Jump to content

Unable to Quarantine PUPs


Pyrus

Recommended Posts

There are 10 PUPs that don't want to quarantine. The only thing I've been able to do to get rid of them is uninstall chrome, but I'm hoping there's another solution. I rarely use the browser, and have already followed the steps of desyncing, removing search engines, removing errant pages that appear when new tabs are created, etc. I've also run AdwCleaner and Hitmanpro, both of which detect nothing.

I recognize the names Vosteran and Chromium as adware I recently removed with AdwCleaner + Malwarebytes. That combination was successful, as I was getting clean scans of malwarebytes. A couple of days later, these 10 files that won't be quarantined popped up.

I looked in a bunch of other threads, and haven't found any of the solutions mentioned have worked for me. I apologize if there is something I missed or did incorrectly.

pup.txt

Link to post
Share on other sites

Alright, follow the instructions below.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.

  • Download the right version of FRST for your system:
    • FRST 32-bit
    • FRST 64-bit
      Note: Only the right version will run on your system, the other will throw an error message. So if you don't know what your system's version is, simply download both of them, and the one that works is the one you should be using.
  • Move the executable (FRST.exe or FRST64.exe) on your Desktop
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds
  • Make sure the Addition.txt box is checked
  • Click on the Scan button
    KSJwAxg.png
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply

Link to post
Share on other sites

Thanks so much for your help, I really appreciate it! Here are my logs:

FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2017
Ran by HP (administrator) on NAGUS (19-12-2017 08:25:37)
Running from C:\Users\HP\Downloads
Loaded Profiles: HP (Available Profiles: HP)
Platform: Windows 10 Home Version 1607 14393.1944 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\ClientService\horizon_client_service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsserv.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(hxxps://airvpn.org) C:\Program Files\AirVPN\AirVPN.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(f.lux Software LLC) C:\Users\HP\AppData\Local\FluxSoftware\Flux\flux.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdagent.exe
() C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgrhv.exe
(VMware) C:\Program Files (x86)\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe
(Spotify Ltd) C:\Users\HP\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(The OpenVPN Project) C:\Program Files\AirVPN\openvpn.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7634648 2014-07-01] (Realtek Semiconductor)
HKLM\...\Run: [VMware Netlink 3 HV Install Utility] => C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnliu.exe [78752 2016-10-03] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297272 2017-12-05] (Apple Inc.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-05-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [455304 2016-10-01] (Power Software Ltd)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567928 2017-12-04] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoInstrumentation] 1
HKLM\...\Policies\Explorer: [NoThumbnailCache] 1
HKLM\...\Policies\Explorer: [DisableThumbnailCache] 1
HKU\S-1-5-21-3960447082-2253046835-1807985643-1001\...\Run: [Google Update] => C:\Users\HP\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-14] (Google Inc.)
HKU\S-1-5-21-3960447082-2253046835-1807985643-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3062560 2017-07-17] (Valve Corporation)
HKU\S-1-5-21-3960447082-2253046835-1807985643-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27545048 2017-03-14] (Skype Technologies S.A.)
HKU\S-1-5-21-3960447082-2253046835-1807985643-1001\...\Run: [f.lux] => C:\Users\HP\AppData\Local\FluxSoftware\Flux\flux.exe [1678840 2017-10-10] (f.lux Software LLC)
HKU\S-1-5-21-3960447082-2253046835-1807985643-1001\...\Run: [Spotify Web Helper] => C:\Users\HP\AppData\Roaming\Spotify\SpotifyWebHelper.exe [780688 2017-12-17] (Spotify Ltd)
HKU\S-1-5-21-3960447082-2253046835-1807985643-1001\...\MountPoints2: {56231d0d-221e-11e7-82a6-3863bb912baf} - "E:\Autorun.exe"
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-07-16] (Microsoft Corporation)
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{102a8a32-f49b-489d-bd35-f70bb987bbf3}: [NameServer] 10.4.0.1
Tcpip\..\Interfaces\{102a8a32-f49b-489d-bd35-f70bb987bbf3}: [DhcpNameServer] 10.4.0.1
Tcpip\..\Interfaces\{9e2ea32b-57c6-491f-b6e8-5945b886443c}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3960447082-2253046835-1807985643-1001 -> DefaultScope {26080cad-4adc-49ac-8c63-eda16e595cbd} URL =
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-11-05] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-05] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-3960447082-2253046835-1807985643-1001 -> about:tabs

