Jump to content

gomezard

Members
  • Posts

    9
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Did another scan. Did not work, the files are still there.
  2. Followed all the instructions, added some files for you to look at. Fixlog.txt MalwarebytesSummary.txt
  3. -reappear. Quarantining them makes my chrome crash. That's why my sentence isn't finished in my post because it crashed and didn't save the whole sentence.
  4. Hi, malwarebytes keeps telling me of a virus that I have and I keep quarantining them and deleting them, but they always re FRST.txt Addition.txt MalwareBytesScan.txt
  5. Alright I have attached it, thank you so much and sorry for the delay I was away from home. Fixlog.txt
  6. Hi, I redid it and this is what I got, I attached the txt file. Thank you! (Btw when I quarantined it, my google chrome closed immediately...) Malwarebytes.txt
  7. Here the scans Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 4.02.2019 Ran by hgome (administrator) on DESKTOP-5JO5922 (04-02-2019 21:11:42) Running from C:\Users\hgome\Downloads Loaded Profiles: hgome (Available Profiles: hgome) Platform: Windows 10 Pro Version 1803 17134.523 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdredline.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (Bitdefender) C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe (Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsserv.exe (Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe (Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe (Novnify) E:\New folder (4)\Novnify\StopAd\StopAd.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe (Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe (Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (f.lux Software LLC) C:\Users\hgome\AppData\Local\FluxSoftware\Flux\flux.exe (Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\UnrealCEFSubProcess.exe () C:\Program Files\Google\Drive\googledrivesync.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe () C:\Program Files\Google\Drive\googledrivesync.exe (Google Inc.) C:\Users\hgome\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\hgome\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\hgome\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\hgome\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\hgome\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\hgome\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\hgome\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\hgome\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\hgome\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\hgome\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\hgome\AppData\Local\Google\Chrome\Application\chrome.exe () C:\Program Files\WindowsApps\60145ScottBrogden.ditto-cp_3.22.20.0_x86__n6b029mg40na2\Ditto.exe (Rainmeter) C:\Program Files\Rainmeter\Rainmeter.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Utility Engine\CUE.exe (Microsoft Corporation) C:\Windows\System32\Taskmgr.exe (Spotify Ltd) C:\Users\hgome\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) C:\Users\hgome\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) C:\Users\hgome\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) C:\Users\hgome\AppData\Roaming\Spotify\Spotify.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe (Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdagent.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe (Discord Inc.) C:\Users\hgome\AppData\Local\Discord\app-0.0.304\Discord.exe (Discord Inc.) C:\Users\hgome\AppData\Local\Discord\app-0.0.304\Discord.exe (Discord Inc.) C:\Users\hgome\AppData\Local\Discord\app-0.0.304\Discord.exe (Discord Inc.) C:\Users\hgome\AppData\Local\Discord\app-0.0.304\Discord.exe (Discord Inc.) C:\Users\hgome\AppData\Local\Discord\app-0.0.304\Discord.exe (Discord Inc.) C:\Users\hgome\AppData\Local\Discord\app-0.0.304\Discord.exe (Discord Inc.) C:\Users\hgome\AppData\Local\Discord\app-0.0.304\Discord.exe (Discord Inc.) C:\Users\hgome\AppData\Local\Discord\app-0.0.304\Discord.exe (Discord Inc.) C:\Users\hgome\AppData\Local\Discord\app-0.0.304\Discord.exe (Discord Inc.) C:\Users\hgome\AppData\Local\Discord\app-0.0.304\Discord.exe (Discord Inc.) C:\Users\hgome\AppData\Local\Discord\app-0.0.304\Discord.exe (Discord Inc.) C:\Users\hgome\AppData\Local\Discord\app-0.0.304\Discord.exe (Discord Inc.) C:\Users\hgome\AppData\Local\Discord\app-0.0.304\Discord.exe (Discord Inc.) C:\Users\hgome\AppData\Local\Discord\app-0.0.304\Discord.exe (Discord Inc.) C:\Users\hgome\AppData\Local\Discord\app-0.0.304\Discord.exe (Discord Inc.) C:\Users\hgome\AppData\Local\Discord\app-0.0.304\Discord.exe (Google Inc.) C:\Users\hgome\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\hgome\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\hgome\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\hgome\AppData\Local\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Google Inc.) C:\Users\hgome\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\hgome\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\hgome\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\hgome\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\hgome\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\hgome\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\hgome\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\hgome\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\hgome\AppData\Local\Google\Chrome\Application\chrome.exe () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\Video.UI.exe (Google Inc.) C:\Users\hgome\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\hgome\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\hgome\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\hgome\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\hgome\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\hgome\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\hgome\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\hgome\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\hgome\AppData\Local\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Google Inc.) C:\Users\hgome\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\hgome\AppData\Local\Google\Chrome\Application\chrome.exe (Malwarebytes) E:\Anti-Malware\MBAMService.exe (Malwarebytes) E:\Anti-Malware\mbamtray.exe (Malwarebytes) E:\Anti-Malware\mbam.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-09-11] (Apple Inc. -> Apple Inc.) HKLM\...\Run: [StopAd] => E:\New folder (4)\Novnify\StopAd\StopAd.exe [2058168 2018-04-06] (NOVNIFY LIMITED -> Novnify) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8899592 2016-08-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [2179720 2018-08-10] (Logitech Inc -> Logitech, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle America, Inc. -> Oracle Corporation) HKLM-x32\...\Run: [Corsair Utility Engine] => C:\Program Files (x86)\Corsair\Corsair Utility Engine\CUE.exe [21430992 2018-03-27] (Corsair Components, Inc. -> Corsair Components, Inc.) HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-21-627454995-2468531635-966533856-1001\...\Run: [Google Update] => C:\Users\hgome\AppData\Local\Google\Update\1.3.33.23\GoogleUpdateCore.exe [605992 2018-12-19] (Google Inc -> Google Inc.) HKU\S-1-5-21-627454995-2468531635-966533856-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3141920 2019-02-02] (Valve -> Valve Corporation) HKU\S-1-5-21-627454995-2468531635-966533856-1001\...\Run: [uTorrent] => C:\Users\hgome\AppData\Roaming\uTorrent\uTorrent.exe [1981624 2017-12-28] (BitTorrent Inc -> BitTorrent Inc.) HKU\S-1-5-21-627454995-2468531635-966533856-1001\...\Run: [Spotify] => C:\Users\hgome\AppData\Roaming\Spotify\Spotify.exe [26154216 2019-02-03] (Spotify AB -> Spotify Ltd) HKU\S-1-5-21-627454995-2468531635-966533856-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-07-14] (Apple Inc. -> Apple Inc.) HKU\S-1-5-21-627454995-2468531635-966533856-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35195280 2019-01-31] (Epic Games Inc. -> Epic Games, Inc.) HKU\S-1-5-21-627454995-2468531635-966533856-1001\...\Run: [f.lux] => C:\Users\hgome\AppData\Local\FluxSoftware\Flux\flux.exe [1820168 2018-10-24] (F.lux Software LLC -> f.lux Software LLC) HKU\S-1-5-21-627454995-2468531635-966533856-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [46504696 2018-12-07] (Google Inc -> ) HKU\S-1-5-21-627454995-2468531635-966533856-1001\...\Run: [GoogleChromeAutoLaunch_7A52B0F651E322D2794BC04B530F6734] => C:\Users\hgome\AppData\Local\Google\Chrome\Application\chrome.exe [1587680 2018-12-11] (Google Inc -> Google Inc.) HKU\S-1-5-21-627454995-2468531635-966533856-1001\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_140_pepper.exe [1366528 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated) Startup: C:\Users\hgome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2018-08-28] ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Rainmeter) GroupPolicy: Restriction ? <==== ATTENTION GroupPolicy\User: Restriction ? <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 128.200.192.202 128.200.1.201 Tcpip\..\Interfaces\{5dd73aa6-473c-429c-8b7b-e0f74fe5a360}: [DhcpNameServer] 128.200.192.202 128.200.1.201 Tcpip\..\Interfaces\{f816ffe6-3c11-468c-a16d-85ee2e57d87e}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-627454995-2468531635-966533856-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00 SearchScopes: HKU\S-1-5-21-627454995-2468531635-966533856-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00 SearchScopes: HKU\S-1-5-21-627454995-2468531635-966533856-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00 BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-01-06] (Microsoft Corporation -> Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_171\bin\ssv.dll [2018-08-29] (Oracle America, Inc. -> Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-08-29] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\New folder\bin\ssv.dll [2018-08-29] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\New folder\bin\jp2ssv.dll [2018-08-29] (Oracle America, Inc. -> Oracle Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-03] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-03] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-03] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-03] (Microsoft Corporation -> Microsoft Corporation) FireFox: ======== FF DefaultProfile: jguci2wa.default FF ProfilePath: C:\Users\hgome\AppData\Roaming\Mozilla\Firefox\Profiles\jguci2wa.default [2018-08-31] FF Plugin: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-08-29] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-08-29] (Oracle Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files (x86)\New folder\bin\dtplugin\npDeployJava1.dll [2018-08-29] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files (x86)\New folder\bin\plugin2\npjp2.dll [2018-08-29] (Oracle Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-09-11] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-10-10] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-10-10] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-627454995-2468531635-966533856-1001: @tools.google.com/Google Update;version=3 -> C:\Users\hgome\AppData\Local\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.) FF Plugin HKU\S-1-5-21-627454995-2468531635-966533856-1001: @tools.google.com/Google Update;version=9 -> C:\Users\hgome\AppData\Local\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.) Chrome: ======= CHR HomePage: Default -> inline.go.mail.ru CHR Profile: C:\Users\hgome\AppData\Local\Google\Chrome\User Data\Default [2019-02-04] CHR Extension: (Google Translate) - C:\Users\hgome\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-10-19] CHR Extension: (Slides) - C:\Users\hgome\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12] CHR Extension: (BetterTTV) - C:\Users\hgome\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2017-11-19] CHR Extension: (Docs) - C:\Users\hgome\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12] CHR Extension: (Google Drive) - C:\Users\hgome\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17] CHR Extension: (Dark Night Mode) - C:\Users\hgome\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhbekkddpbpbibiknkcjamlkhoghieie [2018-10-03] CHR Extension: (DuckDuckGo) - C:\Users\hgome\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2018-12-18] CHR Extension: (YouTube) - C:\Users\hgome\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-10] CHR Extension: (Honey) - C:\Users\hgome\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2019-02-03] CHR Extension: (uBlock Origin) - C:\Users\hgome\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2019-01-31] CHR Extension: (Youtube Themes, Dark Mode Themes Pro) - C:\Users\hgome\AppData\Local\Google\Chrome\User Data\Default\Extensions\deljjimclpnhngmikaiiodgggdniaooh [2018-12-04] CHR Extension: (Dark Theme v3) - C:\Users\hgome\AppData\Local\Google\Chrome\User Data\Default\Extensions\djlgdeklopcjagknhlchbdjekgpgenad [2018-06-01] CHR Extension: (Sheets) - C:\Users\hgome\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12] CHR Extension: (User-Agent Switcher for Google Chrome) - C:\Users\hgome\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffhkkpnppgnfaobgihpdblnhmmbodake [2018-08-27] CHR Extension: (Google Docs Offline) - C:\Users\hgome\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-15] CHR Extension: (JustBlock Security) - C:\Users\hgome\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiajdlfgbgnnjakkbnpdhmhfhklkbiol [2019-02-04] CHR Extension: (Noiszy) - C:\Users\hgome\AppData\Local\Google\Chrome\User Data\Default\Extensions\immakaidhkcddagdjmedphlnamlcdcbg [2019-01-31] CHR Extension: (Grammarly for Chrome) - C:\Users\hgome\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2019-02-01] CHR Extension: (SoundCloud Downloader Free) - C:\Users\hgome\AppData\Local\Google\Chrome\User Data\Default\Extensions\libedajeiljdoodmokbppgapcfbignci [2018-02-01] CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\hgome\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2018-01-26] CHR Extension: (Bandcamp Saver) - C:\Users\hgome\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkcjnkdkagdlpccdhohflbbaandekogh [2018-11-07] CHR Extension: (Chrome Web Store Payments) - C:\Users\hgome\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03] CHR Extension: (Bandcamp Downloader) - C:\Users\hgome\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmoobgpmablfmgchfjnhkbloaobiogeh [2018-05-11] CHR Extension: (Checker Plus for