4A9677204ACD}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{73B69AF3-5932-4A11-9BA1-B3E982E71B8C}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{5B5D7426-0F36-45FC-B47F-83FDEADB8F64}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{475B82FA-D4D6-4794-BCA0-EC118AF78E57}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{22EA59C9-656F-4479-B5D4-C0260A10372C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{A2BB3EC1-0C84-452D-AE17-C66B0F9E6535}] => (Allow) LPort=1689 FirewallRules: [{1635646B-5A0C-4404-B489-A6ED8AFD2212}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe FirewallRules: [{E011C5A8-E199-47BF-B78A-B1B5C0653170}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe FirewallRules: [TCP Query User{1B3335CE-4E5D-439C-B7DC-EEB76C106A28}C:\users\shauna\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\shauna\appdata\local\google\chrome sxs\application\chrome.exe FirewallRules: [UDP Query User{DFD62ACD-A3FF-4E12-82A1-6480828C1960}C:\users\shauna\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\shauna\appdata\local\google\chrome sxs\application\chrome.exe FirewallRules: [{C8B9BBCB-051E-4795-8DF8-DBB12D6155A1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{DE259962-AB59-4EF7-B5FC-CFC6016A5A51}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{B63074FC-C5D2-483A-B0F9-2461BAE317FF}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Free Audio Recorder\Apowersoft Free Audio Recorder.exe FirewallRules: [{E008C583-68FD-4FAF-B4C7-AC5A06FB41D3}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Free Audio Recorder\Apowersoft Free Audio Recorder.exe FirewallRules: [TCP Query User{4D663066-0A0F-4034-BDE5-ED305F08A6D3}C:\users\shauna\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\shauna\appdata\local\google\chrome sxs\application\chrome.exe FirewallRules: [UDP Query User{2C89FC18-54ED-45D4-BA96-B895B302F400}C:\users\shauna\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\shauna\appdata\local\google\chrome sxs\application\chrome.exe FirewallRules: [TCP Query User{0C19D64E-9D25-4676-8615-539E47329FE1}C:\program files (x86)\ea games\american mcgee's alice\alice.exe] => (Allow) C:\program files (x86)\ea games\american mcgee's alice\alice.exe FirewallRules: [UDP Query User{E61EAD72-1B0D-4274-9D53-830A7785862D}C:\program files (x86)\ea games\american mcgee's alice\alice.exe] => (Allow) C:\program files (x86)\ea games\american mcgee's alice\alice.exe FirewallRules: [{67FE6D2C-4BBA-4512-A7D8-AD79B8285B6B}] => (Allow) C:\Program Files (x86)\MouseRecorder\MouseRecorder.exe FirewallRules: [TCP Query User{75401DA7-F5AB-452E-946A-A4063334647B}C:\users\lando\desktop\new folder\terrariaserver.exe] => (Allow) C:\users\lando\desktop\new folder\terrariaserver.exe FirewallRules: [UDP Query User{4B8491CA-91F2-4403-97FD-AD5BB85BFE66}C:\users\lando\desktop\new folder\terrariaserver.exe] => (Allow) C:\users\lando\desktop\new folder\terrariaserver.exe FirewallRules: [{149A4F99-460D-48A3-9D17-D59F0E860144}] => (Allow) C:\Program Files (x86)\Little Nightmares\Atlas\Binaries\Win64\LittleNightmares.exe FirewallRules: [{9FA5DD3D-ABA7-45EF-8959-94D168A2B105}] => (Allow) C:\Program Files (x86)\Little Nightmares\Atlas\Binaries\Win64\LittleNightmares.exe FirewallRules: [{08AE0CD4-B612-4B4D-A4A5-24FD1C36779F}] => (Allow) C:\Program Files (x86)\Little Nightmares\Atlas\Binaries\Win64\LittleNightmares.exe FirewallRules: [{89A6A241-7CEE-4660-A21F-A34A4A554CE3}] => (Allow) C:\Program Files (x86)\Little Nightmares\Atlas\Binaries\Win64\LittleNightmares.exe FirewallRules: [{7E5592B6-9185-4C4F-A28A-6D6664B2ADEA}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{744CDC8A-DA77-482A-8B15-B04222D21314}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{19AAB0A8-2799-455B-9C55-A28881078979}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{5D7A81E9-6848-4413-BE42-1552D5738EC6}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{95C210F2-858D-41AD-9305-7E183B85C842}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe FirewallRules: [{28EF7731-1315-45C5-84C0-BA915B603BD7}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe FirewallRules: [{27CBB826-7104-4124-8E9E-D56360DCBD82}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe FirewallRules: [{414C1AF1-84A9-4578-82E9-269059388C63}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe FirewallRules: [{0F248277-23AF-4844-926B-0B0ECF06004F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{1396CAD5-DC8E-4CBC-A977-08EE2FB40CF3}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{812F16E8-3C08-4B1D-8320-B711DD1178F4}] => (Allow) C:\Program Files (x86)\Funcom\Secret World Legends\ClientPatcher.exe FirewallRules: [{EBA74C0E-E4AF-44D2-8E40-332272A77FA6}] => (Allow) C:\Program Files (x86)\Funcom\Secret World Legends\ClientPatcher.exe FirewallRules: [{8DB80544-B9D6-4650-8B92-0ACC1B739CF1}] => (Allow) C:\Program Files (x86)\Funcom\The Secret World\ClientPatcher.exe FirewallRules: [{3CF66E2A-F957-4515-8E36-40BEF1B9CB5D}] => (Allow) C:\Program Files (x86)\Funcom\The Secret World\ClientPatcher.exe FirewallRules: [{90DCE0B9-F6F4-4CDF-B6D6-526FDEDAD39C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe FirewallRules: [{E9265E6D-AA8C-4F37-BBB8-ADB35C11B57D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe FirewallRules: [{DB5C347C-C71F-4C53-9FE9-AEF62D6D2034}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe FirewallRules: [{62BA7C52-F80D-423C-9489-37D9656255BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe FirewallRules: [{CC50C14A-410E-4DC7-B6F7-390FC2E6D372}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe FirewallRules: [{07AD4742-2481-48AF-A729-5CEA53832D29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe FirewallRules: [{11184E52-CC1A-4186-855A-138D4C49B8EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe FirewallRules: [{30CF326C-4C8D-42BE-80BE-B207510FB190}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe FirewallRules: [{358A9934-7533-41D6-923A-B12E032A1591}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe FirewallRules: [{A57BCB1F-F2D9-4F27-B22A-541C261263E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe FirewallRules: [{C191B6D2-37D2-413A-8FC2-C46DF5C6D99E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base 2007\hl2.exe FirewallRules: [{C4A87100-78E4-4564-8F9D-EE4F608FD345}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base 2007\hl2.exe FirewallRules: [{E01405EF-421D-45C6-BC9D-D5A0ED90F4D6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 01-12-2017 19:10:08 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (12/02/2017 11:24:45 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (12/02/2017 11:24:42 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (12/02/2017 11:23:33 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (12/02/2017 11:23:31 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (12/02/2017 11:22:32 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (12/02/2017 11:22:31 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (12/02/2017 11:10:40 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (12/02/2017 11:10:38 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (12/02/2017 11:06:05 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (12/02/2017 11:05:39 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) System errors: ============= Error: (12/03/2017 12:01:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (12/03/2017 12:01:44 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Shauna\AppData\Local\Temp\ehdrv.sys Error: (12/03/2017 12:01:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (12/03/2017 12:01:43 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Shauna\AppData\Local\Temp\ehdrv.sys Error: (12/03/2017 12:01:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (12/03/2017 12:01:43 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Shauna\AppData\Local\Temp\ehdrv.sys Error: (12/03/2017 12:01:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (12/03/2017 12:01:43 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Shauna\AppData\Local\Temp\ehdrv.sys Error: (12/03/2017 12:01:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (12/03/2017 12:01:42 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Shauna\AppData\Local\Temp\ehdrv.sys CodeIntegrity: =================================== Date: 2017-12-02 23:04:17.647 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements. Date: 2017-11-30 22:08:49.896 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\DriverStore\FileRepository\nvacwu.inf_amd64_bdd6ea477d4e2fba\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-11-30 22:08:49.471 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-11-27 22:17:40.812 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\DriverStore\FileRepository\nvacwu.inf_amd64_bdd6ea477d4e2fba\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-11-27 22:17:40.292 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-11-27 17:06:31.783 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\DriverStore\FileRepository\nvacwu.inf_amd64_bdd6ea477d4e2fba\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-11-27 17:06:30.211 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-11-22 22:21:52.322 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\DriverStore\FileRepository\nvacwu.inf_amd64_bdd6ea477d4e2fba\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-11-22 22:21:52.006 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-11-21 11:15:34.356 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\DriverStore\FileRepository\nvacwu.inf_amd64_bdd6ea477d4e2fba\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-4702MQ CPU @ 2.20GHz Percentage of memory in use: 71% Total physical RAM: 8072.27 MB Available physical RAM: 2282.91 MB Total Virtual: 16264.27 MB Available Virtual: 9018.4 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:912.35 GB) (Free:438.96 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D033E306) Partition: GPT. ==================== End of Addition.txt ============================ Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-11-2017 Ran by Shauna (administrator) on THEGRAIL2NDGEN (03-12-2017 00:18:04) Running from C:\Users\Shauna\Downloads Loaded Profiles: Shauna & (Available Profiles: UpdatusUser & Shauna & lando & Administrator) Platform: Windows 10 Pro Version 1607 14393.1884 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (Intel Corporation) C:\WINDOWS\System32\igfxCUIService.exe (IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (SuperBoost Software) C:\Program Files (x86)\SuperBoost\SuperBoost Software Updater\SuperBoostUpdater.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Tablet Driver) C:\WINDOWS\System32\drivers\WTSrv.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe (IObit) C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (SuperBoost Software) C:\Program Files (x86)\SuperBoost\Superb Game Boost\SuperbGameBoostMain.exe (IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe (Intel Corporation) C:\WINDOWS\System32\igfxEM.exe (Intel Corporation) C:\WINDOWS\System32\igfxHK.exe () C:\WINDOWS\System32\igfxTray.exe (Intel Corporation) C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe (IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Microsoft Corporation) C:\WINDOWS\System32\InstallAgent.exe (Microsoft Corporation) C:\WINDOWS\System32\InstallAgentUserBroker.exe (Microsoft Corporation) C:\WINDOWS\SysWOW64\dllhost.exe (Google Inc.) C:\Users\Shauna\AppData\Local\Google\Update\1.3.33.7\GoogleCrashHandler.exe (Google Inc.) C:\Users\Shauna\AppData\Local\Google\Update\1.3.33.7\GoogleCrashHandler64.exe (Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation) C:\WINDOWS\System32\browser_broker.exe (Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\WINDOWS\System32\smartscreen.exe (Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\WINDOWS\System32\perfmon.exe (ESET spol. s r.o.) C:\Users\Shauna\Downloads\esetonlinescanner_enu (2).exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16696832 2016-11-18] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1467400 2016-11-18] (Realtek Semiconductor) HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-04] (Synaptics Incorporated) HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-27] (Microsoft Corporation) HKLM\...\Run: [WindowsRM] => C:\Windows\Temp\winrm.exe <==== ATTENTION HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5889824 2015-07-28] (IObit) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.) HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION HKU\S-1-5-21-3102671110-3783085175-2543185073-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131096\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation) HKU\S-1-5-21-3102671110-3783085175-2543185073-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136857\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation) HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\Run: [Google Update] => C:\Users\Shauna\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-14] (Google Inc.) HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\Run: [DesktopCal] => C:\Users\Shauna\AppData\Roaming\DesktopCal\desktopcal.exe [282624 2015-04-13] (DesktopCal, Inc.) HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\MountPoints2: {14331128-dc31-11e5-9ce5-3c77e65cf768} - "E:\setup.exe" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\MountPoints2: {8d2a646e-0459-11e7-9e12-3c77e65cf768} - "G:\LaunchU3.exe" -a HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\MountPoints2: {c3e24010-1b00-11e5-be8e-54bef75dced3} - "F:\setup.exe" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [806400 2016-07-16] (Microsoft Corporation) HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\Run: [Google Update] => C:\Users\Shauna\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-14] (Google Inc.) HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\Run: [DesktopCal] => C:\Users\Shauna\AppData\Roaming\DesktopCal\desktopcal.exe [282624 2015-04-13] (DesktopCal, Inc.) HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\MountPoints2: {14331128-dc31-11e5-9ce5-3c77e65cf768} - "E:\setup.exe" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\MountPoints2: {8d2a646e-0459-11e7-9e12-3c77e65cf768} - "G:\LaunchU3.exe" -a HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\MountPoints2: {c3e24010-1b00-11e5-be8e-54bef75dced3} - "F:\setup.exe" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [806400 2016-07-16] (Microsoft Corporation) HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\Run: [Google Update] => C:\Users\Shauna\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-14] (Google Inc.) HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\Run: [DesktopCal] => C:\Users\Shauna\AppData\Roaming\DesktopCal\desktopcal.exe [282624 2015-04-13] (DesktopCal, Inc.) HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\MountPoints2: {14331128-dc31-11e5-9ce5-3c77e65cf768} - "E:\setup.exe" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\MountPoints2: {8d2a646e-0459-11e7-9e12-3c77e65cf768} - "G:\LaunchU3.exe" -a HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\MountPoints2: {c3e24010-1b00-11e5-be8e-54bef75dced3} - "F:\setup.exe" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [806400 2016-07-16] (Microsoft Corporation) HKU\S-1-5-21-3102671110-3783085175-2543185073-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234132243\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation) HKU\S-1-5-21-3102671110-3783085175-2543185073-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234138078\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation) Startup: C:\Users\Shauna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2017-04-28] ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\Shauna\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook) BootExecute: RegistryDefragBootTime.exeautocheck autochk * SmartDefragBootTime.exe GroupPolicy: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{2ed2bed8-0660-49ee-a396-24b8975abb34}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12 Tcpip\..\Interfaces\{8c87d9e9-1414-43c7-b7b5-edcbae700435}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://rockmelt.com/?via=acer&mt=preload hxxps://www.google.com/ HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://rockmelt.com/?via=acer&mt=preload hxxps://www.google.com/ HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://rockmelt.com/?via=acer&mt=preload hxxps://www.google.com/ BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2016-05-23] (IObit) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-11-25] (Oracle Corporation) BHO-x32: Ads Removal -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} -> C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll [2014-06-11] (Adblock) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-25] (Oracle Corporation) FireFox: ======== FF DefaultProfile: FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2017-11-14] () FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-14] () FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-25] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-25] (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-17] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002: @my.com/Games -> C:\Users\Shauna\AppData\Local\MyComGames\NPMyComDetector.dll [2017-08-28] (MY.COM B.V.) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002: @nsroblox.roblox.com/launcher -> C:\Users\Shauna\AppData\Local\Roblox\Versions\version-aee78a51139946c2\\NPRobloxProxy.dll [2012-12-31] ( ROBLOX Corporation) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002: @nsroblox.roblox.com/launcher64 -> C:\Users\Shauna\AppData\Local\Roblox\Versions\version-aee78a51139946c2\\NPRobloxProxy64.dll [2012-12-31] ( ROBLOX Corporation) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Shauna\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Shauna\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Shauna\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-03-10] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205: @my.com/Games -> C:\Users\Shauna\AppData\Local\MyComGames\NPMyComDetector.dll [2017-08-28] (MY.COM B.V.) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205: @nsroblox.roblox.com/launcher -> C:\Users\Shauna\AppData\Local\Roblox\Versions\version-aee78a51139946c2\\NPRobloxProxy.dll [2012-12-31] ( ROBLOX Corporation) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205: @nsroblox.roblox.com/launcher64 -> C:\Users\Shauna\AppData\Local\Roblox\Versions\version-aee78a51139946c2\\NPRobloxProxy64.dll [2012-12-31] ( ROBLOX Corporation) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205: @tools.google.com/Google Update;version=3 -> C:\Users\Shauna\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205: @tools.google.com/Google Update;version=9 -> C:\Users\Shauna\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Shauna\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-03-10] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932: @my.com/Games -> C:\Users\Shauna\AppData\Local\MyComGames\NPMyComDetector.dll [2017-08-28] (MY.COM B.V.) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932: @nsroblox.roblox.com/launcher -> C:\Users\Shauna\AppData\Local\Roblox\Versions\version-aee78a51139946c2\\NPRobloxProxy.dll [2012-12-31] ( ROBLOX Corporation) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932: @nsroblox.roblox.com/launcher64 -> C:\Users\Shauna\AppData\Local\Roblox\Versions\version-aee78a51139946c2\\NPRobloxProxy64.dll [2012-12-31] ( ROBLOX Corporation) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932: @tools.google.com/Google Update;version=3 -> C:\Users\Shauna\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932: @tools.google.com/Google Update;version=9 -> C:\Users\Shauna\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Shauna\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-03-10] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131997: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\lando\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-07-14] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234137809: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\lando\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-07-14] (Unity Technologies ApS) Chrome: ======= CHR HomePage: Default -> hxxp://www.opportunityvillage.org/pages/halloveen CHR StartupUrls: Default -> "hxxps://www.google.com/" CHR Session Restore: Default -> is enabled. CHR Profile: C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\Default [2017-12-03] CHR Extension: (Slides) - C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12] CHR Extension: (Docs) - C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12] CHR Extension: (Google Drive) - C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-24] CHR Extension: (YouTube) - C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-24] CHR Extension: (Adblock Plus) - C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-09-26] CHR Extension: (Google Search) - C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-04] CHR Extension: (Slither.io Mods, Zoom, Unlock Skins, Bots) - C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogeabecipmckmihpmkgjbghbffcebcf [2017-09-07] CHR Extension: (Sheets) - C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12] CHR Extension: (Google Docs Offline) - C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-27] CHR Extension: (Chrome Web Store Payments) - C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21] CHR Extension: (Gmail) - C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-24] CHR Extension: (Chrome Media Router) - C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433688 2016-01-07] (BlueStack Systems, Inc.) S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413208 2016-01-07] (BlueStack Systems, Inc.) S3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [859672 2016-01-07] (BlueStack Systems, Inc.) S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1369464 2016-01-15] (Disc Soft Ltd) R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [370064 2015-10-13] (Intel Corporation) R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [882464 2015-07-17] (IObit) S3 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [360736 2016-10-28] (IObit) R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2960160 2016-04-22] (IObit) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes) R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-08-17] (NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-08-17] (NVIDIA Corporation) R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-08-09] (NVIDIA Corporation) R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-08-17] (NVIDIA Corporation) S3 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187824 2016-04-18] () S3 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [132864 2016-04-29] (Razer Inc.) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2017-09-15] (Microsoft Corporation) R2 sgbupt; C:\Program Files (x86)\SuperBoost\SuperBoost Software Updater\SuperBoostUpdater.exe [2600256 2016-10-21] (SuperBoost Software) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [249032 2015-06-04] (Synaptics Incorporated) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103704 2017-11-25] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4316456 2016-11-18] (Qualcomm Atheros Communications, Inc.) S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [154680 2016-01-07] (BlueStack Systems) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.) R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-02-26] (Disc Soft Ltd) S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-02-26] (Disc Soft Ltd) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2017-11-01] () R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2015-03-25] (IObit) S3 Hamachi; C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [45680 2017-05-22] (LogMeIn Inc.) R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-11-18] (REALiX(tm)) S4 IObitUnlocker; C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [66824 2017-06-15] (IObit) S3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21360 2013-01-09] (Acer Incorporated) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193464 2017-12-02] (Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2017-12-02] (Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2017-12-02] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2017-12-02] (Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-12-02] (Malwarebytes) R1 MpKsl272aac17; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A5BEDF92-59F2-475D-9D5D-E7686BD5D55C}\MpKsl272aac17.sys [58120 2017-11-26] (Microsoft Corporation) R1 MpKsl69a0050d; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A5BEDF92-59F2-475D-9D5D-E7686BD5D55C}\MpKsl69a0050d.sys [58120 2017-11-30] (Microsoft Corporation) R1 MpKsl82853fd0; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A5BEDF92-59F2-475D-9D5D-E7686BD5D55C}\MpKsl82853fd0.sys [58120 2017-11-26] (Microsoft Corporation) R1 MpKsl876f31ec; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A5BEDF92-59F2-475D-9D5D-E7686BD5D55C}\MpKsl876f31ec.sys [58120 2017-11-27] (Microsoft Corporation) R1 MpKsl9858aa96; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A5BEDF92-59F2-475D-9D5D-E7686BD5D55C}\MpKsl9858aa96.sys [58120 2017-11-26] (Microsoft Corporation) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvacwu.inf_amd64_bdd6ea477d4e2fba\nvlddmkm.sys [14190520 2017-01-17] (NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-08-17] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-08-17] (NVIDIA Corporation) R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-06-20] (NVIDIA Corporation) S3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [15704 2013-01-09] (Acer Incorporated) R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2015-03-25] (IObit.com) R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [44144 2016-03-10] (Razer, Inc.) R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [137840 2016-04-17] (Razer, Inc.) R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [21360 2016-03-22] (IObit) R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2016-02-17] (Synaptics Incorporated) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.) R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2015-03-25] (IObit.com) S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) R2 WinisoCDBus; C:\WINDOWS\System32\drivers\WinisoCDBus.sys [204032 2016-10-20] (WinISO.com) S3 xhunter1; C:\WINDOWS\xhunter1.sys [36832 2017-01-16] (Wellbia.com Co., Ltd.) S3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-12-03 00:04 - 2017-12-03 00:17 - 000079020 _____ C:\Users\Shauna\Downloads\Addition.txt 2017-12-02 23:59 - 2017-12-03 00:00 - 006968952 _____ (ESET spol. s r.o.) C:\Users\Shauna\Downloads\esetonlinescanner_enu (2).exe 2017-12-02 23:59 - 2017-12-02 23:59 - 006968952 _____ (ESET spol. s r.o.) C:\Users\Shauna\Downloads\esetonlinescanner_enu (3).exe 2017-12-02 23:45 - 2017-12-03 00:19 - 000030363 _____ C:\Users\Shauna\Downloads\FRST.txt 2017-12-02 23:44 - 2017-12-03 00:18 - 000000000 ____D C:\FRST 2017-12-02 23:44 - 2017-12-02 23:44 - 002391552 _____ (Farbar) C:\Users\Shauna\Downloads\FRST64.exe 2017-12-02 23:40 - 2017-12-02 23:40 - 000012316 _____ C:\Users\Shauna\Desktop\malware bytes.txt 2017-12-02 23:39 - 2017-12-02 23:39 - 006968952 _____ (ESET spol. s r.o.) C:\Users\Shauna\Downloads\esetonlinescanner_enu (1).exe 2017-12-02 23:39 - 2017-12-02 23:39 - 000000000 ____D C:\Users\Shauna\AppData\Local\ESET 2017-12-02 23:38 - 2017-12-02 23:38 - 006968952 _____ (ESET spol. s r.o.) C:\Users\Shauna\Downloads\esetonlinescanner_enu.exe 2017-12-02 23:09 - 2017-12-02 23:10 - 010848760 _____ (Piriform Ltd) C:\Users\Shauna\Downloads\ccsetup537pro (2).exe 2017-12-02 23:06 - 2017-12-02 23:06 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2017-12-02 23:05 - 2017-12-02 23:05 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2017-12-02 23:05 - 2017-12-02 23:05 - 000193464 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2017-12-02 23:05 - 2017-12-02 23:05 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2017-12-02 23:05 - 2017-12-02 23:05 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2017-12-02 23:05 - 2017-12-02 23:05 - 000001924 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-12-02 23:05 - 2017-12-02 23:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-12-02 23:05 - 2017-11-01 08:54 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys 2017-12-02 23:04 - 2017-12-02 23:04 - 000000000 ____D C:\ProgramData\MB3CoreBackup 2017-12-02 23:03 - 2017-12-02 23:03 - 000003938 _____ C:\WINDOWS\System32\Tasks\CCleaner Update 2017-12-02 23:03 - 2017-12-02 23:03 - 000002870 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2017-12-02 23:03 - 2017-12-02 23:03 - 000000869 _____ C:\Users\Public\Desktop\CCleaner.lnk 2017-12-02 23:03 - 2017-12-02 23:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2017-12-02 23:03 - 2017-12-02 23:03 - 000000000 ____D C:\Program Files\Malwarebytes 2017-12-02 23:03 - 2017-12-02 23:03 - 000000000 ____D C:\Program Files\CCleaner 2017-12-02 23:02 - 2017-12-02 23:03 - 078346672 _____ (Malwarebytes ) C:\Users\Shauna\Downloads\mb3-setup-consumer-3.3.1.2183.exe 2017-12-02 23:00 - 2017-12-02 23:01 - 010848760 _____ (Piriform Ltd) C:\Users\Shauna\Downloads\ccsetup537pro (1).exe 2017-12-02 23:00 - 2017-12-02 23:00 - 010848760 _____ (Piriform Ltd) C:\Users\Shauna\Downloads\ccsetup537pro.exe 2017-11-30 21:20 - 2017-11-30 21:20 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2017-11-27 18:59 - 2017-11-27 19:00 - 000001268 _____ C:\Users\lando\Desktop\Roblox Studio.lnk 2017-11-26 12:29 - 2017-11-26 12:29 - 000000000 ____D C:\Users\Shauna\Documents\Elysia 2017-11-26 12:14 - 2017-11-26 12:14 - 000000000 ____D C:\Users\Shauna\Desktop\family pictures 2017-11-26 12:13 - 2017-11-26 12:22 - 000000000 ____D C:\Users\Shauna\Desktop\zombie punch pictures 2017-11-26 12:12 - 2017-11-26 12:22 - 000000000 ____D C:\Users\Shauna\Desktop\rars 2017-11-26 12:12 - 2017-11-26 12:12 - 000002701 _____ C:\Users\Shauna\AppData\Local\recently-used.xbel 2017-11-26 11:35 - 2017-11-26 11:55 - 3684157086 _____ C:\Users\Shauna\Downloads\Elysia Online Setup.rar 2017-11-26 02:38 - 2017-11-26 02:45 - 112984064 _____ C:\WINDOWS\system32\config\SOFTWARE 2017-11-26 02:38 - 2017-11-26 02:45 - 000786432 _____ C:\WINDOWS\system32\config\DEFAULT 2017-11-26 02:38 - 2017-11-26 02:45 - 000032768 _____ C:\WINDOWS\system32\config\SECURITY 2017-11-26 02:38 - 2017-11-26 02:38 - 000045056 _____ C:\WINDOWS\system32\config\SAM 2017-11-25 23:53 - 2017-11-25 23:53 - 000231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll 2017-11-25 23:53 - 2017-11-25 23:53 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 023678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 022571008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 022220856 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 020967832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 019415040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 018365952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 013441536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 013107712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 012349440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 012205056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 009129984 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 008119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 007780184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 007626240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 006664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 006474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 006066176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 004749824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 004742144 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 004423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 003662848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 003616256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 003401216 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 002997760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 002641920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 002538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 002529120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 002321408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 002253656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 002187104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 002170712 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 002097664 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2017-11-25 23:48 - 2017-11-25 23:48 - 002032472 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 002028032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2017-11-25 23:48 - 2017-11-25 23:48 - 001988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 001984512 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 001817088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 001670488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 001600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 001578848 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 001518080 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 001478656 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 001470808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 001409880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 001373184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 001285120 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 001231360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 001181528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 001117016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 001102680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 001090912 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 001054040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 001010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000992088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000983904 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000965464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000947552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi 2017-11-25 23:48 - 2017-11-25 23:48 - 000909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000862208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000825688 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000813400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000811864 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000788624 _____ C:\WINDOWS\SysWOW64\locale.nls 2017-11-25 23:48 - 2017-11-25 23:48 - 000788624 _____ C:\WINDOWS\system32\locale.nls 2017-11-25 23:48 - 2017-11-25 23:48 - 000779776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000779608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000766808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000760320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000711168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000704344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000699224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000687968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000678752 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000658272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 000656896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000652344 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000647520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 000635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000635456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000626176 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPTpm12.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000613720 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000612192 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000581048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000569688 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000558424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 000551424 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000538112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPTpm12.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000513368 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000509784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000500576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 000485520 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000484184 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000484184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000482384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000455512 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000453632 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000412504 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000402264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 000399360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000392024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 000389120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000385856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000381792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS 2017-11-25 23:48 - 2017-11-25 23:48 - 000379232 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000341976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000304232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000299360 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinit.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000297984 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000297472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000269152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000259936 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000241496 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000241496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000223584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000206176 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000202584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamingUX.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000199000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 000190296 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000178008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE 2017-11-25 23:48 - 2017-11-25 23:48 - 000169304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\system32\regsvc.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE 2017-11-25 23:48 - 2017-11-25 23:48 - 000144728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000139096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 000124072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000120416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000097120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000089552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000082608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcd.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000082272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000076120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncAppvPublishingServer.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000069120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spbcd.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000067928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCredential.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceCredential.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000034648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mgmtapi.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mgmtapi.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll 2017-11-25 22:35 - 2017-11-25 22:35 - 000835568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2017-11-25 22:35 - 2017-11-25 22:35 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2017-11-25 05:22 - 2017-11-25 05:22 - 000000000 ____D C:\Program Files (x86)\AnonymizerGadget 2017-11-23 16:19 - 2017-11-23 16:19 - 000000074 _____ C:\Users\Shauna\Desktop\girl3.vmt 2017-11-23 16:06 - 2017-11-23 16:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VTFEdit 2017-11-23 16:06 - 2017-11-23 16:06 - 000000000 ____D C:\Program Files (x86)\VTFEdit 2017-11-22 13:53 - 2017-11-22 13:53 - 000000000 ____D C:\Users\Shauna\AppData\Roaming\AGData 2017-11-13 17:29 - 2017-11-13 17:29 - 000002428 _____ C:\Users\Shauna\Desktop\LittleNightmares Secrets of the Maw.lnk 2017-11-13 17:27 - 2017-11-13 17:27 - 000001088 _____ C:\Users\Shauna\Desktop\Secrets of the Maw.lnk 2017-11-13 17:27 - 2017-11-13 17:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secrets of the Maw 2017-11-13 17:22 - 2017-11-13 17:22 - 000003434 _____ C:\WINDOWS\System32\Tasks\WindowsMediaSharing 2017-11-13 16:42 - 2017-11-13 17:22 - 000000000 ____D C:\Users\Shauna\Downloads\Little Nightmares Secrets of The Maw-Ch1 2017-11-12 20:03 - 2017-12-02 23:53 - 000000000 ____D C:\Program Files (x86)\Steam 2017-11-12 20:03 - 2017-11-12 20:03 - 000001040 _____ C:\Users\Public\Desktop\Steam.lnk 2017-11-12 20:03 - 2017-11-12 20:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2017-11-12 19:15 - 2017-11-12 19:17 - 1075296456 _____ C:\Users\Shauna\Desktop\Starbound.rar 2017-11-12 18:24 - 2017-11-12 18:28 - 000000000 ____D C:\Users\Shauna\Desktop\Terraria 2017-11-12 18:23 - 2017-11-12 18:26 - 000000000 ____D C:\Users\Shauna\Desktop\Starbound 2017-11-12 12:20 - 2017-11-12 12:20 - 000001271 _____ C:\Users\Public\Desktop\IObit Unlocker.lnk 2017-11-12 12:20 - 2017-11-12 12:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Unlocker 2017-11-12 10:39 - 2017-11-12 10:40 - 000000000 ____D C:\Users\Shauna\Desktop\New folder 2017-11-05 20:28 - 2017-11-05 20:28 - 000002751 _____ C:\Users\lando\AppData\Local\recently-used.xbel 2017-11-05 20:27 - 2017-11-05 20:28 - 000000000 ____D C:\Users\lando\AppData\Local\gtk-2.0 ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-12-02 23:49 - 2017-01-25 20:42 - 000007594 _____ C:\Users\Shauna\AppData\Local\Resmon.ResmonCfg 2017-12-02 23:21 - 2017-01-13 22:22 - 000000000 ____D C:\Users\Shauna\AppData\Roaming\uTorrent 2017-12-02 23:20 - 2016-07-16 03:47 - 000000000 ____D C:\WINDOWS\AppReadiness 2017-12-02 23:13 - 2016-12-14 19:39 - 000000000 ____D C:\Users\Shauna\AppData\Local\CrashDumps 2017-12-02 23:05 - 2015-10-24 20:59 - 000000000 ____D C:\ProgramData\Malwarebytes 2017-12-02 22:48 - 2017-03-17 01:48 - 001863322 _____ C:\WINDOWS\system32\perfh011.dat 2017-12-02 22:48 - 2017-03-17 01:48 - 000487552 _____ C:\WINDOWS\system32\perfc011.dat 2017-12-02 22:48 - 2016-11-20 10:51 - 004750944 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-12-02 22:45 - 2016-11-20 10:41 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2017-12-02 12:25 - 2016-06-03 02:43 - 000000000 ____D C:\ProgramData\NVIDIA 2017-12-02 09:23 - 2015-10-24 12:09 - 000000000 ____D C:\ProgramData\ProductData 2017-12-02 05:59 - 2015-09-11 08:30 - 000002561 _____ C:\Users\Shauna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome Canary.lnk 2017-12-02 05:59 - 2015-09-11 08:30 - 000002552 _____ C:\Users\Shauna\Desktop\Google Chrome Canary.lnk 2017-12-02 03:27 - 2016-07-16 03:36 - 000000000 ____D C:\WINDOWS\CbsTemp 2017-12-02 01:03 - 2016-07-16 03:45 - 000000000 ____D C:\WINDOWS\INF 2017-12-01 20:41 - 2016-07-16 03:47 - 000000000 ____D C:\WINDOWS\rescache 2017-11-30 21:20 - 2015-07-24 20:47 - 000000000 __SHD C:\Users\Shauna\IntelGraphicsProfiles 2017-11-30 21:16 - 2016-11-20 10:41 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-11-28 19:32 - 2017-02-10 16:58 - 000000000 ____D C:\Users\Shauna 2017-11-27 22:38 - 2017-02-10 16:58 - 000000000 ____D C:\Users\lando 2017-11-27 19:00 - 2017-07-21 16:24 - 000001465 _____ C:\Users\lando\Desktop\roblox player.lnk 2017-11-27 19:00 - 2016-07-01 15:54 - 000001465 _____ C:\Users\lando\Desktop\ROBLOX Player - Copy.lnk 2017-11-27 19:00 - 2016-05-22 19:05 - 000000000 ____D C:\Users\lando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox 2017-11-27 18:59 - 2017-01-06 20:11 - 000000000 ____D C:\Users\lando\AppData\Local\CrashDumps 2017-11-27 18:58 - 2016-11-20 10:54 - 000000000 __RHD C:\Users\Public\AccountPictures 2017-11-27 18:58 - 2016-05-22 17:41 - 000000000 __SHD C:\Users\lando\IntelGraphicsProfiles 2017-11-26 16:43 - 2015-10-24 11:58 - 000000000 ____D C:\ProgramData\IObit 2017-11-26 15:39 - 2015-08-26 13:40 - 000000000 ____D C:\Users\Shauna\AppData\Local\ElevatedDiagnostics 2017-11-26 12:08 - 2014-07-02 22:36 - 000000000 ____D C:\Users\Shauna\.gimp-2.8 2017-11-26 02:47 - 2016-11-20 10:40 - 000484168 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-11-26 02:45 - 2016-07-15 22:04 - 002097152 _____ C:\WINDOWS\system32\config\BBI 2017-11-26 02:41 - 2016-07-16 03:47 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2017-11-26 02:41 - 2016-07-16 03:47 - 000000000 ___RD C:\Program Files\Windows Defender 2017-11-26 02:41 - 2016-07-16 03:47 - 000000000 ____D C:\WINDOWS\system32\oobe 2017-11-26 02:41 - 2016-07-16 03:47 - 000000000 ____D C:\WINDOWS\system32\appraiser 2017-11-26 02:41 - 2016-07-16 03:47 - 000000000 ____D C:\WINDOWS\ShellExperiences 2017-11-26 02:41 - 2016-07-16 03:47 - 000000000 ____D C:\Program Files (x86)\Windows Defender 2017-11-26 02:38 - 2017-03-20 21:16 - 112734208 _____ C:\WINDOWS\system32\config\SOFTWARE.iodefrag.bak 2017-11-26 02:38 - 2017-03-20 21:16 - 000569344 _____ C:\WINDOWS\system32\config\DEFAULT.iodefrag.bak 2017-11-26 02:38 - 2017-03-20 21:16 - 000045056 _____ C:\WINDOWS\system32\config\SAM.iodefrag.bak 2017-11-26 02:38 - 2017-03-20 21:16 - 000032768 _____ C:\WINDOWS\system32\config\SECURITY.iodefrag.bak 2017-11-23 15:58 - 2015-12-19 13:33 - 000000000 ____D C:\Users\Shauna\AppData\Local\gtk-2.0 2017-11-22 13:52 - 2015-09-27 21:47 - 000000000 ____D C:\ProgramData\Skype 2017-11-21 21:58 - 2016-07-16 03:47 - 000000000 ____D C:\WINDOWS\system32\NDF 2017-11-17 07:13 - 2017-02-10 17:24 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2017-11-17 07:13 - 2017-02-10 17:24 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2017-11-14 22:33 - 2017-02-10 17:24 - 000004386 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2017-11-14 22:33 - 2016-07-16 03:47 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2017-11-14 22:33 - 2016-07-16 03:47 - 000000000 ____D C:\WINDOWS\system32\Macromed 2017-11-14 21:37 - 2017-04-07 03:15 - 000003712 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3102671110-3783085175-2543185073-1002UA1d2af9041b0587e 2017-11-14 21:37 - 2017-04-07 03:15 - 000003444 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3102671110-3783085175-2543185073-1002Core1d2af9041990718 2017-11-13 17:23 - 2017-05-12 17:17 - 000000000 ____D C:\Program Files (x86)\Little Nightmares 2017-11-13 17:21 - 2017-05-13 14:28 - 000000000 ____D C:\Users\Shauna\AppData\LocalLow\uTorrent 2017-11-13 16:55 - 2016-03-04 17:20 - 000002278 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-11-12 19:40 - 2014-06-08 19:51 - 000000000 ____D C:\Users\Shauna\Desktop\games 2017-11-12 12:20 - 2015-10-24 11:57 - 000000000 ____D C:\Program Files (x86)\IObit 2017-11-12 09:34 - 2016-12-25 21:08 - 000000000 ____D C:\Users\Shauna\AppData\Roaming\.minecraft 2017-11-05 22:14 - 2017-04-09 11:38 - 000000000 ____D C:\Users\lando\.gimp-2.8 2017-11-05 20:27 - 2016-06-01 19:04 - 000000000 ____D C:\Users\lando\Documents\My games ==================== Files in the root of some directories ======= 2016-01-07 18:24 - 2016-01-07 18:22 - 000012005 _____ () C:\Users\Shauna\AppData\Roaming\alsoft.ini 2015-08-26 22:50 - 2015-08-26 22:50 - 000000000 ___SH () C:\Users\Shauna\AppData\Local\LumaEmu 2017-11-26 12:12 - 2017-11-26 12:12 - 000002701 _____ () C:\Users\Shauna\AppData\Local\recently-used.xbel 2017-01-25 20:42 - 2017-12-02 23:49 - 000007594 _____ () C:\Users\Shauna\AppData\Local\Resmon.ResmonCfg Some files in TEMP: ==================== 2017-04-18 18:07 - 2017-04-18 18:07 - 000739904 _____ (Oracle Corporation) C:\Users\lando\AppData\Local\Temp\jre-8u131-windows-au.exe 2017-03-02 19:29 - 2017-06-16 16:25 - 058684896 _____ (Skype Technologies S.A.) C:\Users\lando\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-12-02 21:59 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-11-2017 Ran by Shauna (03-12-2017 00:20:46) Running from C:\Users\Shauna\Downloads Windows 10 Pro Version 1607 14393.1884 (X64) (2017-02-11 01:41:28) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3102671110-3783085175-2543185073-500 - Administrator - Disabled) => C:\Users\Administrator DefaultAccount (S-1-5-21-3102671110-3783085175-2543185073-503 - Limited - Disabled) Guest (S-1-5-21-3102671110-3783085175-2543185073-501 - Limited - Disabled) lando (S-1-5-21-3102671110-3783085175-2543185073-1003 - Limited - Enabled) => C:\Users\lando Shauna (S-1-5-21-3102671110-3783085175-2543185073-1002 - Administrator - Enabled) => C:\Users\Shauna UpdatusUser (S-1-5-21-3102671110-3783085175-2543185073-1001 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\uTorrent) (Version: 3.5.0.44090 - BitTorrent Inc.) µTorrent (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\uTorrent) (Version: 3.5.0.44090 - BitTorrent Inc.) µTorrent (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\uTorrent) (Version: 3.5.0.44090 - BitTorrent Inc.) 7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov) AbiWord 2.8.6 (HKLM-x32\...\AbiWord2) (Version: 2.8.6 - AbiSource Developers) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated) Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated) Advanced SystemCare 10 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 10.1.0 - IObit) Aion (HKLM-x32\...\{B9291CA2-6FA5-44EA-8EE0-923EB32ADAAB}) (Version: 4.0.0.3 - NC Interactive, LLC) Alice Madness Returns - The Complete Collection (HKLM-x32\...\Alice Madness Returns - The Complete Collection_is1) (Version: - ) Allods Online EN (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\Allods Online EN) (Version: 1.126 - My.com B.V.) Allods Online EN (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\Allods Online EN) (Version: 1.126 - My.com B.V.) Allods Online EN (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\Allods Online EN) (Version: 1.126 - My.com B.V.) American McGee's Alice(tm) (HKLM-x32\...\{77B5AD60-8F14-11D4-9BC9-0050041A1090}) (Version: - ) AnonymizerGadget (HKU\.DEFAULT\...\AnonymizerGadget) (Version: 1 - Jetico lim) <==== ATTENTION Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 376.33 - NVIDIA Corporation) Hidden Apowersoft Free Audio Recorder V3.0.5 (HKLM-x32\...\{E35F91E4-C68C-43E8-BE90-35CDEE4E5730}_is1) (Version: 3.0.5 - APOWERSOFT LIMITED) Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) BlueStacks App Player (HKLM-x32\...\{4047E0FE-CBD8-4915-BBB1-45F6CBF417AC}) (Version: 2.0.4.5627 - BlueStack Systems, Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.37 - Piriform) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.2.0.0115 - Disc Soft Ltd) Desktop Calendar 2.2.1.3583 (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\DesktopCal) (Version: 2.2.1.3583 - DesktopCal, Inc.) Desktop Calendar 2.2.1.3583 (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\DesktopCal) (Version: 2.2.1.3583 - DesktopCal, Inc.) Desktop Calendar 2.2.1.3583 (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\DesktopCal) (Version: 2.2.1.3583 - DesktopCal, Inc.) Dolphin (HKLM-x32\...\Dolphin) (Version: 5.0 - Dolphin Team) Equalizer APO (HKLM\...\EqualizerAPO) (Version: 1.1.1 - ) Exodus Online (HKLM-x32\...\{552FD7D8-896C-4211-9460-886FB7E21158}) (Version: 1.0.0 - Exodus Online) Facebook Gameroom 1.3.1.3 (HKLM-x32\...\{7E155A45-DE1A-46E0-A6B2-10FE1D8501FC}) (Version: 1.3.1.3 - Facebook) Fiesta Online EN (HKLM-x32\...\Fiesta Online EN) (Version: 1.05.039 - Gamigo games) FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.) Free Internet Window Washer (HKLM-x32\...\Free Internet Window Washer) (Version: - ) Free Webcam Recorder (HKLM-x32\...\{EDA2F047-79B6-46E2-8323-28086E1BA51D}) (Version: 1.0.0 - freepicturesolutions) GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team) Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.) Google Chrome Canary (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\Google Chrome SxS) (Version: 64.0.3282.3 - Google Inc.) Google Chrome Canary (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\Google Chrome SxS) (Version: 64.0.3282.3 - Google Inc.) Google Chrome Canary (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\Google Chrome SxS) (Version: 64.0.3282.3 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4248 - Intel Corporation) IObit Malware Fighter 3 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 3.3 - IObit) IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 6.1.0.510 - IObit) IObit Unlocker (HKLM-x32\...\IObit Unlocker_is1) (Version: 1.1.2 - IObit) Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation) League of Legends (HKLM-x32\...\{79BF4901-1EC4-4726-B3C2-A7859706C6E7}) (Version: 3.0.1 - Riot Games) Hidden League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games) Little Nightmares (HKLM-x32\...\Little Nightmares_is1) (Version: - ) Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes) Micro Machines World Series (HKLM-x32\...\Micro Machines World Series_is1) (Version: - ) Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3102671110-3783085175-2543185073-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131997\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3102671110-3783085175-2543185073-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234137809\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang) MouseRecorder v1.0.51 (HKLM-x32\...\MouseRecorder_is1) (Version: 1.0.51 - Bartels Media GmbH) Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 47.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla) My.com Game Center (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\MyComGames) (Version: 3.210 - My.com B.V.) My.com Game Center (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\MyComGames) (Version: 3.210 - My.com B.V.) My.com Game Center (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\MyComGames) (Version: 3.210 - My.com B.V.) NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT) Novicorp WinToFlash Lite version 1.4.0000 (HKLM-x32\...\{A1A1FF24-34C6-4B77-BDB7-A689979F018C}_is1) (Version: 1.4.0000 - Novicorp) NVIDIA GeForce Experience 3.2.2.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.2.2.49 - NVIDIA Corporation) NVIDIA Graphics Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation) NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation) NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.2.2.49 - NVIDIA Corporation) Hidden NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.0.2.1 - NVIDIA Corporation) Hidden NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.2 - NVIDIA Corporation) Hidden Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - ) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation) Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version: - ) Project64 version 2.3.0.210 (HKLM-x32\...\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1) (Version: 2.3.0.210 - ) QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements) QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.) Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 7.2.16.12597 - Razer Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7930 - Realtek Semiconductor Corp.) Roblox Player for lando (HKU\S-1-5-21-3102671110-3783085175-2543185073-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131997\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - Roblox Corporation) Roblox Player for lando (HKU\S-1-5-21-3102671110-3783085175-2543185073-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234137809\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - Roblox Corporation) ROBLOX Player for Shauna (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation) ROBLOX Player for Shauna (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation) ROBLOX Player for Shauna (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation) Roblox Studio for lando (HKU\S-1-5-21-3102671110-3783085175-2543185073-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131997\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - Roblox Corporation) Roblox Studio for lando (HKU\S-1-5-21-3102671110-3783085175-2543185073-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234137809\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - Roblox Corporation) Secret World Legends (HKLM-x32\...\Secret World Legends_is1) (Version: 1.0.0 - Funcom) Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft) SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0351 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.2.2.49 - NVIDIA Corporation) Hidden skyforge_mycom (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\skyforge_mycom) (Version: 1.35 - My.com B.V.) skyforge_mycom (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\skyforge_mycom) (Version: 1.35 - My.com B.V.) skyforge_mycom (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\skyforge_mycom) (Version: 1.35 - My.com B.V.) Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.) Smart Defrag 5 (HKLM-x32\...\Smart Defrag_is1) (Version: 5.5.0 - IObit) SpaceEngine version 0.9.8.0 (HKLM-x32\...\{6E7A40FA-86CE-4844-A7DC-F8769F21A62F}_is1) (Version: 0.9.8.0 - SpaceEngine) SpywareBlaster 5.2 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.2.0 - BrightFort LLC) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Superb Game Boost 3.1 (HKLM-x32\...\SuperbGameBoost_is1) (Version: 3.1 - ) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.9.4 - Synaptics Incorporated) System Shock 2 (HKLM-x32\...\GOGPACKSSHOCK2_is1) (Version: 2.0.0.9 - GOG.com) The Secret World (HKLM-x32\...\The Secret World_is1) (Version: 1.0.0 - Funcom) Touchpad Blocker (HKLM-x32\...\Touchpad Blocker) (Version: 2.9 - KARPOLAN) Trove North America (HKLM-x32\...\Glyph Trove North America) (Version: - Trion Worlds, Inc.) Unity Web Player (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\UnityWebPlayer) (Version: 5.3.4f1 - Unity Technologies ApS) Unity Web Player (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\UnityWebPlayer) (Version: 5.3.4f1 - Unity Technologies ApS) Unity Web Player (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\UnityWebPlayer) (Version: 5.3.4f1 - Unity Technologies ApS) Unity Web Player (HKU\S-1-5-21-3102671110-3783085175-2543185073-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131997\...\UnityWebPlayer) (Version: 5.3.6f1 - Unity Technologies ApS) Unity Web Player (HKU\S-1-5-21-3102671110-3783085175-2543185073-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234137809\...\UnityWebPlayer) (Version: 5.3.6f1 - Unity Technologies ApS) Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS) Update for Skype for Business 2015 (KB4011046) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{4948A05E-E21F-4A6F-BF2A-7D106E339C9B}) (Version: - Microsoft) Update for Skype for Business 2015 (KB4011046) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{4948A05E-E21F-4A6F-BF2A-7D106E339C9B}) (Version: - Microsoft) Update for Skype for Business 2015 (KB4011046) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{4948A05E-E21F-4A6F-BF2A-7D106E339C9B}) (Version: - Microsoft) Vampire - The Masquerade Bloodlines (HKLM-x32\...\{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}) (Version: 1.00.0000 - Activision) Hidden Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.) VitalSource Bookshelf (HKLM-x32\...\{4bb6f5ce-1e01-41b1-833d-ffa2297df6f4}) (Version: 6.08.0017 - Ingram Content Group) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN) VTFEdit 1.2.5 (HKLM-x32\...\VTFEdit_is1) (Version: - Neil Jedrzejewski & Ryan Gregg) Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinISO (HKLM-x32\...\WinISO) (Version: 6.4.1.6137 - WinISO Computing Inc.) WinRAR 5.30 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.4 - win.rar GmbH) WizTree v2.01 (HKLM-x32\...\WizTree_is1) (Version: - Antibody Software) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Shauna\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Shauna\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.) ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit) ContextMenuHandlers1: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2015-01-09] (IObit) ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2016-05-23] (IObit) ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit) ContextMenuHandlers1: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2015-07-15] (IObit) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-09-13] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-09-13] (Alexander Roshal) ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit) ContextMenuHandlers4: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2015-01-09] (IObit) ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2016-05-23] (IObit) ContextMenuHandlers4: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2015-07-15] (IObit) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-10-13] (Intel Corporation) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-12-29] (NVIDIA Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) ContextMenuHandlers6: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2015-01-09] (IObit) ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2016-05-23] (IObit) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes) ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit) ContextMenuHandlers6: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2015-07-15] (IObit) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-09-13] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-09-13] (Alexander Roshal) ContextMenuHandlers1_S-1-5-21-3102671110-3783085175-2543185073-1002: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File ContextMenuHandlers5_S-1-5-21-3102671110-3783085175-2543185073-1002: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {04B6D5CE-4459-4CF6-9280-76CA0FE0EB88} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe [2017-02-17] (IObit) Task: {0E80A276-D1E7-4ABF-BCE4-2F706D0CB3AF} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-11-08] (Piriform Ltd) Task: {0EC67150-54B2-4B64-8406-C51303D4436D} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-08-17] (NVIDIA Corporation) Task: {114E4D25-4D0A-4542-9D7C-2DB6A66AD2FC} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [2017-02-17] (IObit) Task: {13FB2D35-27B8-44E5-A2D5-7DE963BD54D2} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-08-17] (NVIDIA Corporation) Task: {146705A4-D49A-4AC1-9F29-2BF2E38C7197} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation) Task: {26EE86E7-860A-46AE-9AB7-14B5ADF65E63} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation) Task: {2F251320-BCCC-49E5-AAAA-058358E98F26} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3102671110-3783085175-2543185073-1002UA1d2af9041b0587e => C:\Users\Shauna\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-11] (Google Inc.) Task: {3267C51B-F554-4BA9-BC0A-062E7D6FC248} - \ASC10_SkipUac_Shauna -> No File <==== ATTENTION Task: {3C3CAE4A-EAFD-4C6A-808B-94580FF76365} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3102671110-3783085175-2543185073-1002Core => C:\Users\Shauna\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-11] (Google Inc.) Task: {4B3E2004-0C65-4F62-8465-AB25AD159676} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-08-17] (NVIDIA Corporation) Task: {4CD307D7-9CB7-4B77-9C89-EBCF6F8D2EF1} - System32\Tasks\{69AC7384-0B56-436A-AE1F-26490289EFF5} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\EA GAMES\American McGee's Alice\Alice.exe" -d "C:\Program Files (x86)\EA GAMES\American McGee's Alice" Task: {53A21AC5-31F2-48A5-ABCA-44D0D79EAEA2} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-08-17] (NVIDIA Corporation) Task: {54924F83-4E2A-485E-9FFC-95F578C8CF71} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-04] (Google Inc.) Task: {5824E64A-2C09-445A-88E5-E6CBC7867F23} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3102671110-3783085175-2543185073-1002Core1d2af9041990718 => C:\Users\Shauna\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-11] (Google Inc.) Task: {5F3E65D1-C054-450C-BE6B-BDC45509D018} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-11-25] (Microsoft Corporation) Task: {658563B1-DD68-4D8A-88AD-9789DBA65F6A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-11-08] (Piriform Ltd) Task: {6ACFD528-B315-4607-B6C2-987C29F075F4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-11-25] (Microsoft Corporation) Task: {7A1A668B-354B-4FA9-8C9E-935096458A09} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3102671110-3783085175-2543185073-1002UA => C:\Users\Shauna\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-11] (Google Inc.) Task: {7AAA787B-030F-4FF6-9B5C-F9EF725A0A51} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated) Task: {89654F84-8EE3-4C5F-9BAF-536367841D03} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [2016-06-06] (IObit) Task: {A4D7DD49-E6E1-4466-9B88-79CEABCBEC5D} - System32\Tasks\Uninstaller_SkipUac_Shauna => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-12-15] (IObit) Task: {AA251C1D-989E-4B17-8A84-E01E0A55F146} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe Task: {B0627F85-E960-4E5A-ACAD-375BEE7AACD7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-11-25] (Microsoft Corporation) Task: {B11323BD-8721-4917-9DCB-427DA4E51B93} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-04] (Google Inc.) Task: {B3A55724-0EC6-411D-B8F2-E01E626B5A87} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-14] (Adobe Systems Incorporated) Task: {C913BE21-4182-4CEC-84EA-A1B2A17A7119} - System32\Tasks\SuperbGameBoost => C:\Program Files (x86)\SuperBoost\Superb Game Boost\SuperbGameBoostMain.exe [2016-11-28] (SuperBoost Software) Task: {D05852DA-B97A-437B-9415-A1B0566832E1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-11-08] (Piriform Ltd) Task: {D20B0ECA-2D1D-49F7-9060-4012D90CD6A3} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-08-17] (NVIDIA Corporation) Task: {D7706776-8610-479A-8FAD-B0A908C80119} - System32\Tasks\{8DFA961D-C189-41F7-82E5-231DE0E723A1} => C:\WINDOWS\system32\pcalua.exe -a D:\setup.exe -d D:\ Task: {DD1E5FC3-FBEA-42A7-A38A-5618904CE470} - System32\Tasks\WindowsMediaSharing => C:\windows\wndsvr.exe Task: {E1C3D66F-BB91-41A3-AB9B-B1CF030E69C4} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-08-17] (NVIDIA Corporation) Task: {E953EA30-E0E7-472E-879D-C7F77BF29B86} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-11-25] (Microsoft Corporation) Task: {EAE73CB3-46B5-4565-9756-03ACCD362375} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-08-17] (NVIDIA Corporation) Task: {F2592FCC-F500-435E-9556-3B83E430EB49} - System32\Tasks\IObitSelfCheckTask => C:\Program Files (x86)\IObit\Smart Defrag\IObitSelfCheck.exe [2016-10-18] (IObit) Task: {F8261426-AB14-404C-8742-1A08CEF622B5} - \ASC10_PerformanceMonitor -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Shauna.