FireFox:
========
FF ProfilePath: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\4rrgy4s7.default-1492290654606 [2017-12-19]
FF Homepage: Mozilla\Firefox\Profiles\4rrgy4s7.default-1492290654606 -> hxxps://www.startpage.com/
FF Extension: (Duplicate Tab Shortcut) - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\4rrgy4s7.default-1492290654606\Extensions\duplicate-tab@firefox.stefansundin.com.xpi [2017-12-03]
FF Extension: (HTTPS Everywhere) - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\4rrgy4s7.default-1492290654606\Extensions\https-everywhere@eff.org.xpi [2017-12-06]
FF Extension: (Decentraleyes) - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\4rrgy4s7.default-1492290654606\Extensions\jid1-BoFifL9Vbdl2zQ@jetpack.xpi [2017-11-16]
FF Extension: (LanguageTool - Grammar and Style Checker) - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\4rrgy4s7.default-1492290654606\Extensions\languagetool-webextension@languagetool.org.xpi [2017-12-13]
FF Extension: (uBlock Origin) - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\4rrgy4s7.default-1492290654606\Extensions\uBlock0@raymondhill.net.xpi [2017-12-15]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-05] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-3960447082-2253046835-1807985643-1001: @citrixonline.com/appdetectorplugin -> C:\Users\HP\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2017-02-17] (Citrix Online)
FF Plugin HKU\S-1-5-21-3960447082-2253046835-1807985643-1001: @tools.google.com/Google Update;version=3 -> C:\Users\HP\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-3960447082-2253046835-1807985643-1001: @tools.google.com/Google Update;version=9 -> C:\Users\HP\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://encrypted.google.com
CHR Profile: C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default [2017-12-17]
CHR Extension: (Slides) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-06]
CHR Extension: (Docs) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-06]
CHR Extension: (uBlock Origin) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-12-06]
CHR Extension: (Sheets) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-06]
CHR Extension: (HTTPS Everywhere) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2017-12-06]
CHR Extension: (Google Docs Offline) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-06]
CHR Extension: (Hover Free) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcmnnggnaofmhflgomfjfbndngdoogkj [2017-01-06]
CHR Extension: (Decentraleyes) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldpochfccmkkmhdbclfhpagapcfdljkj [2017-12-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-12-06]
CHR Extension: (Chrome Media Router) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-17]
CHR Profile: C:\Users\HP\AppData\Local\Google\Chrome\User Data\Profile 1 [2016-05-11]
CHR Profile: C:\Users\HP\AppData\Local\Google\Chrome\User Data\Profile 2 [2016-05-25]
CHR Profile: C:\Users\HP\AppData\Local\Google\Chrome\User Data\System Profile [2017-12-17]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-06-06] () [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-06-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-11-27] (Apple Inc.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1080592 2016-05-18] (AVG Technologies CZ, s.r.o.)
R2 client_service; C:\Program Files (x86)\VMware\VMware Horizon View Client\ClientService\horizon_client_service.exe [532456 2017-05-30] (VMware, Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-09-09] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-09-09] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51016 2017-12-04] (Dropbox, Inc.)
R2 ftnlsv3hv; C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe [234400 2016-10-03] ()
R2 ftscanmgrhv; C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgrhv.exe [3565984 2017-04-25] ()
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135488 2017-12-06] (SurfRight B.V.)
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [174592 2012-12-04] (HP) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1254736 2017-04-11] (Bitdefender)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [266848 2016-12-27] (Synaptics Incorporated)
R2 updatesrv; C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe [100392 2017-08-31] (Bitdefender)
R2 vmwsprrdpwks; C:\Program Files (x86)\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe [273824 2017-01-18] (VMware)
R2 vsserv; C:\Program Files\Bitdefender Antivirus Free\vsserv.exe [100392 2017-08-31] (Bitdefender)
R2 vsservppl; C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe [100392 2017-08-31] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103704 2017-10-08] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\WINDOWS\System32\drivers\AmdAS4.sys [17640 2013-10-23] (Advanced Micro Devices, INC.)
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [40720 2015-07-28] (Advanced Micro Devices, Inc.)
S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [95080 2017-06-12] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [36608 2013-12-13] (Advanced Micro Devices, Inc.)
R1 amdpsp; C:\WINDOWS\system32\DRIVERS\amdpsp.sys [239976 2017-06-12] (Advanced Micro Devices, Inc. )
R0 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [1019880 2017-10-13] (BitDefender S.R.L. Bucharest, ROMANIA)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [1763744 2017-08-31] (BitDefender)
R0 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [155488 2017-12-14] (Bitdefender)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [23672 2016-03-14] (Bitdefender)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 edrsensor; C:\WINDOWS\System32\DRIVERS\edrsensor.sys [250504 2017-10-03] (BitDefender S.R.L. Bucharest, ROMANIA)
R0 gzflt; C:\WINDOWS\System32\drivers\gzflt.sys [187688 2017-05-11] (BitDefender LLC)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2017-12-17] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6804480 2017-05-03] (Realtek Semiconductor Corporation )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R2 trufos; C:\WINDOWS\System32\drivers\trufos.sys [520032 2016-06-22] (BitDefender S.R.L.)
R1 veracrypt; C:\WINDOWS\System32\drivers\veracrypt.sys [467368 2017-04-04] (IDRIX)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\system32\DRIVERS\WirelessButtonDriver64.sys [31840 2016-03-24] (HP)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-19 08:25 - 2017-12-19 08:26 - 000019517 _____ C:\Users\HP\Downloads\FRST.txt
2017-12-19 08:24 - 2017-12-19 08:25 - 000000000 ____D C:\FRST
2017-12-19 08:16 - 2017-12-19 08:24 - 002392064 _____ (Farbar) C:\Users\HP\Downloads\FRST64.exe
2017-12-18 20:07 - 2017-12-18 20:19 - 158832557 _____ C:\Users\HP\Downloads\Revival [Explicit] - Eminem.zip
2017-12-17 12:30 - 2017-12-17 12:30 - 000002550 _____ C:\Users\HP\Desktop\pup.txt
2017-12-14 09:18 - 2017-12-14 09:18 - 000155488 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bddci.sys
2017-12-13 09:14 - 2017-11-30 04:45 - 000982392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-12-13 09:14 - 2017-11-30 04:33 - 005688320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-12-13 09:14 - 2017-11-30 04:29 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-12-13 09:14 - 2017-11-30 04:28 - 007625728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-12-13 09:14 - 2017-11-30 04:28 - 000224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2017-12-13 09:14 - 2017-11-30 04:28 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2017-12-13 09:14 - 2017-11-30 04:28 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-12-13 09:14 - 2017-11-30 04:26 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2017-12-13 09:14 - 2017-11-30 04:25 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2017-12-13 09:14 - 2017-11-30 04:25 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscript.exe
2017-12-13 09:14 - 2017-11-30 04:25 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscript.exe
2017-12-13 09:14 - 2017-11-30 04:25 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2017-12-13 09:14 - 2017-11-30 04:25 - 000103424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscript.ocx
2017-12-13 09:14 - 2017-11-30 04:24 - 000822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-12-13 09:14 - 2017-11-30 04:24 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2017-12-13 09:14 - 2017-11-30 04:24 - 000300544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2017-12-13 09:14 - 2017-11-30 04:24 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshext.dll
2017-12-13 09:14 - 2017-11-30 04:23 - 000670208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll
2017-12-13 09:14 - 2017-11-30 04:23 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-12-13 09:14 - 2017-11-30 04:23 - 000205824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrobj.dll