Gmail™) - C:\Users\hgome\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2019-01-21] CHR Extension: (TunnelBear VPN) - C:\Users\hgome\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdakjcmkglenbhjadbccaookpfjihpa [2019-01-29] CHR Extension: (Gmail) - C:\Users\hgome\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-10] CHR Extension: (Chrome Media Router) - C:\Users\hgome\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-18] CHR HKU\S-1-5-21-627454995-2468531635-966533856-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc. -> Apple Inc.) R2 bdredline; C:\Program Files\Bitdefender Antivirus Free\bdredline.exe [2195280 2018-06-07] (Bitdefender SRL -> Bitdefender) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7361312 2018-12-16] (BattlEye Innovations e.K. -> ) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11013496 2019-01-28] (Microsoft Corporation -> Microsoft Corporation) S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [777856 2018-12-16] (EasyAntiCheat Oy -> EasyAntiCheat Ltd) R2 MBAMService; E:\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes Corporation -> Malwarebytes) R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [773160 2018-10-10] (NVIDIA Corporation -> NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [773160 2018-10-10] (NVIDIA Corporation -> NVIDIA Corporation) S4 Origin Client Service; E:\Program Files\Origin\OriginClientService.exe [2120032 2017-10-06] (Electronic Arts, Inc. -> Electronic Arts) S4 Origin Web Helper Service; E:\Program Files\Origin\OriginWebHelperService.exe [3000168 2017-10-06] (Electronic Arts, Inc. -> Electronic Arts) R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1293936 2018-11-15] (Bitdefender SRL -> Bitdefender) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-07-14] (Microsoft Windows Publisher -> Microsoft Corporation) S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] (Microsoft Windows -> ) S4 StopAdService; E:\New folder (4)\Novnify\StopAd\StopAdService.exe [518072 2018-04-06] (NOVNIFY LIMITED -> Novnify) S4 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2016-08-26] (Popcorn Time) [File not signed] R2 updatesrv; C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe [246688 2018-11-15] (Bitdefender SRL -> Bitdefender) R2 vsserv; C:\Program Files\Bitdefender Antivirus Free\vsserv.exe [341136 2018-11-15] (Bitdefender SRL -> Bitdefender) R2 vsservppl; C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe [246688 2018-11-15] (Bitdefender SRL -> Bitdefender) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-11] (Microsoft Corporation -> Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107136 2018-09-20] (Microsoft Corporation -> Microsoft Corporation) R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 amdgpio2; C:\WINDOWS\System32\drivers\amdgpio2.sys [43400 2017-03-01] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc) R3 amdgpio3; C:\WINDOWS\System32\drivers\amdgpio3.sys [33120 2017-05-12] (AMD PMP-PE CB Code Signer v20160415 -> Advanced Micro Devices, Inc) S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [95080 2017-06-12] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc. ) R3 AMDPCIDev; C:\WINDOWS\System32\drivers\AMDPCIDev.sys [31592 2018-04-25] (Advanced Micro Devices Inc. -> Advanced Micro Devices) R0 amdpsp; C:\WINDOWS\System32\drivers\amdpsp.sys [137496 2018-09-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc. ) R1 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [1423680 2019-01-30] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA) S3 AX88179; C:\WINDOWS\System32\drivers\ax88179_178a.sys [74240 2018-04-11] (Microsoft Windows -> ASIX Electronics Corp.) R2 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [367096 2019-01-30] (Bitdefender SRL -> Bitdefender) S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [23032 2018-05-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Bitdefender) R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [45528 2018-02-05] (Microsoft Windows Hardware Compatibility Publisher -> Corsair) R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [21968 2018-02-05] (Microsoft Windows Hardware Compatibility Publisher -> Corsair) S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Hewlett-Packard Company -> Windows (R) Win 7 DDK provider) S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Hewlett-Packard Company -> Windows (R) Win 7 DDK provider) S3 dot4usb; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [49056 2012-10-19] (Hewlett-Packard Company -> Microsoft Corporation) R3 edrsensor; C:\WINDOWS\System32\DRIVERS\edrsensor.sys [290688 2019-01-30] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA) R1 Gemma; C:\WINDOWS\System32\DRIVERS\Gemma.sys [374632 2019-01-30] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA) R0 gzflt; C:\WINDOWS\System32\drivers\gzflt.sys [201000 2019-01-30] (Bitdefender SRL -> BitDefender LLC) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [261032 2019-02-04] (Malwarebytes Corporation -> Malwarebytes) R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f4187dc256a67a6b\nvlddmkm.sys [20337064 2018-10-12] (NVIDIA Corporation -> NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30792 2018-08-21] (NVIDIA Corporation -> NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69544 2018-06-07] (NVIDIA Corporation -> NVIDIA Corporation) R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [65792 2018-04-24] (NVIDIA Corporation -> NVIDIA Corporation) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-11] (Microsoft Windows -> Realtek ) S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14024 2016-10-24] (MICRO-STAR INTERNATIONAL CO., LTD. -> ) R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions) R2 trufos; C:\WINDOWS\System32\drivers\trufos.sys [610640 2019-01-30] (Bitdefender SRL -> Bitdefender) S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2016-12-21] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.) S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [22016 2018-04-11] (Microsoft Windows -> Microsoft Corporation) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-11] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-11] (Microsoft Windows -> Microsoft Corporation) R1 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [270608 2017-12-17] (Beijing Duodian Online Science and Technology Co.,Ltd -> BigNox Corporation) R1 zeonetfilter; C:\WINDOWS\System32\drivers\zeonetfilter.sys [74808 2018-02-13] (Microsoft Windows Hardware Compatibility Publisher -> NOVNIFY LIMITED.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-02-04 21:11 - 2019-02-04 21:12 - 000031845 _____ C:\Users\hgome\Downloads\FRST.txt 2019-02-04 21:11 - 2019-02-04 21:11 - 000261032 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2019-02-04 21:11 - 2019-02-04 21:11 - 000000000 ___DC C:\Users\hgome\AppData\Local\mbamtray 2019-02-04 21:11 - 2019-02-04 21:11 - 000000000 ___DC C:\Users\hgome\AppData\Local\mbam 2019-02-04 21:11 - 2019-02-04 21:11 - 000000000 ____D C:\FRST 2019-02-04 21:10 - 2019-02-04 21:10 - 002433024 _____ (Farbar) C:\Users\hgome\Downloads\FRST64.exe 2019-02-04 21:10 - 2019-02-04 21:10 - 000000678 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2019-02-04 21:10 - 2019-02-04 21:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2019-02-04 21:10 - 2018-12-04 08:09 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2019-02-04 21:09 - 2019-02-04 21:09 - 073191096 _____ (Malwarebytes ) C:\Users\hgome\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.527-1.0.9106.exe 2019-02-04 20:40 - 2019-02-04 20:40 - 002753248 _____ (Solvusoft ) C:\Users\hgome\Downloads\Setup_WinThruster_2018.exe 2019-02-04 13:12 - 2019-02-04 13:12 - 000047625 _____ C:\Users\hgome\Downloads\Study Questions Week 5.pdf 2019-02-03 19:44 - 2019-02-03 19:44 - 003801871 _____ C:\Users\hgome\Downloads\Randolph Starn and Loren Partridge.Lorenzetti Allegory copy.pdf 2019-02-03 16:27 - 2019-02-03 16:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools 2019-01-31 19:19 - 2019-01-31 19:19 - 000042801 _____ C:\Users\hgome\Downloads\Copy of Writing Sample.pdf 2019-01-31 15:05 - 2019-01-31 15:05 - 000044870 _____ C:\Users\hgome\Downloads\Writing Sample (1).pdf 2019-01-31 14:51 - 2019-01-31 14:51 - 000043511 _____ C:\Users\hgome\Downloads\Personal Statement.pdf 2019-01-31 14:45 - 2019-01-31 14:45 - 000049080 _____ C:\Users\hgome\Downloads\Project Question 1.pdf 2019-01-31 14:34 - 2019-01-31 14:34 - 000044760 _____ C:\Users\hgome\Downloads\Writing Sample.pdf 2019-01-31 14:33 - 2019-01-31 19:19 - 000000000 ___DC C:\Users\hgome\Desktop\USC essays 2019-01-31 14:13 - 2019-01-31 14:13 - 000080970 ____C C:\Users\hgome\Desktop\Unofficial Transcript.pdf 2019-01-29 20:39 - 2019-01-29 20:39 - 000181102 _____ C:\Users\hgome\Downloads\40B Syllabus Winter 2019-1.pdf 2019-01-29 20:01 - 2019-01-29 20:01 - 033481102 _____ C:\Users\hgome\Downloads\40B Week 1.3 2018.pdf 2019-01-28 18:13 - 2019-01-28 18:13 - 001795952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01011.dll 2019-01-28 18:13 - 2019-01-28 18:13 - 000000000 ____D C:\Users\hgome\usb_driver 2019-01-28 18:11 - 2019-01-28 18:11 - 005158456 _____ (akeo.ie) C:\Users\hgome\Downloads\zadig-2.4.exe 2019-01-24 20:47 - 2019-01-24 20:47 - 000181102 _____ C:\Users\hgome\Downloads\40B+Syllabus+Winter+2019 (5).pdf 2019-01-22 21:10 - 2019-01-22 21:10 - 000215308 ____C C:\Users\hgome\Desktop\official-transcript-form.pdf 2019-01-22 21:08 - 2019-01-22 21:08 - 000251594 ____C C:\Users\hgome\Desktop\USC Transcript.pdf 2019-01-22 19:39 - 2019-01-22 19:39 - 000181102 _____ C:\Users\hgome\Downloads\40B+Syllabus+Winter+2019 (4).pdf 2019-01-21 16:45 - 2019-01-21 16:45 - 000000000 ____D C:\Users\hgome\New folder 2019-01-21 15:33 - 2019-01-21 15:33 - 000061284 _____ C:\Users\hgome\Downloads\Theater+Film+Media+syllabus+Winter+2019 (1).pdf 2019-01-21 15:27 - 2019-01-21 15:27 - 003374654 _____ C:\Users\hgome\Downloads\Daniel Weiss short version.pdf 2019-01-21 15:26 - 2019-01-21 15:26 - 000181102 _____ C:\Users\hgome\Downloads\40B+Syllabus+Winter+2019 (3).pdf 2019-01-19 11:35 - 2019-02-03 16:27 - 000002493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk 2019-01-19 11:35 - 2019-02-03 16:27 - 000002492 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk 2019-01-19 11:35 - 2019-02-03 16:27 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk 2019-01-19 11:35 - 2019-02-03 16:27 - 000002455 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk 2019-01-19 11:35 - 2019-02-03 16:27 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk 2019-01-19 11:35 - 2019-02-03 16:27 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk 2019-01-19 11:35 - 2019-02-03 16:27 - 000002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk 2019-01-19 11:34 - 2018-07-10 22:31 - 038193460 ____C C:\Users\hgome\Desktop\com.google.android.gms_11.5.09_(230-164803921)-11509230_minAPI21(armeabi-v7a)(nodpi)_apkmirror.com.apk 2019-01-19 11:34 - 2018-07-10 22:31 - 019390522 ____C C:\Users\hgome\Desktop\com.android.vending_8.3.41.U-all_0_FP_170066753-80834100_minAPI14(armeabi-v7a)(240,320,480dpi)_apkmirror.com.apk 2019-01-19 11:34 - 2018-07-10 22:31 - 004991563 ____C C:\Users\hgome\Desktop\com.google.android.gsf.login_5.1-1743759-22_minAPI21(nodpi)_apkmirror.com.apk 2019-01-19 11:34 - 2018-07-10 22:31 - 002948264 ____C C:\Users\hgome\Desktop\com.google.android.gsf_5.1-1743759-22_minAPI22(nodpi)_apkmirror.com.apk 2019-01-19 11:31 - 2019-01-19 11:31 - 049477703 _____ C:\Users\hgome\Downloads\drive-download-20190119T193134Z-001.zip 2019-01-16 18:39 - 2019-01-16 18:39 - 000058773 ____C C:\Users\hgome\Desktop\Letter of Rec. Information.pdf 2019-01-16 18:39 - 2019-01-16 18:39 - 000058773 _____ C:\Users\hgome\Downloads\Letter of Rec. Information.pdf 2019-01-14 20:21 - 2019-01-14 20:21 - 000054178 _____ C:\Users\hgome\Downloads\Study Questions for Cormack.pdf 2019-01-14 20:19 - 2019-01-14 20:19 - 000181102 _____ C:\Users\hgome\Downloads\40B+Syllabus+Winter+2019 (2).pdf 2019-01-14 16:44 - 2019-01-14 16:44 - 000181102 _____ C:\Users\hgome\Downloads\40B+Syllabus+Winter+2019 (1).pdf 2019-01-14 12:50 - 2019-01-14 12:50 - 000181102 _____ C:\Users\hgome\Downloads\40B+Syllabus+Winter+2019.pdf 2019-01-13 18:57 - 2019-01-13 18:57 - 000061284 _____ C:\Users\hgome\Downloads\Theater+Film+Media+syllabus+Winter+2019.pdf 2019-01-13 18:57 - 2019-01-13 18:57 - 000000000 ___DC C:\Users\hgome\Desktop\ENGLISH10 2019-01-10 19:02 - 2019-01-10 19:01 - 000042464 ____C C:\Users\hgome\Desktop\Achievements.pdf 2019-01-10 19:01 - 2019-01-10 19:01 - 000042464 _____ C:\Users\hgome\Downloads\png2pdf.pdf 2019-01-09 18:37 - 2018-09-19 20:12 - 001483576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll 2019-01-08 13:03 - 2019-01-01 05:47 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowslivelogin.dll 2019-01-08 13:03 - 2019-01-01 05:45 - 000714752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll 2019-01-08 13:03 - 2019-01-01 05:45 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcredprov.dll 2019-01-08 13:03 - 2019-01-01 05:20 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowslivelogin.dll 2019-01-08 13:03 - 2019-01-01 05:18 - 000500736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll 2019-01-08 13:03 - 2019-01-01 05:17 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcredprov.dll 2019-01-08 13:03 - 2018-12-31 22:46 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll 2019-01-08 13:03 - 2018-12-31 22:44 - 000662528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll 2019-01-08 13:03 - 2018-12-31 22:41 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll 2019-01-08 13:03 - 2018-12-31 22:17 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll 2019-01-08 13:03 - 2018-12-31 22:12 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll 2019-01-08 13:03 - 2018-12-31 22:12 - 000516608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll 2019-01-08 13:02 - 2019-01-01 05:50 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll 2019-01-08 13:02 - 2019-01-01 05:46 - 012710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2019-01-08 13:02 - 2019-01-01 05:43 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll 2019-01-08 13:02 - 2019-01-01 05:20 - 011902976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2019-01-08 13:02 - 2018-12-31 23:14 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2019-01-08 13:02 - 2018-12-31 23:14 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2019-01-08 13:02 - 2018-12-31 23:14 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2019-01-08 13:02 - 2018-12-31 23:14 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe 2019-01-08 13:02 - 2018-12-31 23:14 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll 2019-01-08 13:02 - 2018-12-31 23:14 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys 2019-01-08 13:02 - 2018-12-31 23:13 - 003292152 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll 2019-01-08 13:02 - 2018-12-31 23:13 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll 2019-01-08 13:02 - 2018-12-31 23:13 - 000709728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2019-01-08 13:02 - 2018-12-31 23:13 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2019-01-08 13:02 - 2018-12-31 23:13 - 000170808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2019-01-08 13:02 - 2018-12-31 23:12 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2019-01-08 13:02 - 2018-12-31 23:12 - 007520104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2019-01-08 13:02 - 2018-12-31 23:12 - 002765344 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2019-01-08 13:02 - 2018-12-31 23:12 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll 2019-01-08 13:02 - 2018-12-31 23:12 - 002421288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2019-01-08 13:02 - 2018-12-31 23:12 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll 2019-01-08 13:02 - 2018-12-31 23:12 - 000268304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll 2019-01-08 13:02 - 2018-12-31 23:12 - 000128824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys 2019-01-08 13:02 - 2018-12-31 23:12 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe 2019-01-08 13:02 - 2018-12-31 22:55 - 025856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2019-01-08 13:02 - 2018-12-31 22:50 - 022715392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2019-01-08 13:02 - 2018-12-31 22:50 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll 2019-01-08 13:02 - 2018-12-31 22:48 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe 2019-01-08 13:02 - 2018-12-31 22:48 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys 2019-01-08 13:02 - 2018-12-31 22:48 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Print.Workflow.Source.dll 2019-01-08 13:02 - 2018-12-31 22:47 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll 2019-01-08 13:02 - 2018-12-31 22:47 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2019-01-08 13:02 - 2018-12-31 22:46 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2019-01-08 13:02 - 2018-12-31 22:46 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll 2019-01-08 13:02 - 2018-12-31 22:45 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2019-01-08 13:02 - 2018-12-31 22:45 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll 2019-01-08 13:02 - 2018-12-31 22:45 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll 2019-01-08 13:02 - 2018-12-31 22:44 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll 2019-01-08 13:02 - 2018-12-31 22:44 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2019-01-08 13:02 - 2018-12-31 22:44 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll 2019-01-08 13:02 - 2018-12-31 22:44 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll 2019-01-08 13:02 - 2018-12-31 22:43 - 001805312 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2019-01-08 13:02 - 2018-12-31 22:42 - 004939776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2019-01-08 13:02 - 2018-12-31 22:42 - 002247680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll 2019-01-08 13:02 - 2018-12-31 22:42 - 001371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll 2019-01-08 13:02 - 2018-12-31 22:42 - 000717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll 2019-01-08 13:02 - 2018-12-31 22:41 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll 2019-01-08 13:02 - 2018-12-31 22:41 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2019-01-08 13:02 - 2018-12-31 22:41 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll 2019-01-08 13:02 - 2018-12-31 22:37 - 006571584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2019-01-08 13:02 - 2018-12-31 22:37 - 002478664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll 2019-01-08 13:02 - 2018-12-31 22:37 - 002253696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2019-01-08 13:02 - 2018-12-31 22:37 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll 2019-01-08 13:02 - 2018-12-31 22:37 - 000880048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll 2019-01-08 13:02 - 2018-12-31 22:37 - 000581808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll 2019-01-08 13:02 - 2018-12-31 22:37 - 000381240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2019-01-08 13:02 - 2018-12-31 22:29 - 022016512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2019-01-08 13:02 - 2018-12-31 22:22 - 019405312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2019-01-08 13:02 - 2018-12-31 22:16 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2019-01-08 13:02 - 2018-12-31 22:16 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll 2019-01-08 13:02 - 2018-12-31 22:16 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll 2019-01-08 13:02 - 2018-12-31 22:15 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll 2019-01-08 13:02 - 2018-12-31 22:15 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll 2019-01-08 13:02 - 2018-12-31 22:15 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll 2019-01-08 13:02 - 2018-12-31 22:15 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll 2019-01-08 13:02 - 2018-12-31 22:14 - 004514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2019-01-08 13:02 - 2018-12-31 22:14 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll 2019-01-08 13:02 - 2018-12-31 22:14 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll 2019-01-08 13:02 - 2018-12-31 22:13 - 001628160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2019-01-08 13:02 - 2018-12-31 22:13 - 000594432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll 2019-01-08 13:02 - 2018-12-31 22:13 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll 2019-01-08 13:02 - 2018-12-31 22:12 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll 2019-01-08 13:02 - 2018-12-31 22:12 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2019-01-08 13:02 - 2018-12-31 21:23 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim 2019-01-08 13:02 - 2018-12-18 20:49 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll 2019-01-08 12:13 - 2019-01-08 12:13 - 000010813 ____C C:\Users\hgome\Desktop\report.pdf ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-02-04 21:12 - 2018-02-01 16:32 - 000000000 ____D C:\Program Files\Bitdefender Antivirus Free 2019-02-04 21:10 - 2018-01-08 20:17 - 000000000 ____D C:\ProgramData\Malwarebytes 2019-02-04 21:06 - 2018-04-11 15:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2019-02-04 20:48 - 2017-12-10 19:49 - 000000000 ___DC C:\Users\hgome\AppData\Local\Packages 2019-02-04 20:38 - 2018-05-19 12:52 - 000003380 _____ C:\WINDOWS\System32\Tasks\DAOoYU 2019-02-04 19:59 - 2017-08-13 16:36 - 000000000 ___DC C:\Users\hgome\AppData\Roaming\Spotify 2019-02-04 19:55 - 2018-05-19 12:43 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2019-02-04 19:55 - 2018-04-11 13:04 - 000065536 _____ C:\WINDOWS\system32\config\ELAM 2019-02-04 18:21 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\AppReadiness 2019-02-04 16:03 - 2017-08-13 16:36 - 000000000 ___DC C:\Users\hgome\AppData\Local\Spotify 2019-02-04 12:25 - 2017-08-10 17:25 - 000000000 ____D C:\ProgramData\NVIDIA 2019-02-04 12:06 - 2017-08-10 17:45 - 000000000 ___DC C:\Users\hgome\AppData\Roaming\discord 2019-02-04 11:58 - 2018-08-06 16:12 - 000000000 __HDC C:\Users\hgome\AppData\Local\WIX Toolset 11.2 2019-02-04 11:38 - 2018-05-19 12:52 - 000003564 _____ C:\WINDOWS\System32\Tasks\IAeleIeW 2019-02-04 11:36 - 2017-08-10 17:39 - 000000000 ____D C:\Program Files (x86)\Steam 2019-02-03 23:49 - 2018-05-19 12:45 - 000000000 ____D C:\Users\hgome 2019-02-03 16:27 - 2017-08-14 18:31 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2019-02-03 16:23 - 2018-04-11 15:38 - 000000000 ___HD C:\Program Files\WindowsApps 2019-02-03 16:22 - 2018-05-19 12:54 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2019-02-03 16:22 - 2018-04-11 15:36 - 000000000 ____D C:\WINDOWS\INF 2019-02-03 16:16 - 2018-05-19 12:52 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2019-01-30 23:43 - 2018-04-11 13:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2019-01-30 13:07 - 2018-10-24 22:04 - 000374632 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\gemma.sys 2019-01-30 13:06 - 2018-10-24 22:04 - 000290688 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\edrsensor.sys 2019-01-30 13:06 - 2018-05-05 10:22 - 000610640 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\trufos.sys 2019-01-30 13:06 - 2018-03-09 15:58 - 001423680 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\atc.sys 2019-01-30 13:06 - 2018-03-09 15:58 - 000367096 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bddci.sys 2019-01-30 13:06 - 2018-03-09 15:58 - 000201000 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys 2019-01-30 12:18 - 2017-08-20 17:46 - 000000000 ___DC C:\Users\hgome\AppData\Local\CrashDumps 2019-01-28 20:44 - 2018-06-20 20:52 - 000000000 ____D C:\ProgramData\Packages 2019-01-28 18:13 - 2018-01-31 18:58 - 000000398 __RSH C:\ProgramData\ntuser.pol 2019-01-28 18:08 - 2017-08-10 18:04 - 000000000 ___DC C:\Users\hgome\AppData\Local\NVIDIA 2019-01-25 18:58 - 2018-05-19 12:52 - 000003374 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-627454995-2468531635-966533856-1001 2019-01-25 18:58 - 2018-05-19 12:45 - 000002408 ____C C:\Users\hgome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2019-01-25 18:58 - 2017-08-10 17:26 - 000000000 ___RD C:\Users\hgome\OneDrive 2019-01-24 23:17 - 2018-05-25 16:40 - 000000000 ___DC C:\Users\hgome\AppData\Local\D3DSCache 2019-01-23 21:48 - 2017-08-10 17:45 - 000002278 ____C C:\Users\hgome\Desktop\Discord.lnk 2019-01-23 21:48 - 2017-08-10 17:45 - 000000000 ___DC C:\Users\hgome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc 2019-01-23 21:48 - 2017-08-10 17:45 - 000000000 ___DC C:\Users\hgome\AppData\Local\Discord 2019-01-21 15:11 - 2018-05-19 12:52 - 000004164 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6F8D60E0-2B05-46EA-B9A5-34494EE4374C} 2019-01-17 23:31 - 2018-11-19 15:12 - 000000000 ____D C:\Program Files\rempl 2019-01-15 19:51 - 2018-08-06 16:27 - 000000000 ___DC C:\Users\hgome\Desktop\Important pdf 2019-01-13 19:10 - 2018-04-11 15:30 - 000000000 ____D C:\WINDOWS\CbsTemp 2019-01-09 16:08 - 2018-09-30 19:30 - 000002073 _____ C:\Users\Public\Desktop\Google Slides.lnk 2019-01-09 16:08 - 2018-09-30 19:30 - 000002071 _____ C:\Users\Public\Desktop\Google Sheets.lnk 2019-01-09 16:08 - 2018-09-30 19:30 - 000002061 _____ C:\Users\Public\Desktop\Google Docs.lnk 2019-01-09 16:08 - 2018-09-30 19:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google 2019-01-08 17:44 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\TextInput 2019-01-08 17:44 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\bcastdvr 2019-01-08 13:07 - 2017-08-10 20:10 - 000000000 ____D C:\WINDOWS\system32\MRT 2019-01-08 13:05 - 2017-08-10 20:10 - 132790320 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe ==================== Files in the root of some directories ======= 2018-01-08 20:03 - 2017-09-29 05:42 - 000000060 _____ () C:\Program Files (x86)\CKTAINCoM 2017-09-29 05:42 - 2017-09-29 05:42 - 000000060 _____ () C:\Program Files (x86)\CKTAINCoM.bat 2018-01-08 20:03 - 2017-09-29 05:42 - 000174592 _____ (Microsoft Corporation) C:\Program Files (x86)\jzyLaIEOkagg.exe 2018-01-08 20:03 - 2017-09-29 05:42 - 000001174 _____ () C:\Program Files (x86)\nbauUaG 2017-09-29 05:42 - 2017-09-29 05:42 - 000001174 _____ () C:\Program Files (x86)\nbauUaG.bat 2018-01-08 20:03 - 2017-09-29 05:42 - 000000074 _____ () C:\Program Files (x86)\Common Files\YhRPaym 2017-09-29 05:42 - 2017-09-29 05:42 - 000000074 _____ () C:\Program Files (x86)\Common Files\YhRPaym.bat 2018-01-08 20:03 - 2017-09-29 05:42 - 000001174 ____C () C:\Users\hgome\AppData\Roaming\jBIruUoiMIXaA 2017-09-29 05:42 - 2017-09-29 05:42 - 000001174 ____C () C:\Users\hgome\AppData\Roaming\jBIruUoiMIXaA.bat 2018-01-15 15:03 - 2018-01-15 15:38 - 000003107 ____C () C:\Users\hgome\AppData\Roaming\SpeedRunnersLog.txt 2018-12-03 20:03 - 2018-12-03 20:03 - 006161408 ____C () C:\Users\hgome\AppData\Local\dump007.dat 2018-01-08 20:03 - 2018-01-08 20:03 - 000000001 ____C () C:\Users\hgome\AppData\Local\WMI.ini ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\dllhost.exe => File is digitally signed C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-05-19 12:43 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 4.02.2019 Ran by hgome (04-02-2019 21:13:35) Running from C:\Users\hgome\Downloads Windows 10 Pro Version 1803 17134.523 (X64) (2018-05-19 20:52:59) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-627454995-2468531635-966533856-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-627454995-2468531635-966533856-503 - Limited - Disabled) Guest (S-1-5-21-627454995-2468531635-966533856-501 - Limited - Disabled) hgome (S-1-5-21-627454995-2468531635-966533856-1001 - Administrator - Enabled) => C:\Users\hgome WDAGUtilityAccount (S-1-5-21-627454995-2468531635-966533856-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {EA21BCE8-A461-99C3-3A0D-4C964E75494E} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {51405D0C-825B-964D-00BD-77E435F203F3} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-627454995-2468531635-966533856-1001\...\uTorrent) (Version: 3.5.1.44332 - BitTorrent Inc.) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20069 - Adobe Systems Incorporated) Adobe Flash Player 29 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 29.0.0.140 - Adobe Systems Incorporated) Apple Application Support (32-bit) (HKLM-x32\...\{3D1290E6-1F77-46D5-A715-A56679C8D4E3}) (Version: 6.0.2 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}) (Version: 11.0.0.30 - Apple Inc.) Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.) Backup and Sync from Google (HKLM\...\{693CADB0-962B-4AC1-A939-9524B258C997}) (Version: 3.43.2448.9071 - Google, Inc.) Battle Chasers Nightwar (HKLM\...\Battle Chasers Nightwar) (Version: - Battle Chasers) Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 21.0.25.59 - Bitdefender) Bitdefender Antivirus Free (HKLM\...\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}) (Version: 1.0.10.12 - Bitdefender) Blizzard App (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Call of Duty Black Ops 4 (HKLM-x32\...\Call of Duty Black Ops 4) (Version: - Blizzard Entertainment) Corsair Utility Engine (HKLM-x32\...