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Shauna\Favorites\Acer\Acer.lnk -> hxxp://www.acer.com ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 03:42 - 2016-07-16 03:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2017-09-15 18:14 - 2017-09-15 18:14 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2017-02-10 16:52 - 2016-12-29 05:16 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2016-11-25 22:23 - 2017-08-17 20:36 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll 2017-02-23 07:29 - 2017-02-23 07:29 - 008909512 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2016-11-20 10:11 - 2016-11-20 10:11 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2017-03-14 20:22 - 2017-03-03 22:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2015-10-13 22:47 - 2015-10-13 22:47 - 000415128 _____ () C:\WINDOWS\system32\igfxTray.exe 2017-03-14 20:20 - 2017-03-03 22:12 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-03-14 20:20 - 2017-03-03 22:05 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-03-14 20:20 - 2017-03-03 22:05 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2017-10-30 23:58 - 2017-10-30 23:58 - 001033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2017-10-30 23:58 - 2017-10-30 23:58 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2017-10-30 23:58 - 2017-10-30 23:58 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2017-08-22 15:22 - 2017-08-22 15:23 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2017-08-22 15:22 - 2017-08-22 15:23 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2017-08-22 15:22 - 2017-08-22 15:23 - 036162048 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2017-08-22 15:22 - 2017-08-22 15:23 - 002237952 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\skypert.dll 2017-12-02 23:05 - 2017-11-01 08:55 - 002299344 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2017-12-02 23:05 - 2017-11-01 08:54 - 002358736 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2017-11-13 16:55 - 2017-11-10 01:57 - 004135768 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libglesv2.dll 2017-11-13 16:55 - 2017-11-10 01:57 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libegl.dll 2016-11-26 17:10 - 2016-11-26 17:10 - 021922304 _____ () C:\Program Files\WindowsApps\9FD20106.MediaPlayerQueen_1.2.5.0_x64__nwhm06f2kfry2\MediaPlayer.dll 2017-08-26 23:41 - 2017-08-26 23:41 - 000061952 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11707.1001.23.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll 2015-10-24 11:57 - 2015-01-09 17:46 - 000517408 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\sqlite3.dll 2015-10-24 12:09 - 2014-10-16 09:26 - 000622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll 2012-12-20 22:12 - 2012-12-20 22:12 - 000275840 _____ () C:\WINDOWS\SYSTEM32\WinTab32.DLL 2017-08-23 23:36 - 2016-08-18 17:43 - 000442144 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madExcept_.bpl 2017-08-23 23:36 - 2016-08-18 17:43 - 000210720 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madBasic_.bpl 2017-08-23 23:36 - 2016-08-18 17:43 - 000059680 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madDisAsm_.bpl 2017-08-23 23:36 - 2016-11-01 09:11 - 000078624 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\GetProcessDLL.dll 2017-04-06 11:01 - 2016-01-11 16:03 - 000899872 _____ () C:\Program Files (x86)\IObit\Smart Defrag\webres.dll 2017-04-06 11:00 - 2016-01-11 16:02 - 000630048 _____ () C:\Program Files (x86)\IObit\Smart Defrag\ProductStatistics.dll 2016-12-18 22:07 - 2016-08-16 14:53 - 000796480 _____ () C:\Program Files (x86)\SuperBoost\Superb Game Boost\GA_IG.dll 2016-12-18 22:07 - 2016-01-29 18:03 - 000337216 _____ () C:\Program Files (x86)\SuperBoost\Superb Game Boost\taskMgr.dll 2016-12-18 22:07 - 2016-02-02 09:53 - 000629056 _____ () C:\Program Files (x86)\SuperBoost\Superb Game Boost\SgbStatistics.dll 2016-12-18 22:07 - 2016-08-16 09:20 - 000510272 _____ () C:\Program Files (x86)\SuperBoost\Superb Game Boost\GA_ID.dll 2016-12-18 22:07 - 2016-01-29 15:21 - 000276800 _____ () C:\Program Files (x86)\SuperBoost\Superb Game Boost\D3DX8Wrapper.dll 2016-12-18 22:07 - 2016-08-16 09:20 - 000286016 _____ () c:\program files (x86)\superboost\superb game boost\GA_CheackDx.dll 2017-01-04 20:41 - 2016-06-21 19:30 - 000442144 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl 2017-01-04 20:41 - 2016-06-21 19:29 - 000210720 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl 2017-01-04 20:41 - 2016-06-21 19:29 - 000059680 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl 2017-01-04 20:41 - 2015-12-28 13:50 - 000899872 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\webres.dll 2017-01-04 20:41 - 2016-09-26 13:59 - 000631072 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll 2017-08-23 23:36 - 2015-12-28 12:50 - 000899872 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\webres.dll 2017-08-23 23:36 - 2017-05-17 12:45 - 000631584 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStatistics.dll 2015-10-24 11:57 - 2015-03-27 14:39 - 000182080 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\unrar.dll 2015-10-24 11:57 - 2015-01-09 17:46 - 000145184 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\zlibwapi.dll 2015-10-24 12:09 - 2014-10-16 09:26 - 000622880 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\ProductStatistics.dll 2017-08-23 23:36 - 2017-07-24 14:34 - 001364256 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\Scan.dll 2017-02-23 07:29 - 2017-02-23 07:29 - 008909512 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [127] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\0411dd.com -> 0411dd.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\0511zfhl.com -> 0511zfhl.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\0632qyw.com -> 0632qyw.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\1001movie.com -> 1001movie.com There are 6127 more sites. IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\0411dd.com -> 0411dd.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\0511zfhl.com -> 0511zfhl.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\0632qyw.com -> 0632qyw.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\1001movie.com -> 1001movie.com There are 6127 more sites. IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\0411dd.com -> 0411dd.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\0511zfhl.com -> 0511zfhl.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\0632qyw.com -> 0632qyw.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\1001movie.com -> 1001movie.com There are 6127 more sites. ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-07-24 20:07 - 2015-07-24 20:05 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3102671110-3783085175-2543185073-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131096\Control Panel\Desktop\\Wallpaper -> HKU\S-1-5-21-3102671110-3783085175-2543185073-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136857\Control Panel\Desktop\\Wallpaper -> HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\Control Panel\Desktop\\Wallpaper -> C:\Program Files (x86)\Little Nightmares\Little Nightmares Wallpaper\LittleNightmares_Wallpaper02_2560x1440.jpg HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\Control Panel\Desktop\\Wallpaper -> C:\Program Files (x86)\Little Nightmares\Little Nightmares Wallpaper\LittleNightmares_Wallpaper02_2560x1440.jpg HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\Control Panel\Desktop\\Wallpaper -> C:\Program Files (x86)\Little Nightmares\Little Nightmares Wallpaper\LittleNightmares_Wallpaper02_2560x1440.jpg HKU\S-1-5-21-3102671110-3783085175-2543185073-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131997\Control Panel\Desktop\\Wallpaper -> C:\Users\lando\Downloads\alice_madness_returns_cheshire_cat-wallpaper-1600x900.jpg HKU\S-1-5-21-3102671110-3783085175-2543185073-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234137809\Control Panel\Desktop\\Wallpaper -> C:\Users\lando\Downloads\alice_madness_returns_cheshire_cat-wallpaper-1600x900.jpg HKU\S-1-5-21-3102671110-3783085175-2543185073-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234132243\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg HKU\S-1-5-21-3102671110-3783085175-2543185073-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234138078\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\Run: => "AvastUI.exe" HKLM\...\StartupApproved\Run32: => "APSDaemon" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\StartupApproved\Run: => "MyComGames" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\StartupApproved\Run: => "Google Update" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\StartupApproved\Run: => "DesktopCal" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\StartupApproved\Run: => "MyComGames" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\StartupApproved\Run: => "Google Update" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\StartupApproved\Run: => "DesktopCal" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\StartupApproved\Run: => "MyComGames" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\StartupApproved\Run: => "Google Update" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\StartupApproved\Run: => "DesktopCal" HKU\S-1-5-21-3102671110-3783085175-2543185073-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131997\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-3102671110-3783085175-2543185073-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234137809\...\StartupApproved\Run: => "OneDrive" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [UDP Query User{53B509F3-6B23-4E25-8272-B24C4D64D4E1}C:\users\shauna\desktop\games\hello neighbor\helloneighbor\helloneighbour\binaries\win64\helloneighbour-win64-shipping.exe] => (Block) C:\users\shauna\desktop\games\hello neighbor\helloneighbor\helloneighbour\binaries\win64\helloneighbour-win64-shipping.exe FirewallRules: [TCP Query User{393D0224-4406-4141-8ED5-D5341FD3CDB3}C:\users\shauna\desktop\games\hello neighbor\helloneighbor\helloneighbour\binaries\win64\helloneighbour-win64-shipping.exe] => (Block) C:\users\shauna\desktop\games\hello neighbor\helloneighbor\helloneighbour\binaries\win64\helloneighbour-win64-shipping.exe FirewallRules: [{526D571E-A5A2-4880-9DC6-2FBEF7EB99C6}] => (Allow) C:\Users\Shauna\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{A4B96E29-5800-4CDB-B177-93723212D8EA}] => (Allow) C:\Users\Shauna\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{467473A4-65D8-4D8F-A793-D6F61CDA860D}] => (Allow) C:\Users\Shauna\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{23C110DF-ABF7-4BB8-A1C6-E9A45CAF3D7D}] => (Allow) C:\Users\Shauna\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{4EBAAF10-409B-4BAE-892E-CDB4E65A06EC}] => (Allow) C:\Users\Shauna\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{E71A79FE-0243-473B-B458-F5362812E75B}] => (Allow) C:\Users\Shauna\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{F1D1046C-2AE4-4358-A67E-42D52F8E0E6F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RESIDENT EVIL REVELATIONS 2\rerev2.exe FirewallRules: [{7AB13CCB-5CD1-40BB-94F4-EF93E78F4FBC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RESIDENT EVIL REVELATIONS 2\rerev2.exe FirewallRules: [UDP Query User{BCB3EDAD-2992-4F71-AD92-DDB4E02B8F83}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [TCP Query User{75DB9FDF-CD3B-4D89-8EC3-5ACB0258C03D}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [{97B67474-B2EE-4512-8FE3-31FF65EF1239}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe FirewallRules: [UDP Query User{A9609216-E4C0-4765-9913-078D77615012}C:\program files (x86)\ea games\american mcgee's alice\alice.exe] => (Block) C:\program files (x86)\ea games\american mcgee's alice\alice.exe FirewallRules: [TCP Query User{EBC79678-B6D0-427D-8155-BAFCAA08ADEF}C:\program files (x86)\ea games\american mcgee's alice\alice.exe] => (Block) C:\program files (x86)\ea games\american mcgee's alice\alice.exe FirewallRules: [{6E7E7F70-84A5-4604-A483-7E245F34DD6E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{C9B1DA6C-3D83-41C8-B80C-CD367A529A6B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{E745E0D8-C450-4A49-A8E1-42B5786887A2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe FirewallRules: [{B242C698-FD00-4267-AEC3-1F3FEF1D6840}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe FirewallRules: [{3F8750B5-BC88-4D23-966B-1354A12CEC61}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe FirewallRules: [{37DA79D0-6217-45AA-A864-A642F85666D4}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe FirewallRules: [UDP Query User{8937A2B4-6ED6-499A-8709-997352628BE5}C:\users\shauna\desktop\games\terrariaserver.exe] => (Allow) C:\users\shauna\desktop\games\terrariaserver.exe FirewallRules: [TCP Query User{C5A69E2D-1698-4DB7-8932-78EFB95A6054}C:\users\shauna\desktop\games\terrariaserver.exe] => (Allow) C:\users\shauna\desktop\games\terrariaserver.exe FirewallRules: [UDP Query User{4F27BAB4-E03C-49B8-A627-3BEC9BC54CFD}C:\program files (x86)\electronic arts\alice madness returns - the complete collection\game\alice2\binaries\win32\alicemadnessreturns.exe] => (Block) C:\program files (x86)\electronic arts\alice madness returns - the complete collection\game\alice2\binaries\win32\alicemadnessreturns.exe FirewallRules: [TCP Query User{56266D1B-C42A-417B-A006-E976B6814960}C:\program files (x86)\electronic arts\alice madness returns - the complete collection\game\alice2\binaries\win32\alicemadnessreturns.exe] => (Block) C:\program files (x86)\electronic arts\alice madness returns - the complete collection\game\alice2\binaries\win32\alicemadnessreturns.exe FirewallRules: [{B7AF1FC3-84F6-45DF-AE83-B311A261BC07}] => (Allow) LPort=1900 FirewallRules: [{62EC681B-FEEB-411E-A684-352F227D2FA4}] => (Allow) LPort=2869 FirewallRules: [{EA9E65EE-154C-4559-9920-70BB35730154}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [UDP Query User{5586C496-ED98-4ED5-93CE-42B46E6C66AB}C:\users\shauna\downloads\tshock-4.3.8-rel (1)\terrariaserver.exe] => (Allow) C:\users\shauna\downloads\tshock-4.3.8-rel (1)\terrariaserver.exe FirewallRules: [TCP Query User{C04B199A-1EB4-41F7-82CC-16C98551BFB9}C:\users\shauna\downloads\tshock-4.3.8-rel (1)\terrariaserver.exe] => (Allow) C:\users\shauna\downloads\tshock-4.3.8-rel (1)\terrariaserver.exe FirewallRules: [{679CE7D9-B82C-43EB-855F-29BC354CA4D6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{573B97A3-C7A3-4BB8-8D70-438FE6766A1C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{9A730924-74BD-498B-B05E-97FC9BA20016}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{842CFDA5-6548-4CD8-B890-863AFAFE759B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [TCP Query User{6D378934-B304-4425-95E3-F20F1585873B}C:\users\shauna\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\shauna\appdata\local\mycomgames\mycomgames.exe FirewallRules: [UDP Query User{C1A68DC5-CD50-45B1-BDAA-35E2F1823F64}C:\users\shauna\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\shauna\appdata\local\mycomgames\mycomgames.exe FirewallRules: [{04B76664-230C-4732-9191-4A9677204ACD}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{73B69AF3-5932-4A11-9BA1-B3E982E71B8C}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{5B5D7426-0F36-45FC-B47F-83FDEADB8F64}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{475B82FA-D4D6-4794-BCA0-EC118AF78E57}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{22EA59C9-656F-4479-B5D4-C0260A10372C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{A2BB3EC1-0C84-452D-AE17-C66B0F9E6535}] => (Allow) LPort=1689 FirewallRules: [{1635646B-5A0C-4404-B489-A6ED8AFD2212}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe FirewallRules: [{E011C5A8-E199-47BF-B78A-B1B5C0653170}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe FirewallRules: [TCP Query User{1B3335CE-4E5D-439C-B7DC-EEB76C106A28}C:\users\shauna\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\shauna\appdata\local\google\chrome sxs\application\chrome.exe FirewallRules: [UDP Query User{DFD62ACD-A3FF-4E12-82A1-6480828C1960}C:\users\shauna\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\shauna\appdata\local\google\chrome sxs\application\chrome.exe FirewallRules: [{C8B9BBCB-051E-4795-8DF8-DBB12D6155A1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{DE259962-AB59-4EF7-B5FC-CFC6016A5A51}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{B63074FC-C5D2-483A-B0F9-2461BAE317FF}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Free Audio Recorder\Apowersoft Free Audio Recorder.exe FirewallRules: [{E008C583-68FD-4FAF-B4C7-AC5A06FB41D3}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Free Audio Recorder\Apowersoft Free Audio Recorder.exe FirewallRules: [TCP Query User{4D663066-0A0F-4034-BDE5-ED305F08A6D3}C:\users\shauna\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\shauna\appdata\local\google\chrome sxs\application\chrome.exe FirewallRules: [UDP Query User{2C89FC18-54ED-45D4-BA96-B895B302F400}C:\users\shauna\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\shauna\appdata\local\google\chrome sxs\application\chrome.exe FirewallRules: [TCP Query User{0C19D64E-9D25-4676-8615-539E47329FE1}C:\program files (x86)\ea games\american mcgee's alice\alice.exe] => (Allow) C:\program files (x86)\ea games\american mcgee's alice\alice.exe FirewallRules: [UDP Query User{E61EAD72-1B0D-4274-9D53-830A7785862D}C:\program files (x86)\ea games\american mcgee's alice\alice.exe] => (Allow) C:\program files (x86)\ea games\american mcgee's alice\alice.exe FirewallRules: [{67FE6D2C-4BBA-4512-A7D8-AD79B8285B6B}] => (Allow) C:\Program Files (x86)\MouseRecorder\MouseRecorder.exe FirewallRules: [TCP Query User{75401DA7-F5AB-452E-946A-A4063334647B}C:\users\lando\desktop\new folder\terrariaserver.exe] => (Allow) C:\users\lando\desktop\new folder\terrariaserver.exe FirewallRules: [UDP Query User{4B8491CA-91F2-4403-97FD-AD5BB85BFE66}C:\users\lando\desktop\new folder\terrariaserver.exe] => (Allow) C:\users\lando\desktop\new folder\terrariaserver.exe FirewallRules: [{149A4F99-460D-48A3-9D17-D59F0E860144}] => (Allow) C:\Program Files (x86)\Little Nightmares\Atlas\Binaries\Win64\LittleNightmares.exe FirewallRules: [{9FA5DD3D-ABA7-45EF-8959-94D168A2B105}] => (Allow) C:\Program Files (x86)\Little Nightmares\Atlas\Binaries\Win64\LittleNightmares.exe FirewallRules: [{08AE0CD4-B612-4B4D-A4A5-24FD1C36779F}] => (Allow) C:\Program Files (x86)\Little Nightmares\Atlas\Binaries\Win64\LittleNightmares.exe FirewallRules: [{89A6A241-7CEE-4660-A21F-A34A4A554CE3}] => (Allow) C:\Program Files (x86)\Little Nightmares\Atlas\Binaries\Win64\LittleNightmares.exe FirewallRules: [{7E5592B6-9185-4C4F-A28A-6D6664B2ADEA}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{744CDC8A-DA77-482A-8B15-B04222D21314}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{19AAB0A8-2799-455B-9C55-A28881078979}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{5D7A81E9-6848-4413-BE42-1552D5738EC6}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{95C210F2-858D-41AD-9305-7E183B85C842}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe FirewallRules: [{28EF7731-1315-45C5-84C0-BA915B603BD7}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe FirewallRules: [{27CBB826-7104-4124-8E9E-D56360DCBD82}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe FirewallRules: [{414C1AF1-84A9-4578-82E9-269059388C63}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe FirewallRules: [{0F248277-23AF-4844-926B-0B0ECF06004F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{1396CAD5-DC8E-4CBC-A977-08EE2FB40CF3}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{812F16E8-3C08-4B1D-8320-B711DD1178F4}] => (Allow) C:\Program Files (x86)\Funcom\Secret World Legends\ClientPatcher.exe FirewallRules: [{EBA74C0E-E4AF-44D2-8E40-332272A77FA6}] => (Allow) C:\Program Files (x86)\Funcom\Secret World Legends\ClientPatcher.exe FirewallRules: [{8DB80544-B9D6-4650-8B92-0ACC1B739CF1}] => (Allow) C:\Program Files (x86)\Funcom\The Secret World\ClientPatcher.exe FirewallRules: [{3CF66E2A-F957-4515-8E36-40BEF1B9CB5D}] => (Allow) C:\Program Files (x86)\Funcom\The Secret World\ClientPatcher.exe FirewallRules: [{90DCE0B9-F6F4-4CDF-B6D6-526FDEDAD39C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe FirewallRules: [{E9265E6D-AA8C-4F37-BBB8-ADB35C11B57D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe FirewallRules: [{DB5C347C-C71F-4C53-9FE9-AEF62D6D2034}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe FirewallRules: [{62BA7C52-F80D-423C-9489-37D9656255BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe FirewallRules: [{CC50C14A-410E-4DC7-B6F7-390FC2E6D372}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe FirewallRules: [{07AD4742-2481-48AF-A729-5CEA53832D29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe FirewallRules: [{11184E52-CC1A-4186-855A-138D4C49B8EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe FirewallRules: [{30CF326C-4C8D-42BE-80BE-B207510FB190}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe FirewallRules: [{358A9934-7533-41D6-923A-B12E032A1591}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe FirewallRules: [{A57BCB1F-F2D9-4F27-B22A-541C261263E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe FirewallRules: [{C191B6D2-37D2-413A-8FC2-C46DF5C6D99E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base 2007\hl2.exe FirewallRules: [{C4A87100-78E4-4564-8F9D-EE4F608FD345}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base 2007\hl2.exe FirewallRules: [{E01405EF-421D-45C6-BC9D-D5A0ED90F4D6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 01-12-2017 19:10:08 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (12/02/2017 11:24:45 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (12/02/2017 11:24:42 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (12/02/2017 11:23:33 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (12/02/2017 11:23:31 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (12/02/2017 11:22:32 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (12/02/2017 11:22:31 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (12/02/2017 11:10:40 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (12/02/2017 11:10:38 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (12/02/2017 11:06:05 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (12/02/2017 11:05:39 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) System errors: ============= Error: (12/03/2017 12:01:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (12/03/2017 12:01:44 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Shauna\AppData\Local\Temp\ehdrv.sys Error: (12/03/2017 12:01:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (12/03/2017 12:01:43 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Shauna\AppData\Local\Temp\ehdrv.sys Error: (12/03/2017 12:01:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (12/03/2017 12:01:43 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Shauna\AppData\Local\Temp\ehdrv.sys Error: (12/03/2017 12:01:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (12/03/2017 12:01:43 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Shauna\AppData\Local\Temp\ehdrv.sys Error: (12/03/2017 12:01:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (12/03/2017 12:01:42 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Shauna\AppData\Local\Temp\ehdrv.sys CodeIntegrity: =================================== Date: 2017-12-02 23:04:17.647 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements. Date: 2017-11-30 22:08:49.896 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\DriverStore\FileRepository\nvacwu.inf_amd64_bdd6ea477d4e2fba\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-11-30 22:08:49.471 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-11-27 22:17:40.812 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\DriverStore\FileRepository\nvacwu.inf_amd64_bdd6ea477d4e2fba\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-11-27 22:17:40.292 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-11-27 17:06:31.783 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\DriverStore\FileRepository\nvacwu.inf_amd64_bdd6ea477d4e2fba\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-11-27 17:06:30.211 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-11-22 22:21:52.322 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\DriverStore\FileRepository\nvacwu.inf_amd64_bdd6ea477d4e2fba\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-11-22 22:21:52.006 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-11-21 11:15:34.356 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\DriverStore\FileRepository\nvacwu.inf_amd64_bdd6ea477d4e2fba\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-4702MQ CPU @ 2.20GHz Percentage of memory in use: 71% Total physical RAM: 8072.27 MB Available physical RAM: 2302.98 MB Total Virtual: 16264.27 MB Available Virtual: 9022.77 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:912.35 GB) (Free:438.91 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D033E306) Partition: GPT. ==================== End of Addition.txt ============================ Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-11-2017 Ran by Shauna (administrator) on THEGRAIL2NDGEN (03-12-2017 00:23:47) Running from C:\Users\Shauna\Downloads Loaded Profiles: Shauna & (Available Profiles: UpdatusUser & Shauna & lando & Administrator) Platform: Windows 10 Pro Version 1607 14393.1884 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (Intel Corporation) C:\WINDOWS\System32\igfxCUIService.exe (IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (SuperBoost Software) C:\Program Files (x86)\SuperBoost\SuperBoost Software Updater\SuperBoostUpdater.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Tablet Driver) C:\WINDOWS\System32\drivers\WTSrv.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe (IObit) C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (SuperBoost Software) C:\Program Files (x86)\SuperBoost\Superb Game Boost\SuperbGameBoostMain.exe (IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe (Intel Corporation) C:\WINDOWS\System32\igfxEM.exe (Intel Corporation) C:\WINDOWS\System32\igfxHK.exe () C:\WINDOWS\System32\igfxTray.exe (Intel Corporation) C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe (IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Microsoft Corporation) C:\WINDOWS\System32\InstallAgent.exe (Microsoft Corporation) C:\WINDOWS\System32\InstallAgentUserBroker.exe (Microsoft Corporation) C:\WINDOWS\SysWOW64\dllhost.exe (Google Inc.) C:\Users\Shauna\AppData\Local\Google\Update\1.3.33.7\GoogleCrashHandler.exe (Google Inc.) C:\Users\Shauna\AppData\Local\Google\Update\1.3.33.7\GoogleCrashHandler64.exe (Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation) C:\WINDOWS\System32\browser_broker.exe (Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\WINDOWS\System32\smartscreen.exe (Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\WINDOWS\System32\perfmon.exe (ESET spol. s r.o.) C:\Users\Shauna\Downloads\esetonlinescanner_enu (2).exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16696832 2016-11-18] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1467400 2016-11-18] (Realtek Semiconductor) HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-04] (Synaptics Incorporated) HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-27] (Microsoft Corporation) HKLM\...\Run: [WindowsRM] => C:\Windows\Temp\winrm.exe <==== ATTENTION HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5889824 2015-07-28] (IObit) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.) HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION HKU\S-1-5-21-3102671110-3783085175-2543185073-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131096\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation) HKU\S-1-5-21-3102671110-3783085175-2543185073-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136857\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation) HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\Run: [Google Update] => C:\Users\Shauna\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-14] (Google Inc.) HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\Run: [DesktopCal] => C:\Users\Shauna\AppData\Roaming\DesktopCal\desktopcal.exe [282624 2015-04-13] (DesktopCal, Inc.) HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\MountPoints2: {14331128-dc31-11e5-9ce5-3c77e65cf768} - "E:\setup.exe" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\MountPoints2: {8d2a646e-0459-11e7-9e12-3c77e65cf768} - "G:\LaunchU3.exe" -a HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\MountPoints2: {c3e24010-1b00-11e5-be8e-54bef75dced3} - "F:\setup.exe" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [806400 2016-07-16] (Microsoft Corporation) HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\Run: [Google Update] => C:\Users\Shauna\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-14] (Google Inc.) HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\Run: [DesktopCal] => C:\Users\Shauna\AppData\Roaming\DesktopCal\desktopcal.exe [282624 2015-04-13] (DesktopCal, Inc.) HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\MountPoints2: {14331128-dc31-11e5-9ce5-3c77e65cf768} - "E:\setup.exe" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\MountPoints2: {8d2a646e-0459-11e7-9e12-3c77e65cf768} - "G:\LaunchU3.exe" -a HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\MountPoints2: {c3e24010-1b00-11e5-be8e-54bef75dced3} - "F:\setup.exe" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [806400 2016-07-16] (Microsoft Corporation) HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\Run: [Google Update] => C:\Users\Shauna\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-14] (Google Inc.) HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\Run: [DesktopCal] => C:\Users\Shauna\AppData\Roaming\DesktopCal\desktopcal.exe [282624 2015-04-13] (DesktopCal, Inc.) HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\MountPoints2: {14331128-dc31-11e5-9ce5-3c77e65cf768} - "E:\setup.exe" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\MountPoints2: {8d2a646e-0459-11e7-9e12-3c77e65cf768} - "G:\LaunchU3.exe" -a HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\MountPoints2: {c3e24010-1b00-11e5-be8e-54bef75dced3} - "F:\setup.exe" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [806400 2016-07-16] (Microsoft Corporation) HKU\S-1-5-21-3102671110-3783085175-2543185073-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234132243\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation) HKU\S-1-5-21-3102671110-3783085175-2543185073-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234138078\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation) Startup: C:\Users\Shauna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2017-04-28] ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\Shauna\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook) BootExecute: RegistryDefragBootTime.exeautocheck autochk * SmartDefragBootTime.exe GroupPolicy: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{2ed2bed8-0660-49ee-a396-24b8975abb34}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12 Tcpip\..\Interfaces\{8c87d9e9-1414-43c7-b7b5-edcbae700435}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://rockmelt.com/?via=acer&mt=preload hxxps://www.google.com/ HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://rockmelt.com/?via=acer&mt=preload hxxps://www.google.com/ HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://rockmelt.com/?via=acer&mt=preload hxxps://www.google.com/ BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2016-05-23] (IObit) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-11-25] (Oracle Corporation) BHO-x32: Ads Removal -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} -> C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll [2014-06-11] (Adblock) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-25] (Oracle Corporation) FireFox: ======== FF DefaultProfile: FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2017-11-14] () FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-14] () FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-25] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-25] (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-17] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002: @my.com/Games -> C:\Users\Shauna\AppData\Local\MyComGames\NPMyComDetector.dll [2017-08-28] (MY.COM B.V.) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002: @nsroblox.roblox.com/launcher -> C:\Users\Shauna\AppData\Local\Roblox\Versions\version-aee78a51139946c2\\NPRobloxProxy.dll [2012-12-31] ( ROBLOX Corporation) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002: @nsroblox.roblox.com/launcher64 -> C:\Users\Shauna\AppData\Local\Roblox\Versions\version-aee78a51139946c2\\NPRobloxProxy64.dll [2012-12-31] ( ROBLOX Corporation) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Shauna\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Shauna\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Shauna\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-03-10] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205: @my.com/Games -> C:\Users\Shauna\AppData\Local\MyComGames\NPMyComDetector.dll [2017-08-28] (MY.COM B.V.) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205: @nsroblox.roblox.com/launcher -> C:\Users\Shauna\AppData\Local\Roblox\Versions\version-aee78a51139946c2\\NPRobloxProxy.dll [2012-12-31] ( ROBLOX Corporation) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205: @nsroblox.roblox.com/launcher64 -> C:\Users\Shauna\AppData\Local\Roblox\Versions\version-aee78a51139946c2\\NPRobloxProxy64.dll [2012-12-31] ( ROBLOX Corporation) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205: @tools.google.com/Google Update;version=3 -> C:\Users\Shauna\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205: @tools.google.com/Google Update;version=9 -> C:\Users\Shauna\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Shauna\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-03-10] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932: @my.com/Games -> C:\Users\Shauna\AppData\Local\MyComGames\NPMyComDetector.dll [2017-08-28] (MY.COM B.V.) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932: @nsroblox.roblox.com/launcher -> C:\Users\Shauna\AppData\Local\Roblox\Versions\version-aee78a51139946c2\\NPRobloxProxy.dll [2012-12-31] ( ROBLOX Corporation) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932: @nsroblox.roblox.com/launcher64 -> C:\Users\Shauna\AppData\Local\Roblox\Versions\version-aee78a51139946c2\\NPRobloxProxy64.dll [2012-12-31] ( ROBLOX Corporation) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932: @tools.google.com/Google Update;version=3 -> C:\Users\Shauna\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932: @tools.google.com/Google Update;version=9 -> C:\Users\Shauna\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Shauna\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-03-10] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131997: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\lando\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-07-14] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-3102671110-3783085175-2543185073-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234137809: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\lando\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-07-14] (Unity Technologies ApS) Chrome: ======= CHR HomePage: Default -> hxxp://www.opportunityvillage.org/pages/halloveen CHR StartupUrls: Default -> "hxxps://www.google.com/" CHR Session Restore: Default -> is enabled. CHR Profile: C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\Default [2017-12-03] CHR Extension: (Slides) - C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12] CHR Extension: (Docs) - C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12] CHR Extension: (Google Drive) - C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-24] CHR Extension: (YouTube) - C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-24] CHR Extension: (Adblock Plus) - C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-09-26] CHR Extension: (Google Search) - C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-04] CHR Extension: (Slither.io Mods, Zoom, Unlock Skins, Bots) - C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogeabecipmckmihpmkgjbghbffcebcf [2017-09-07] CHR Extension: (Sheets) - C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12] CHR Extension: (Google Docs Offline) - C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-27] CHR Extension: (Chrome Web Store Payments) - C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21] CHR Extension: (Gmail) - C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-24] CHR Extension: (Chrome Media Router) - C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433688 2016-01-07] (BlueStack Systems, Inc.) S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413208 2016-01-07] (BlueStack Systems, Inc.) S3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [859672 2016-01-07] (BlueStack Systems, Inc.) S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1369464 2016-01-15] (Disc Soft Ltd) R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [370064 2015-10-13] (Intel Corporation) R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [882464 2015-07-17] (IObit) S3 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [360736 2016-10-28] (IObit) R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2960160 2016-04-22] (IObit) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes) R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-08-17] (NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-08-17] (NVIDIA Corporation) R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-08-09] (NVIDIA Corporation) R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-08-17] (NVIDIA Corporation) S3 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187824 2016-04-18] () S3 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [132864 2016-04-29] (Razer Inc.) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2017-09-15] (Microsoft Corporation) R2 sgbupt; C:\Program Files (x86)\SuperBoost\SuperBoost Software Updater\SuperBoostUpdater.exe [2600256 2016-10-21] (SuperBoost Software) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [249032 2015-06-04] (Synaptics Incorporated) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103704 2017-11-25] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4316456 2016-11-18] (Qualcomm Atheros Communications, Inc.) S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [154680 2016-01-07] (BlueStack Systems) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.) R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-02-26] (Disc Soft Ltd) S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-02-26] (Disc Soft Ltd) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2017-11-01] () R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2015-03-25] (IObit) S3 Hamachi; C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [45680 2017-05-22] (LogMeIn Inc.) R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-11-18] (REALiX(tm)) S4 IObitUnlocker; C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [66824 2017-06-15] (IObit) S3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21360 2013-01-09] (Acer Incorporated) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193464 2017-12-02] (Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2017-12-02] (Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2017-12-02] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2017-12-02] (Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-12-02] (Malwarebytes) R1 MpKsl272aac17; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A5BEDF92-59F2-475D-9D5D-E7686BD5D55C}\MpKsl272aac17.sys [58120 2017-11-26] (Microsoft Corporation) R1 MpKsl69a0050d; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A5BEDF92-59F2-475D-9D5D-E7686BD5D55C}\MpKsl69a0050d.sys [58120 2017-11-30] (Microsoft Corporation) R1 MpKsl82853fd0; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A5BEDF92-59F2-475D-9D5D-E7686BD5D55C}\MpKsl82853fd0.sys [58120 2017-11-26] (Microsoft Corporation) R1 MpKsl876f31ec; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A5BEDF92-59F2-475D-9D5D-E7686BD5D55C}\MpKsl876f31ec.sys [58120 2017-11-27] (Microsoft Corporation) R1 MpKsl9858aa96; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A5BEDF92-59F2-475D-9D5D-E7686BD5D55C}\MpKsl9858aa96.sys [58120 2017-11-26] (Microsoft Corporation) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvacwu.inf_amd64_bdd6ea477d4e2fba\nvlddmkm.sys [14190520 2017-01-17] (NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-08-17] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-08-17] (NVIDIA Corporation) R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-06-20] (NVIDIA Corporation) S3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [15704 2013-01-09] (Acer Incorporated) R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2015-03-25] (IObit.com) R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [44144 2016-03-10] (Razer, Inc.) R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [137840 2016-04-17] (Razer, Inc.) R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [21360 2016-03-22] (IObit) R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2016-02-17] (Synaptics Incorporated) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.) R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2015-03-25] (IObit.com) S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) R2 WinisoCDBus; C:\WINDOWS\System32\drivers\WinisoCDBus.sys [204032 2016-10-20] (WinISO.com) S3 xhunter1; C:\WINDOWS\xhunter1.sys [36832 2017-01-16] (Wellbia.com Co., Ltd.) S3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-12-03 00:04 - 2017-12-03 00:23 - 000079347 _____ C:\Users\Shauna\Downloads\Addition.txt 2017-12-02 23:59 - 2017-12-03 00:00 - 006968952 _____ (ESET spol. s r.o.) C:\Users\Shauna\Downloads\esetonlinescanner_enu (2).exe 2017-12-02 23:59 - 2017-12-02 23:59 - 