2017-12-13 09:14 - 2017-11-30 04:22 - 019411968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-12-13 09:14 - 2017-11-30 04:22 - 018366976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-12-13 09:14 - 2017-11-30 04:22 - 012205056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-12-13 09:14 - 2017-11-30 04:21 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-12-13 09:14 - 2017-11-30 04:17 - 000858624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2017-12-13 09:14 - 2017-11-30 04:17 - 000579072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2017-12-13 09:14 - 2017-11-30 04:16 - 006066688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-12-13 09:14 - 2017-11-30 04:16 - 003662848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-12-13 09:14 - 2017-11-30 04:16 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-12-13 09:14 - 2017-11-30 04:16 - 000238080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-12-13 09:14 - 2017-11-30 04:15 - 001599488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-12-13 09:14 - 2017-11-30 04:15 - 000711168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2017-12-13 09:14 - 2017-11-30 04:14 - 002028032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-12-13 09:14 - 2017-11-30 04:14 - 000859136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2017-12-13 09:14 - 2017-11-30 04:14 - 000656896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-12-13 09:14 - 2017-11-30 03:22 - 007780184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-12-13 09:14 - 2017-11-30 03:15 - 001072240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-12-13 09:14 - 2017-11-30 02:53 - 022571520 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-12-13 09:14 - 2017-11-30 02:45 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-12-13 09:14 - 2017-11-30 02:42 - 000862208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-12-13 09:14 - 2017-11-30 02:42 - 000163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe
2017-12-13 09:14 - 2017-11-30 02:40 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscript.exe
2017-12-13 09:14 - 2017-11-30 02:39 - 000187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2017-12-13 09:14 - 2017-11-30 02:38 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-12-13 09:14 - 2017-11-30 02:38 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll
2017-12-13 09:14 - 2017-11-30 02:38 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-12-13 09:14 - 2017-11-30 02:37 - 008118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-12-13 09:14 - 2017-11-30 02:37 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.PointOfService.dll
2017-12-13 09:14 - 2017-11-30 02:37 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-12-13 09:14 - 2017-11-30 02:37 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-12-13 09:14 - 2017-11-30 02:37 - 000556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2017-12-13 09:14 - 2017-11-30 02:37 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2017-12-13 09:14 - 2017-11-30 02:37 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2017-12-13 09:14 - 2017-11-30 02:36 - 023674880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-12-13 09:14 - 2017-11-30 02:36 - 013108224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-12-13 09:14 - 2017-11-30 02:36 - 001146880 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2017-12-13 09:14 - 2017-11-30 02:36 - 000761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2017-12-13 09:14 - 2017-11-30 02:36 - 000284160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-12-13 09:14 - 2017-11-30 02:34 - 004739584 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-12-13 09:14 - 2017-11-30 02:33 - 002097664 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-12-13 09:14 - 2017-11-30 02:33 - 001783296 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-12-13 09:14 - 2017-11-30 02:33 - 001013760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2017-12-13 09:14 - 2017-11-30 02:33 - 000583168 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-12-13 09:14 - 2017-11-30 02:32 - 000799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-12-13 09:14 - 2017-11-30 02:32 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2017-12-13 09:14 - 2017-03-04 01:19 - 000635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2017-12-13 09:14 - 2016-09-06 23:56 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2017-12-13 09:13 - 2017-11-30 03:17 - 000983896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-12-13 09:13 - 2017-11-30 03:16 - 001090904 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-12-13 09:13 - 2017-11-30 03:16 - 000947544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-12-13 09:13 - 2017-11-30 03:16 - 000811864 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-12-13 09:13 - 2017-11-30 02:50 - 007219200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-12-13 09:13 - 2017-11-30 02:45 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-12-13 09:13 - 2017-11-30 02:44 - 000173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2017-12-13 09:13 - 2017-11-30 02:41 - 009129984 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-12-13 09:13 - 2017-11-30 02:37 - 000099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshext.dll
2017-12-13 09:13 - 2017-11-30 02:36 - 004749824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-12-12 06:21 - 2017-12-17 15:17 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-12-12 06:21 - 2017-12-12 06:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-12-12 06:21 - 2017-11-29 09:11 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-12-12 06:20 - 2017-12-12 06:20 - 000000000 ____D C:\ProgramData\MB3CoreBackup
2017-12-06 20:12 - 2017-12-06 20:12 - 000002348 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-06 20:11 - 2017-12-06 20:11 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-12-06 20:11 - 2017-12-06 20:11 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-12-06 19:41 - 2017-12-06 19:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2017-12-06 19:41 - 2017-12-06 19:41 - 000000000 ____D C:\Program Files\HitmanPro
2017-12-06 19:40 - 2017-12-06 19:44 - 000000000 ____D C:\ProgramData\HitmanPro
2017-12-06 19:36 - 2017-12-06 19:40 - 011584088 _____ (SurfRight B.V.) C:\Users\HP\Downloads\hitmanpro_x64.exe
2017-12-06 18:44 - 2017-12-17 12:06 - 000000000 ____D C:\AdwCleaner
2017-12-06 18:44 - 2017-12-06 18:44 - 008187336 _____ (Malwarebytes) C:\Users\HP\Downloads\adwcleaner_7.0.5.0.exe
2017-12-06 18:18 - 2017-12-06 18:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-12-06 18:16 - 2017-12-06 18:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-12-06 18:16 - 2017-12-06 18:16 - 000000000 ____D C:\Program Files\iTunes
2017-12-06 18:16 - 2017-12-06 18:16 - 000000000 ____D C:\Program Files\iPod
2017-12-04 20:06 - 2017-12-04 20:06 - 000051016 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-12-04 20:06 - 2017-12-04 20:06 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-12-04 20:06 - 2017-12-04 20:06 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-12-04 20:06 - 2017-12-04 20:06 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-12-03 16:29 - 2017-12-03 16:29 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-12-02 18:24 - 2017-12-02 18:24 - 000000000 ____D C:\Users\HP\Documents\IBM
2017-12-02 18:20 - 2017-12-04 10:15 - 000000000 ____D C:\Users\HP\AppData\Local\JxBrowser
2017-12-02 18:20 - 2017-12-02 18:20 - 000000000 ____D C:\Users\HP\.spss
2017-12-02 18:19 - 2017-12-02 18:19 - 000000000 ____D C:\Users\HP\AppData\Local\javasharedresources
2017-12-02 18:19 - 2017-12-02 18:19 - 000000000 ____D C:\Users\HP\AppData\Local\IBM
2017-12-02 18:19 - 2017-12-02 18:19 - 000000000 ____D C:\ProgramData\IBM
2017-12-02 16:28 - 2017-11-15 08:40 - 000000000 ____D C:\Program Files\Common Files\IBM
2017-12-02 16:27 - 2017-01-11 04:17 - 000116736 _____ (Sun Microsystems©) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2017-12-02 16:26 - 2017-12-02 16:26 - 000000000 ____D C:\Program Files\IBM
2017-12-02 16:25 - 2017-12-02 16:26 - 000000000 ____D C:\Users\HP\AppData\Roaming\IBM_SPSS_Installer
2017-11-30 20:31 - 2017-11-30 20:31 - 000000000 ____D C:\Users\HP\AppData\Roaming\Google
2017-11-28 08:08 - 2017-11-17 23:01 - 005722312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-11-28 08:08 - 2017-11-17 22:59 - 020967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-11-28 08:08 - 2017-11-17 22:59 - 006672128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-11-28 08:08 - 2017-11-17 22:42 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2017-11-28 08:08 - 2017-11-17 22:38 - 002750976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-11-28 08:08 - 2017-11-17 22:33 - 000754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-11-28 08:08 - 2017-11-17 22:31 - 002997760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-11-28 08:08 - 2017-11-17 22:31 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-11-28 08:08 - 2017-11-17 22:30 - 000751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2017-11-28 08:08 - 2017-03-04 01:13 - 006474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-11-28 08:07 - 2017-11-17 23:23 - 000038744 _____ (Microsoft Corporation) C:\WINDOWS\system32\OOBEUpdater.exe