\{BB25387A-061E-42E9-AB2F-64073B3E3180}) (Version: 2.24.50 - Corsair) CPUID HWMonitor 1.32 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.32 - ) Cuphead (HKLM-x32\...\Cuphead_is1) (Version: - ) Discord (HKU\S-1-5-21-627454995-2468531635-966533856-1001\...\Discord) (Version: 0.0.304 - Discord Inc.) DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 416.34 - NVIDIA Corporation) Hidden Dolphin (HKLM-x32\...\Dolphin) (Version: 5.0 - Dolphin Team) Epic Games Launcher (HKLM-x32\...\{6F15D7C1-3079-4135-B8E9-8D3EA033EE3A}) (Version: 1.1.129.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden f.lux (HKU\S-1-5-21-627454995-2468531635-966533856-1001\...\Flux) (Version: - f.lux Software LLC) Free Window Registry Repair (HKLM-x32\...\Free Window Registry Repair) (Version: - ) Frostpunk (HKLM\...\Frostpunk) (Version: - Frostpunk) Google Chrome (HKU\S-1-5-21-627454995-2468531635-966533856-1001\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games) Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) iCloud (HKLM\...\{C510BB61-AE0B-4420-87AF-9CF646E86364}) (Version: 6.2.3.17 - Apple Inc.) iTunes (HKLM\...\{94E81D4F-FB5A-4B29-B385-33896CC9BE7E}) (Version: 12.7.0.166 - Apple Inc.) Java 8 Update 171 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180171F0}) (Version: 8.0.1710.11 - Oracle Corporation) Java 8 Update 181 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180181F0}) (Version: 8.0.1810.13 - Oracle Corporation) Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc) Logitech Options (HKLM\...\LogiOptions) (Version: 6.92.275 - Logitech) Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.11231.20130 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-627454995-2468531635-966533856-1001\...\OneDriveSetup.exe) (Version: 18.240.1202.0004 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation) Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.16.1252.717 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang) Mozilla Firefox 61.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 61.0.1 (x64 en-US)) (Version: 61.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 58.0.2 - Mozilla) MSI Afterburner 4.3.0 (HKLM-x32\...\Afterburner) (Version: 4.3.0 - MSI Co., LTD) Nox APP Player (HKLM-x32\...\Nox) (Version: 6.0.1.1 - Duodian Technology Co. Ltd.) NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.11 - NVIDIA Corporation) Hidden NVIDIA 3D Vision Controller Driver 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation) NVIDIA 3D Vision Driver 416.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 416.34 - NVIDIA Corporation) NVIDIA GeForce Experience 3.15.0.186 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.15.0.186 - NVIDIA Corporation) NVIDIA Graphics Driver 416.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 416.34 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.37.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.37.5 - NVIDIA Corporation) NVIDIA PhysX System Software 9.18.0907 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.18.0907 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11231.20130 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11231.20130 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11231.20130 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11231.20130 - Microsoft Corporation) Hidden Origin (HKLM-x32\...\Origin) (Version: 10.5.3.59240 - Electronic Arts, Inc.) osu! (HKLM-x32\...\{be2cad22-30bd-4ae3-8ce4-88e71a4fc481}) (Version: latest - ppy Pty Ltd) Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment) Pokemon Showdown (HKLM-x32\...\Pokemon Showdown) (Version: - "Pokemon Showdown") Pokémon Trading Card Game Online (HKLM-x32\...\{358A0824-EFC7-4F17-928B-01E85A3D65A7}) (Version: 2.50.0 - The Pokémon Company International) Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.6.1.0 - Popcorn Time) <==== ATTENTION Port Forward Network Utilities (HKLM-x32\...\{4C345FED-92FF-4F24-AD0E-F114F4216DC7}) (Version: 3.0.36 - Portforward, LLC) qBittorrent 4.1.2 (HKLM-x32\...\qBittorrent) (Version: 4.1.2 - The qBittorrent project) Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.2 r3111 - Rainmeter) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7910 - Realtek Semiconductor Corp.) Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform) RivaTuner Statistics Server 6.5.0 (HKLM-x32\...\RTSS) (Version: 6.5.0 - Unwinder) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.4.0 - Rockstar Games) Spotify (HKU\S-1-5-21-627454995-2468531635-966533856-1001\...\Spotify) (Version: 1.0.99.250.g936eab8d - Spotify AB) STAR WARS™ Battlefront™ II Multiplayer Beta (HKLM-x32\...\{1BB8FEFF-8A9B-4530-909D-17557A5C8925}) (Version: 1.0.14.17672 - Electronic Arts) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) StopAd (HKLM-x32\...\{A5C4C7B2-D5F2-4E1E-908B-E9C14489C9C3}) (Version: 1.0.2081.1 - Novnify) Twitch (HKU\S-1-5-21-627454995-2468531635-966533856-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation) VLC media player (HKLM\...\VLC media player) (Version: 3.0.3 - VideoLAN) WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-627454995-2468531635-966533856-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02042019211202630_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-627454995-2468531635-966533856-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02042019211202630_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-627454995-2468531635-966533856-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02042019211202630_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-627454995-2468531635-966533856-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02042019211202630_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-627454995-2468531635-966533856-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02042019211202630_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-627454995-2468531635-966533856-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02042019211202630_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-627454995-2468531635-966533856-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02042019211202630_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\hgome\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-627454995-2468531635-966533856-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02042019211202630_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\hgome\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-627454995-2468531635-966533856-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02042019211202630_Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\localserver32 -> C:\Users\hgome\AppData\Local\Google\Chrome\Application\71.0.3578.98\notification_helper.exe (Google Inc -> Google Inc.) CustomCLSID: HKU\S-1-5-21-627454995-2468531635-966533856-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02042019211202630_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\hgome\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll (Google Inc -> Google Inc.) CustomCLSID: HKU\S-1-5-21-627454995-2468531635-966533856-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02042019211202630_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\hgome\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll (Google Inc -> Google Inc.) CustomCLSID: HKU\S-1-5-21-627454995-2468531635-966533856-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02042019211202630_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\hgome\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-627454995-2468531635-966533856-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02042019211231727_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-627454995-2468531635-966533856-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02042019211231727_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-627454995-2468531635-966533856-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02042019211231727_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-627454995-2468531635-966533856-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02042019211231727_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-627454995-2468531635-966533856-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02042019211231727_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-627454995-2468531635-966533856-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02042019211231727_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-627454995-2468531635-966533856-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02042019211231727_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\hgome\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-627454995-2468531635-966533856-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02042019211231727_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\hgome\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-627454995-2468531635-966533856-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02042019211231727_Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\localserver32 -> C:\Users\hgome\AppData\Local\Google\Chrome\Application\71.0.3578.98\notification_helper.exe (Google Inc -> Google Inc.) CustomCLSID: HKU\S-1-5-21-627454995-2468531635-966533856-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02042019211231727_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\hgome\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll (Google Inc -> Google Inc.) CustomCLSID: HKU\S-1-5-21-627454995-2468531635-966533856-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02042019211231727_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\hgome\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll (Google Inc -> Google Inc.) CustomCLSID: HKU\S-1-5-21-627454995-2468531635-966533856-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02042019211231727_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\hgome\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-627454995-2468531635-966533856-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-627454995-2468531635-966533856-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-627454995-2468531635-966533856-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-627454995-2468531635-966533856-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-627454995-2468531635-966533856-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-627454995-2468531635-966533856-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-627454995-2468531635-966533856-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\hgome\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-627454995-2468531635-966533856-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\hgome\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-627454995-2468531635-966533856-1001_Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\localserver32 -> C:\Users\hgome\AppData\Local\Google\Chrome\Application\71.0.3578.98\notification_helper.exe (Google Inc -> Google Inc.) CustomCLSID: HKU\S-1-5-21-627454995-2468531635-966533856-1001_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\hgome\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll (Google Inc -> Google Inc.) CustomCLSID: HKU\S-1-5-21-627454995-2468531635-966533856-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\hgome\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll (Google Inc -> Google Inc.) CustomCLSID: HKU\S-1-5-21-627454995-2468531635-966533856-1001_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\hgome\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => No File ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\hgome\AppData\Local\MEGAsync\ShellExtX64.dll -> No File ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\hgome\AppData\Local\MEGAsync\ShellExtX64.dll -> No File ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\hgome\AppData\Local\MEGAsync\ShellExtX64.dll -> No File ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-12-07] (Google Inc -> Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-12-07] (Google Inc -> Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-12-07] (Google Inc -> Google) ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\hgome\AppData\Local\MEGAsync\ShellExtX64.dll -> No File ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\hgome\AppData\Local\MEGAsync\ShellExtX64.dll -> No File ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\hgome\AppData\Local\MEGAsync\ShellExtX64.dll -> No File ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-12-07] (Google Inc -> Google) ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\hgome\AppData\Local\MEGAsync\ShellExtX64.dll -> No File ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-07-14] (Apple Inc. -> Apple Inc.) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\hgome\AppData\Local\MEGAsync\ShellExtX64.dll -> No File ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\hgome\AppData\Local\MEGAsync\ShellExtX64.dll -> No File ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-12-07] (Google Inc -> Google) ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\hgome\AppData\Local\MEGAsync\ShellExtX64.dll -> No File ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-10-10] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0B0795CC-C428-4CBB-AD01-04780141CEC2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc. -> Apple Inc.) Task: {0FC44DF5-EC21-4190-86EA-CD151F24A217} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-10-10] (NVIDIA Corporation -> NVIDIA Corporation) Task: {12F129EE-F40C-407F-BEDE-2C2DFF639394} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2019-02-03] (Microsoft Corporation -> Microsoft Corporation) Task: {2187E6D8-A80F-40EC-883D-2F5F2477CD66} - System32\Tasks\IAeleIeW => C:\Program Files (x86)\CKTAINCoM.bat [2017-09-29] () <==== ATTENTION Task: {21D9B0CF-4F52-4A82-B778-44A57EEE487F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-627454995-2468531635-966533856-1001Core => C:\Users\hgome\AppData\Local\Google\Update\GoogleUpdate.exe [2017-08-10] (Google Inc -> Google Inc.) Task: {32A49A57-B96F-41EA-97CB-1CBB4279E2DD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-09-30] (Google Inc -> Google Inc.) Task: {3C8EC4A0-2EB7-4FC2-9A08-26C7416D35A5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-627454995-2468531635-966533856-1001UA => C:\Users\hgome\AppData\Local\Google\Update\GoogleUpdate.exe [2017-08-10] (Google Inc -> Google Inc.) Task: {42AF8999-E974-4059-86E3-AB17D293E8A2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2019-01-28] (Microsoft Corporation -> Microsoft Corporation) Task: {4BB52691-17D1-408A-AC60-2806952E4A0D} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-10-10] (NVIDIA Corporation -> NVIDIA Corporation) Task: {543CB94A-1F8D-4BD0-BB2C-7A6B769157E5} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2019-01-28] (Microsoft Corporation -> Microsoft Corporation) Task: {566C8629-B778-457D-885C-3BDBEC757CE1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-09-30] (Google Inc -> Google Inc.) Task: {5FED6E2E-31B5-4199-885E-A73DCED31BA2} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [2019-02-03] (Microsoft Corporation -> Microsoft Corporation) Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] (Microsoft Windows -> ) Task: {7700869A-5F53-4451-B2EF-30AE8F17DA4C} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2019-02-03] (Microsoft Corporation -> Microsoft Corporation) Task: {93229FF7-F023-4FD8-A8CF-6885387F111A} - System32\Tasks\DAOoYU => C:\Program Files (x86)\Common Files\YhRPaym.bat [2017-09-29] () <==== ATTENTION Task: {98853994-2442-4269-90CB-A03463BECCA3} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-10-10] (NVIDIA Corporation -> NVIDIA Corporation) Task: {9A08C8AA-8643-48FE-B25E-7700A25784C3} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-10-10] (NVIDIA Corporation -> NVIDIA Corporation) Task: {A727FC85-69AB-40FC-9E5A-FC0F0C57A357} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-10-10] (NVIDIA Corporation -> NVIDIA Corporation) Task: {A82C53DC-D89D-4ECD-8BE2-0B81A5709D8F} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-10-10] (NVIDIA Corporation -> NVIDIA Corporation) Task: {AA319C56-49B0-488B-B01E-C2EC083C5387} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-10-10] (NVIDIA Corporation -> NVIDIA Corporation) Task: {AC14EF0F-612C-4CB4-9E80-9A688795DF2A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated) Task: {B9BC0FC5-C962-4EC7-AA74-D38A8EB30B20} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [2019-02-03] (Microsoft Corporation -> Microsoft Corporation) Task: {BA24F384-A1A2-40A9-BAB9-51A4A2646F9E} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-10-10] (NVIDIA Corporation -> NVIDIA Corporation) Task: {C2C26865-6B66-4B5E-AF06-411C28833466} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-10-10] (NVIDIA Corporation -> NVIDIA Corporation) Task: {C62A7D97-453F-473B-9DD7-CA89ED7E779E} - System32\Tasks\gWbtEPYOeJut => C:\WINDOWS\zOOuH.exe [2017-09-29] (Microsoft Corporation) Task: {CD46E670-EC28-49C5-9EA5-3BDB1CB28795} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2019-02-03] (Microsoft Corporation -> Microsoft Corporation) Task: {CF9FCCF3-69B4-4BD4-BBB0-30D759FE7ADE} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_140_pepper.exe [2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated) Task: {D6623B81-46D1-42B8-8C02-3EB313B1D6F5} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-10-10] (NVIDIA Corporation -> NVIDIA Corporation) Task: {E53BCDD1-19FB-400B-ABF9-B16A307EDA60} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-10-10] (NVIDIA Corporation -> NVIDIA Corporation) Task: {EB3530F9-4DFC-49B7-844B-4EC8B6C23EEA} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2018-11-15] (Bitdefender SRL -> Bitdefender) Task: {FB5ED258-514C-4EE3-97A6-BCB1DEFCE68E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2017-07-13 19:50 - 2017-07-13 19:50 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2017-09-01 01:49 - 2017-09-01 01:49 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2018-10-22 12:28 - 2018-10-10 12:04 - 001314856 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll 2018-05-05 10:22 - 2018-06-07 10:21 - 000278280 _____ () C:\Program Files\Bitdefender Antivirus Free\txmlutil.dll 2018-05-08 14:22 - 2018-05-08 14:22 - 000992704 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_02639_001\ashttpbr.mdl 2018-05-08 14:22 - 2018-05-08 14:22 - 000543344 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_02639_001\ashttpdsp.mdl 2018-05-08 14:22 - 2018-05-08 14:22 - 003228632 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_02639_001\ashttpph.mdl 2018-05-08 14:22 - 2018-05-08 14:22 - 001527808 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_02639_001\ashttprbl.mdl 2018-04-11 15:34 - 2018-04-11 15:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll 2018-04-11 15:34 - 2018-04-11 15:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll 2018-12-12 11:49 - 2018-11-08 18:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll 2019-01-08 13:02 - 2018-12-31 22:42 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-09-30 19:22 - 2017-09-30 19:22 - 098275328 _____ () C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libcef.dll 2017-09-30 19:22 - 2017-09-30 19:22 - 003922432 _____ () C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libGLESv2.dll 2017-09-30 19:22 - 2017-09-30 19:22 - 000092672 _____ () C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libEGL.dll 2018-08-29 11:13 - 2018-12-05 15:47 - 001066784 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\SDL2.dll 2018-08-29 11:13 - 2018-11-19 16:56 - 102804768 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libcef.dll 2018-08-29 11:13 - 2018-11-19 16:56 - 004866336 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libglesv2.dll 2018-08-29 11:13 - 2018-11-19 16:56 - 000116000 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libegl.dll 2018-12-07 03:37 - 2018-12-07 03:37 - 046504696 _____ () C:\Program Files\Google\Drive\googledrivesync.exe 2019-02-04 11:36 - 2019-02-04 11:36 - 000113664 _____ () C:\Users\hgome\AppData\Local\Temp\_MEI102922\_ctypes.pyd 2019-02-04 11:36 - 2019-02-04 11:36 - 000080896 _____ () C:\Users\hgome\AppData\Local\Temp\_MEI102922\bz2.pyd 2019-02-04 11:36 - 2019-02-04 11:36 - 001792512 _____ () C:\Users\hgome\AppData\Local\Temp\_MEI102922\_hashlib.pyd 2019-02-04 11:36 - 2019-02-04 11:36 - 000128512 _____ () C:\Users\hgome\AppData\Local\Temp\_MEI102922\win32api.pyd 2019-02-04 11:36 - 2019-02-04 11:36 - 000137728 _____ () C:\Users\hgome\AppData\Local\Temp\_MEI102922\pywintypes27.dll 2019-02-04 11:36 - 2019-02-04 11:36 - 000548864 _____ () C:\Users\hgome\AppData\Local\Temp\_MEI102922\pythoncom27.dll 2019-02-04 11:36 - 2019-02-04 11:36 - 000689664 _____ () C:\Users\hgome\AppData\Local\Temp\_MEI102922\unicodedata.pyd 2019-02-04 11:36 - 2019-02-04 11:36 - 000438784 _____ () C:\Users\hgome\AppData\Local\Temp\_MEI102922\win32com.shell.shell.pyd 2019-02-04 11:36 - 2019-02-04 11:36 - 001489408 _____ () C:\Users\hgome\AppData\Local\Temp\_MEI102922\wx._core_.pyd 2019-02-04 11:36 - 2019-02-04 11:36 - 001007104 _____ () C:\Users\hgome\AppData\Local\Temp\_MEI102922\wx._gdi_.pyd 2019-02-04 11:36 - 2019-02-04 11:36 - 001039872 _____ () C:\Users\hgome\AppData\Local\Temp\_MEI102922\wx._windows_.pyd 2019-02-04 11:36 - 2019-02-04 11:36 - 001325056 _____ () C:\Users\hgome\AppData\Local\Temp\_MEI102922\wx._controls_.pyd 2019-02-04 11:36 - 2019-02-04 11:36 - 000916992 _____ () C:\Users\hgome\AppData\Local\Temp\_MEI102922\wx._misc_.pyd 2019-02-04 11:36 - 2019-02-04 11:36 - 001084416 _____ () C:\Users\hgome\AppData\Local\Temp\_MEI102922\pysqlite2._sqlite.pyd 2019-02-04 11:36 - 2019-02-04 11:36 - 000149504 _____ () C:\Users\hgome\AppData\Local\Temp\_MEI102922\win32file.pyd 2019-02-04 11:36 - 2019-02-04 11:36 - 000136192 _____ () C:\Users\hgome\AppData\Local\Temp\_MEI102922\win32security.pyd 2019-02-04 11:36 - 2019-02-04 11:36 - 000007680 _____ () C:\Users\hgome\AppData\Local\Temp\_MEI102922\hashobjs_ext.pyd 2019-02-04 11:36 - 2019-02-04 11:36 - 000020992 _____ () C:\Users\hgome\AppData\Local\Temp\_MEI102922\thumbnails_ext.pyd 2019-02-04 11:36 - 2019-02-04 11:36 - 000118784 _____ () C:\Users\hgome\AppData\Local\Temp\_MEI102922\usb_ext.pyd 2019-02-04 11:36 - 2019-02-04 11:36 - 000047616 _____ () C:\Users\hgome\AppData\Local\Temp\_MEI102922\_socket.pyd 2019-02-04 11:36 - 2019-02-04 11:36 - 002224640 _____ () C:\Users\hgome\AppData\Local\Temp\_MEI102922\_ssl.pyd 2019-02-04 11:36 - 2019-02-04 11:36 - 000014848 _____ () C:\Users\hgome\AppData\Local\Temp\_MEI102922\common.time34.pyd 2019-02-04 11:36 - 2019-02-04 11:36 - 000023040 _____ () C:\Users\hgome\AppData\Local\Temp\_MEI102922\win32event.pyd 2019-02-04 11:36 - 2019-02-04 11:36 - 000034304 _____ () C:\Users\hgome\AppData\Local\Temp\_MEI102922\windows.conditional.pyd 2019-02-04 11:36 - 2019-02-04 11:36 - 000020480 _____ () C:\Users\hgome\AppData\Local\Temp\_MEI102922\windows.winwrap.pyd 2019-02-04 11:36 - 2019-02-04 11:36 - 000110080 _____ () C:\Users\hgome\AppData\Local\Temp\_MEI102922\windows.volumes.pyd 2019-02-04 11:36 - 2019-02-04 11:36 - 000223232 _____ () C:\Users\hgome\AppData\Local\Temp\_MEI102922\win32gui.pyd 2019-02-04 11:36 - 2019-02-04 11:36 - 000173568 _____ () C:\Users\hgome\AppData\Local\Temp\_MEI102922\_elementtree.pyd 2019-02-04 11:36 - 2019-02-04 11:36 - 000169472 _____ () C:\Users\hgome\AppData\Local\Temp\_MEI102922\pyexpat.pyd 2019-02-04 11:36 - 2019-02-04 11:36 - 000048128 _____ () C:\Users\hgome\AppData\Local\Temp\_MEI102922\win32inet.pyd 2019-02-04 11:36 - 2019-02-04 11:36 - 000103424 _____ () C:\Users\hgome\AppData\Local\Temp\_MEI102922\wx._html2.pyd 2019-02-04 11:36 - 2019-02-04 11:36 - 000046080 _____ () C:\Users\hgome\AppData\Local\Temp\_MEI102922\_psutil_windows.pyd 2019-02-04 11:36 - 2019-02-04 11:36 - 000633272 _____ () C:\Users\hgome\AppData\Local\Temp\_MEI102922\windows._cacheinvalidation.pyd 2019-02-04 11:36 - 2019-02-04 11:36 - 000011776 _____ () C:\Users\hgome\AppData\Local\Temp\_MEI102922\win32crypt.pyd 2019-02-04 11:36 - 2019-02-04 11:36 - 000301568 _____ () C:\Users\hgome\AppData\Local\Temp\_MEI102922\PIL._imaging.pyd 2019-02-04 11:36 - 2019-02-04 11:36 - 000032256 _____ () C:\Users\hgome\AppData\Local\Temp\_MEI102922\_multiprocessing.pyd 2019-02-04 11:36 - 2019-02-04 11:36 - 005752320 _____ () C:\Users\hgome\AppData\Local\Temp\_MEI102922\cello.pyd 2019-02-04 11:36 - 2019-02-04 11:36 - 000026112 _____ () C:\Users\hgome\AppData\Local\Temp\_MEI102922\_yappi.pyd 2019-02-04 11:36 - 2019-02-04 11:36 - 000044032 _____ () C:\Users\hgome\AppData\Local\Temp\_MEI102922\win32process.pyd 2019-02-04 11:36 - 2019-02-04 11:36 - 000027648 _____ () C:\Users\hgome\AppData\Local\Temp\_MEI102922\win32pipe.pyd 2019-02-04 11:36 - 2019-02-04 11:36 - 000010752 _____ () C:\Users\hgome\AppData\Local\Temp\_MEI102922\select.pyd 2019-02-04 11:36 - 2019-02-04 11:36 - 000029696 _____ () C:\Users\hgome\AppData\Local\Temp\_MEI102922\win32pdh.pyd 2019-02-04 11:36 - 2019-02-04 11:36 - 000038400 _____ () C:\Users\hgome\AppData\Local\Temp\_MEI102922\windows.connectivity.pyd 2019-02-04 11:36 - 2019-02-04 11:36 - 000073216 _____ () C:\Users\hgome\AppData\Local\Temp\_MEI102922\windows.device_monitor.pyd 2019-02-04 11:36 - 2019-02-04 11:36 - 000020480 _____ () C:\Users\hgome\AppData\Local\Temp\_MEI102922\win32profile.pyd 2019-02-04 11:36 - 2019-02-04 11:36 - 000026624 _____ () C:\Users\hgome\AppData\Local\Temp\_MEI102922\win32ts.pyd 2018-12-15 22:13 - 2018-12-11 21:11 - 005237216 _____ () C:\Users\hgome\AppData\Local\Google\Chrome\Application\71.0.3578.98\libglesv2.dll 2018-12-15 22:13 - 2018-12-11 21:11 - 000117216 _____ () C:\Users\hgome\AppData\Local\Google\Chrome\Application\71.0.3578.98\libegl.dll 2018-12-27 13:34 - 2018-12-27 13:34 - 004107776 _____ () C:\Program Files\WindowsApps\60145ScottBrogden.ditto-cp_3.22.20.0_x86__n6b029mg40na2\Ditto.exe 2018-10-22 12:28 - 2018-10-10 12:03 - 101252136 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll 2018-10-22 12:28 - 2018-10-10 12:03 - 004619816 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libglesv2.dll 2018-10-22 12:28 - 2018-10-10 12:03 - 000108584 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libegl.dll 2019-01-31 11:40 - 2019-01-31 11:40 - 000481280 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe 2019-01-31 11:40 - 2019-01-31 11:40 - 080636416 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll 2017-10-04 14:16 - 2017-10-04 14:17 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll 2019-01-31 11:40 - 2019-01-31 11:40 - 003824640 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll 2019-01-16 00:29 - 2019-01-16 00:29 - 000012288 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll 2019-01-31 11:40 - 2019-01-31 11:40 - 014225408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll 2019-01-31 11:40 - 2019-01-31 11:40 - 002871296 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll 2018-08-30 15:16 - 2018-08-30 15:16 - 000973312 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll 2018-07-27 10:21 - 2018-07-27 10:22 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2019-01-22 18:56 - 2019-01-22 18:56 - 028012544 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\Video.UI.exe 2019-01-22 18:56 - 2019-01-22 18:56 - 000305152 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\SharedUI.dll 2017-11-30 18:43 - 2017-11-30 18:43 - 000902656 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.UI.Xaml.dll 2018-11-29 11:59 - 2018-11-29 11:59 - 004202208 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2019-01-22 18:56 - 2019-01-22 18:56 - 006187520 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\EntCommon.dll 2019-01-22 18:56 - 2019-01-22 18:56 - 009388544 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\EntPlat.dll 2019-01-29 19:23 - 2019-01-29 19:23 - 000070144 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll 2019-01-29 19:23 - 2019-01-29 19:23 - 000282624 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll 2018-01-08 20:17 - 2018-11-15 11:01 - 002712432 _____ () E:\ANTI-MALWARE\SelfProtectionSdk.dll 2017-08-10 17:40 - 2018-12-05 15:47 - 000885536 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2017-08-10 17:40 - 2016-08-31 17:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll 2017-08-10 17:40 - 2019-02-02 09:33 - 002667296 _____ () C:\Program Files (x86)\Steam\video.dll 2017-08-10 17:40 - 2016-08-31 17:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2017-08-10 17:40 - 2016-08-31 17:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2017-12-14 13:04 - 2018-11-05 10:53 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll 2017-12-14 13:04 - 2018-11-05 10:53 - 000810784 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll 2017-12-14 13:04 - 2018-11-05 10:53 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll 2017-12-14 13:04 - 2018-11-05 10:53 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll 2017-12-14 13:04 - 2018-11-05 10:53 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll 2017-08-10 17:40 - 2019-02-02 09:33 - 001031456 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2017-08-10 17:40 - 2016-07-04 14:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll 2017-08-10 18:03 - 2018-10-10 12:04 - 001032744 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll 2018-03-27 18:18 - 2018-03-27 18:18 - 000197120 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\quazip.dll 2018-03-27 18:11 - 2018-03-27 18:11 - 000044544 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\MacroRecording.dll 2018-03-27 18:42 - 2018-03-27 18:42 - 000151040 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairAudioDevice.dll 2018-03-27 18:11 - 2018-03-27 18:11 - 000097280 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\zlib.dll 2017-10-02 07:54 - 2017-10-02 07:54 - 000013312 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\libEGL.DLL 2017-10-02 07:54 - 2017-10-02 07:54 - 001950720 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\libGLESv2.dll 2017-08-13 16:36 - 2019-02-03 17:52 - 088824552 _____ () C:\Users\hgome\AppData\Roaming\Spotify\libcef.dll 2017-08-13 16:36 - 2019-02-03 17:52 - 004239592 _____ () C:\Users\hgome\AppData\Roaming\Spotify\libglesv2.dll 2017-08-13 16:36 - 2019-02-03 17:52 - 000098024 _____ () C:\Users\hgome\AppData\Roaming\Spotify\libegl.dll 2019-01-23 21:48 - 2019-01-15 16:32 - 002000216 ____C () C:\Users\hgome\AppData\Local\Discord\app-0.0.304\ffmpeg.dll 2019-01-23 21:48 - 2019-01-15 16:32 - 004332376 ____C () C:\Users\hgome\AppData\Local\Discord\app-0.0.304\libglesv2.dll 2019-01-23 21:48 - 2019-01-15 16:32 - 000106328 ____C () C:\Users\hgome\AppData\Local\Discord\app-0.0.304\libegl.dll 2019-01-23 21:48 - 2019-01-26 14:31 - 011345240 _____ () \\?