006968952 _____ (ESET spol. s r.o.) C:\Users\Shauna\Downloads\esetonlinescanner_enu (3).exe 2017-12-02 23:45 - 2017-12-03 00:24 - 000030363 _____ C:\Users\Shauna\Downloads\FRST.txt 2017-12-02 23:44 - 2017-12-03 00:23 - 000000000 ____D C:\FRST 2017-12-02 23:44 - 2017-12-02 23:44 - 002391552 _____ (Farbar) C:\Users\Shauna\Downloads\FRST64.exe 2017-12-02 23:40 - 2017-12-02 23:40 - 000012316 _____ C:\Users\Shauna\Desktop\malware bytes.txt 2017-12-02 23:39 - 2017-12-02 23:39 - 006968952 _____ (ESET spol. s r.o.) C:\Users\Shauna\Downloads\esetonlinescanner_enu (1).exe 2017-12-02 23:39 - 2017-12-02 23:39 - 000000000 ____D C:\Users\Shauna\AppData\Local\ESET 2017-12-02 23:38 - 2017-12-02 23:38 - 006968952 _____ (ESET spol. s r.o.) C:\Users\Shauna\Downloads\esetonlinescanner_enu.exe 2017-12-02 23:09 - 2017-12-02 23:10 - 010848760 _____ (Piriform Ltd) C:\Users\Shauna\Downloads\ccsetup537pro (2).exe 2017-12-02 23:06 - 2017-12-02 23:06 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2017-12-02 23:05 - 2017-12-02 23:05 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2017-12-02 23:05 - 2017-12-02 23:05 - 000193464 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2017-12-02 23:05 - 2017-12-02 23:05 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2017-12-02 23:05 - 2017-12-02 23:05 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2017-12-02 23:05 - 2017-12-02 23:05 - 000001924 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-12-02 23:05 - 2017-12-02 23:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-12-02 23:05 - 2017-11-01 08:54 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys 2017-12-02 23:04 - 2017-12-02 23:04 - 000000000 ____D C:\ProgramData\MB3CoreBackup 2017-12-02 23:03 - 2017-12-02 23:03 - 000003938 _____ C:\WINDOWS\System32\Tasks\CCleaner Update 2017-12-02 23:03 - 2017-12-02 23:03 - 000002870 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2017-12-02 23:03 - 2017-12-02 23:03 - 000000869 _____ C:\Users\Public\Desktop\CCleaner.lnk 2017-12-02 23:03 - 2017-12-02 23:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2017-12-02 23:03 - 2017-12-02 23:03 - 000000000 ____D C:\Program Files\Malwarebytes 2017-12-02 23:03 - 2017-12-02 23:03 - 000000000 ____D C:\Program Files\CCleaner 2017-12-02 23:02 - 2017-12-02 23:03 - 078346672 _____ (Malwarebytes ) C:\Users\Shauna\Downloads\mb3-setup-consumer-3.3.1.2183.exe 2017-12-02 23:00 - 2017-12-02 23:01 - 010848760 _____ (Piriform Ltd) C:\Users\Shauna\Downloads\ccsetup537pro (1).exe 2017-12-02 23:00 - 2017-12-02 23:00 - 010848760 _____ (Piriform Ltd) C:\Users\Shauna\Downloads\ccsetup537pro.exe 2017-11-30 21:20 - 2017-11-30 21:20 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2017-11-27 18:59 - 2017-11-27 19:00 - 000001268 _____ C:\Users\lando\Desktop\Roblox Studio.lnk 2017-11-26 12:29 - 2017-11-26 12:29 - 000000000 ____D C:\Users\Shauna\Documents\Elysia 2017-11-26 12:14 - 2017-11-26 12:14 - 000000000 ____D C:\Users\Shauna\Desktop\family pictures 2017-11-26 12:13 - 2017-11-26 12:22 - 000000000 ____D C:\Users\Shauna\Desktop\zombie punch pictures 2017-11-26 12:12 - 2017-11-26 12:22 - 000000000 ____D C:\Users\Shauna\Desktop\rars 2017-11-26 12:12 - 2017-11-26 12:12 - 000002701 _____ C:\Users\Shauna\AppData\Local\recently-used.xbel 2017-11-26 11:35 - 2017-11-26 11:55 - 3684157086 _____ C:\Users\Shauna\Downloads\Elysia Online Setup.rar 2017-11-26 02:38 - 2017-11-26 02:45 - 112984064 _____ C:\WINDOWS\system32\config\SOFTWARE 2017-11-26 02:38 - 2017-11-26 02:45 - 000786432 _____ C:\WINDOWS\system32\config\DEFAULT 2017-11-26 02:38 - 2017-11-26 02:45 - 000032768 _____ C:\WINDOWS\system32\config\SECURITY 2017-11-26 02:38 - 2017-11-26 02:38 - 000045056 _____ C:\WINDOWS\system32\config\SAM 2017-11-25 23:53 - 2017-11-25 23:53 - 000231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll 2017-11-25 23:53 - 2017-11-25 23:53 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 023678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 022571008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 022220856 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 020967832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 019415040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 018365952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 013441536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 013107712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 012349440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 012205056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 009129984 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 008119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 007780184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 007626240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 006664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 006474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 006066176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 004749824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 004742144 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 004423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 003662848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 003616256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 003401216 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 002997760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 002641920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 002538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 002529120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 002321408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 002253656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 002187104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 002170712 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 002097664 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2017-11-25 23:48 - 2017-11-25 23:48 - 002032472 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 002028032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2017-11-25 23:48 - 2017-11-25 23:48 - 001988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 001984512 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 001817088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 001670488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 001600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 001578848 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 001518080 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 001478656 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 001470808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 001409880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 001373184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 001285120 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 001231360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 001181528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 001117016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 001102680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 001090912 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 001054040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 001010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000992088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000983904 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000965464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000947552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi 2017-11-25 23:48 - 2017-11-25 23:48 - 000909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000862208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000825688 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000813400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000811864 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000788624 _____ C:\WINDOWS\SysWOW64\locale.nls 2017-11-25 23:48 - 2017-11-25 23:48 - 000788624 _____ C:\WINDOWS\system32\locale.nls 2017-11-25 23:48 - 2017-11-25 23:48 - 000779776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000779608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000766808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000760320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000711168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000704344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000699224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000687968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000678752 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000658272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 000656896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000652344 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000647520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 000635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000635456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000626176 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPTpm12.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000613720 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000612192 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000581048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000569688 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000558424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 000551424 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000538112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPTpm12.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000513368 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000509784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000500576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 000485520 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000484184 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000484184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000482384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000455512 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000453632 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000412504 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000402264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 000399360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000392024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 000389120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000385856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000381792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS 2017-11-25 23:48 - 2017-11-25 23:48 - 000379232 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000341976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000304232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000299360 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinit.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000297984 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000297472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000269152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000259936 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000241496 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000241496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000223584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000206176 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000202584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamingUX.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000199000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 000190296 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000178008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE 2017-11-25 23:48 - 2017-11-25 23:48 - 000169304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\system32\regsvc.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE 2017-11-25 23:48 - 2017-11-25 23:48 - 000144728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000139096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 000124072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000120416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000097120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000089552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000082608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcd.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000082272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys 2017-11-25 23:48 - 2017-11-25 23:48 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000076120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncAppvPublishingServer.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000069120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spbcd.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000067928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCredential.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceCredential.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000034648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe 2017-11-25 23:48 - 2017-11-25 23:48 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mgmtapi.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mgmtapi.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll 2017-11-25 23:48 - 2017-11-25 23:48 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll 2017-11-25 22:35 - 2017-11-25 22:35 - 000835568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2017-11-25 22:35 - 2017-11-25 22:35 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2017-11-25 05:22 - 2017-11-25 05:22 - 000000000 ____D C:\Program Files (x86)\AnonymizerGadget 2017-11-23 16:19 - 2017-11-23 16:19 - 000000074 _____ C:\Users\Shauna\Desktop\girl3.vmt 2017-11-23 16:06 - 2017-11-23 16:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VTFEdit 2017-11-23 16:06 - 2017-11-23 16:06 - 000000000 ____D C:\Program Files (x86)\VTFEdit 2017-11-22 13:53 - 2017-11-22 13:53 - 000000000 ____D C:\Users\Shauna\AppData\Roaming\AGData 2017-11-13 17:29 - 2017-11-13 17:29 - 000002428 _____ C:\Users\Shauna\Desktop\LittleNightmares Secrets of the Maw.lnk 2017-11-13 17:27 - 2017-11-13 17:27 - 000001088 _____ C:\Users\Shauna\Desktop\Secrets of the Maw.lnk 2017-11-13 17:27 - 2017-11-13 17:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secrets of the Maw 2017-11-13 17:22 - 2017-11-13 17:22 - 000003434 _____ C:\WINDOWS\System32\Tasks\WindowsMediaSharing 2017-11-13 16:42 - 2017-11-13 17:22 - 000000000 ____D C:\Users\Shauna\Downloads\Little Nightmares Secrets of The Maw-Ch1 2017-11-12 20:03 - 2017-12-02 23:53 - 000000000 ____D C:\Program Files (x86)\Steam 2017-11-12 20:03 - 2017-11-12 20:03 - 000001040 _____ C:\Users\Public\Desktop\Steam.lnk 2017-11-12 20:03 - 2017-11-12 20:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2017-11-12 19:15 - 2017-11-12 19:17 - 1075296456 _____ C:\Users\Shauna\Desktop\Starbound.rar 2017-11-12 18:24 - 2017-11-12 18:28 - 000000000 ____D C:\Users\Shauna\Desktop\Terraria 2017-11-12 18:23 - 2017-11-12 18:26 - 000000000 ____D C:\Users\Shauna\Desktop\Starbound 2017-11-12 12:20 - 2017-11-12 12:20 - 000001271 _____ C:\Users\Public\Desktop\IObit Unlocker.lnk 2017-11-12 12:20 - 2017-11-12 12:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Unlocker 2017-11-12 10:39 - 2017-11-12 10:40 - 000000000 ____D C:\Users\Shauna\Desktop\New folder 2017-11-05 20:28 - 2017-11-05 20:28 - 000002751 _____ C:\Users\lando\AppData\Local\recently-used.xbel 2017-11-05 20:27 - 2017-11-05 20:28 - 000000000 ____D C:\Users\lando\AppData\Local\gtk-2.0 ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-12-02 23:49 - 2017-01-25 20:42 - 000007594 _____ C:\Users\Shauna\AppData\Local\Resmon.ResmonCfg 2017-12-02 23:21 - 2017-01-13 22:22 - 000000000 ____D C:\Users\Shauna\AppData\Roaming\uTorrent 2017-12-02 23:20 - 2016-07-16 03:47 - 000000000 ____D C:\WINDOWS\AppReadiness 2017-12-02 23:13 - 2016-12-14 19:39 - 000000000 ____D C:\Users\Shauna\AppData\Local\CrashDumps 2017-12-02 23:05 - 2015-10-24 20:59 - 000000000 ____D C:\ProgramData\Malwarebytes 2017-12-02 22:48 - 2017-03-17 01:48 - 001863322 _____ C:\WINDOWS\system32\perfh011.dat 2017-12-02 22:48 - 2017-03-17 01:48 - 000487552 _____ C:\WINDOWS\system32\perfc011.dat 2017-12-02 22:48 - 2016-11-20 10:51 - 004750944 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-12-02 22:45 - 2016-11-20 10:41 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2017-12-02 12:25 - 2016-06-03 02:43 - 000000000 ____D C:\ProgramData\NVIDIA 2017-12-02 09:23 - 2015-10-24 12:09 - 000000000 ____D C:\ProgramData\ProductData 2017-12-02 05:59 - 2015-09-11 08:30 - 000002561 _____ C:\Users\Shauna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome Canary.lnk 2017-12-02 05:59 - 2015-09-11 08:30 - 000002552 _____ C:\Users\Shauna\Desktop\Google Chrome Canary.lnk 2017-12-02 03:27 - 2016-07-16 03:36 - 000000000 ____D C:\WINDOWS\CbsTemp 2017-12-02 01:03 - 2016-07-16 03:45 - 000000000 ____D C:\WINDOWS\INF 2017-12-01 20:41 - 2016-07-16 03:47 - 000000000 ____D C:\WINDOWS\rescache 2017-11-30 21:20 - 2015-07-24 20:47 - 000000000 __SHD C:\Users\Shauna\IntelGraphicsProfiles 2017-11-30 21:16 - 2016-11-20 10:41 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-11-28 19:32 - 2017-02-10 16:58 - 000000000 ____D C:\Users\Shauna 2017-11-27 22:38 - 2017-02-10 16:58 - 000000000 ____D C:\Users\lando 2017-11-27 19:00 - 2017-07-21 16:24 - 000001465 _____ C:\Users\lando\Desktop\roblox player.lnk 2017-11-27 19:00 - 2016-07-01 15:54 - 000001465 _____ C:\Users\lando\Desktop\ROBLOX Player - Copy.lnk 2017-11-27 19:00 - 2016-05-22 19:05 - 000000000 ____D C:\Users\lando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox 2017-11-27 18:59 - 2017-01-06 20:11 - 000000000 ____D C:\Users\lando\AppData\Local\CrashDumps 2017-11-27 18:58 - 2016-11-20 10:54 - 000000000 __RHD C:\Users\Public\AccountPictures 2017-11-27 18:58 - 2016-05-22 17:41 - 000000000 __SHD C:\Users\lando\IntelGraphicsProfiles 2017-11-26 16:43 - 2015-10-24 11:58 - 000000000 ____D C:\ProgramData\IObit 2017-11-26 15:39 - 2015-08-26 13:40 - 000000000 ____D C:\Users\Shauna\AppData\Local\ElevatedDiagnostics 2017-11-26 12:08 - 2014-07-02 22:36 - 000000000 ____D C:\Users\Shauna\.gimp-2.8 2017-11-26 02:47 - 2016-11-20 10:40 - 000484168 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-11-26 02:45 - 2016-07-15 22:04 - 002097152 _____ C:\WINDOWS\system32\config\BBI 2017-11-26 02:41 - 2016-07-16 03:47 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2017-11-26 02:41 - 2016-07-16 03:47 - 000000000 ___RD C:\Program Files\Windows Defender 2017-11-26 02:41 - 2016-07-16 03:47 - 000000000 ____D C:\WINDOWS\system32\oobe 2017-11-26 02:41 - 2016-07-16 03:47 - 000000000 ____D C:\WINDOWS\system32\appraiser 2017-11-26 02:41 - 2016-07-16 03:47 - 000000000 ____D C:\WINDOWS\ShellExperiences 2017-11-26 02:41 - 2016-07-16 03:47 - 000000000 ____D C:\Program Files (x86)\Windows Defender 2017-11-26 02:38 - 2017-03-20 21:16 - 112734208 _____ C:\WINDOWS\system32\config\SOFTWARE.iodefrag.bak 2017-11-26 02:38 - 2017-03-20 21:16 - 000569344 _____ C:\WINDOWS\system32\config\DEFAULT.iodefrag.bak 2017-11-26 02:38 - 2017-03-20 21:16 - 000045056 _____ C:\WINDOWS\system32\config\SAM.iodefrag.bak 2017-11-26 02:38 - 2017-03-20 21:16 - 000032768 _____ C:\WINDOWS\system32\config\SECURITY.iodefrag.bak 2017-11-23 15:58 - 2015-12-19 13:33 - 000000000 ____D C:\Users\Shauna\AppData\Local\gtk-2.0 2017-11-22 13:52 - 2015-09-27 21:47 - 000000000 ____D C:\ProgramData\Skype 2017-11-21 21:58 - 2016-07-16 03:47 - 000000000 ____D C:\WINDOWS\system32\NDF 2017-11-17 07:13 - 2017-02-10 17:24 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2017-11-17 07:13 - 2017-02-10 17:24 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2017-11-14 22:33 - 2017-02-10 17:24 - 000004386 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2017-11-14 22:33 - 2016-07-16 03:47 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2017-11-14 22:33 - 2016-07-16 03:47 - 000000000 ____D C:\WINDOWS\system32\Macromed 2017-11-14 21:37 - 2017-04-07 03:15 - 000003712 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3102671110-3783085175-2543185073-1002UA1d2af9041b0587e 2017-11-14 21:37 - 2017-04-07 03:15 - 000003444 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3102671110-3783085175-2543185073-1002Core1d2af9041990718 2017-11-13 17:23 - 2017-05-12 17:17 - 000000000 ____D C:\Program Files (x86)\Little Nightmares 2017-11-13 17:21 - 2017-05-13 14:28 - 000000000 ____D C:\Users\Shauna\AppData\LocalLow\uTorrent 2017-11-13 16:55 - 2016-03-04 17:20 - 000002278 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-11-12 19:40 - 2014-06-08 19:51 - 000000000 ____D C:\Users\Shauna\Desktop\games 2017-11-12 12:20 - 2015-10-24 11:57 - 000000000 ____D C:\Program Files (x86)\IObit 2017-11-12 09:34 - 2016-12-25 21:08 - 000000000 ____D C:\Users\Shauna\AppData\Roaming\.minecraft 2017-11-05 22:14 - 2017-04-09 11:38 - 000000000 ____D C:\Users\lando\.gimp-2.8 2017-11-05 20:27 - 2016-06-01 19:04 - 000000000 ____D C:\Users\lando\Documents\My games ==================== Files in the root of some directories ======= 2016-01-07 18:24 - 2016-01-07 18:22 - 000012005 _____ () C:\Users\Shauna\AppData\Roaming\alsoft.ini 2015-08-26 22:50 - 2015-08-26 22:50 - 000000000 ___SH () C:\Users\Shauna\AppData\Local\LumaEmu 2017-11-26 12:12 - 2017-11-26 12:12 - 000002701 _____ () C:\Users\Shauna\AppData\Local\recently-used.xbel 2017-01-25 20:42 - 2017-12-02 23:49 - 000007594 _____ () C:\Users\Shauna\AppData\Local\Resmon.ResmonCfg Some files in TEMP: ==================== 2017-04-18 18:07 - 2017-04-18 18:07 - 000739904 _____ (Oracle Corporation) C:\Users\lando\AppData\Local\Temp\jre-8u131-windows-au.exe 2017-03-02 19:29 - 2017-06-16 16:25 - 058684896 _____ (Skype Technologies S.A.) C:\Users\lando\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-12-02 21:59 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-11-2017 Ran by Shauna (03-12-2017 00:26:22) Running from C:\Users\Shauna\Downloads Windows 10 Pro Version 1607 14393.1884 (X64) (2017-02-11 01:41:28) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3102671110-3783085175-2543185073-500 - Administrator - Disabled) => C:\Users\Administrator DefaultAccount (S-1-5-21-3102671110-3783085175-2543185073-503 - Limited - Disabled) Guest (S-1-5-21-3102671110-3783085175-2543185073-501 - Limited - Disabled) lando (S-1-5-21-3102671110-3783085175-2543185073-1003 - Limited - Enabled) => C:\Users\lando Shauna (S-1-5-21-3102671110-3783085175-2543185073-1002 - Administrator - Enabled) => C:\Users\Shauna UpdatusUser (S-1-5-21-3102671110-3783085175-2543185073-1001 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\uTorrent) (Version: 3.5.0.44090 - BitTorrent Inc.) µTorrent (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\uTorrent) (Version: 3.5.0.44090 - BitTorrent Inc.) µTorrent (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\uTorrent) (Version: 3.5.0.44090 - BitTorrent Inc.) 7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov) AbiWord 2.8.6 (HKLM-x32\...