2017-11-28 08:07 - 2017-11-17 23:20 - 000219024 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2017-11-28 08:07 - 2017-11-17 23:18 - 002254688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-11-28 08:07 - 2017-11-17 23:16 - 000168800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2017-11-28 08:07 - 2017-11-17 23:14 - 002187616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-11-28 08:07 - 2017-11-17 23:14 - 000658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-11-28 08:07 - 2017-11-17 23:14 - 000402776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-11-28 08:07 - 2017-11-17 23:13 - 007213968 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-11-28 08:07 - 2017-11-17 23:13 - 000624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-11-28 08:07 - 2017-11-17 23:13 - 000573792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2017-11-28 08:07 - 2017-11-17 23:13 - 000430424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2017-11-28 08:07 - 2017-11-17 23:12 - 022220856 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-11-28 08:07 - 2017-11-17 23:12 - 008178816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-11-28 08:07 - 2017-11-17 23:11 - 000241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-11-28 08:07 - 2017-11-17 23:10 - 000453536 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2017-11-28 08:07 - 2017-11-17 23:08 - 000222048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ifsutil.dll
2017-11-28 08:07 - 2017-11-17 23:03 - 000195936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ifsutil.dll
2017-11-28 08:07 - 2017-11-17 22:43 - 000372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-11-28 08:07 - 2017-11-17 22:43 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\socialapis.dll
2017-11-28 08:07 - 2017-11-17 22:42 - 000248832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlancfg.dll
2017-11-28 08:07 - 2017-11-17 22:42 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertPKICmdlet.dll
2017-11-28 08:07 - 2017-11-17 22:40 - 000368640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanui.dll
2017-11-28 08:07 - 2017-11-17 22:38 - 000969728 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-11-28 08:07 - 2017-11-17 22:38 - 000893440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-11-28 08:07 - 2017-11-17 22:38 - 000442368 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-11-28 08:07 - 2017-11-17 22:38 - 000343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-11-28 08:07 - 2017-11-17 22:37 - 003291648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-11-28 08:07 - 2017-11-17 22:37 - 000926208 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2017-11-28 08:07 - 2017-11-17 22:37 - 000854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
2017-11-28 08:07 - 2017-11-17 22:37 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertPKICmdlet.dll
2017-11-28 08:07 - 2017-11-17 22:36 - 012349440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-11-28 08:07 - 2017-11-17 22:36 - 000878080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2017-11-28 08:07 - 2017-11-17 22:35 - 000954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2017-11-28 08:07 - 2017-11-17 22:35 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2017-11-28 08:07 - 2017-11-17 22:34 - 002002944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2017-11-28 08:07 - 2017-11-17 22:33 - 000296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlancfg.dll
2017-11-28 08:07 - 2017-11-17 22:33 - 000231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2017-11-28 08:07 - 2017-11-17 22:32 - 013441536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-11-28 08:07 - 2017-11-17 22:32 - 000410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanui.dll
2017-11-28 08:07 - 2017-11-17 22:32 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\socialapis.dll
2017-11-28 08:07 - 2017-11-17 22:32 - 000268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2017-11-28 08:07 - 2017-11-17 22:32 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-11-28 08:07 - 2017-11-17 22:31 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-11-28 08:07 - 2017-11-17 22:31 - 000675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2017-11-28 08:07 - 2017-11-17 22:30 - 002278912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-11-28 08:07 - 2017-11-17 22:30 - 001692160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-11-28 08:07 - 2017-11-17 22:30 - 001010688 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-11-28 08:07 - 2017-11-17 22:30 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2017-11-28 08:07 - 2017-11-17 22:29 - 006664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-11-28 08:07 - 2017-11-17 22:29 - 002512384 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-11-28 08:07 - 2017-11-17 22:29 - 002321408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-11-28 08:07 - 2017-11-17 22:29 - 001485824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-11-28 08:07 - 2017-11-17 22:29 - 000913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2017-11-28 08:07 - 2017-11-17 22:28 - 001518080 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-11-28 08:07 - 2017-11-17 22:28 - 001512448 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2017-11-28 08:07 - 2017-11-17 22:28 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-11-28 08:07 - 2017-11-17 22:28 - 000924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2017-11-28 08:07 - 2017-11-17 22:27 - 003616256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-11-28 08:07 - 2017-11-17 22:27 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2017-11-28 08:07 - 2017-11-17 22:26 - 002065408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2017-11-28 08:07 - 2017-11-06 21:59 - 000449050 _____ C:\WINDOWS\system32\ApnDatabase.xml
2017-11-28 08:07 - 2017-03-04 01:10 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-11-26 20:54 - 2017-11-26 20:54 - 000003480 _____ C:\Users\HP\AppData\Local\recently-used.xbel
2017-11-21 08:55 - 2017-11-21 08:55 - 000000908 _____ C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2017-11-20 12:10 - 2017-11-20 12:10 - 000000000 ____D C:\Users\HP\Documents\Nexus Mod Manager
2017-11-20 08:24 - 2017-12-06 18:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-19 08:14 - 2017-04-07 10:46 - 000000000 ____D C:\Users\HP\AppData\LocalLow\Mozilla
2017-12-19 07:41 - 2017-08-06 22:45 - 000000000 ____D C:\Program Files\Bitdefender Antivirus Free
2017-12-19 07:20 - 2016-05-11 14:16 - 000000000 ____D C:\Users\HP\AppData\Local\Spotify
2017-12-19 07:10 - 2016-05-11 14:15 - 000000000 ____D C:\Users\HP\AppData\Roaming\Spotify
2017-12-19 06:58 - 2016-07-16 01:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-12-19 06:33 - 2016-09-14 01:25 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-12-18 20:50 - 2016-05-29 18:14 - 000000000 ____D C:\Users\HP\AppData\Roaming\MusicBee
2017-12-18 18:15 - 2017-06-06 17:43 - 000000000 ____D C:\Users\HP\AppData\Local\AirVPN
2017-12-17 15:24 - 2016-05-28 11:07 - 004924724 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-12-17 15:17 - 2016-09-14 01:33 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-12-17 15:17 - 2016-09-14 01:27 - 000000000 ____D C:\Users\HP
2017-12-17 12:01 - 2016-09-14 01:26 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-12-17 12:01 - 2016-07-16 01:04 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2017-12-16 16:47 - 2017-04-12 16:56 - 000000000 ____D C:\Users\HP\AppData\Roaming\Wire
2017-12-16 06:10 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-12-15 05:57 - 2016-07-16 06:47 - 000000000 ___HD C:\Program Files\WindowsApps
2017-12-14 09:50 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\rescache
2017-12-13 17:50 - 2017-04-15 14:28 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-12-13 17:50 - 2017-04-07 10:45 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-12-13 17:49 - 2017-06-14 22:14 - 000000000 ___SD C:\WINDOWS\UpdateAssistantV2
2017-12-13 17:49 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\SysWOW64\en-GB
2017-12-13 17:49 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\system32\en-GB
2017-12-13 09:30 - 2016-07-16 06:36 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-12-13 09:19 - 2016-05-13 04:24 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-12-13 09:16 - 2017-10-10 18:00 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-12-13 09:16 - 2016-05-13 04:24 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-12-12 06:48 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-12-12 06:48 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-12-10 09:57 - 2017-04-06 12:00 - 000000000 ____D C:\Users\HP\.mpw.d
2017-12-09 18:27 - 2017-04-15 14:28 - 000001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-12-07 21:53 - 2017-09-29 16:02 - 000000000 ____D C:\Program Files\rempl
2017-12-06 20:12 - 2016-05-11 13:50 - 000000000 ____D C:\Program Files (x86)\Google
2017-12-06 19:05 - 2016-05-28 11:08 - 000000000 ___RD C:\Users\HP\OneDrive
2017-12-06 18:18 - 2017-09-09 11:38 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-12-03 10:41 - 2017-09-09 11:47 - 000000000 ___RD C:\Users\HP\Dropbox
2017-12-02 15:14 - 2016-05-12 23:31 - 000000000 ____D C:\Users\HP\AppData\Roaming\uTorrent
2017-12-01 20:06 - 2016-09-16 17:45 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-12-01 20:06 - 2016-09-16 17:45 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-28 18:48 - 2016-09-14 01:25 - 000223608 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-11-28 18:48 - 2016-07-16 06:45 - 000000000 ____D C:\WINDOWS\INF
2017-11-28 18:47 - 2016-07-16 06:47 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-11-28 18:47 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-11-27 09:20 - 2016-05-30 21:24 - 000000000 ____D C:\Users\HP\.gimp-2.8
2017-11-26 20:54 - 2017-09-11 20:35 - 000000000 ____D C:\Users\HP\AppData\Local\gtk-2.0
2017-11-24 17:17 - 2016-05-10 09:17 - 000000000 ____D C:\Users\HP\Desktop\Media
2017-11-20 13:12 - 2017-11-18 06:33 - 000000000 ____D C:\Users\HP\AppData\Local\Black_Tree_Gaming