\C:\Users\hgome\AppData\Roaming\discord\0.0.304\modules\discord_voice\discord_voice.node 2019-01-23 21:48 - 2019-01-23 21:48 - 001723224 _____ () \\?\C:\Users\hgome\AppData\Roaming\discord\0.0.304\modules\discord_utils\discord_utils.node 2019-01-23 21:49 - 2019-01-23 21:49 - 001762648 _____ () \\?\C:\Users\hgome\AppData\Roaming\discord\0.0.304\modules\discord_game_utils\discord_game_utils.node 2019-01-23 21:48 - 2019-01-23 21:48 - 002672984 _____ () \\?\C:\Users\hgome\AppData\Roaming\discord\0.0.304\modules\discord_spellcheck\node_modules\cld\build\Release\cld.node 2019-01-23 21:48 - 2019-01-23 21:48 - 000837464 _____ () \\?\C:\Users\hgome\AppData\Roaming\discord\0.0.304\modules\discord_spellcheck\node_modules\spellchecker\build\Release\spellchecker.node 2019-01-23 21:48 - 2019-01-23 21:48 - 000479064 _____ () \\?\C:\Users\hgome\AppData\Roaming\discord\0.0.304\modules\discord_spellcheck\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node 2019-01-23 21:48 - 2019-01-23 21:48 - 000553816 _____ () \\?\C:\Users\hgome\AppData\Roaming\discord\0.0.304\modules\discord_erlpack\discord_erlpack.node 2019-01-23 21:49 - 2019-01-23 21:49 - 009914712 _____ () \\?\C:\Users\hgome\AppData\Roaming\discord\0.0.304\modules\discord_cloudsync\discord_cloudsync.node 2019-01-23 21:49 - 2019-01-23 21:49 - 002909016 _____ () \\?\C:\Users\hgome\AppData\Roaming\discord\0.0.304\modules\discord_rpc\discord_rpc.node 2019-01-23 21:49 - 2019-01-23 21:49 - 001726296 _____ () \\?\C:\Users\hgome\AppData\Roaming\discord\0.0.304\modules\discord_overlay2\discord_overlay2.node 2019-01-23 21:49 - 2019-01-23 21:49 - 001266008 _____ () \\?\C:\Users\hgome\AppData\Roaming\discord\0.0.304\modules\discord_modules\discord_modules.node 2019-01-23 21:49 - 2019-01-23 21:49 - 022327128 _____ () \\?\C:\Users\hgome\AppData\Roaming\discord\0.0.304\modules\discord_dispatch\discord_dispatch.node 2019-01-23 21:49 - 2019-01-23 21:49 - 002947416 _____ () \\?\C:\Users\hgome\AppData\Roaming\discord\0.0.304\modules\discord_contact_import\discord_contact_import.node 2019-01-23 21:49 - 2019-01-23 21:49 - 001297752 _____ () \\?\C:\Users\hgome\AppData\Roaming\discord\0.0.304\modules\discord_vigilante\discord_vigilante.node 2019-01-23 21:48 - 2019-01-15 16:32 - 002269528 ____C () C:\Users\hgome\AppData\Local\Discord\app-0.0.304\swiftshader\libglesv2.dll 2019-01-23 21:48 - 2019-01-15 16:32 - 000132952 ____C () C:\Users\hgome\AppData\Local\Discord\app-0.0.304\swiftshader\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\hgome\Application Data:00e481b5e22dbe1f649fcddd505d3eb7 [362] AlternateDataStreams: C:\Users\hgome\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [362] AlternateDataStreams: C:\Users\Public\AppData:CSM [484] AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [474] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2017-03-18 13:03 - 2017-03-18 13:01 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\ HKCU\Environment\\Path: C:\Program Files (x86)\Java\jre8\bin HKU\S-1-5-21-627454995-2468531635-966533856-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\hgome\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\image (14).png DNS Servers: 128.200.192.202 - 128.200.1.201 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: Apple Mobile Device Service => 2 MSCONFIG\Services: BEService => 3 MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\Services: EasyAntiCheat => 3 MSCONFIG\Services: iPod Service => 3 MSCONFIG\Services: MBAMService => 2 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: NvContainerLocalSystem => 2 MSCONFIG\Services: NvContainerNetworkService => 3 MSCONFIG\Services: NVDisplay.ContainerLocalSystem => 2 MSCONFIG\Services: NvTelemetryContainer => 2 MSCONFIG\Services: Origin Client Service => 3 MSCONFIG\Services: Origin Web Helper Service => 2 MSCONFIG\Services: ProductAgentService => 2 MSCONFIG\Services: Steam Client Service => 3 MSCONFIG\Services: StopAdService => 2 MSCONFIG\Services: Update service => 2 HKLM\...\StartupApproved\Run: => "iTunesHelper" HKU\S-1-5-21-627454995-2468531635-966533856-1001\...\StartupApproved\Run: => "uTorrent" HKU\S-1-5-21-627454995-2468531635-966533856-1001\...\StartupApproved\Run: => "Google Update" HKU\S-1-5-21-627454995-2468531635-966533856-1001\...\StartupApproved\Run: => "Spotify" HKU\S-1-5-21-627454995-2468531635-966533856-1001\...\StartupApproved\Run: => "iCloudServices" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{FC6577F8-B3BE-4880-A223-0D5A70425467}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{3C87B67C-1F5D-473C-97D9-03FEFA3D06DD}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{51B7E9C8-DAF6-4FA0-96FB-E81A142B3A22}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{2948A652-1F74-4A36-B75C-D84B1425FDD8}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{728E407F-B755-40A1-8BEC-895D831C535B}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{78D0C40A-795C-43F2-A5E8-2B13E03345B4}] => (Allow) E:\SteamLibrary\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe No File FirewallRules: [{CD61FC14-68B4-459B-A763-9E0C2A5F6CA2}] => (Allow) E:\SteamLibrary\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe No File FirewallRules: [{FCDB1321-AFF3-4385-B150-A36EDD281287}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{511A1E85-E32A-48AC-A6DE-B9EECA13BA21}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{24115056-D013-4FC4-B530-95B66AF03BD2}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{C47E6A9E-7E93-41CA-B6FB-CEA95CE26F02}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{FD46D296-0495-4124-9386-153FA8CFE669}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{04DE4207-0951-42FC-A8DC-4D2DFABF2A09}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{B6AAD254-75DD-4AE5-9FC0-C73DCDFE8E55}] => (Allow) E:\SteamLibrary\steamapps\common\SpeedRunners\SpeedRunners.exe (DoubleDutch Games) FirewallRules: [{680D1976-AFF0-42BF-8AF3-96F1A109FFB5}] => (Allow) E:\SteamLibrary\steamapps\common\SpeedRunners\SpeedRunners.exe (DoubleDutch Games) FirewallRules: [{718A7BDD-8334-42F4-8136-92174028A4F2}] => (Allow) E:\SteamLibrary\steamapps\common\No Time To Explain Remastered\NoTimeToExplain.exe () FirewallRules: [{6C8F87B0-3F12-458C-ABEF-EC7418ABE45B}] => (Allow) E:\SteamLibrary\steamapps\common\No Time To Explain Remastered\NoTimeToExplain.exe () FirewallRules: [{B0FCC705-627A-44DE-9F5F-ADE48DCB494A}] => (Allow) E:\SteamLibrary\steamapps\common\Business Tour\BusinessTour.exe () FirewallRules: [{BC69F597-37B2-4A8A-9EA1-A3A19B0BFB4A}] => (Allow) E:\SteamLibrary\steamapps\common\Business Tour\BusinessTour.exe () FirewallRules: [{304EC876-253C-490D-9CBE-8DEB4A2EE20D}] => (Allow) E:\SteamLibrary\steamapps\common\VRChat\VRChat.exe () FirewallRules: [{2A14EEA9-CDF8-48E5-A6AF-04618DD58FEE}] => (Allow) E:\SteamLibrary\steamapps\common\VRChat\VRChat.exe () FirewallRules: [UDP Query User{0F079045-916D-40A7-B981-0246C7609721}E:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) E:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File FirewallRules: [TCP Query User{650B2541-BE7C-4814-A4CB-F4D56478364C}E:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) E:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File FirewallRules: [{CC8B834B-B557-43C6-89D0-9F3F6171704B}] => (Allow) C:\Program Files (x86)\Bignox\BigNoxVM\RT\NoxVMHandle.exe (Beijing Duodian Online Science and Technology Co.,Ltd -> ) FirewallRules: [{FE858F49-8D52-4C4A-A883-13345D5CE850}] => (Allow) C:\Program Files (x86)\Nox\bin\Nox.exe (Beijing Duodian Online Science and Technology Co.,Ltd -> Duodian Technology Co. Ltd.) FirewallRules: [{C4ABF825-0EAC-4FEB-8A10-10FD97283FAC}] => (Allow) C:\Users\hgome\AppData\Local\Temp\andy-x64\Setup.exe No File FirewallRules: [{8C4D36B6-D722-4BE9-B7CF-943C8C116627}] => (Allow) C:\Users\hgome\AppData\Local\Temp\andy-x64\Setup.exe No File FirewallRules: [{7B1DFE9F-272B-4F17-9363-8449FE5E2614}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe No File FirewallRules: [UDP Query User{A4687A87-E7B5-46D5-A5E3-1A831CF3BFC8}C:\users\hgome\desktop\opus magnum\lightning.exe] => (Allow) C:\users\hgome\desktop\opus magnum\lightning.exe No File FirewallRules: [TCP Query User{455C4BF3-0EC4-4CBD-B0BE-8553A117903D}C:\users\hgome\desktop\opus magnum\lightning.exe] => (Allow) C:\users\hgome\desktop\opus magnum\lightning.exe No File FirewallRules: [{897D71E1-8BB7-461A-A06E-994D25385727}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{E2D084C7-8E86-4670-873D-5A6CBBC9DA9B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{09C2E51E-5D75-4476-B2B2-D196A6667265}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File FirewallRules: [{DEF98328-CACF-4469-B220-C3F694C52EC9}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File FirewallRules: [TCP Query User{586054DC-86B7-4C7A-9C9D-E4B745E6EBC7}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment) FirewallRules: [UDP Query User{443CDD6B-73D3-40E7-84D7-F3D8F23C49B1}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment) FirewallRules: [{23A085FA-AC42-4169-9D50-66038FE6E0D2}] => (Allow) C:\Users\hgome\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{13869341-B953-4761-B9A1-5798436558FC}] => (Allow) C:\Users\hgome\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [TCP Query User{98ADDA3B-43C3-4C26-8823-E6A033992659}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe No File FirewallRules: [UDP Query User{911E2EBF-3388-4830-A42A-1BE29EBA9176}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe No File FirewallRules: [{985240BF-B00F-4B4A-B467-4ECC296BBE47}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wolfenstein.The.New.Order\WolfNewOrder_x64.exe No File FirewallRules: [{512CCB5F-1C2A-4C56-9B37-7318415AF728}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wolfenstein.The.New.Order\WolfNewOrder_x64.exe No File FirewallRules: [TCP Query User{9F9B0D6B-79B8-4D84-A786-2C0422BD5CC1}C:\users\hgome\desktop\enter the gungeon (v1.0.11)\etg.exe] => (Allow) C:\users\hgome\desktop\enter the gungeon (v1.0.11)\etg.exe No File FirewallRules: [UDP Query User{50BAD3AE-AB20-45EA-9998-7AED17804421}C:\users\hgome\desktop\enter the gungeon (v1.0.11)\etg.exe] => (Allow) C:\users\hgome\desktop\enter the gungeon (v1.0.11)\etg.exe No File FirewallRules: [TCP Query User{4551A4C5-2629-486F-B813-72FBBD5931E3}C:\users\hgome\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\hgome\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [UDP Query User{95448CE2-A00F-4B14-BAA7-2BBE5550A4C7}C:\users\hgome\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\hgome\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [TCP Query User{1ED9E4D2-018D-41A8-9B61-DE6459E26DC1}C:\users\hgome\documents\enter the gungeon (v1.0.11)\etg.exe] => (Allow) C:\users\hgome\documents\enter the gungeon (v1.0.11)\etg.exe () FirewallRules: [UDP Query User{34A984B2-7E38-4746-AFCA-42D823D9D6B1}C:\users\hgome\documents\enter the gungeon (v1.0.11)\etg.exe] => (Allow) C:\users\hgome\documents\enter the gungeon (v1.0.11)\etg.exe () FirewallRules: [{413AA6A2-E939-499A-9D73-58B665873516}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{37B90112-089F-48A5-8C19-BB68B836E061}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{2F86E7D4-9C87-4BFA-AE5E-D3C9A6C9F936}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{FB06F753-3DB6-4D88-9E37-23F5ECF13831}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{F02112DA-14B0-4E69-9DC0-65EE7E3350A2}] => (Allow) E:\SteamLibrary\steamapps\common\Resident Evil 4\Bin32\bio4.exe (CAPCOM Co.,Ltd. -> CAPCOM U.S.A, INC.) FirewallRules: [{FB3A8885-9F78-4181-AEE5-93AE7D19CE60}] => (Allow) E:\SteamLibrary\steamapps\common\Resident Evil 4\Bin32\bio4.exe (CAPCOM Co.,Ltd. -> CAPCOM U.S.A, INC.) FirewallRules: [{262AA07B-D292-486B-BB30-B0969C978FD3}] => (Allow) E:\SteamLibrary\steamapps\common\GarrysMod\hl2.exe () FirewallRules: [{814CCE74-AE36-449A-AD1E-BC8C9C202349}] => (Allow) E:\SteamLibrary\steamapps\common\GarrysMod\hl2.exe () FirewallRules: [{32E6BD03-DD0A-4216-9A34-77B1E4E6AF46}] => (Allow) E:\SteamLibrary\steamapps\common\Counter-Strike Source\hl2.exe (Valve -> ) FirewallRules: [{426FB04F-911F-42B7-BD4E-825E5E689C8A}] => (Allow) E:\SteamLibrary\steamapps\common\Counter-Strike Source\hl2.exe (Valve -> ) FirewallRules: [{D0B2616D-E1D6-4941-880A-B39F41BAC606}] => (Allow) E:\SteamLibrary\steamapps\common\Rise of the Tomb Raider\ROTTR.exe (Square Enix LTD -> Eidos Inc.) FirewallRules: [{E078A29C-DA3B-4301-B284-DC9C4CD5B993}] => (Allow) E:\SteamLibrary\steamapps\common\Rise of the Tomb Raider\ROTTR.exe (Square Enix LTD -> Eidos Inc.) FirewallRules: [TCP Query User{D6F90F4E-E8DF-4091-BA23-D8A189AB64C3}E:\destiny 2\destiny2.exe] => (Allow) E:\destiny 2\destiny2.exe No File FirewallRules: [UDP Query User{3CD64743-97E9-437B-9FC2-3A98FA2AE707}E:\destiny 2\destiny2.exe] => (Allow) E:\destiny 2\destiny2.exe No File FirewallRules: [{AE2B03C4-DC56-4738-BB22-B913FC5ADF44}] => (Allow) E:\SteamLibrary\steamapps\common\Wolfenstein.The.New.Order\WolfNewOrder_x64.exe (MachineGames) FirewallRules: [{F6FB9589-B88F-403C-BCB9-1FDF605928CE}] => (Allow) E:\SteamLibrary\steamapps\common\Wolfenstein.The.New.Order\WolfNewOrder_x64.exe (MachineGames) FirewallRules: [{5365B00A-EDE5-4D53-B613-B8FBA7C6FD26}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{655D8784-4490-4997-A0ED-BB3907C97999}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe (Popcorn Time) FirewallRules: [{C7A969D8-72B8-485F-9A64-FD759EECC871}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe (Popcorn Time) FirewallRules: [{FDC927E9-C289-456B-AA31-200E861E7EBD}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe () FirewallRules: [{8DD76F19-B844-4E82-BFCA-1E6541C7F20F}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe () FirewallRules: [{34EB98A8-28CE-4C76-80D5-8569DD05DD8E}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe (Joyent Inc -> Joyent, Inc) FirewallRules: [{E3B278CC-311A-4BC6-976E-4F31A591BC96}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe (Joyent Inc -> Joyent, Inc) FirewallRules: [{25BD0C69-26E6-4EBA-9EE0-A11243C678C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe No File FirewallRules: [{14DF0B60-BB16-4E71-8B7C-437888A72C43}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe No File FirewallRules: [TCP Query User{3339551F-14EA-4379-AB1D-E2A23277172D}C:\program files (x86)\steam\steamapps\common\tower unite\tower\binaries\win64\tower-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\tower unite\tower\binaries\win64\tower-win64-shipping.exe No File FirewallRules: [UDP Query User{810ACB13-CF13-4318-A544-09880AD11CEF}C:\program files (x86)\steam\steamapps\common\tower unite\tower\binaries\win64\tower-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\tower unite\tower\binaries\win64\tower-win64-shipping.exe No File FirewallRules: [{19AD7E0A-C68E-46CF-8847-68A1E633D63D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty WWII Beta\s2_mp64_ship.exe No File FirewallRules: [{C84595A0-DFEF-4D0D-8E11-9F9F24412F03}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty WWII Beta\s2_mp64_ship.exe No File FirewallRules: [TCP Query User{0550D290-94B9-4E24-9935-ACFBADB1BFAE}C:\users\hgome\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\hgome\appdata\local\google\chrome\application\chrome.exe (Google Inc -> Google Inc.) FirewallRules: [UDP Query User{65A6BF23-7201-4DBB-B17B-7BB99757056B}C:\users\hgome\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\hgome\appdata\local\google\chrome\application\chrome.exe (Google Inc -> Google Inc.) FirewallRules: [TCP Query User{4C44C259-8F47-4107-8FDD-467ADE8DF32A}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{2A8053EC-3BD8-471F-8CC8-535C5467E8EF}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [TCP Query User{8917C9FA-496F-4377-9475-EEEE26B7FEBA}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{633DE2BE-981C-445B-A72B-10244C23D343}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [{10F77B5A-2066-4DA9-8F59-B08090765B14}] => (Allow) C:\Users\hgome\Desktop\Cuphead.exe No File FirewallRules: [{350C77B3-DB4B-4751-8C0B-83E71C99EA7F}] => (Allow) C:\Users\hgome\Desktop\Cuphead.exe No File FirewallRules: [{B43F4507-D9E2-4E7A-BA09-159BDBB41F0D}] => (Allow) C:\Users\hgome\Desktop\Cuphead.exe No File FirewallRules: [{29E3FE01-822B-45C9-BE66-32115CD79A19}] => (Allow) C:\Users\hgome\Desktop\Cuphead.exe No File FirewallRules: [{D00D7C77-5538-4A6A-98B7-0873753B3402}] => (Allow) E:\SteamLibrary\steamapps\common\Tower Unite\Tower.exe () FirewallRules: [{BADDE71F-0671-43CA-8202-9D05410A3955}] => (Allow) E:\SteamLibrary\steamapps\common\Tower Unite\Tower.exe () FirewallRules: [{641E0B3E-404C-4676-8A12-23179251F988}] => (Allow) E:\Program Files (x86)\Origin Games\STAR WARS Battlefront II Multiplayer Beta\starwarsbattlefrontii.exe (Electronic Arts -> Electronic Arts Inc.) FirewallRules: [{E5762CEA-A143-4486-927E-844FAE548217}] => (Allow) E:\Program Files (x86)\Origin Games\STAR WARS Battlefront II Multiplayer Beta\starwarsbattlefrontii.exe (Electronic Arts -> Electronic Arts Inc.) FirewallRules: [{8E4264F3-30D1-4F60-A995-5D9CC2A3B6FE}] => (Allow) E:\Program Files\GTA5.exe (Rockstar Games, Inc. -> Rockstar Games) FirewallRules: [{E6199472-4098-423C-985B-D440F08ABFFE}] => (Allow) E:\Program Files\GTA5.exe (Rockstar Games, Inc. -> Rockstar Games) FirewallRules: [TCP Query User{E5D6D9BD-09AA-43EF-92D2-7A7828DC60B1}E:\steamlibrary\steamapps\common\tower unite\tower\binaries\win64\tower-win64-shipping.exe] => (Allow) E:\steamlibrary\steamapps\common\tower unite\tower\binaries\win64\tower-win64-shipping.exe (Epic Games, Inc.) FirewallRules: [UDP Query User{424C95DF-A05A-4527-9EF7-041614AEE8FE}E:\steamlibrary\steamapps\common\tower unite\tower\binaries\win64\tower-win64-shipping.exe] => (Allow) E:\steamlibrary\steamapps\common\tower unite\tower\binaries\win64\tower-win64-shipping.exe (Epic Games, Inc.) FirewallRules: [TCP Query User{F50A527A-F760-41FF-9F4E-A1622556A829}E:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) E:\program files (x86)\secondlifeviewer\slvoice.exe No File FirewallRules: [UDP Query User{1ED5958D-8B96-4944-B840-EA44DF0F02E5}E:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) E:\program files (x86)\secondlifeviewer\slvoice.exe No File FirewallRules: [{785EF1AE-86D8-4299-9554-37CEA808BF6F}] => (Allow) E:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe (Psyonix, Inc) FirewallRules: [{2F439EC5-B95B-47A4-B46D-21362F394559}] => (Allow) E:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe (Psyonix, Inc) FirewallRules: [TCP Query User{47F517F1-6E91-44AE-A95E-085F25B35BE6}C:\users\hgome\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\hgome\appdata\local\google\chrome\application\chrome.exe (Google Inc -> Google Inc.) FirewallRules: [UDP Query User{7082C91F-4ED8-4E30-8546-D8B3B082DA3A}C:\users\hgome\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\hgome\appdata\local\google\chrome\application\chrome.exe (Google Inc -> Google Inc.) FirewallRules: [TCP Query User{80012625-9CF6-410B-BAFC-F47CE230D5C9}C:\users\hgome\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\hgome\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [UDP Query User{3AA51F57-B5DD-469F-9CC3-AA20FF4C536E}C:\users\hgome\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\hgome\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [TCP Query User{2003DAE2-B709-41E4-A532-6388C00C6982}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment) FirewallRules: [UDP Query User{5B7CC3EB-3C76-47E5-B65A-BA1E86FA0C5F}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment) FirewallRules: [TCP Query User{3505EEDF-93AC-4901-803D-6AB02E2CCE4B}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe No File FirewallRules: [UDP Query User{C66BF22E-F118-4C72-AEA7-F5DB20D32E73}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe No File FirewallRules: [TCP Query User{0C89DE29-ED0E-4D0E-A212-EBECCF41EE17}E:\steamlibrary\steamapps\common\tower unite\tower\binaries\win64\tower-win64-shipping.exe] => (Allow) E:\steamlibrary\steamapps\common\tower unite\tower\binaries\win64\tower-win64-shipping.exe (Epic Games, Inc.) FirewallRules: [UDP Query User{DEFF996F-5F2D-41B7-965C-1DD8C59B9904}E:\steamlibrary\steamapps\common\tower unite\tower\binaries\win64\tower-win64-shipping.exe] => (Allow) E:\steamlibrary\steamapps\common\tower unite\tower\binaries\win64\tower-win64-shipping.exe (Epic Games, Inc.) FirewallRules: [TCP Query User{D439E54A-FA99-4D17-8470-83145B940572}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{3477BC36-0CD5-4A51-A7B0-087E6B9E1542}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [TCP Query User{794D6369-203D-40B5-87A7-EB0039E9819C}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{33B8BBA4-A42E-4F08-9439-2BE04E3F3400}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [TCP Query User{A75F02EC-43A2-4CBC-8182-63CCE456B8B1}E:\program files\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) E:\program files\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{BC7173D1-CE92-43ED-B4E8-B21550A4DB9D}E:\program files\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) E:\program files\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [{6B474138-14D1-4024-B055-383C2DA5515C}] => (Allow) E:\SteamLibrary\steamapps\common\Ultimate Chicken Horse\UltimateChickenHorse.exe () FirewallRules: [{CB8059E2-B7E0-479A-B666-4B974FA02911}] => (Allow) E:\SteamLibrary\steamapps\common\Ultimate Chicken Horse\UltimateChickenHorse.exe () FirewallRules: [TCP Query User{2A4C7516-D7F2-4207-B42E-0845EB4DACB1}E:\program files\gta5.exe] => (Allow) E:\program files\gta5.exe (Rockstar Games, Inc. -> Rockstar Games) FirewallRules: [UDP Query User{62D3C3C5-EB14-4BB2-AE60-F6F2E17F86A2}E:\program files\gta5.exe] => (Allow) E:\program files\gta5.exe (Rockstar Games, Inc. -> Rockstar Games) FirewallRules: [TCP Query User{34BD868D-5869-40B9-84BE-B3709C9D6897}C:\program files (x86)\steam\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe No File FirewallRules: [UDP Query User{F1E85C8D-0058-41FE-9A01-EF7300AF5042}C:\program files (x86)\steam\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe No File FirewallRules: [{F6069233-63CC-421D-8536-8B5B3116ED20}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe (Popcorn Time) FirewallRules: [{2F474DCF-3EE3-4E13-9E09-3C81F5BF716E}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe (Popcorn Time) FirewallRules: [{EF693AA1-35D8-4013-A91D-CAB0B57F967C}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe () FirewallRules: [{A9FA4DD0-7467-43A2-A88D-D79E554D9FA3}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe () FirewallRules: [{7E733367-BF7A-46E4-A2C6-73EE3C1CD5F1}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe (Joyent Inc -> Joyent, Inc) FirewallRules: [{FE5960A9-6BE5-4FFC-BC1D-F3D6F3CFF3DC}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe (Joyent Inc -> Joyent, Inc) FirewallRules: [{CC2C739F-70E8-4F60-A753-85607C27F445}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Human Fall Flat\Human.exe () FirewallRules: [{C7F2F313-E812-4FC2-BAF6-524235068F06}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Human Fall Flat\Human.exe () FirewallRules: [TCP Query User{D1D113F3-B101-41F2-9186-C5C244D17336}E:\steamlibrary\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe] => (Allow) E:\steamlibrary\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe (Bluehole, Inc. -> Bluehole GinnoGames, Inc.) FirewallRules: [UDP Query User{E95A03C7-356D-4F96-88BB-D0494CE01A48}E:\steamlibrary\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe] => (Allow) E:\steamlibrary\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe (Bluehole, Inc. -> Bluehole GinnoGames, Inc.) FirewallRules: [{23FE4363-BE62-4730-98C3-B88AFCBBEE76}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Warframe.exe (Digital Extremes Ltd. -> Digital Extremes) FirewallRules: [{9542EB11-D12E-40FC-8D7A-AD45D2794450}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes) FirewallRules: [{40C8FB35-16E5-4D5F-BCF1-3117DA272EA5}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Warframe.exe (Digital Extremes Ltd. -> Digital Extremes) FirewallRules: [{B4D488DA-F22F-48B1-B0C5-149FFBE28279}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes) FirewallRules: [{E119951B-EE55-4B0F-B014-DDA1B1758271}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Tools\Launcher.exe (Digital Extremes Ltd. -> Digital Extremes) FirewallRules: [{EB19EAC6-1E6C-46C6-BC10-F6EEF923DE30}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Tools\RemoteCrashSender.exe (Digital Extremes Ltd. -> ) FirewallRules: [{727DA586-4CF2-4BC1-80D3-D4AD05E1F677}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Warframe.exe (Digital Extremes Ltd. -> Digital Extremes) FirewallRules: [{CFD11E6F-F8B5-45BB-9E9B-6ABB7F57A622}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes) FirewallRules: [{D8D74DCA-698B-42C7-A817-F62F69A4BAD0}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Warframe.exe (Digital Extremes Ltd. -> Digital Extremes) FirewallRules: [{F2EACFD5-7D99-4FA6-ACA3-E77B084B3131}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes) FirewallRules: [{193B8421-6E41-44ED-A568-1219444646FE}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Tools\Launcher.exe (Digital Extremes Ltd. -> Digital Extremes) FirewallRules: [{2779E340-BC96-4CE8-BEA0-160B97C3BDEB}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Tools\RemoteCrashSender.exe (Digital Extremes Ltd. -> ) FirewallRules: [{597DC166-F75F-472A-873E-12A6009A66DC}] => (Allow) E:\SteamLibrary\steamapps\common\Tabletopia\Tabletopia.exe () FirewallRules: [{49A7271D-2F8B-4B6C-9348-592614543334}] => (Allow) E:\SteamLibrary\steamapps\common\Tabletopia\Tabletopia.exe () FirewallRules: [{692C68B9-85EB-4C85-8661-6B51947A0267}] => (Allow) E:\SteamLibrary\steamapps\common\Resident Evil Biohazard HD REMASTER\bhd.exe () FirewallRules: [{67371B18-F013-47FF-92B7-C43E24334FF7}] => (Allow) E:\SteamLibrary\steamapps\common\Resident Evil Biohazard HD REMASTER\bhd.exe () FirewallRules: [TCP Query User{D64EE46F-3DC6-4F8F-AFC7-439E7FEFD97F}E:\program files\league of legends\rads\projects\league_client\releases\0.0.0.154\deploy\leagueclient.exe] => (Allow) E:\program files\league of legends\rads\projects\league_client\releases\0.0.0.154\deploy\leagueclient.exe (Riot Games, Inc. -> ) FirewallRules: [UDP Query User{DC8B87E3-47F5-4734-ACAD-C76554B88CFB}E:\program files\league of legends\rads\projects\league_client\releases\0.0.0.154\deploy\leagueclient.exe] => (Allow) E:\program files\league of legends\rads\projects\league_client\releases\0.0.0.154\deploy\leagueclient.exe (Riot Games, Inc. -> ) FirewallRules: [{61E05375-197F-46C5-A2E4-BCEF2C3F1FD4}] => (Allow) E:\SteamLibrary\steamapps\common\Icons Combat Arena\Icons.exe () FirewallRules: [{0E3194C9-FE8E-48AE-B781-5840FC76F70A}] => (Allow) E:\SteamLibrary\steamapps\common\Icons Combat Arena\Icons.exe () FirewallRules: [TCP Query User{819E8738-F97E-4218-B198-C230F890500C}E:\program files\battle chasers nightwar\bc.exe] => (Allow) E:\program files\battle chasers nightwar\bc.exe () FirewallRules: [UDP Query User{FFA2931A-107C-4264-8998-243F4237CA19}E:\program files\battle chasers nightwar\bc.exe] => (Allow) E:\program files\battle chasers nightwar\bc.exe () FirewallRules: [TCP Query User{61B41222-7981-4F5B-A252-3B4B5C00B54C}E:\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) E:\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe (Oracle America, Inc. -> Oracle Corporation) FirewallRules: [UDP Query User{9887787A-0E17-466C-A754-56F3CBA29C93}E:\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) E:\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe (Oracle America, Inc. -> Oracle Corporation) FirewallRules: [{F9B3DBA1-769A-4040-BBF2-0A9F4F00E8EF}] => (Allow) C:\WINDOWS\SysWOW64\rundll32.