\AbiWord2) (Version: 2.8.6 - AbiSource Developers) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated) Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated) Advanced SystemCare 10 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 10.1.0 - IObit) Aion (HKLM-x32\...\{B9291CA2-6FA5-44EA-8EE0-923EB32ADAAB}) (Version: 4.0.0.3 - NC Interactive, LLC) Alice Madness Returns - The Complete Collection (HKLM-x32\...\Alice Madness Returns - The Complete Collection_is1) (Version: - ) Allods Online EN (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\Allods Online EN) (Version: 1.126 - My.com B.V.) Allods Online EN (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\Allods Online EN) (Version: 1.126 - My.com B.V.) Allods Online EN (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\Allods Online EN) (Version: 1.126 - My.com B.V.) American McGee's Alice(tm) (HKLM-x32\...\{77B5AD60-8F14-11D4-9BC9-0050041A1090}) (Version: - ) AnonymizerGadget (HKU\.DEFAULT\...\AnonymizerGadget) (Version: 1 - Jetico lim) <==== ATTENTION Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 376.33 - NVIDIA Corporation) Hidden Apowersoft Free Audio Recorder V3.0.5 (HKLM-x32\...\{E35F91E4-C68C-43E8-BE90-35CDEE4E5730}_is1) (Version: 3.0.5 - APOWERSOFT LIMITED) Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) BlueStacks App Player (HKLM-x32\...\{4047E0FE-CBD8-4915-BBB1-45F6CBF417AC}) (Version: 2.0.4.5627 - BlueStack Systems, Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.37 - Piriform) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.2.0.0115 - Disc Soft Ltd) Desktop Calendar 2.2.1.3583 (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\DesktopCal) (Version: 2.2.1.3583 - DesktopCal, Inc.) Desktop Calendar 2.2.1.3583 (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\DesktopCal) (Version: 2.2.1.3583 - DesktopCal, Inc.) Desktop Calendar 2.2.1.3583 (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\DesktopCal) (Version: 2.2.1.3583 - DesktopCal, Inc.) Dolphin (HKLM-x32\...\Dolphin) (Version: 5.0 - Dolphin Team) Equalizer APO (HKLM\...\EqualizerAPO) (Version: 1.1.1 - ) Exodus Online (HKLM-x32\...\{552FD7D8-896C-4211-9460-886FB7E21158}) (Version: 1.0.0 - Exodus Online) Facebook Gameroom 1.3.1.3 (HKLM-x32\...\{7E155A45-DE1A-46E0-A6B2-10FE1D8501FC}) (Version: 1.3.1.3 - Facebook) Fiesta Online EN (HKLM-x32\...\Fiesta Online EN) (Version: 1.05.039 - Gamigo games) FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.) Free Internet Window Washer (HKLM-x32\...\Free Internet Window Washer) (Version: - ) Free Webcam Recorder (HKLM-x32\...\{EDA2F047-79B6-46E2-8323-28086E1BA51D}) (Version: 1.0.0 - freepicturesolutions) GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team) Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.) Google Chrome Canary (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\Google Chrome SxS) (Version: 64.0.3282.3 - Google Inc.) Google Chrome Canary (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\Google Chrome SxS) (Version: 64.0.3282.3 - Google Inc.) Google Chrome Canary (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\Google Chrome SxS) (Version: 64.0.3282.3 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4248 - Intel Corporation) IObit Malware Fighter 3 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 3.3 - IObit) IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 6.1.0.510 - IObit) IObit Unlocker (HKLM-x32\...\IObit Unlocker_is1) (Version: 1.1.2 - IObit) Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation) League of Legends (HKLM-x32\...\{79BF4901-1EC4-4726-B3C2-A7859706C6E7}) (Version: 3.0.1 - Riot Games) Hidden League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games) Little Nightmares (HKLM-x32\...\Little Nightmares_is1) (Version: - ) Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes) Micro Machines World Series (HKLM-x32\...\Micro Machines World Series_is1) (Version: - ) Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3102671110-3783085175-2543185073-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131997\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3102671110-3783085175-2543185073-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234137809\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang) MouseRecorder v1.0.51 (HKLM-x32\...\MouseRecorder_is1) (Version: 1.0.51 - Bartels Media GmbH) Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 47.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla) My.com Game Center (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\MyComGames) (Version: 3.210 - My.com B.V.) My.com Game Center (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\MyComGames) (Version: 3.210 - My.com B.V.) My.com Game Center (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\MyComGames) (Version: 3.210 - My.com B.V.) NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT) Novicorp WinToFlash Lite version 1.4.0000 (HKLM-x32\...\{A1A1FF24-34C6-4B77-BDB7-A689979F018C}_is1) (Version: 1.4.0000 - Novicorp) NVIDIA GeForce Experience 3.2.2.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.2.2.49 - NVIDIA Corporation) NVIDIA Graphics Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation) NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation) NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.2.2.49 - NVIDIA Corporation) Hidden NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.0.2.1 - NVIDIA Corporation) Hidden NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.2 - NVIDIA Corporation) Hidden Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - ) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation) Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version: - ) Project64 version 2.3.0.210 (HKLM-x32\...\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1) (Version: 2.3.0.210 - ) QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements) QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.) Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 7.2.16.12597 - Razer Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7930 - Realtek Semiconductor Corp.) Roblox Player for lando (HKU\S-1-5-21-3102671110-3783085175-2543185073-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131997\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - Roblox Corporation) Roblox Player for lando (HKU\S-1-5-21-3102671110-3783085175-2543185073-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234137809\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - Roblox Corporation) ROBLOX Player for Shauna (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation) ROBLOX Player for Shauna (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation) ROBLOX Player for Shauna (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation) Roblox Studio for lando (HKU\S-1-5-21-3102671110-3783085175-2543185073-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131997\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - Roblox Corporation) Roblox Studio for lando (HKU\S-1-5-21-3102671110-3783085175-2543185073-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234137809\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - Roblox Corporation) Secret World Legends (HKLM-x32\...\Secret World Legends_is1) (Version: 1.0.0 - Funcom) Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft) SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0351 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.2.2.49 - NVIDIA Corporation) Hidden skyforge_mycom (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\skyforge_mycom) (Version: 1.35 - My.com B.V.) skyforge_mycom (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\skyforge_mycom) (Version: 1.35 - My.com B.V.) skyforge_mycom (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\skyforge_mycom) (Version: 1.35 - My.com B.V.) Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.) Smart Defrag 5 (HKLM-x32\...\Smart Defrag_is1) (Version: 5.5.0 - IObit) SpaceEngine version 0.9.8.0 (HKLM-x32\...\{6E7A40FA-86CE-4844-A7DC-F8769F21A62F}_is1) (Version: 0.9.8.0 - SpaceEngine) SpywareBlaster 5.2 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.2.0 - BrightFort LLC) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Superb Game Boost 3.1 (HKLM-x32\...\SuperbGameBoost_is1) (Version: 3.1 - ) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.9.4 - Synaptics Incorporated) System Shock 2 (HKLM-x32\...\GOGPACKSSHOCK2_is1) (Version: 2.0.0.9 - GOG.com) The Secret World (HKLM-x32\...\The Secret World_is1) (Version: 1.0.0 - Funcom) Touchpad Blocker (HKLM-x32\...\Touchpad Blocker) (Version: 2.9 - KARPOLAN) Trove North America (HKLM-x32\...\Glyph Trove North America) (Version: - Trion Worlds, Inc.) Unity Web Player (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\UnityWebPlayer) (Version: 5.3.4f1 - Unity Technologies ApS) Unity Web Player (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\UnityWebPlayer) (Version: 5.3.4f1 - Unity Technologies ApS) Unity Web Player (HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\UnityWebPlayer) (Version: 5.3.4f1 - Unity Technologies ApS) Unity Web Player (HKU\S-1-5-21-3102671110-3783085175-2543185073-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131997\...\UnityWebPlayer) (Version: 5.3.6f1 - Unity Technologies ApS) Unity Web Player (HKU\S-1-5-21-3102671110-3783085175-2543185073-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234137809\...\UnityWebPlayer) (Version: 5.3.6f1 - Unity Technologies ApS) Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS) Update for Skype for Business 2015 (KB4011046) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{4948A05E-E21F-4A6F-BF2A-7D106E339C9B}) (Version: - Microsoft) Update for Skype for Business 2015 (KB4011046) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{4948A05E-E21F-4A6F-BF2A-7D106E339C9B}) (Version: - Microsoft) Update for Skype for Business 2015 (KB4011046) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{4948A05E-E21F-4A6F-BF2A-7D106E339C9B}) (Version: - Microsoft) Vampire - The Masquerade Bloodlines (HKLM-x32\...\{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}) (Version: 1.00.0000 - Activision) Hidden Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.) VitalSource Bookshelf (HKLM-x32\...\{4bb6f5ce-1e01-41b1-833d-ffa2297df6f4}) (Version: 6.08.0017 - Ingram Content Group) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN) VTFEdit 1.2.5 (HKLM-x32\...\VTFEdit_is1) (Version: - Neil Jedrzejewski & Ryan Gregg) Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinISO (HKLM-x32\...\WinISO) (Version: 6.4.1.6137 - WinISO Computing Inc.) WinRAR 5.30 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.4 - win.rar GmbH) WizTree v2.01 (HKLM-x32\...\WizTree_is1) (Version: - Antibody Software) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Shauna\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Shauna\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.) ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit) ContextMenuHandlers1: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2015-01-09] (IObit) ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2016-05-23] (IObit) ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit) ContextMenuHandlers1: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2015-07-15] (IObit) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-09-13] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-09-13] (Alexander Roshal) ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit) ContextMenuHandlers4: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2015-01-09] (IObit) ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2016-05-23] (IObit) ContextMenuHandlers4: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2015-07-15] (IObit) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-10-13] (Intel Corporation) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-12-29] (NVIDIA Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) ContextMenuHandlers6: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2015-01-09] (IObit) ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2016-05-23] (IObit) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes) ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit) ContextMenuHandlers6: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2015-07-15] (IObit) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-09-13] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-09-13] (Alexander Roshal) ContextMenuHandlers1_S-1-5-21-3102671110-3783085175-2543185073-1002: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File ContextMenuHandlers5_S-1-5-21-3102671110-3783085175-2543185073-1002: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {04B6D5CE-4459-4CF6-9280-76CA0FE0EB88} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe [2017-02-17] (IObit) Task: {0E80A276-D1E7-4ABF-BCE4-2F706D0CB3AF} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-11-08] (Piriform Ltd) Task: {0EC67150-54B2-4B64-8406-C51303D4436D} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-08-17] (NVIDIA Corporation) Task: {114E4D25-4D0A-4542-9D7C-2DB6A66AD2FC} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [2017-02-17] (IObit) Task: {13FB2D35-27B8-44E5-A2D5-7DE963BD54D2} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-08-17] (NVIDIA Corporation) Task: {146705A4-D49A-4AC1-9F29-2BF2E38C7197} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation) Task: {26EE86E7-860A-46AE-9AB7-14B5ADF65E63} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation) Task: {2F251320-BCCC-49E5-AAAA-058358E98F26} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3102671110-3783085175-2543185073-1002UA1d2af9041b0587e => C:\Users\Shauna\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-11] (Google Inc.) Task: {3267C51B-F554-4BA9-BC0A-062E7D6FC248} - \ASC10_SkipUac_Shauna -> No File <==== ATTENTION Task: {3C3CAE4A-EAFD-4C6A-808B-94580FF76365} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3102671110-3783085175-2543185073-1002Core => C:\Users\Shauna\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-11] (Google Inc.) Task: {4B3E2004-0C65-4F62-8465-AB25AD159676} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-08-17] (NVIDIA Corporation) Task: {4CD307D7-9CB7-4B77-9C89-EBCF6F8D2EF1} - System32\Tasks\{69AC7384-0B56-436A-AE1F-26490289EFF5} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\EA GAMES\American McGee's Alice\Alice.exe" -d "C:\Program Files (x86)\EA GAMES\American McGee's Alice" Task: {53A21AC5-31F2-48A5-ABCA-44D0D79EAEA2} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-08-17] (NVIDIA Corporation) Task: {54924F83-4E2A-485E-9FFC-95F578C8CF71} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-04] (Google Inc.) Task: {5824E64A-2C09-445A-88E5-E6CBC7867F23} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3102671110-3783085175-2543185073-1002Core1d2af9041990718 => C:\Users\Shauna\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-11] (Google Inc.) Task: {5F3E65D1-C054-450C-BE6B-BDC45509D018} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-11-25] (Microsoft Corporation) Task: {658563B1-DD68-4D8A-88AD-9789DBA65F6A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-11-08] (Piriform Ltd) Task: {6ACFD528-B315-4607-B6C2-987C29F075F4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-11-25] (Microsoft Corporation) Task: {7A1A668B-354B-4FA9-8C9E-935096458A09} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3102671110-3783085175-2543185073-1002UA => C:\Users\Shauna\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-11] (Google Inc.) Task: {7AAA787B-030F-4FF6-9B5C-F9EF725A0A51} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated) Task: {89654F84-8EE3-4C5F-9BAF-536367841D03} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [2016-06-06] (IObit) Task: {A4D7DD49-E6E1-4466-9B88-79CEABCBEC5D} - System32\Tasks\Uninstaller_SkipUac_Shauna => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-12-15] (IObit) Task: {AA251C1D-989E-4B17-8A84-E01E0A55F146} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe Task: {B0627F85-E960-4E5A-ACAD-375BEE7AACD7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-11-25] (Microsoft Corporation) Task: {B11323BD-8721-4917-9DCB-427DA4E51B93} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-04] (Google Inc.) Task: {B3A55724-0EC6-411D-B8F2-E01E626B5A87} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-14] (Adobe Systems Incorporated) Task: {C913BE21-4182-4CEC-84EA-A1B2A17A7119} - System32\Tasks\SuperbGameBoost => C:\Program Files (x86)\SuperBoost\Superb Game Boost\SuperbGameBoostMain.exe [2016-11-28] (SuperBoost Software) Task: {D05852DA-B97A-437B-9415-A1B0566832E1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-11-08] (Piriform Ltd) Task: {D20B0ECA-2D1D-49F7-9060-4012D90CD6A3} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-08-17] (NVIDIA Corporation) Task: {D7706776-8610-479A-8FAD-B0A908C80119} - System32\Tasks\{8DFA961D-C189-41F7-82E5-231DE0E723A1} => C:\WINDOWS\system32\pcalua.exe -a D:\setup.exe -d D:\ Task: {DD1E5FC3-FBEA-42A7-A38A-5618904CE470} - System32\Tasks\WindowsMediaSharing => C:\windows\wndsvr.exe Task: {E1C3D66F-BB91-41A3-AB9B-B1CF030E69C4} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-08-17] (NVIDIA Corporation) Task: {E953EA30-E0E7-472E-879D-C7F77BF29B86} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-11-25] (Microsoft Corporation) Task: {EAE73CB3-46B5-4565-9756-03ACCD362375} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-08-17] (NVIDIA Corporation) Task: {F2592FCC-F500-435E-9556-3B83E430EB49} - System32\Tasks\IObitSelfCheckTask => C:\Program Files (x86)\IObit\Smart Defrag\IObitSelfCheck.exe [2016-10-18] (IObit) Task: {F8261426-AB14-404C-8742-1A08CEF622B5} - \ASC10_PerformanceMonitor -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Shauna.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Shauna\Favorites\Acer\Acer.lnk -> hxxp://www.acer.com ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 03:42 - 2016-07-16 03:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2017-09-15 18:14 - 2017-09-15 18:14 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2017-02-10 16:52 - 2016-12-29 05:16 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2016-11-25 22:23 - 2017-08-17 20:36 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll 2017-02-23 07:29 - 2017-02-23 07:29 - 008909512 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2016-11-20 10:11 - 2016-11-20 10:11 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2017-03-14 20:22 - 2017-03-03 22:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2015-10-13 22:47 - 2015-10-13 22:47 - 000415128 _____ () C:\WINDOWS\system32\igfxTray.exe 2017-03-14 20:20 - 2017-03-03 22:12 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-03-14 20:20 - 2017-03-03 22:05 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-03-14 20:20 - 2017-03-03 22:05 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2017-10-30 23:58 - 2017-10-30 23:58 - 001033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2017-10-30 23:58 - 2017-10-30 23:58 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2017-10-30 23:58 - 2017-10-30 23:58 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2017-08-22 15:22 - 2017-08-22 15:23 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2017-08-22 15:22 - 2017-08-22 15:23 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2017-08-22 15:22 - 2017-08-22 15:23 - 036162048 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2017-08-22 15:22 - 2017-08-22 15:23 - 002237952 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\skypert.dll 2017-12-02 23:05 - 2017-11-01 08:55 - 002299344 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2017-12-02 23:05 - 2017-11-01 08:54 - 002358736 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2017-11-13 16:55 - 2017-11-10 01:57 - 004135768 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libglesv2.dll 2017-11-13 16:55 - 2017-11-10 01:57 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libegl.dll 2015-10-24 11:57 - 2015-01-09 17:46 - 000517408 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\sqlite3.dll 2015-10-24 12:09 - 2014-10-16 09:26 - 000622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll 2012-12-20 22:12 - 2012-12-20 22:12 - 000275840 _____ () C:\WINDOWS\SYSTEM32\WinTab32.DLL 2017-08-23 23:36 - 2016-08-18 17:43 - 000442144 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madExcept_.bpl 2017-08-23 23:36 - 2016-08-18 17:43 - 000210720 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madBasic_.bpl 2017-08-23 23:36 - 2016-08-18 17:43 - 000059680 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madDisAsm_.bpl 2017-08-23 23:36 - 2016-11-01 09:11 - 000078624 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\GetProcessDLL.dll 2017-04-06 11:01 - 2016-01-11 16:03 - 000899872 _____ () C:\Program Files (x86)\IObit\Smart Defrag\webres.dll 2017-04-06 11:00 - 2016-01-11 16:02 - 000630048 _____ () C:\Program Files (x86)\IObit\Smart Defrag\ProductStatistics.dll 2016-12-18 22:07 - 2016-08-16 14:53 - 000796480 _____ () C:\Program Files (x86)\SuperBoost\Superb Game Boost\GA_IG.dll 2016-12-18 22:07 - 2016-01-29 18:03 - 000337216 _____ () C:\Program Files (x86)\SuperBoost\Superb Game Boost\taskMgr.dll 2016-12-18 22:07 - 2016-02-02 09:53 - 000629056 _____ () C:\Program Files (x86)\SuperBoost\Superb Game Boost\SgbStatistics.dll 2016-12-18 22:07 - 2016-08-16 09:20 - 000510272 _____ () C:\Program Files (x86)\SuperBoost\Superb Game Boost\GA_ID.dll 2016-12-18 22:07 - 2016-01-29 15:21 - 000276800 _____ () C:\Program Files (x86)\SuperBoost\Superb Game Boost\D3DX8Wrapper.dll 2016-12-18 22:07 - 2016-08-16 09:20 - 000286016 _____ () c:\program files (x86)\superboost\superb game boost\GA_CheackDx.dll 2017-01-04 20:41 - 2016-06-21 19:30 - 000442144 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl 2017-01-04 20:41 - 2016-06-21 19:29 - 000210720 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl 2017-01-04 20:41 - 2016-06-21 19:29 - 000059680 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl 2017-01-04 20:41 - 2015-12-28 13:50 - 000899872 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\webres.dll 2017-01-04 20:41 - 2016-09-26 13:59 - 000631072 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll 2017-08-23 23:36 - 2015-12-28 12:50 - 000899872 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\webres.dll 2017-08-23 23:36 - 2017-05-17 12:45 - 000631584 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStatistics.dll 2015-10-24 11:57 - 2015-03-27 14:39 - 000182080 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\unrar.dll 2015-10-24 11:57 - 2015-01-09 17:46 - 000145184 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\zlibwapi.dll 2015-10-24 12:09 - 2014-10-16 09:26 - 000622880 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\ProductStatistics.dll 2017-08-23 23:36 - 2017-07-24 14:34 - 001364256 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\Scan.dll 2017-02-23 07:29 - 2017-02-23 07:29 - 008909512 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [127] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\0411dd.com -> 0411dd.