==================== Files in the root of some directories =======

2017-11-26 20:54 - 2017-11-26 20:54 - 000003480 _____ () C:\Users\HP\AppData\Local\recently-used.xbel
2017-08-15 19:11 - 2017-08-15 19:11 - 000000017 _____ () C:\Users\HP\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
2017-04-19 15:20 - 2017-04-19 15:20 - 000739904 _____ (Oracle Corporation) C:\Users\HP\AppData\Local\Temp\jre-8u131-windows-au.exe
2017-08-06 20:21 - 2017-08-06 20:21 - 000740416 _____ (Oracle Corporation) C:\Users\HP\AppData\Local\Temp\jre-8u144-windows-au.exe
2017-11-05 13:03 - 2017-11-05 13:04 - 001856576 _____ (Oracle Corporation) C:\Users\HP\AppData\Local\Temp\jre-8u151-windows-au.exe
2017-04-19 18:01 - 2013-06-20 11:44 - 060227368 ____R () C:\Users\HP\AppData\Local\Temp\Setup.exe
2017-03-26 09:18 - 2017-03-26 09:18 - 014456872 _____ (Microsoft Corporation) C:\Users\HP\AppData\Local\Temp\vc_redist.x86.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-12-15 06:27

==================== End of FRST.txt ============================

Link to post
Share on other sites

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2017
Ran by HP (19-12-2017 08:28:30)
Running from C:\Users\HP\Downloads
Windows 10 Home Version 1607 14393.1944 (X64) (2016-09-14 06:36:21)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3960447082-2253046835-1807985643-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3960447082-2253046835-1807985643-503 - Limited - Disabled)
Guest (S-1-5-21-3960447082-2253046835-1807985643-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3960447082-2253046835-1807985643-1003 - Limited - Enabled)
HP (S-1-5-21-3960447082-2253046835-1807985643-1001 - Administrator - Enabled) => C:\Users\HP

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3960447082-2253046835-1807985643-1001\...\uTorrent) (Version: 3.5.0.44294 - BitTorrent Inc.)
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.215 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
AirVPN (HKLM-x32\...\AirVPN) (Version:  - AirVPN - hxxps://airvpn.org)
Amazon Kindle (HKU\S-1-5-21-3960447082-2253046835-1807985643-1001\...\Amazon Kindle) (Version: 1.19.3.46099 - Amazon)
AMD Catalyst Install Manager (HKLM\...\{89D9FBD5-7D44-509B-D17D-71FF2B2E7BDD}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{F1D83CEA-2855-4224-9935-D981785AA75D}) (Version: 6.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{E2A6344A-45BF-47A0-9AE1-848325E7FD88}) (Version: 6.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BD6778C5-6FA5-492A-ADD6-E706339C2A7B}) (Version: 11.0.2.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 1.0.1 - Bitdefender)
Bitdefender Antivirus Free (HKLM\...\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}) (Version: 1.0.8.29 - Bitdefender)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
ChromecastApp (HKU\S-1-5-21-3960447082-2253046835-1807985643-1001\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 40.4.46 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.65.1 - Dropbox, Inc.) Hidden
f.lux (HKU\S-1-5-21-3960447082-2253046835-1807985643-1001\...\Flux) (Version:  - f.lux Software LLC)
FMW 1 (HKLM\...\{59966868-2252-4AED-86C9-6D19B60798E4}) (Version: 1.92.4 - AVG Technologies) Hidden
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.84 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.20.286 - SurfRight B.V.)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.002.004 - Hewlett-Packard)
hppLaserJetService (HKLM-x32\...\{178F0383-A2F1-427C-9881-6EACB8728C76}) (Version: 009.033.00905 - Hewlett-Packard) Hidden
hppM176LaserJetService (HKLM-x32\...\{C79999B9-4522-470B-8A71-2355AA0C8B9B}) (Version: 001.032.00682 - Hewlett-Packard) Hidden
iTunes (HKLM\...\{BE8F64BA-7E51-4FB8-AE03-04C7200043A2}) (Version: 12.7.2.58 - Apple Inc.)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 57.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0.2 (x64 en-US)) (Version: 57.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.2.6549 - Mozilla)
MusicBee 3.0 (HKLM-x32\...\MusicBee) (Version: 3.0 - Steven Mayall)
NVIDIA PhysX (Legacy) (HKLM-x32\...\{FAAC26AD-73BA-40CE-86AA-C9213F9E064A}) (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OEM Application Profile (HKLM-x32\...\{1D464EFF-EC8B-F225-2F74-F74143200DDF}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.4 (HKLM-x32\...\{BDB210E1-06C5-451F-BDAC-C18DDC7C2F14}) (Version: 4.14.9788 - Apache Software Foundation)
paint.net (HKLM\...\{DADC2AF6-DC9F-4BCF-BFCE-DCEC16EF507C}) (Version: 4.0.9 - dotPDN LLC)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.7 - Power Software Ltd)
R for Windows 3.4.2 (HKLM\...\R for Windows 3.4.2_is1) (Version: 3.4.2 - R Core Team)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29080 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.32.508.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7283 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.32 - REALTEK Semiconductor Corp.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.61.0 - Samsung Electronics Co., Ltd.)
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3960447082-2253046835-1807985643-1001\...\Spotify) (Version: 1.0.70.388.g8e1ed5af - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.11.45 - Synaptics Incorporated)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{DE083343-D24D-4495-919E-18C65EC0F289}) (Version: 2.8.0.0 - Microsoft Corporation)
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.19 - IDRIX)
VMware Horizon Client (HKLM\...\{FA70E4D3-C628-44D5-991C-3F188488C30B}) (Version: 4.5.0.8090 - VMware, Inc.) Hidden
VMware Horizon Client (HKLM-x32\...\{366a317d-e10b-4ffa-981e-90ad77f60e57}) (Version: 4.5.0.8090 - VMware, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Wire (HKU\S-1-5-21-3960447082-2253046835-1807985643-1001\...\wire) (Version: 3.0.2828 - Wire)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3960447082-2253046835-1807985643-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\HP\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3960447082-2253046835-1807985643-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\HP\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3960447082-2253046835-1807985643-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\HP\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3960447082-2253046835-1807985643-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\HP\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3960447082-2253046835-1807985643-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\HP\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3960447082-2253046835-1807985643-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\HP\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3960447082-2253046835-1807985643-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\HP\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3960447082-2253046835-1807985643-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\HP\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3960447082-2253046835-1807985643-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\HP\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3960447082-2253046835-1807985643-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\HP\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3960447082-2253046835-1807985643-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\HP\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-10-01] (Power Software Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-10-01] (Power Software Ltd)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-10-01] (Power Software Ltd)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00A66E8A-D928-416F-8665-71125119049A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-06] (Google Inc.)
Task: {054106ED-138F-4AE1-BA2B-6BEE14FC6A95} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {05F277B8-8158-45FB-B418-9E46511A4EE7} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {1DBFF57D-CB36-4360-AE7E-F160C5B2EE57} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {249D0C0D-036A-4D15-9C96-7014964C9901} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-06] (Google Inc.)
Task: {2C4020AC-695D-4E5B-8D62-6602259784D0} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {474BF291-C561-4CA6-956B-CAAC054D4807} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-09-09] (Dropbox, Inc.)
Task: {5272C322-17F3-4074-BAC0-519A21B01A8C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {537D5B40-0AAD-4ED8-AC38-2C69FF69A960} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3960447082-2253046835-1807985643-1001Core => C:\Users\HP\AppData\Local\Google\Update\GoogleUpdate.exe [2016-05-27] (Google Inc.)
Task: {54BA2548-D9C1-4DE5-A0B0-0BD8A157BCB7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {5F01A167-0427-49C0-960F-94C0307BC6ED} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-12-12] (Adobe Systems Incorporated)
Task: {5FB1DD5D-4156-47C0-99DD-5B50CB1D179C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {605B3F3A-B109-4333-B62D-04C13CB410CE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3960447082-2253046835-1807985643-1001UA1d25ad31b5a2ad8 => C:\Users\HP\AppData\Local\Google\Update\GoogleUpdate.exe [2016-05-27] (Google Inc.)
Task: {6EF92B81-49B2-4AF7-A7C1-918FC084616F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {7D15EDF3-E76C-4CD0-A577-79E99381CC8F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {8816AC03-EA04-4EFB-AD1C-41737FF77404} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2017-04-11] (Bitdefender)
Task: {9000DFCE-3281-43B0-BEA2-71F8AD289145} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3960447082-2253046835-1807985643-1001Core1d25ad31b534cd1 => C:\Users\HP\AppData\Local\Google\Update\GoogleUpdate.exe [2016-05-27] (Google Inc.)
Task: {92BA4732-4BAD-4C4C-A9F2-37889358DCE0} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-09-09] (Dropbox, Inc.)
Task: {9452CDFC-5630-4B47-8B32-D87BAF33FBB0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {9F61D557-AD10-4BAB-B6EE-E677BD3F5141} - \WPD\SqmUpload_S-1-5-21-3960447082-2253046835-1807985643-1001 -> No File <==== ATTENTION
Task: {B35905CC-CF16-4411-8222-7759AB6C2CF3} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {B3BF4212-CBD0-40B3-B297-472CF6073DC6} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {C8827D6E-10EF-4EA0-BCDC-66B0152BA9E8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {D3C364D2-1DEF-4E7B-8D4F-2483EF131D5D} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {D4FFB272-8286-4A5B-9A02-B4ED72943A9B} - System32\Tasks\AirVPN => C:\Program Files\AirVPN\AirVPN.exe [2017-03-12] (hxxps://airvpn.org)
Task: {D7EF1876-1C4D-43B8-AB0F-E722C60F1CAE} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {F830E0AB-AB6D-4A7D-9E76-2FBE09A596B7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3960447082-2253046835-1807985643-1001UA => C:\Users\HP\AppData\Local\Google\Update\GoogleUpdate.exe [2016-05-27] (Google Inc.)
Task: {FDBB36FD-250D-4AFB-A6AF-273111AFEE0E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3960447082-2253046835-1807985643-1001Core.job => C:\Users\HP\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3960447082-2253046835-1807985643-1001UA.job => C:\Users\HP\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\225bb61db2f318c1\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3"