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{C7414938-7C67-4F20-8F12-D0CD166FBE61}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{DC2703DB-9741-4CC7-BF85-13EB8AE21ECC}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{56D6D183-6075-445A-88EC-67D260C214A8}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{30BFA8FE-D203-45A4-921B-1068B5B2B77B}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [TCP Query User{704B8B07-4A5E-4E5A-9791-552FE5601899}C:\program files (x86)\java\jre1.8.0_144\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_144\bin\javaw.exe No File FirewallRules: [UDP Query User{7FEE7C7E-39FA-4105-A5E0-DDB553653037}C:\program files (x86)\java\jre1.8.0_144\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_144\bin\javaw.exe No File FirewallRules: [TCP Query User{656B3D12-E191-487B-8B83-3833DCBF58CD}C:\programdata\oracle\java\javapath_target_211750\java.exe] => (Allow) C:\programdata\oracle\java\javapath_target_211750\java.exe No File FirewallRules: [UDP Query User{414207B6-4D31-4C12-9CB9-6B5715D70D47}C:\programdata\oracle\java\javapath_target_211750\java.exe] => (Allow) C:\programdata\oracle\java\javapath_target_211750\java.exe No File FirewallRules: [TCP Query User{68D992A6-36E7-4076-A412-0969779FE899}C:\program files (x86)\common files\oracle\java\javapath_target_181962437\java.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_181962437\java.exe No File FirewallRules: [UDP Query User{CFB8475F-A69E-4424-AB67-8FAF98DDA73D}C:\program files (x86)\common files\oracle\java\javapath_target_181962437\java.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_181962437\java.exe No File FirewallRules: [TCP Query User{E79F16F8-C830-48EF-87A9-9D84073E78BA}C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe No File FirewallRules: [UDP Query User{2267B1D8-361C-43D5-BF9D-2D5E3075D3E0}C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe No File FirewallRules: [{A3778B3D-03D1-4043-A082-80B6C8FAF997}] => (Allow) E:\Program Files\qBittorrent\qbittorrent.exe () FirewallRules: [{5607712A-88FB-470F-87A7-920129C59737}] => (Allow) E:\Program Files\qBittorrent\qbittorrent.exe () FirewallRules: [{38263F0C-595F-4AB8-929F-1542AC8FBD53}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{BC31E1F5-D84A-4DBC-89C3-38DEA5EE7533}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [TCP Query User{7E4E286A-6EB9-4F7E-9D57-D98A57C8BAB4}C:\program files\java\jre1.8.0_171\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_171\bin\javaw.exe (Oracle America, Inc. -> Oracle Corporation) FirewallRules: [UDP Query User{80EB8E11-80D0-4EDF-8C23-86925DA42D2F}C:\program files\java\jre1.8.0_171\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_171\bin\javaw.exe (Oracle America, Inc. -> Oracle Corporation) FirewallRules: [TCP Query User{08B8AAC0-F467-49C2-8E9C-CDF9F0FC9A8B}C:\program files (x86)\common files\oracle\java\javapath_target_123343765\java.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_123343765\java.exe (Oracle America, Inc. -> Oracle Corporation) FirewallRules: [UDP Query User{BFDB888F-D33C-4431-8DC3-7A653B118E56}C:\program files (x86)\common files\oracle\java\javapath_target_123343765\java.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_123343765\java.exe (Oracle America, Inc. -> Oracle Corporation) FirewallRules: [{5F69F48F-D0C0-4AA0-9F24-8202A38D6742}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{F8C22B39-2A64-4858-A9FB-7DDBD48338F7}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc -> Logitech, Inc.) FirewallRules: [TCP Query User{73990831-2DE0-4E15-9CE9-C7224DB29C1B}C:\users\hgome\documents\enter the gungeon (v1.0.11)\etg.exe] => (Allow) C:\users\hgome\documents\enter the gungeon (v1.0.11)\etg.exe () FirewallRules: [UDP Query User{F769A610-395B-4EC5-933A-50FF943A7EA1}C:\users\hgome\documents\enter the gungeon (v1.0.11)\etg.exe] => (Allow) C:\users\hgome\documents\enter the gungeon (v1.0.11)\etg.exe () FirewallRules: [TCP Query User{760FB0DA-2D41-4675-BB48-634A27AB79FE}E:\call of duty black ops 4\blackops4.exe] => (Allow) E:\call of duty black ops 4\blackops4.exe (Activision Publishing Inc -> Activision Publishing, Inc.) FirewallRules: [UDP Query User{2EA3BC57-5CBE-41FD-80F8-8D76EA69EB94}E:\call of duty black ops 4\blackops4.exe] => (Allow) E:\call of duty black ops 4\blackops4.exe (Activision Publishing Inc -> Activision Publishing, Inc.) FirewallRules: [{02A5403C-9DD1-48DE-B398-9C41CCC1C88B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{694153F2-0292-45A9-AE1A-CB7994CE2256}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{BDC54F41-B9A9-44B0-87AE-E202CF15B3A9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{A119DCCB-D09F-4BB8-A3D5-A62A775103E9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{BA39FD76-7FB5-4FB8-80E2-BDFB4ED638FA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{513454FC-8CD3-4AA0-9620-8EF4A65CDA76}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{1C4C1E06-F69B-4B67-A941-9DC6BA8C3BAB}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{E4823F1F-AFB1-44B0-A209-B5DA63D3EB8D}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{D9E1FDC7-80E8-4711-A0B7-9FC30E367586}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation) FirewallRules: [{27BA26E7-5117-403A-9F96-C78074CF08D4}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{CDC65A12-5191-4ABD-981B-50E15A27B296}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{09EDD026-9133-443C-9A05-279B16B3FA29}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation) FirewallRules: [{E94B4969-B20D-44B9-990A-6BFCEC4288BE}] => (Allow) E:\SteamLibrary\steamapps\common\PUBG\TslGame\Binaries\Win64\ExecPubg.exe (Bluehole, Inc. -> PUBG Corporation ) FirewallRules: [{110A4D09-01DE-4AAF-9FFA-A93A91C9BA08}] => (Allow) E:\SteamLibrary\steamapps\common\PUBG\TslGame\Binaries\Win64\ExecPubg.exe (Bluehole, Inc. -> PUBG Corporation ) FirewallRules: [TCP Query User{A67AFA07-D50C-49E3-95FB-C101951C357F}E:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) E:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe (Bluehole, Inc. -> Bluehole GinnoGames, Inc.) FirewallRules: [UDP Query User{59F57DD3-08DD-400C-BB86-B6E2FF025EEB}E:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) E:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe (Bluehole, Inc. -> Bluehole GinnoGames, Inc.) FirewallRules: [{6A474CEC-2431-46EA-846B-D0181F207029}] => (Allow) E:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe (Psyonix, Inc) FirewallRules: [{0973DB11-082A-43D7-A80D-D90084B55960}] => (Allow) E:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe (Psyonix, Inc) FirewallRules: [{5968E48E-3A53-457A-B343-1461F361FB87}] => (Allow) E:\SteamLibrary\steamapps\common\Resident Evil 4\Bin32\bio4.exe (CAPCOM Co.,Ltd. -> CAPCOM U.S.A, INC.) FirewallRules: [{6AB32FF1-F1D7-45A7-B362-006711AB184E}] => (Allow) E:\SteamLibrary\steamapps\common\Resident Evil 4\Bin32\bio4.exe (CAPCOM Co.,Ltd. -> CAPCOM U.S.A, INC.) FirewallRules: [{56B356BD-400B-46B4-A101-BBD24A66B29B}] => (Allow) E:\SteamLibrary\steamapps\common\Deceit\bin\win_x64\Deceit.exe (Crytek GmbH) FirewallRules: [{EA1315AD-DB43-4703-92F9-A1BB1892F809}] => (Allow) E:\SteamLibrary\steamapps\common\Deceit\bin\win_x64\Deceit.exe (Crytek GmbH) FirewallRules: [{665813E4-5D7B-4106-9C3F-70DC064CD13A}] => (Allow) E:\SteamLibrary\steamapps\common\RESIDENT EVIL 2 BIOHAZARD RE2\re2.exe (CAPCOM CO., LTD. -> ) FirewallRules: [{28DF0E87-0BF3-48A7-A7E4-C273EF4C40DA}] => (Allow) E:\SteamLibrary\steamapps\common\RESIDENT EVIL 2 BIOHAZARD RE2\re2.exe (CAPCOM CO., LTD. -> ) ==================== Restore Points ========================= ATTENTION: System Restore is disabled ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/04/2019 11:38:47 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (02/03/2019 04:22:31 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (02/01/2019 02:49:35 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (01/31/2019 11:39:41 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (01/30/2019 12:21:43 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (01/30/2019 12:18:51 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: LogiOptionsMgr.exe, version: 6.92.275.0, time stamp: 0x5b6e2f77 Faulting module name: LogiOptionsMgr.exe, version: 6.92.275.0, time stamp: 0x5b6e2f77 Exception code: 0xc0000005 Fault offset: 0x00000000000753a3 Faulting process id: 0x32ec Faulting application start time: 0x01d4b8d9033b02a8 Faulting application path: C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe Faulting module path: C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe Report Id: c19be94c-7e05-4bfa-95c4-758f361cfe37 Faulting package full name: Faulting package-relative application ID: Error: (01/29/2019 07:23:33 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (01/28/2019 12:46:15 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 System errors: ============= Error: (02/04/2019 11:36:18 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-5JO5922) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user DESKTOP-5JO5922\hgome SID (S-1-5-21-627454995-2468531635-966533856-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/04/2019 11:36:12 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-5JO5922) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} and APPID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user DESKTOP-5JO5922\hgome SID (S-1-5-21-627454995-2468531635-966533856-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool. Error: (02/04/2019 11:36:11 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-5JO5922) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user DESKTOP-5JO5922\hgome SID (S-1-5-21-627454995-2468531635-966533856-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/04/2019 11:36:02 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-5JO5922) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user DESKTOP-5JO5922\hgome SID (S-1-5-21-627454995-2468531635-966533856-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/04/2019 11:36:01 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-5JO5922) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} and APPID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user DESKTOP-5JO5922\hgome SID (S-1-5-21-627454995-2468531635-966533856-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool. Error: (02/03/2019 05:52:25 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-5JO5922) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user DESKTOP-5JO5922\hgome SID (S-1-5-21-627454995-2468531635-966533856-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/03/2019 04:18:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/03/2019 04:18:01 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-5JO5922) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user DESKTOP-5JO5922\hgome SID (S-1-5-21-627454995-2468531635-966533856-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. CodeIntegrity: =================================== Date: 2018-09-23 19:19:07.584 Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume8\Program Files\Bitdefender Antivirus Free\agentctrl.exe that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2018-09-23 15:58:57.779 Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume8\Program Files\Bitdefender Antivirus Free\agentctrl.exe that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2018-09-20 13:25:41.969 Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume8\Program Files\Bitdefender Antivirus Free\agentctrl.exe that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2018-09-18 16:32:09.287 Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume8\Program Files\Bitdefender Antivirus Free\agentctrl.exe that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2018-09-17 10:51:53.975 Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume8\Program Files\Bitdefender Antivirus Free\agentctrl.exe that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2018-09-16 14:22:07.942 Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume8\Program Files\Bitdefender Antivirus Free\agentctrl.exe that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2018-09-16 00:06:35.559 Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume8\Program Files\Bitdefender Antivirus Free\agentctrl.exe that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2018-09-13 12:45:22.586 Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume8\Program Files\Bitdefender Antivirus Free\agentctrl.exe that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: AMD Ryzen 5 1600 Six-Core Processor Percentage of memory in use: 77% Total physical RAM: 8124.07 MB Available physical RAM: 1825.25 MB Total Virtual: 15836.69 MB Available Virtual: 2995 MB ==================== Drives ================================ Drive 😄 () (Fixed) (Total:111.24 GB) (Free:10.24 GB) NTFS Drive d: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)] Drive e: (OS) (Fixed) (Total:914.17 GB) (Free:71.14 GB) NTFS Drive f: (HP_RECOVERY) (Fixed) (Total:16.81 GB) (Free:2.01 GB) NTFS ==>[system with boot components (obtained from drive)] \\?\Volume{76894d95-e042-4d37-a0c6-03065f83b3cd}\ (Recovery) (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS \\?\Volume{885b0845-0000-0000-0000-1091e4000000}\ () (Fixed) (Total:0.44 GB) (Free:0.1 GB) NTFS \\?\Volume{69dc1e7b-0ffd-47a0-82ee-236be21f403f}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 885B0845) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=914.2 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=450 MB) - (Type=27) Partition 4: (Not Active) - (Size=16.8 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Protective MBR) (Size: 111.8 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================ Threat Scan.txt
  8. Hello, I am an amateur when it comes to viruses and all I know how to do is use an antivirus. SO no experience at all. Please bear with me as I try to explain my problem. About a year ago I downloaded something that gave me a Russian virus, turning my computer weird. I had to delete plugins that were installed, uninstall unfamiliar things, and install two antiviruses to do full scans. That was solved, the big problem that was left though was that every once in a while, a random CMD prompt pops up. It says something really quick then it changes. Over the last year, I've only been able to see that it says "bitsadmin" but that's it. From there it says downloading or transferring files. It fails of course because of the antivirus. It is just very annoying as the anti-virus spams me with notifications and it messes me up when I am watching or playing something. I'm sorry if this was very vague, but I don't know what to do and how to fix it, I've tried things like repairing the registry or using antivirus scans. Nothing seems to help. I've attached an image of the anti-virus log.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.