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\0511zfhl.com -> 0511zfhl.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\0632qyw.com -> 0632qyw.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\1001movie.com -> 1001movie.com There are 6127 more sites. IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\0411dd.com -> 0411dd.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\0511zfhl.com -> 0511zfhl.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\0632qyw.com -> 0632qyw.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\1001movie.com -> 1001movie.com There are 6127 more sites. IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\0411dd.com -> 0411dd.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\0511zfhl.com -> 0511zfhl.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\0632qyw.com -> 0632qyw.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\1001movie.com -> 1001movie.com There are 6127 more sites. ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-07-24 20:07 - 2015-07-24 20:05 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3102671110-3783085175-2543185073-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131096\Control Panel\Desktop\\Wallpaper -> HKU\S-1-5-21-3102671110-3783085175-2543185073-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136857\Control Panel\Desktop\\Wallpaper -> HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\Control Panel\Desktop\\Wallpaper -> C:\Program Files (x86)\Little Nightmares\Little Nightmares Wallpaper\LittleNightmares_Wallpaper02_2560x1440.jpg HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\Control Panel\Desktop\\Wallpaper -> C:\Program Files (x86)\Little Nightmares\Little Nightmares Wallpaper\LittleNightmares_Wallpaper02_2560x1440.jpg HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\Control Panel\Desktop\\Wallpaper -> C:\Program Files (x86)\Little Nightmares\Little Nightmares Wallpaper\LittleNightmares_Wallpaper02_2560x1440.jpg HKU\S-1-5-21-3102671110-3783085175-2543185073-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131997\Control Panel\Desktop\\Wallpaper -> C:\Users\lando\Downloads\alice_madness_returns_cheshire_cat-wallpaper-1600x900.jpg HKU\S-1-5-21-3102671110-3783085175-2543185073-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234137809\Control Panel\Desktop\\Wallpaper -> C:\Users\lando\Downloads\alice_madness_returns_cheshire_cat-wallpaper-1600x900.jpg HKU\S-1-5-21-3102671110-3783085175-2543185073-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234132243\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg HKU\S-1-5-21-3102671110-3783085175-2543185073-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234138078\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\Run: => "AvastUI.exe" HKLM\...\StartupApproved\Run32: => "APSDaemon" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\StartupApproved\Run: => "MyComGames" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\StartupApproved\Run: => "Google Update" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002\...\StartupApproved\Run: => "DesktopCal" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\StartupApproved\Run: => "MyComGames" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\StartupApproved\Run: => "Google Update" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131205\...\StartupApproved\Run: => "DesktopCal" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\StartupApproved\Run: => "MyComGames" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\StartupApproved\Run: => "Google Update" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-3102671110-3783085175-2543185073-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234136932\...\StartupApproved\Run: => "DesktopCal" HKU\S-1-5-21-3102671110-3783085175-2543185073-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234131997\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-3102671110-3783085175-2543185073-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017234137809\...\StartupApproved\Run: => "OneDrive" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [UDP Query User{53B509F3-6B23-4E25-8272-B24C4D64D4E1}C:\users\shauna\desktop\games\hello neighbor\helloneighbor\helloneighbour\binaries\win64\helloneighbour-win64-shipping.exe] => (Block) C:\users\shauna\desktop\games\hello neighbor\helloneighbor\helloneighbour\binaries\win64\helloneighbour-win64-shipping.exe FirewallRules: [TCP Query User{393D0224-4406-4141-8ED5-D5341FD3CDB3}C:\users\shauna\desktop\games\hello neighbor\helloneighbor\helloneighbour\binaries\win64\helloneighbour-win64-shipping.exe] => (Block) C:\users\shauna\desktop\games\hello neighbor\helloneighbor\helloneighbour\binaries\win64\helloneighbour-win64-shipping.exe FirewallRules: [{526D571E-A5A2-4880-9DC6-2FBEF7EB99C6}] => (Allow) C:\Users\Shauna\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{A4B96E29-5800-4CDB-B177-93723212D8EA}] => (Allow) C:\Users\Shauna\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{467473A4-65D8-4D8F-A793-D6F61CDA860D}] => (Allow) C:\Users\Shauna\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{23C110DF-ABF7-4BB8-A1C6-E9A45CAF3D7D}] => (Allow) C:\Users\Shauna\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{4EBAAF10-409B-4BAE-892E-CDB4E65A06EC}] => (Allow) C:\Users\Shauna\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{E71A79FE-0243-473B-B458-F5362812E75B}] => (Allow) C:\Users\Shauna\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{F1D1046C-2AE4-4358-A67E-42D52F8E0E6F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RESIDENT EVIL REVELATIONS 2\rerev2.exe FirewallRules: [{7AB13CCB-5CD1-40BB-94F4-EF93E78F4FBC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RESIDENT EVIL REVELATIONS 2\rerev2.exe FirewallRules: [UDP Query User{BCB3EDAD-2992-4F71-AD92-DDB4E02B8F83}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [TCP Query User{75DB9FDF-CD3B-4D89-8EC3-5ACB0258C03D}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [{97B67474-B2EE-4512-8FE3-31FF65EF1239}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe FirewallRules: [UDP Query User{A9609216-E4C0-4765-9913-078D77615012}C:\program files (x86)\ea games\american mcgee's alice\alice.exe] => (Block) C:\program files (x86)\ea games\american mcgee's alice\alice.exe FirewallRules: [TCP Query User{EBC79678-B6D0-427D-8155-BAFCAA08ADEF}C:\program files (x86)\ea games\american mcgee's alice\alice.exe] => (Block) C:\program files (x86)\ea games\american mcgee's alice\alice.exe FirewallRules: [{6E7E7F70-84A5-4604-A483-7E245F34DD6E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{C9B1DA6C-3D83-41C8-B80C-CD367A529A6B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{E745E0D8-C450-4A49-A8E1-42B5786887A2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe FirewallRules: [{B242C698-FD00-4267-AEC3-1F3FEF1D6840}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe FirewallRules: [{3F8750B5-BC88-4D23-966B-1354A12CEC61}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe FirewallRules: [{37DA79D0-6217-45AA-A864-A642F85666D4}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe FirewallRules: [UDP Query User{8937A2B4-6ED6-499A-8709-997352628BE5}C:\users\shauna\desktop\games\terrariaserver.exe] => (Allow) C:\users\shauna\desktop\games\terrariaserver.exe FirewallRules: [TCP Query User{C5A69E2D-1698-4DB7-8932-78EFB95A6054}C:\users\shauna\desktop\games\terrariaserver.exe] => (Allow) C:\users\shauna\desktop\games\terrariaserver.exe FirewallRules: [UDP Query User{4F27BAB4-E03C-49B8-A627-3BEC9BC54CFD}C:\program files (x86)\electronic arts\alice madness returns - the complete collection\game\alice2\binaries\win32\alicemadnessreturns.exe] => (Block) C:\program files (x86)\electronic arts\alice madness returns - the complete collection\game\alice2\binaries\win32\alicemadnessreturns.exe FirewallRules: [TCP Query User{56266D1B-C42A-417B-A006-E976B6814960}C:\program files (x86)\electronic arts\alice madness returns - the complete collection\game\alice2\binaries\win32\alicemadnessreturns.exe] => (Block) C:\program files (x86)\electronic arts\alice madness returns - the complete collection\game\alice2\binaries\win32\alicemadnessreturns.exe FirewallRules: [{B7AF1FC3-84F6-45DF-AE83-B311A261BC07}] => (Allow) LPort=1900 FirewallRules: [{62EC681B-FEEB-411E-A684-352F227D2FA4}] => (Allow) LPort=2869 FirewallRules: [{EA9E65EE-154C-4559-9920-70BB35730154}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [UDP Query User{5586C496-ED98-4ED5-93CE-42B46E6C66AB}C:\users\shauna\downloads\tshock-4.3.8-rel (1)\terrariaserver.exe] => (Allow) C:\users\shauna\downloads\tshock-4.3.8-rel (1)\terrariaserver.exe FirewallRules: [TCP Query User{C04B199A-1EB4-41F7-82CC-16C98551BFB9}C:\users\shauna\downloads\tshock-4.3.8-rel (1)\terrariaserver.exe] => (Allow) C:\users\shauna\downloads\tshock-4.3.8-rel (1)\terrariaserver.exe FirewallRules: [{679CE7D9-B82C-43EB-855F-29BC354CA4D6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{573B97A3-C7A3-4BB8-8D70-438FE6766A1C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{9A730924-74BD-498B-B05E-97FC9BA20016}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{842CFDA5-6548-4CD8-B890-863AFAFE759B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [TCP Query User{6D378934-B304-4425-95E3-F20F1585873B}C:\users\shauna\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\shauna\appdata\local\mycomgames\mycomgames.exe FirewallRules: [UDP Query User{C1A68DC5-CD50-45B1-BDAA-35E2F1823F64}C:\users\shauna\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\shauna\appdata\local\mycomgames\mycomgames.exe FirewallRules: [{04B76664-230C-4732-9191-4A9677204ACD}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{73B69AF3-5932-4A11-9BA1-B3E982E71B8C}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{5B5D7426-0F36-45FC-B47F-83FDEADB8F64}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{475B82FA-D4D6-4794-BCA0-EC118AF78E57}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{22EA59C9-656F-4479-B5D4-C0260A10372C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{A2BB3EC1-0C84-452D-AE17-C66B0F9E6535}] => (Allow) LPort=1689 FirewallRules: [{1635646B-5A0C-4404-B489-A6ED8AFD2212}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe FirewallRules: [{E011C5A8-E199-47BF-B78A-B1B5C0653170}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe FirewallRules: [TCP Query User{1B3335CE-4E5D-439C-B7DC-EEB76C106A28}C:\users\shauna\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\shauna\appdata\local\google\chrome sxs\application\chrome.exe FirewallRules: [UDP Query User{DFD62ACD-A3FF-4E12-82A1-6480828C1960}C:\users\shauna\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\shauna\appdata\local\google\chrome sxs\application\chrome.exe FirewallRules: [{C8B9BBCB-051E-4795-8DF8-DBB12D6155A1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{DE259962-AB59-4EF7-B5FC-CFC6016A5A51}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{B63074FC-C5D2-483A-B0F9-2461BAE317FF}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Free Audio Recorder\Apowersoft Free Audio Recorder.exe FirewallRules: [{E008C583-68FD-4FAF-B4C7-AC5A06FB41D3}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Free Audio Recorder\Apowersoft Free Audio Recorder.exe FirewallRules: [TCP Query User{4D663066-0A0F-4034-BDE5-ED305F08A6D3}C:\users\shauna\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\shauna\appdata\local\google\chrome sxs\application\chrome.exe FirewallRules: [UDP Query User{2C89FC18-54ED-45D4-BA96-B895B302F400}C:\users\shauna\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\shauna\appdata\local\google\chrome sxs\application\chrome.exe FirewallRules: [TCP Query User{0C19D64E-9D25-4676-8615-539E47329FE1}C:\program files (x86)\ea games\american mcgee's alice\alice.exe] => (Allow) C:\program files (x86)\ea games\american mcgee's alice\alice.exe FirewallRules: [UDP Query User{E61EAD72-1B0D-4274-9D53-830A7785862D}C:\program files (x86)\ea games\american mcgee's alice\alice.exe] => (Allow) C:\program files (x86)\ea games\american mcgee's alice\alice.exe FirewallRules: [{67FE6D2C-4BBA-4512-A7D8-AD79B8285B6B}] => (Allow) C:\Program Files (x86)\MouseRecorder\MouseRecorder.exe FirewallRules: [TCP Query User{75401DA7-F5AB-452E-946A-A4063334647B}C:\users\lando\desktop\new folder\terrariaserver.exe] => (Allow) C:\users\lando\desktop\new folder\terrariaserver.exe FirewallRules: [UDP Query User{4B8491CA-91F2-4403-97FD-AD5BB85BFE66}C:\users\lando\desktop\new folder\terrariaserver.exe] => (Allow) C:\users\lando\desktop\new folder\terrariaserver.exe FirewallRules: [{149A4F99-460D-48A3-9D17-D59F0E860144}] => (Allow) C:\Program Files (x86)\Little Nightmares\Atlas\Binaries\Win64\LittleNightmares.exe FirewallRules: [{9FA5DD3D-ABA7-45EF-8959-94D168A2B105}] => (Allow) C:\Program Files (x86)\Little Nightmares\Atlas\Binaries\Win64\LittleNightmares.exe FirewallRules: [{08AE0CD4-B612-4B4D-A4A5-24FD1C36779F}] => (Allow) C:\Program Files (x86)\Little Nightmares\Atlas\Binaries\Win64\LittleNightmares.exe FirewallRules: [{89A6A241-7CEE-4660-A21F-A34A4A554CE3}] => (Allow) C:\Program Files (x86)\Little Nightmares\Atlas\Binaries\Win64\LittleNightmares.exe FirewallRules: [{7E5592B6-9185-4C4F-A28A-6D6664B2ADEA}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{744CDC8A-DA77-482A-8B15-B04222D21314}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{19AAB0A8-2799-455B-9C55-A28881078979}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{5D7A81E9-6848-4413-BE42-1552D5738EC6}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{95C210F2-858D-41AD-9305-7E183B85C842}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe FirewallRules: [{28EF7731-1315-45C5-84C0-BA915B603BD7}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe FirewallRules: [{27CBB826-7104-4124-8E9E-D56360DCBD82}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe FirewallRules: [{414C1AF1-84A9-4578-82E9-269059388C63}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe FirewallRules: [{0F248277-23AF-4844-926B-0B0ECF06004F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{1396CAD5-DC8E-4CBC-A977-08EE2FB40CF3}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{812F16E8-3C08-4B1D-8320-B711DD1178F4}] => (Allow) C:\Program Files (x86)\Funcom\Secret World Legends\ClientPatcher.exe FirewallRules: [{EBA74C0E-E4AF-44D2-8E40-332272A77FA6}] => (Allow) C:\Program Files (x86)\Funcom\Secret World Legends\ClientPatcher.exe FirewallRules: [{8DB80544-B9D6-4650-8B92-0ACC1B739CF1}] => (Allow) C:\Program Files (x86)\Funcom\The Secret World\ClientPatcher.exe FirewallRules: [{3CF66E2A-F957-4515-8E36-40BEF1B9CB5D}] => (Allow) C:\Program Files (x86)\Funcom\The Secret World\ClientPatcher.exe FirewallRules: [{90DCE0B9-F6F4-4CDF-B6D6-526FDEDAD39C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe FirewallRules: [{E9265E6D-AA8C-4F37-BBB8-ADB35C11B57D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe FirewallRules: [{DB5C347C-C71F-4C53-9FE9-AEF62D6D2034}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe FirewallRules: [{62BA7C52-F80D-423C-9489-37D9656255BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe FirewallRules: [{CC50C14A-410E-4DC7-B6F7-390FC2E6D372}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe FirewallRules: [{07AD4742-2481-48AF-A729-5CEA53832D29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe FirewallRules: [{11184E52-CC1A-4186-855A-138D4C49B8EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe FirewallRules: [{30CF326C-4C8D-42BE-80BE-B207510FB190}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe FirewallRules: [{358A9934-7533-41D6-923A-B12E032A1591}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe FirewallRules: [{A57BCB1F-F2D9-4F27-B22A-541C261263E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe FirewallRules: [{C191B6D2-37D2-413A-8FC2-C46DF5C6D99E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base 2007\hl2.exe FirewallRules: [{C4A87100-78E4-4564-8F9D-EE4F608FD345}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base 2007\hl2.exe FirewallRules: [{E01405EF-421D-45C6-BC9D-D5A0ED90F4D6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 01-12-2017 19:10:08 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (12/02/2017 11:24:45 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (12/02/2017 11:24:42 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (12/02/2017 11:23:33 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (12/02/2017 11:23:31 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (12/02/2017 11:22:32 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (12/02/2017 11:22:31 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (12/02/2017 11:10:40 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (12/02/2017 11:10:38 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (12/02/2017 11:06:05 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (12/02/2017 11:05:39 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) System errors: ============= Error: (12/03/2017 12:01:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (12/03/2017 12:01:44 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Shauna\AppData\Local\Temp\ehdrv.sys Error: (12/03/2017 12:01:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (12/03/2017 12:01:43 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Shauna\AppData\Local\Temp\ehdrv.sys Error: (12/03/2017 12:01:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (12/03/2017 12:01:43 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Shauna\AppData\Local\Temp\ehdrv.sys Error: (12/03/2017 12:01:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (12/03/2017 12:01:43 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Shauna\AppData\Local\Temp\ehdrv.sys Error: (12/03/2017 12:01:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (12/03/2017 12:01:42 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Shauna\AppData\Local\Temp\ehdrv.sys CodeIntegrity: =================================== Date: 2017-12-02 23:04:17.647 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements. Date: 2017-11-30 22:08:49.896 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\DriverStore\FileRepository\nvacwu.inf_amd64_bdd6ea477d4e2fba\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-11-30 22:08:49.471 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-11-27 22:17:40.812 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\DriverStore\FileRepository\nvacwu.inf_amd64_bdd6ea477d4e2fba\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-11-27 22:17:40.292 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-11-27 17:06:31.783 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\DriverStore\FileRepository\nvacwu.inf_amd64_bdd6ea477d4e2fba\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-11-27 17:06:30.211 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-11-22 22:21:52.322 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\DriverStore\FileRepository\nvacwu.inf_amd64_bdd6ea477d4e2fba\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-11-22 22:21:52.006 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-11-21 11:15:34.356 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\DriverStore\FileRepository\nvacwu.inf_amd64_bdd6ea477d4e2fba\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-4702MQ CPU @ 2.20GHz Percentage of memory in use: 70% Total physical RAM: 8072.27 MB Available physical RAM: 2355.33 MB Total Virtual: 16264.27 MB Available Virtual: 8965.78 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:912.35 GB) (Free:438.85 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D033E306) Partition: GPT. ==================== End of Addition.txt ============================ Thanks so much if I could get some help that would be so awesome!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.