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 06:42 - 2016-07-16 06:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-09-12 20:22 - 2017-09-07 01:01 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-11-30 18:54 - 2017-11-30 18:54 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-11-30 18:54 - 2017-11-30 18:54 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-06-06 00:42 - 2014-06-06 00:42 - 000140288 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2014-06-06 00:40 - 2014-06-06 00:40 - 000127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2016-10-03 11:41 - 2016-10-03 11:41 - 000234400 _____ () C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe
2017-08-09 17:08 - 2017-11-23 13:46 - 000280576 _____ () C:\Program Files\Bitdefender Antivirus Free\txmlutil.dll
2017-08-09 17:08 - 2017-02-07 11:29 - 001008448 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttpbr.mdl
2017-08-09 17:08 - 2017-02-07 11:29 - 000541952 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttpdsp.mdl
2017-08-09 17:08 - 2017-02-07 11:29 - 003243920 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttpph.mdl
2017-08-09 17:08 - 2017-02-07 11:29 - 001544568 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttprbl.mdl
2017-12-12 06:21 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-03-12 15:27 - 2017-03-12 15:27 - 000157384 _____ () C:\Program Files\AirVPN\LibPocketFirewall.dll
2016-09-15 11:55 - 2016-09-06 23:56 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-15 03:40 - 2017-03-04 01:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-15 03:41 - 2017-03-04 01:12 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-15 03:41 - 2017-03-04 01:05 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-15 03:41 - 2017-03-04 01:05 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-12-13 09:14 - 2017-11-30 02:32 - 002424832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-12-13 09:14 - 2017-11-30 02:34 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-04-25 16:30 - 2017-04-25 16:30 - 003565984 _____ () C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgrhv.exe
2017-03-12 15:27 - 2017-03-12 15:27 - 000223800 _____ () C:\Program Files\AirVPN\liblzo2-2.dll
2017-03-12 15:27 - 2017-03-12 15:27 - 000123960 _____ () C:\Program Files\AirVPN\libpkcs11-helper-1.dll
2016-10-03 11:41 - 2016-10-03 11:41 - 000241056 _____ () C:\Program Files (x86)\Common Files\VMware\DeviceRedirectionCommon\ftnlapi.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3960447082-2253046835-1807985643-1001\...\localhost -> localhost

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2017-04-03 18:20 - 000005576 _____ C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.0 0.0.0.0            # Entry added with W10Privacy (www.winprivacy.de)!
0.0.0.0 choice.microsoft.com            # Entry added with W10Privacy (www.winprivacy.de)!
0.0.0.0 choice.microsoft.com.nsatc.net            # Entry added with W10Privacy (www.winprivacy.de)!
0.0.0.0 df.telemetry.microsoft.com            # Entry added with W10Privacy (www.winprivacy.de)!
0.0.0.0 diagnostics.support.microsoft.com            # Entry added with W10Privacy (www.winprivacy.de)!
0.0.0.0 feedback.microsoft-hohm.com            # Entry added with W10Privacy (www.winprivacy.de)!
0.0.0.0 feedback.search.microsoft.com            # Entry added with W10Privacy (www.winprivacy.de)!
0.0.0.0 feedback.windows.com            # Entry added with W10Privacy (www.winprivacy.de)!
0.0.0.0 oca.telemetry.microsoft.com            # Entry added with W10Privacy (www.winprivacy.de)!
0.0.0.0 oca.telemetry.microsoft.com.nsatc.net            # Entry added with W10Privacy (www.winprivacy.de)!
0.0.0.0 onesettings-bn2.metron.live.com.nsatc.net            # Entry added with W10Privacy (www.winprivacy.de)!
0.0.0.0 onesettings-cy2.metron.live.com.nsatc.net            # Entry added with W10Privacy (www.winprivacy.de)!
0.0.0.0 onesettings-db5.metron.live.com.nsatc.net            # Entry added with W10Privacy (www.winprivacy.de)!
0.0.0.0 onesettings-hk2.metron.live.com.nsatc.net            # Entry added with W10Privacy (www.winprivacy.de)!
0.0.0.0 reports.wes.df.telemetry.microsoft.com             # Entry added with W10Privacy (www.winprivacy.de)!
0.0.0.0 services.wes.df.telemetry.microsoft.com            # Entry added with W10Privacy (www.winprivacy.de)!
0.0.0.0 settings.data.glbdns2.microsoft.com            # Entry added with W10Privacy (www.winprivacy.de)!
0.0.0.0 settings-sandbox.data.microsoft.com            # Entry added with W10Privacy (www.winprivacy.de)!
0.0.0.0 settings-win.data.microsoft.com            # Entry added with W10Privacy (www.winprivacy.de)!
0.0.0.0 sqm.df.telemetry.microsoft.com            # Entry added with W10Privacy (www.winprivacy.de)!
0.0.0.0 sqm.telemetry.microsoft.com            # Entry added with W10Privacy (www.winprivacy.de)!
0.0.0.0 sqm.telemetry.microsoft.com.nsatc.net             # Entry added with W10Privacy (www.winprivacy.de)!
0.0.0.0 statsfe1.ws.microsoft.com            # Entry added with W10Privacy (www.winprivacy.de)!
0.0.0.0 statsfe2.update.microsoft.com.akadns.net            # Entry added with W10Privacy (www.winprivacy.de)!
0.0.0.0 statsfe2.ws.microsoft.com            # Entry added with W10Privacy (www.winprivacy.de)!
0.0.0.0 survey.watson.microsoft.com            # Entry added with W10Privacy (www.winprivacy.de)!
0.0.0.0 telecommand.telemetry.microsoft.com            # Entry added with W10Privacy (www.winprivacy.de)!
0.0.0.0 telecommand.telemetry.microsoft.com.nsat­c.net            # Entry added with W10Privacy (www.winprivacy.de)!
0.0.0.0 telecommand.telemetry.microsoft.com.nsatc.net            # Entry added with W10Privacy (www.winprivacy.de)!
0.0.0.0 telemetry.appex.bing.net            # Entry added with W10Privacy (www.winprivacy.de)!

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3960447082-2253046835-1807985643-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 10.4.0.1 - 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "VMware Netlink 3 HV Install Utility"
HKLM\...\StartupApproved\Run32: => "AvgUi"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-3960447082-2253046835-1807985643-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-3960447082-2253046835-1807985643-1001\...\StartupApproved\Run: => "AceStream"
HKU\S-1-5-21-3960447082-2253046835-1807985643-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3960447082-2253046835-1807985643-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-3960447082-2253046835-1807985643-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-3960447082-2253046835-1807985643-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3960447082-2253046835-1807985643-1001\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{C9510A68-40CA-4C0F-B268-F89AF6D34AA0}C:\users\hp\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\hp\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{7E5A8655-2162-42BD-919F-FF7B0C65EC6A}C:\users\hp\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\hp\appdata\roaming\spotify\spotify.exe
FirewallRules: [{C7EECCFD-AF6E-4B31-B80E-8D7D2872816A}] => (Block) C:\users\hp\appdata\roaming\spotify\spotify.exe
FirewallRules: [{3987EB1D-FDDE-43F1-AF9D-10E36A3BBCB8}] => (Block) C:\users\hp\appdata\roaming\spotify\spotify.exe
FirewallRules: [{4515CF33-E039-4072-BBBE-DB38BB653B44}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{85575478-5138-4585-BDCD-3A10F82DDF0B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{82541C17-3F43-4FFC-BF12-41C41414E1A1}] => (Allow) C:\Users\HP\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D3EC587E-5874-4021-A6AF-40AD4846F79D}] => (Allow) C:\Users\HP\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{44D27479-CCF5-4383-88A1-D6F2F5F1F86C}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{D4F39FEE-BE51-4E5E-A077-5A30351507C3}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{70E47894-FFBA-42C4-9C65-ABB3C20CCD04}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{B0DC1B2B-6C07-44FD-9515-18270E7C459A}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{1523ABAA-ADE8-4F24-A6B0-9E801BC5FB91}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{CE899F65-B265-4E73-9108-8F11A4BD54BC}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{3A0785DE-09E3-4538-AD18-A7A0BC1A2BA8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C32DB679-05CE-461E-8A45-5F4E07B39B56}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5F6FD40B-C71B-42C6-8BA5-A0B91159BE70}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{EA63BB92-FE0A-4DCE-A57D-F3118A5C32D2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{5E50DCC4-2D0F-4259-B802-CFA8E42D8F75}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{F9F0B46D-1B17-49AC-9ECD-5177A55A15A5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [TCP Query User{094485D1-9DA0-4872-A472-BDFA50376756}C:\gog games\dragon age origins\bin_ship\daorigins.exe] => (Allow) C:\gog games\dragon age origins\bin_ship\daorigins.exe
FirewallRules: [UDP Query User{4CB5AF13-107F-458D-AD3A-2C1EEDBDFC76}C:\gog games\dragon age origins\bin_ship\daorigins.exe] => (Allow) C:\gog games\dragon age origins\bin_ship\daorigins.exe
FirewallRules: [{22A35A97-744F-4EED-AB8A-D50E7661F6E0}] => (Block) C:\WINDOWS\systemapps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe
FirewallRules: [{3A945D65-E76B-415B-87E9-16AA2B9AC070}] => (Block) C:\WINDOWS\systemapps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exe
FirewallRules: [{9D838109-519D-4542-BABF-E89CD0B936B8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7E7FB0F6-2930-4B2B-BAC5-09955E2E6ABF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{263ADEEF-D08C-49E6-8780-6DB9094A49FF}] => (Block) C:\WINDOWS\systemapps\Microsoft.BioEnrollment_cw5n1h2txyewy\BioEnrollmentHost.exe
FirewallRules: [{3747FDF6-619A-473B-AB11-1F35C0053D00}] => (Block) C:\WINDOWS\systemapps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
FirewallRules: [{E624FE81-5D99-48F3-9B3D-5C6208A46CE2}] => (Block) C:\WINDOWS\systemapps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\XBox.TCUI.exe
FirewallRules: [{761D2C9E-FCD2-4868-A70C-C1B5C95BC055}] => (Block) C:\WINDOWS\systemapps\ParentalControls_cw5n1h2txyewy\WpcUapApp.exe
FirewallRules: [{897D78DD-B064-4B91-8BB5-60E760A55625}] => (Block) C:\windows\system32\backgroundtaskhost.exe
FirewallRules: [{CC57B7EF-C63C-4A16-B85A-8035D94DE6E9}] => (Block) C:\windows\system32\taskhostw.exe
FirewallRules: [{CDF94043-7F34-43D0-9EAF-81B8BF1B95EB}] => (Block) C:\windows\system32\settingsynchost.exe
FirewallRules: [{DF353F6C-F3FB-4CA6-9AD9-DDC11C899518}] => (Block) C:\windows\system32\compattelrunner.exe
FirewallRules: [{828A01E6-BA38-41CB-95BD-3F60A2DA4788}] => (Block) C:\windows\system32\dmclient.exe
FirewallRules: [{02ADAEDA-AEBE-44D3-AC3A-7044EB57A8BB}] => (Block) C:\windows\system32\msfeedssync.exe
FirewallRules: [{307401E6-2B37-4056-A19E-8C2F027876D9}] => (Block) C:\windows\system32\sihclient.exe
FirewallRules: [{398C2425-DDF4-4A05-A2F9-11A926A051B1}] => (Block) C:\windows\system32\wermgr.exe
FirewallRules: [{56379007-5023-4CAA-819B-DDAF1402120F}] => (Block) C:\windows\system32\wsqmcons.exe
FirewallRules: [{4104B924-F1C0-4AC3-BA89-045862508609}] => (Allow) C:\Program Files (x86)\HP\csiInstaller\78461e2a-5016-4b73-967b-20581efe6a2e\Installer\hpbcsiInstaller.exe
FirewallRules: [{04E7813D-FA94-49F4-BC9F-E78D5436FA3C}] => (Allow) C:\Program Files (x86)\HP\csiInstaller\78461e2a-5016-4b73-967b-20581efe6a2e\Installer\hpbcsiInstaller.exe
FirewallRules: [{9007A548-D908-4A8B-A943-E399350E7288}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AF44C012-55D9-4F7D-8344-C79954CE3A4A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{016FF100-DBF5-49F6-9995-F59B000218BE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{178B9C3D-7546-4831-8AA0-CCBC1BFAA20A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{016E9792-EDF2-433D-B3AD-83270A31E48B}] => (Allow) C:\Program Files (x86)\HP\csiInstaller\78461e2a-5016-4b73-967b-20581efe6a2e\Installer\hpbcsiInstaller.exe
FirewallRules: [{D35B682F-F9B8-4CD5-9754-376A9A3C3D0B}] => (Allow) C:\Program Files (x86)\HP\csiInstaller\78461e2a-5016-4b73-967b-20581efe6a2e\Installer\hpbcsiInstaller.exe
FirewallRules: [{F1906D15-762A-4C78-9C75-E877D7CEBA48}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\x64\vmware-remotemks.exe
FirewallRules: [{51C0CAE7-8B98-4ABC-938B-3F379974A863}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\x64\vmware-remotemks.exe
FirewallRules: [{E73A6FFD-EB84-41D7-830F-C7AB6895E6BC}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\x64\vmware-remotemks.exe
FirewallRules: [{DD74A71F-A276-4A8D-A2C1-8FF76B55A2E9}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\x64\vmware-remotemks.exe
FirewallRules: [{63ED410D-6D5E-44A0-912A-B8923695D71F}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\x64\vmware-remotemks.exe
FirewallRules: [{3B510AD5-DF39-48CC-8CE9-6F94A0D730E1}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\x64\vmware-remotemks.exe
FirewallRules: [TCP Query User{2A37CC81-440D-4B4C-9407-81D26C016003}C:\program files\ibm\spss\statistics\subscription\stats.exe] => (Allow) C:\program files\ibm\spss\statistics\subscription\stats.exe
FirewallRules: [UDP Query User{1A5A6640-E6D4-4AB2-BD0F-5AB6CF0D71A8}C:\program files\ibm\spss\statistics\subscription\stats.exe] => (Allow) C:\program files\ibm\spss\statistics\subscription\stats.exe
FirewallRules: [{1E27C847-8169-4382-9730-B38B3AE69226}] => (Block) C:\program files\ibm\spss\statistics\subscription\stats.exe
FirewallRules: [{1FF9BC68-C43E-413A-BC2A-162078692092}] => (Block) C:\program files\ibm\spss\statistics\subscription\stats.exe
FirewallRules: [{8F3F63F3-CE37-44CE-85DD-0D2CA17C9D43}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{F42DAD09-918D-413E-B130-F8C3186DDFDC}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{0AA5BB0D-35AB-432A-A759-24C457AA2631}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{D8B3FE08-3A2C-4D77-A81F-CFFE648D7DEF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

26-11-2017 19:49:13 Scheduled Checkpoint
05-12-2017 21:47:00 Scheduled Checkpoint
13-12-2017 09:15:49 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/13/2017 09:18:39 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (12/13/2017 09:15:51 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (12/12/2017 08:27:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_CDPUserSvc_e0c7b, version: 10.0.14393.0, time stamp: 0x57899b1c
Faulting module name: cdp.dll, version: 10.0.14393.1715, time stamp: 0x59b0d38c
Exception code: 0xc0000005
Fault offset: 0x0000000000193cf5
Faulting process ID: 0x1244
Faulting application start time: 0x01d36fd36ffa77eb
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: c:\windows\system32\cdp.dll
Report ID: 4dadd3a3-962e-4f75-9cba-ae460435f15d
Faulting package full name:
Faulting package-relative application ID:

Error: (12/09/2017 09:48:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4344

Error: (12/09/2017 09:48:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4344

Error: (12/09/2017 09:48:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/09/2017 09:48:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2922

Error: (12/09/2017 09:48:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2922

Error: (12/09/2017 09:48:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/09/2017 09:48:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1453


System errors:
=============
Error: (12/19/2017 06:55:43 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {F3B4E234-7A68-4E43-B813-E4BA55A065F6} did not register with DCOM within the required timeout.

Error: (12/19/2017 06:46:37 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {F3B4E234-7A68-4E43-B813-E4BA55A065F6} did not register with DCOM within the required timeout.

Error: (12/19/2017 06:35:26 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {F3B4E234-7A68-4E43-B813-E4BA55A065F6} did not register with DCOM within the required timeout.

Error: (12/18/2017 09:24:16 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/18/2017 07:45:05 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/18/2017 06:34:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/18/2017 06:18:00 PM) (Source: DCOM) (EventID: 10010) (User: NAGUS)
Description: The server {37998346-3765-45B1-8C66-AA88CA6B20B8} did not register with DCOM within the required timeout.

Error: (12/18/2017 06:16:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error:
Unspecified error

Error: (12/18/2017 03:45:51 PM) (Source: DCOM) (EventID: 10010) (User: NAGUS)
Description: The server {37998346-3765-45B1-8C66-AA88CA6B20B8} did not register with DCOM within the required timeout.

Error: (12/18/2017 03:43:51 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error:
Unspecified error


==================== Memory info ===========================

Processor: AMD A8-6410 APU with AMD Radeon R5 Graphics
Percentage of memory in use: 48%
Total physical RAM: 7103.3 MB
Available physical RAM: 3651.95 MB
Total Virtual: 8575.3 MB
Available Virtual: 4677.4 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:231.59 GB) (Free:45.31 GB) NTFS
Drive d: (Aug 03 2016) (CDROM) (Total:0.61 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.